Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help removing RTKT_AGENTT.CU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help removing RTKT_AGENTT.CU

Unread postby Daggaroth » October 13th, 2009, 3:04 am

my trend micro popped up when I tried to activate the game " homeworld2" that I had RTKT_AGENTT.CU ive tried to delete it but I cant find where its hiding.

heres my hijackthis log below.














Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:09 PM, on 10/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\EVEMon\EVEMon.exe
C:\Users\Frank\Desktop\Download Folder\HijackThis.exe
C:\Windows\explorer.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 5310 bytes
Daggaroth
Active Member
 
Posts: 12
Joined: October 13th, 2009, 3:01 am
Advertisement
Register to Remove

Re: Need help removing RTKT_AGENTT.CU

Unread postby MWR 3 day Mod » October 17th, 2009, 12:52 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Need help removing RTKT_AGENTT.CU

Unread postby jmw3 » October 18th, 2009, 5:34 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

Punkbuster Warning
I see you have Punkbuster installed. This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
  • Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
  • Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that it is spyware.
  • Another option is to not clean this computer at all. This ensures Punkbuster will continue to function.
Please let me know what you would like to do.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Need help removing RTKT_AGENTT.CU

Unread postby Daggaroth » October 18th, 2009, 5:55 am

ive had punkbuster on the computer before with homeworld2 and had no problems with it. and if anything breaks punkbuster I can easily reinstall it.

I just want to get rid of whatever is making homeworld2 screw up.
Daggaroth
Active Member
 
Posts: 12
Joined: October 13th, 2009, 3:01 am

Re: Need help removing RTKT_AGENTT.CU

Unread postby jmw3 » October 18th, 2009, 6:33 am

Hi

No worries

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Need help removing RTKT_AGENTT.CU

Unread postby Daggaroth » October 19th, 2009, 6:39 am

here are the Attach, DDS, and gmer scan logs.

just incase it showed up, I have another trojan on my computer that shows up on my scans, but its just a crack to get a specific software to work, and has nothing related to homeworld 2. and its totally no threat to my computer. so if you see anything related to SAM its not what im looking to eliminate.
You do not have the required permissions to view the files attached to this post.
Daggaroth
Active Member
 
Posts: 12
Joined: October 13th, 2009, 3:01 am

Re: Need help removing RTKT_AGENTT.CU

Unread postby jmw3 » October 19th, 2009, 7:35 am

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

but its just a crack to get a specific software to work

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, Malware Removal does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

CKScanner
Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Need help removing RTKT_AGENTT.CU

Unread postby Daggaroth » October 19th, 2009, 8:30 am

actually I know where the malware came from, I downloaded a mod for homeworld2 to make the units into ones from Battlestar galacticia . and I think the malware was supposed to assist with the mod. because it only shows up when I try to initiate homeworld2. when I first saw the virus warning though, I deleted all the files related to the mod. and deleted homeworld2 but the change to the regestry or whatever it was that was supposed to get the mod to work past the homeworld2 emulation security remained.

as for the crack for SAM, i got that from a reliable source and I never crack/ mod any of my programs without doing careful research onto where I get the information in.
Daggaroth
Active Member
 
Posts: 12
Joined: October 13th, 2009, 3:01 am

Re: Need help removing RTKT_AGENTT.CU

Unread postby jmw3 » October 19th, 2009, 10:56 am

jmw3 wrote:Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, Malware Removal does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Need help removing RTKT_AGENTT.CU

Unread postby Daggaroth » October 19th, 2009, 5:59 pm

alright I deleted it.
Daggaroth
Active Member
 
Posts: 12
Joined: October 13th, 2009, 3:01 am

Re: Need help removing RTKT_AGENTT.CU

Unread postby jmw3 » October 19th, 2009, 7:26 pm

Hi

Follow the instruction to run CKScanner then run DDS again & post the three logs. No need to attach the logs, just copy/paste the contents & post in your reply.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Need help removing RTKT_AGENTT.CU

Unread postby Daggaroth » October 19th, 2009, 11:14 pm

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files\steam\steamapps\common\audiosurf\engine\crypt.dll
c:\program files\steam\steamapps\common\audiosurf\engine\channels\crypt.dll
c:\program files\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
c:\program files\steam\steamapps\sourcemods\empires\materials\common\models\props_system\resourcepoint_crackalpha.vtf
c:\program files\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vmt
c:\program files\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vtf
c:\program files\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01_normal.vtf
c:\program files\tenable\nessus\plugins\scripts\ssh_keygen.nasl
c:\users\TC\appdata\roaming\macromedia\flash player\#sharedobjects\geybbg9u\crackle.com\cracklesettings.sol
c:\users\TC\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol

scanner sequence 3.ZZ.11
----- EOF -----
Daggaroth
Active Member
 
Posts: 12
Joined: October 13th, 2009, 3:01 am

Re: Need help removing RTKT_AGENTT.CU

Unread postby Daggaroth » October 19th, 2009, 11:16 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/10/2008 3:19:19 PM
System Uptime: 10/17/2009 12:00:37 PM (39 hours ago)

Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2400/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 113.948 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 4.417 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
H: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&28E0209F&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&28E0209F&0&2
Service: BthPan

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 802.11g Network Adapter
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_100F1043&REV_02\4&2C339D45&0&28F0
Manufacturer: Broadcom
Name: Broadcom 802.11g Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_100F1043&REV_02\4&2C339D45&0&28F0
Service: BCM43XX

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

==== System Restore Points ===================


==== Installed Programs ======================

7-Zip 4.57
Ad-Aware
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Elements Studio Launcher
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Viewer CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Advanced IP Address Calculator v1.1
Advanced Video FX Engine
AirRivals 1.0.0.13
Any Video Converter 2.7.1
Apple Mobile Device Support
Apple Software Update
Assassin's Creed
Audiosurf
avast! Antivirus
Battleships Forever v0.89b
Battlestations: Midway
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: World at War
CDBurnerXP
Champions Online
Choice Guard
Cisco Network Magic
Cities XL
CloneDVD2
Command & Conquer 3
Command & Conquer 3 Kane's Wrath(TM) Worldbuilder
Command & Conquer™ 3: Kane's Wrath
Company of Heroes
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
Complete Care Consumer Service Agreement
Connect
Coupon Printer for Windows
Crysis WARHEAD(R)
Crysis(R)
Dark Messiah Might and Magic Dedicated Server
Defcon Patch 1.43
Dell AIO Printer A940
Dell Automated PC TuneUp
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
DELL Webcam Center
DELL Webcam Manager
DeskScapes
Deus Ex: Invisible War
Download Manager 2.3.9
DreamMaker
EA Download Manager
eCipher
EDocs
Empire Earth
Empire: Total War
EVE-ONLINE (remove only)
EveHQ
EVEMon
EVEWalletAware
Express Burn
Exteel
FaceOnBody
FarCry 2
GameShadow
GameSpy Comrade
GCalc 3
Google Earth
Google Updater
GoToAssist 8.0.0.514
Ground Control II MP Demo
Hamachi 1.0.3.0
Harvest - Massive Encounter
HijackThis 2.0.2
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Impulse
Intel(R) PRO Network Connections 12.1.12.4
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6
Junk Mail filter update
kuler
LCARS Terminal v2.0.0
Left 4 Dead
Left 4 Dead Authoring Tools Beta
Left 4 Dead Dedicated Server
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable Package
Monitor Integrated Webcam Driver (1.00.13.0608)
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.23)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Music, Photos & Videos Launcher
My POS
MyScribe
MySQL Server 5.1
Name Picker
NCsoft Launcher
Netflix Movie Viewer
Network Magic
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenSim (remove only)
Packet Tracer 5.1
PDF Settings CS4
Percent
Photoshop Camera Raw
Pixel Bender Toolkit
Privoxy 3.0.6
Product Documentation Launcher
Project64 1.6
PunkBuster Services
Pure Networks Platform
QualXServ Service Agreement
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sins of a Solar Empire
Sins of a Solar Empire - Entrenchment
Skype™ 4.0
Sonic CinePlayer Decoder Pack
Source SDK Base
Source SDK Base - Orange Box
Spelling Dictionaries Support For Adobe Reader 8
Spiceworks
Star Trek Armada II
Star Trek Legacy
Star Wars: Knights of The Old Republic
Starcraft
Steam
Suite Shared Configuration CS4
Switch Sound File Converter
System Requirements Lab
Team Fortress 2
TeamSpeak 2 RC2
Tenable Nessus
Tor 0.2.0.31
Trend Micro PC-cillin Internet Security 14
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Vidalia 0.1.9
Visual IRC 2.0
VLC media player 0.9.8a
VMware Player
Warcraft III
Warcraft III: All Products
WavePad Sound Editor
WD Diagnostics
WebEx
WebEx Support Manager for Internet Explorer
WIDCOMM Bluetooth Software 6.0.1.4300
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
X-Chat 2.8.6-2
XChat 2 (remove only)
Xfire (remove only)
XPS MiniView Gadget
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== End Of File ===========================
Daggaroth
Active Member
 
