Trojan:DOS/Alureon.J

Discussion in 'Malware Help (A Specialist Will Reply)' started by davidchu, Jul 31, 2012.

  1. davidchu

    davidchu Private E-2

    I'm using Windows 7
    this other day, my computer got infected with Trojan Dropper.Generic_c.MMI in the services.exe file. So I went online to check for solutions
    I came across a lot of other people's posts, and they had the same prob.
    so i did what the people suggested. (Combofix, TDSSKiller, HitmanPRO, Malewarebytes etc.)

    NOW

    today, after Combofix busted my exe files and I had to restore the system from a previous point, I installed Microsoft Security Essentials.
    It found "Trojan:DOS/Alureon.J" , so I told it to delete
    but I'm not sure if my computer is OK yet.
    so I ran MBRCheck
    and here is the log.
    Code:
    MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	ASUSTeK Computer INC.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		ASUSTeK Computer INC.
System Product Name:		CM6650
Logical Drives Mask:		0x000001fc

Kernel Drivers (total 160):
  0x04252000 \SystemRoot\system32\ntoskrnl.exe
  0x04209000 \SystemRoot\system32\hal.dll
  0x00B9E000 \SystemRoot\system32\kdcom.dll
  0x00C89000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CD8000 \SystemRoot\system32\PSHED.dll
  0x00CEC000 \SystemRoot\system32\CLFS.SYS
  0x00E02000 \SystemRoot\system32\CI.dll
  0x00EC2000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F66000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F75000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FCC000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FD5000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00D4A000 \SystemRoot\system32\drivers\pci.sys
  0x00FDF000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00D7D000 \SystemRoot\System32\drivers\partmgr.sys
  0x00D92000 \SystemRoot\system32\drivers\volmgr.sys
  0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00FEC000 \SystemRoot\system32\drivers\pciide.sys
  0x00C5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FF3000 \SystemRoot\system32\drivers\atapi.sys
  0x00DA7000 \SystemRoot\system32\drivers\ataport.SYS
  0x00DD1000 \SystemRoot\system32\drivers\amdxata.sys
  0x01040000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0108C000 \SystemRoot\system32\drivers\fileinfo.sys
  0x010A0000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x01247000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x010D5000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01133000 \SystemRoot\System32\Drivers\cng.sys
  0x0121B000 \SystemRoot\System32\drivers\pcw.sys
  0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0140B000 \SystemRoot\system32\drivers\ndis.sys
  0x014FE000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0155E000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x0164F000 \SystemRoot\System32\drivers\tcpip.sys
  0x01852000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0189C000 \SystemRoot\system32\drivers\volsnap.sys
  0x018E8000 \SystemRoot\System32\Drivers\spldr.sys
  0x018F0000 \SystemRoot\System32\drivers\rdyboost.sys
  0x0192A000 \SystemRoot\System32\Drivers\mup.sys
  0x0193C000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01945000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x0197F000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01995000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x0162A000 \SystemRoot\System32\Drivers\Null.SYS
  0x01633000 \SystemRoot\System32\Drivers\Beep.SYS
  0x0163A000 \SystemRoot\System32\drivers\vga.sys
  0x01589000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x015AE000 \SystemRoot\System32\drivers\watchdog.sys
  0x015BE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x015C7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x015D0000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x015D9000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x015E4000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x011A5000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x01236000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x056DB000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x05720000 \SystemRoot\system32\drivers\afd.sys
  0x057A9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x057B2000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x057D8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x057EE000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x05600000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x0561B000 \SystemRoot\system32\drivers\termdd.sys
  0x0562F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x05680000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0568C000 \SystemRoot\system32\drivers\mssmbios.sys
  0x05697000 \SystemRoot\System32\drivers\discache.sys
  0x056A6000 \SystemRoot\System32\Drivers\dfsc.sys
  0x056C4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x01648000 \SystemRoot\SysWow64\drivers\AsUpIO.sys
  0x056D5000 \SystemRoot\SysWow64\drivers\AsIO.sys
  0x011C7000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x042EC000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x05E06000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x05A6A000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x05B5E000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x05BA4000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x05BC8000 \SystemRoot\system32\DRIVERS\HECIx64.sys
  0x05BD9000 \SystemRoot\system32\drivers\usbehci.sys
  0x05A00000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x06574000 \SystemRoot\system32\DRIVERS\asmtxhci.sys
  0x04333000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x065D1000 \SystemRoot\system32\drivers\i8042prt.sys
  0x05A56000 \SystemRoot\system32\drivers\kbdclass.sys
  0x05BEA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x05BF7000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x043B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x065EF000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x043CE000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x05E00000 \SystemRoot\system32\drivers\ksthunk.sys
  0x04200000 \SystemRoot\system32\drivers\ks.sys
  0x04243000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
  0x0424D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04263000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x04287000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04293000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x042C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x043D6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x01000000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x042DD000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x05A65000 \SystemRoot\system32\drivers\swenum.sys
  0x058AC000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
  0x058EF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x05901000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x0595B000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05970000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x05990000 \SystemRoot\system32\drivers\portcls.sys
  0x059CD000 \SystemRoot\system32\drivers\drmk.sys
  0x066D3000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x0693D000 \SystemRoot\system32\DRIVERS\asmthub3.sys
  0x0695E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x0697B000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x0697D000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x069AB000 \SystemRoot\system32\drivers\usbaudio.sys
  0x069C6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x069E1000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x069EF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x06600000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x06609000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x0661C000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x0662A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x06643000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x0664C000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x000C0000 \SystemRoot\System32\win32k.sys
  0x06659000 \SystemRoot\System32\drivers\Dxapi.sys
  0x06665000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00510000 \SystemRoot\System32\TSDDD.dll
  0x00670000 \SystemRoot\System32\cdd.dll
  0x06673000 \SystemRoot\system32\drivers\luafv.sys
  0x06696000 \SystemRoot\system32\drivers\WudfPf.sys
  0x066B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x05800000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x05853000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x05866000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x0587E000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
  0x036BD000 \SystemRoot\system32\drivers\HTTP.sys
  0x03786000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x037A4000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x037BC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x03600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0364E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x03672000 \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys
  0x03677000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
  0x04EC8000 \SystemRoot\system32\drivers\peauth.sys
  0x04F6E000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x04F79000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x04FAA000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x04FBC000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
  0x04E00000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x05C6F000 \SystemRoot\System32\DRIVERS\srv.sys
  0x05D07000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x05DA9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x05DB4000 \SystemRoot\system32\DRIVERS\umpass.sys
  0x77B00000 \Windows\System32\ntdll.dll
  0x48070000 \Windows\System32\smss.exe
  0xFFE20000 \Windows\System32\apisetschema.dll
  0xFFB90000 \Windows\System32\autochk.exe

