[alissa126]

I had the Security Tool Virus so i updated and ran malwarebytes, it got rid of a bunch of things. Now my browsers are sending me to thefeedwater.com and yellow page websites. I ran malware again and it keeps trying to get rid of c://documentsandsettings/alissa/ntuser.dll upon reboot. But it can't seem to get rid of it and everyt ime i run malwarebytes this object comes up.

How do i get rid of this and my browsers back to normal!

Im not great with computers so basic step by step instructions would be best

Thank you to whomever can help!

[alissa126]

Malwarebytes' Anti-Malware 1.41Database version: 3108Windows 5.1.2600 Service Pack 311/5/2009 9:44:35 PMmbam-log-2009-11-05 (21-44-35).txtScan type: Full Scan (C:\|D:\|E:\|)Objects scanned: 170706Time elapsed: 1 hour(s), 30 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 8Memory Processes InfectedNo malicious items detected)Memory Modules InfectedNo malicious items detected)Registry Keys InfectedNo malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c alc (Trojan.Downloader) -> Delete on reboot.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.Registry Data Items InfectedNo malicious items detected)Folders InfectedNo malicious items detected)Files Infected:C:\Documents and Settings\Alissa\ntuser.dll (Trojan.Agent) -> Delete on reboot.C:\Documents and Settings\Alissa\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\NetworkService\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{D5728108-DF2D-4A37-B794-74C2204A6C51}\RP683\A0083158.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Alissa\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\system32\calc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\system32\iexplore.exe (Backdoor.Bot) -> Quarantined and deleted successfully.C:\Documents and Settings\Alissa\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

[NeonFx]

Hello there Welcome to the Tech Support Guy forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

• The fixes are specific to your problem and should only be used on this machine.
• Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
• It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  
  • Reg - Desktop Components
  • Reg - Disabled MS Config Items
  • Reg - NetSvcs
  • Reg - Shell Spawning
  • Reg - Uninstall List
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
  
  
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Dropio and post the sharing link/url (The Drop's URL will be similar to : http:://drop.io/daerk)

Step 2

Download RootRepeal from one of the following locations and save it to your desktop:

Link 1
Link 2
Link 3

• Double click to start the program
• Click on the Report tab at the bottom of the program window
• Click the button
• In the Select Scan dialog, check:
  
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
  • Shadow SSDT
  
  
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan

  Note: The scan can take some time. DO NOT run any other programs while the scan is running
  

• When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.