Posts: 12
Joined: October 13th, 2009, 3:01 am

Re: Need help removing RTKT_AGENTT.CU

Unread postby Daggaroth » October 19th, 2009, 11:18 pm

DDS (Ver_09-10-13.01) - NTFSx86
Run by TJ Connolly at 3:24:02.73 on Mon 10/19/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1236 [GMT -7:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dlbacoms.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spiceworks\bin\spicetray.exe
C:\Program Files\Spiceworks\bin\spiceworks.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\System32\dfrgui.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\EVEMon\EVEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\CCP\EVE\bin\ExeFile.exe
C:\Users\TJ Connolly\Desktop\Download Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [PlayNC Launcher]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [Spiceworks] "c:\program files\spiceworks\bin\spicetray_silent.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
StartupFolder: c:\users\tjconn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\users\tjconn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\users\tjconn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\users\tjconn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\privoxy.lnk - c:\program files\vidalia bundle\privoxy\privoxy.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} - hxxp://66.133.171.85/VMRCActiveXClient.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\program files\stardock\object desktop\deskscapes\DesktopControlPanel.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\program files\stardock\object desktop\deskscapes\DreamControl.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes\deskscapes.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\tjconn~1\appdata\roaming\mozilla\firefox\profiles\17lx0bet.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\users\tj connolly\appdata\roaming\mozilla\firefox\profiles\17lx0bet.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\tj connolly\appdata\roaming\mozilla\firefox\profiles\17lx0bet.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\users\tj connolly\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-27 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-13 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-13 51792]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-6-10 36368]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-29 54960]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2008-6-6 7424]
R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2008-6-6 235808]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-6-10 31616]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-6-10 280392]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2008-6-6 141376]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-3-30 36928]

=============== Created Last 30 ================

2009-10-14 17:10 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-14 17:10 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:10 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-11 17:49 <DIR> --d----- c:\program files\Sierra
2009-10-11 03:26 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-10-08 02:20 <DIR> --d----- c:\program files\Ground Control II MP Demo
2009-10-03 13:08 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-03 13:07 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-03 13:07 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-03 13:07 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-02 13:52 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-28 16:22 <DIR> --d----- c:\program files\Oxeye Games
2009-09-25 15:20 41,872 a------- c:\windows\system32\xfcodec.dll
2009-09-23 03:10 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-23 03:10 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-23 03:10 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-23 03:08 0 a---h--- c:\windows\system32\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_00_00.Wdf
2009-09-22 22:25 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-22 17:08 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-09-22 11:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-09-22 11:01 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-09-22 11:00 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2009-09-22 11:00 445,008 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-09-22 11:00 38,480 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-09-22 11:00 4,052 a------- c:\windows\system32\wbem\Wdf01000.mof
2009-09-22 11:00 118 a------- c:\windows\system32\wbem\Wdf01000Uninstall.mof
2009-09-22 10:58 132,224 a------- c:\windows\system32\drivers\WUDFRd.sys
2009-09-22 10:58 195,584 a------- c:\windows\system32\WUDFHost.exe
2009-09-22 10:58 162,304 a------- c:\windows\system32\WUDFPlatform.dll
2009-09-22 10:58 92,672 a------- c:\windows\system32\drivers\WUDFPf.sys
2009-09-22 10:58 64,512 a------- c:\windows\system32\WUDFSvc.dll
2009-09-22 10:58 39,936 a------- c:\windows\system32\WUDFCoinstaller.dll
2009-09-22 10:58 567,808 a------- c:\windows\system32\WUDFx.dll