Processes (total 86):
       0 System Idle Process
       4 System
     284 C:\Windows\System32\smss.exe
     440 csrss.exe
     504 C:\Windows\System32\wininit.exe
     524 csrss.exe
     580 C:\Windows\System32\winlogon.exe
     600 C:\Windows\System32\services.exe
     632 C:\Windows\System32\lsass.exe
     640 C:\Windows\System32\lsm.exe
     736 C:\Windows\System32\svchost.exe
     816 C:\Windows\System32\svchost.exe
     916 C:\Program Files\Microsoft Security Client\MsMpEng.exe
     972 C:\Windows\System32\atiesrxx.exe
    1012 C:\Windows\System32\svchost.exe
     312 C:\Windows\System32\svchost.exe
     420 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\atieclxx.exe
    1440 C:\Windows\System32\spoolsv.exe
    1496 C:\Windows\System32\svchost.exe
    1684 C:\Windows\System32\taskeng.exe
    1696 C:\Windows\System32\taskhost.exe
    1828 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1836 C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    1976 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1996 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2028 C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
    1140 C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe
    1664 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
    1544 C:\Program Files\Bonjour\mDNSResponder.exe
    1800 C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    1160 C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    2052 C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServer.exe
    2080 C:\Windows\SysWOW64\AsHookDevice.exe
    2164 C:\Windows\SysWOW64\svchost.exe
    2188 C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
    2216 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2272 C:\Windows\System32\svchost.exe
    2308 C:\Windows\System32\svchost.exe
    2328 C:\Windows\SysWOW64\PSIService.exe
    2368 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2480 C:\Windows\System32\svchost.exe
    2732 C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    3008 C:\Windows\System32\dwm.exe
    3032 C:\Windows\explorer.exe
     320 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    3128 C:\Windows\System32\svchost.exe
    3208 WUDFHost.exe
    3984 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    4016 C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
    4092 C:\Program Files\Microsoft Security Client\msseces.exe
    2304 C:\Program Files\Windows Sidebar\sidebar.exe
    3360 C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
    3464 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3616 C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe
    3692 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    2592 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    1764 C:\Program Files\iPod\bin\iPodService.exe
    4060 C:\Windows\System32\SearchIndexer.exe
     832 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4828 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4996 C:\Windows\System32\svchost.exe
     216 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    3336 C:\Program Files (x86)\Nero\Update\NASvc.exe
     992 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    4328 C:\Windows\servicing\TrustedInstaller.exe
    3264 C:\Windows\System32\wuauclt.exe
    4704 C:\Windows\System32\audiodg.exe
    2852 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    1900 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    1592 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    3788 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    2656 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
     908 C:\Windows\SysWOW64\rundll32.exe
    4112 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    4960 C:\Windows\System32\taskhost.exe
    4844 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    3384 C:\Windows\System32\svchost.exe
    4352 MpCmdRun.exe
    6092 C:\Windows\System32\SearchProtocolHost.exe
    6124 C:\Windows\System32\SearchFilterHost.exe
    3504 C:\Windows\System32\dllhost.exe
    5208 C:\Users\user\Downloads\MBRCheck.exe
    4864 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`a5100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000033`38700000  (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC46    

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: B0A731C54F9C48489ED7CAB4BDA23793760832C4


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: 

Done!
     
    davidchu, Jul 31, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please see read the sticky/pinned threads >> Forum Rules and Guidelines and observe rules about posting inline logs.

    Please read ALL of this message including the notes before doing anything.

    Please follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    chaslang, Aug 1, 2012
    #2
  3. davidchu

    davidchu Private E-2

    OK I followed the first 3 steps of the Manual.
    I don't SEE any problems right now.
    But I'm not sure if the computer is virus-free yet
     

    Attached Files:

    davidchu, Aug 1, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See if you can delete the below folder:

    c:\windows\installer\{afbf91e3-ee8f-c200-3715-3958a3b63acd}

    Let me know what happens.
     
    chaslang, Aug 1, 2012
    #4
  5. davidchu

    davidchu Private E-2

    yes I deleted it succesfully
    what's wrong with the folder?
    (P.S. I'm going on a 5 day trip, so please don't lock this)
     
    davidchu, Aug 1, 2012
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It was a left over folder from the infection.


    Let's cleanup a few non-malware items that have left some stray registry entries.
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll (file missing)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file)
    O3 - Toolbar: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll (file missing)

    After clicking Fix, exit HJT.





    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Aug 2, 2012
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds