A) Any time I start up Internet Explorer (with OR without my network cable attached), I get a notice from Norton that it’s fixed an infection and needs to restart my computer to finalize removal. I can follow the restart, just to return to the same issue again. Pulling up the Norton history logs, it’s continuously finding a file named “yaifqoaa” that it flags as Hacktool.Rootkit infected.
B) If my network cable is connected, Norton begins a myriad of flags that there are issues sending spam. My cable modem provider has actually cut off my service once already for excessive mail being sent from my PC. If the network cable is removed, these messages go away.
I’ve gone through all the recommended forum steps, and have the following progress…
1) TFC – success
2) ERUNT – success
3) MBAM – success, log shown below. Note that this is actually the second or third time I’ve run this after cleaning a lot of other problems.
4) NAV – success, with no items found during a full system scan. Again, this is 2-3 trials later after a lot of earlier cleanup.
5) GMER – success; however, the log file was enormous. The forum won't let me add as an attachment (828 KB) and it's apparently too large to post. Note that I did see some “yaifqoaa” entries that this has flagged as Rootkit which is the same name that Norton continues to find in (A) above
6) OTL – unsuccessful in Normal Mode; every time I tried running this it hangs on the scan of Netsvcs. I was able to run successfully in Safe Mode. Please let me know if you want to see the Safe Mode logs or try to fix getting it to run in Normal Mode.
This battle has become very frustrating so all help is greatly appreciated! Let me know whatever other information would be useful.
Thanks,
Eric
~~~~~~~~~~~~~~~~
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
1/18/2010 6:07:56 PM
mbam-log-2010-01-18 (18-07-56).txt
Scan type: Quick Scan
Objects scanned: 119887
Time elapsed: 11 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lrec75dnd7 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)