==================== Find3M ====================

2009-10-19 02:46 69,183 a------- c:\programdata\nvModes.dat
2009-10-19 02:46 69,183 a------- c:\progra~2\nvModes.dat
2009-10-14 20:08 138,576 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-14 20:08 215,104 a------- c:\windows\system32\PnkBstrB.exe
2009-10-11 17:52 1,423 a------- c:\program files\INSTALL.LOG
2009-09-23 03:16 143,360 a------- c:\windows\inf\infstor.dat
2009-09-23 03:16 86,016 a------- c:\windows\inf\infpub.dat
2009-09-23 03:16 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-23 03:10 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-10 14:12 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-09-10 14:12 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-09-10 09:48 218,624 a------- c:\windows\system32\msv1_0.dll
2009-09-04 13:17 447,216 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-02 00:29 74,240 a------- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 00:29 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 00:29 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 00:29 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2009-09-02 00:29 310,784 a------- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 00:29 147,456 a------- c:\windows\system32\ZuneMTPZ.dll
2009-08-28 19:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 19:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 19:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 19:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 17:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 17:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-26 22:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 22:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-26 22:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 20:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-17 12:37 1,837,296 a------- c:\windows\system32\WUDFUpdate_01009.dll
2009-08-17 12:37 1,461,992 a------- c:\windows\system32\WdfCoInstaller01009.dll
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 02:41 3,176,992 a------- c:\windows\system32\nvwss.dll
2009-08-17 02:41 4,033,056 a------- c:\windows\system32\nvvitvs.dll
2009-08-17 02:41 1,292,832 a------- c:\windows\system32\nvmobls.dll
2009-08-17 02:41 195,104 a------- c:\windows\system32\nvmccss.dll
2009-08-17 02:41 3,553,824 a------- c:\windows\system32\nvgames.dll
2009-08-17 02:41 13,904,416 a------- c:\windows\system32\nvcpl.dll
2009-08-17 02:41 4,930,080 a------- c:\windows\system32\nvdisps.dll
2009-08-17 02:41 764,448 a------- c:\windows\system32\nvsvc.dll
2009-08-17 02:41 215,584 a------- c:\windows\system32\nvvsvc.exe
2009-08-17 02:41 92,704 a------- c:\windows\system32\nvmctray.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 3,298,304 a------- c:\windows\system32\nvwgf2um.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-14 08:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 06:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 06:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 06:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 06:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 06:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 06:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 06:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 06:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-11 12:35 485,920 a------- c:\windows\system32\nvuninst.exe
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-04 05:34 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 05:34 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-08-03 00:21 23,320 a------- c:\windows\system32\PhysXDevice.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-05-17 13:23 22,328 a------- c:\users\tjconn~1\appdata\roaming\PnkBstrK.sys
2009-04-24 21:25 34 a------- c:\users\tj connolly\jagex_runescape_preferences.dat
2008-12-15 17:11 61,224 a------- c:\users\tj connolly\GoToAssistDownloadHelper.exe
2008-07-14 14:09 56 a---h--- c:\programdata\ezsidmv.dat
2008-07-14 14:09 56 a---h--- c:\progra~2\ezsidmv.dat
2008-07-02 00:44 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2003-12-18 11:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 07:46 10,960 a------- c:\program files\EULA.txt
2008-06-10 15:40 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 3:24:57.09 ===============
Daggaroth
Active Member
 
Posts: 12
Joined: October 13th, 2009, 3:01 am

Re: Need help removing RTKT_AGENTT.CU

Unread postby jmw3 » October 20th, 2009, 2:46 pm

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here & save to your desktop.
  • Double-click mbam-setup.exe & follow the prompts to install the program
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish
  • If an update is found, it will download and install the latest version
  • Once the program has loaded, select Perform full scan, then click Scan
  • When the scan is complete, click OK, then Show Results to view the results
  • Check all items except items in the C:\System Volume Information folder... then click on Remove Selected
  • When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
    Note:
  • The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tab
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once & does not need to be reported unless it returns on future reboots.


Rooter.exe
Download Rooter.exe from Here & save it to your desktop.
SCAN
  • Double-click on Rooter.exe on your desktop, to run the tool
  • The Rooter interface will appear, with a variety of options displayed
  • Click on Scan
  • Once the scan has finished a log will open called "Rooter#.txt. The log can also be found at %systemdrive%\Rooter$\Rooter#.txt (# is the number assigned to the report)
  • Click Close to exit the program
  • Copy/paste the contents of Rooter#.txt in your next reply
To post in next reply:
Malwarebytes log
Rooter log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 324 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware