[jerris2]

Step 1 results: (yeah)

Malwarebytes' Anti-Malware 1.10
Database version: 594

Scan type: Full Scan (E:\|)
Objects scanned: 45520
Time elapsed: 1 hour(s), 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Advertisements]

Scan #2 E drive : -


------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-05 22:54
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 685746
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
E:\

Scan Statistics:
Total number of scanned objects: 21673
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 4
Duration of the scan process: 00:32:24

Infected Object Name / Virus Name / Last Action
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip/21557300temp.exe Suspicious: Password-protected-EXE skipped
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip ZIP: suspicious - 1 skipped
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip/119676.exe Suspicious: Password-protected-EXE skipped
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip ZIP: suspicious - 1 skipped
E:\Program Files\Common Files\Totem Shared\Update\dial.dll.015 Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
E:\Program Files\Common Files\Totem Shared\Update\DialerOffline.dll.010 Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
E:\Program Files\Vg\Dial.dll Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
E:\Program Files\Vg\DialerOffline.dll Infected: not-a-virus:Dialer.Win32.DialerOffline skipped

Scan process completed.

[jerris2]

Scan #2 E drive : -


------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-05 22:54
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 685746
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
E:\

Scan Statistics:
Total number of scanned objects: 21673
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 4
Duration of the scan process: 00:32:24

Infected Object Name / Virus Name / Last Action
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip/21557300temp.exe Suspicious: Password-protected-EXE skipped
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip ZIP: suspicious - 1 skipped
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip/119676.exe Suspicious: Password-protected-EXE skipped
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip ZIP: suspicious - 1 skipped
E:\Program Files\Common Files\Totem Shared\Update\dial.dll.015 Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
E:\Program Files\Common Files\Totem Shared\Update\DialerOffline.dll.010 Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
E:\Program Files\Vg\Dial.dll Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
E:\Program Files\Vg\DialerOffline.dll Infected: not-a-virus:Dialer.Win32.DialerOffline skipped

Scan process completed.

[jerris2]

Andrew:

Just for fun I ran a scan of my C: drive, the results are as follows:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-06 06:16
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 685746
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 144886
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 02:08:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\fr.bak\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\fr.bak\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\fr.bak\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\fr.bak\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\friend\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\friend\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\friend\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\friend\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\friend\Local Settings\History\History.IE5\MSHist012008040520080406\index.dat Object is locked skipped
C:\Documents and Settings\friend\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\friend\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\friend\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Video ActiveX Object\uninst.exe.vir Infected: Trojan-Downloader.Win32.Zlob.bcl skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped

Scan process completed.

[andrewuk]

the scan on your C-Drive only picked up a risk tool we used (smitfraudfix) and a safely qaurantined item. the scan on your E-Drive picked up a few files which we shall clear now.

this is an updated OTMoveIT, so it will look different to any version you have used before last week

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip
  E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip
  E:\Program Files\Common Files\Totem Shared\Update\dial.dll.015
  E:\Program Files\Common Files\Totem Shared\Update\DialerOffline.dll.010
  E:\Program Files\Vg\Dial.dll
  E:\Program Files\Vg\DialerOffline.dll

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

also, there would be no harm in running your SUPERantispyware over your E-drive, may get rid of a few leftovers.

andrewuk

[jerris2]

Files moved from E drive: in following log:

E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip moved successfully.
E:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip moved successfully.
E:\Program Files\Common Files\Totem Shared\Update\dial.dll.015 moved successfully.
E:\Program Files\Common Files\Totem Shared\Update\DialerOffline.dll.010 moved successfully.
LoadLibrary failed for E:\Program Files\Vg\Dial.dll
E:\Program Files\Vg\Dial.dll NOT unregistered.
E:\Program Files\Vg\Dial.dll moved successfully.
E:\Program Files\Vg\DialerOffline.dll unregistered successfully.
E:\Program Files\Vg\DialerOffline.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04062008_145301

I plan to go ahead and run that Superanitspyware. Great, thanks again. Will post those results, if needed. Will also watch for your further instructions.

Jeff

[andrewuk]

Will also watch for your further instructions.

your logs look clean from a malware point of view.

so unless you are having any malware issues you should post any other issues in other parts of this forum.

andrewuk

[andrewuk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.