Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Operating memory - Win32/Olmarik trojan - unable to clean [Solved]

Started by kev seal , Sep 09 2009 10:57 AM

  • This topic is locked This topic is locked

#16
fenzodahl512
Posted 10 September 2009 - 02:45 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
You have two antivirus in the computer (Bit Defender and ESET).. While both are excellent antivirus, we only need one of them.. Uninstall one of those antivirus (and uninstall one of the firewall) and then just tell me which one do you keep in the computer :)
  • 0

Advertisements

#17
kev seal
Posted 10 September 2009 - 02:54 PM

kev seal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I replaced bit defender with eset last week and thought i had uninstalled bit defender?
I cant find anything in add remove programs or on my program list accessed thru start/all programs
Any ideas?
  • 0

#18
fenzodahl512
Posted 10 September 2009 - 10:00 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Sorry for late reply.. Was sleepy last night :)

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
AlerterALG
MEMSWEEP2

File::
c:\windows\system32\rezumatenoi.dat
c:\windows\TEMP\fsdbvrkmst.exe
c:\windows\system32\574.tmp

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#19
kev seal
Posted 11 September 2009 - 06:29 AM

kev seal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Combofix did reboot system heres logs you requested

Combofix
ComboFix 09-09-10.03 - Administrator 11/09/2009 13:08.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1680 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\574.tmp"
"c:\windows\system32\rezumatenoi.dat"
"c:\windows\TEMP\fsdbvrkmst.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rezumatenoi.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALERTERALG
-------\Legacy_MEMSWEEP2
-------\Service_AlerterALG
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-10 20:17 . 2009-09-10 20:17 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-10 18:06 . 2009-09-10 18:06 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-10 18:06 . 2009-09-10 18:06 -------- d-----w- c:\windows\system32\xlive
2009-09-10 17:05 . 2009-09-10 17:05 -------- d-----w- c:\program files\trend micro
2009-09-10 17:05 . 2009-09-10 17:05 -------- d-----w- C:\rsit
2009-09-10 16:45 . 2009-09-10 16:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-09-10 03:44 . 2009-09-10 03:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AaaaaRecklessDisregard
2009-09-10 03:43 . 2009-09-10 03:44 -------- d-----w- c:\program files\AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
2009-09-08 18:34 . 2009-09-08 18:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-08 18:34 . 2009-09-08 18:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-08 18:30 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-08 18:30 . 2009-09-08 18:30 -------- d-----w- c:\windows\ie8updates
2009-09-08 18:30 . 2009-07-19 17:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-08 18:30 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-08 18:30 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-08 18:30 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-08 18:30 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-08 18:30 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-08 18:29 . 2009-09-08 18:29 -------- dc-h--w- c:\windows\ie8
2009-09-08 18:27 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-08 18:21 . 2009-09-08 18:21 -------- d-----w- c:\program files\MSXML 4.0
2009-09-08 18:15 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-08 18:10 . 2009-09-08 18:10 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-09-08 17:54 . 2009-09-08 17:59 15 ----a-w- c:\documents and settings\Administrator\settings.dat
2009-09-08 17:47 . 2009-09-10 18:32 -------- d--h--w- c:\windows\PIF
2009-09-08 17:39 . 2009-09-08 17:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-08 17:39 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 17:39 . 2009-09-08 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 17:39 . 2009-09-08 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 17:39 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 17:37 . 2009-09-09 16:47 -------- d-----w- c:\program files\ERUNT
2009-09-07 23:19 . 2009-09-07 23:19 -------- d-----w- c:\program files\Sophos
2009-09-07 22:20 . 2009-09-07 22:20 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-09-07 22:20 . 2009-09-07 22:20 16 ----a-w- c:\windows\system32\asdict.dat
2009-09-07 21:48 . 2009-09-07 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-09-07 21:47 . 2009-09-07 21:48 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-07 16:31 . 2009-09-07 16:31 -------- d-----w- c:\program files\ESET
2009-09-06 16:11 . 2009-09-06 16:11 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-09-06 12:58 . 2009-09-06 12:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-06 12:47 . 2009-09-06 12:56 -------- d-----w- c:\program files\Total Video Converter
2009-09-06 12:42 . 2009-09-06 12:42 -------- d-----w- c:\program files\Common Files\Common Share
2009-09-06 12:42 . 2008-12-18 12:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-09-06 12:42 . 2008-12-18 12:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-09-06 12:42 . 2009-09-06 12:42 -------- d-----w- c:\program files\OJOsoft
2009-09-06 12:25 . 2009-09-06 12:25 -------- d-----w- c:\program files\Common Files\NSV
2009-09-06 11:21 . 2009-09-06 11:21 -------- d-----w- c:\program files\Common Files\DirectX
2009-09-06 11:17 . 1999-12-13 00:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-09-06 11:17 . 1999-11-18 00:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-09-06 11:17 . 2009-09-06 11:17 -------- d--h--w- c:\program files\Creative Installation Information
2009-09-06 11:17 . 2009-09-06 11:17 -------- d-----w- c:\program files\Common Files\Creative
2009-09-06 10:02 . 2009-09-06 10:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2009-09-06 07:16 . 2009-09-06 07:16 -------- d-----w- c:\program files\Common Files\Doblon
2009-09-06 07:14 . 2009-09-06 07:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-09-06 07:11 . 2007-07-26 23:06 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-06 07:11 . 2007-07-26 23:06 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-06 07:11 . 2009-09-06 07:11 -------- d-----w- c:\program files\DivX
2009-09-06 06:20 . 2009-09-06 06:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\fofix
2009-09-06 04:42 . 2009-09-06 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-09-06 04:41 . 2009-09-06 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-09-06 01:58 . 2009-09-06 01:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo
2009-09-06 01:51 . 2009-09-06 01:51 -------- d-----w- c:\program files\Ventrilo
2009-09-05 19:31 . 2009-09-05 19:31 -------- d-----w- c:\program files\Logitech
2009-09-05 11:50 . 2009-09-05 11:50 -------- d-----w- c:\program files\JoyTechEurope
2009-09-05 08:56 . 2009-09-05 08:56 -------- d-----w- c:\program files\Atari
2009-09-05 08:46 . 2009-09-05 08:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-05 08:46 . 2009-09-05 08:46 -------- d-----w- c:\program files\Java
2009-09-05 05:39 . 2009-09-06 16:38 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-09-05 05:38 . 2009-09-05 05:38 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-05 05:36 . 2009-09-05 05:36 -------- d-----w- c:\program files\Microsoft
2009-09-05 05:36 . 2009-09-05 05:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-05 05:36 . 2009-09-05 05:38 -------- d-----w- c:\program files\Windows Live
2009-09-05 05:32 . 2009-09-05 05:32 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-05 05:05 . 2009-09-05 08:04 -------- d-----w- c:\program files\A Handful Of Audiosurf Addons
2009-09-04 22:15 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-09-04 22:15 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-09-04 22:15 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-09-04 22:15 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 22:15 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-09-04 22:15 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-09-04 22:15 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-09-04 21:05 . 2009-06-03 23:55 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
2009-09-04 18:21 . 2009-09-04 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin
2009-09-04 18:21 . 2009-09-04 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\iWin
2009-09-04 12:38 . 2009-09-07 22:26 -------- d-----w- c:\program files\Spyware Terminator
2009-09-04 01:02 . 2009-09-04 01:02 -------- d-----w- c:\program files\MP3+G Toolz .NET 4
2009-09-04 00:53 . 1999-03-25 23:00 101888 ----a-w- c:\windows\system32\vb6stkit.dll
2009-09-04 00:34 . 2009-09-04 00:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-09-04 00:34 . 2009-09-04 00:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Power_Karaoke
2009-09-03 23:13 . 2009-09-04 01:08 -------- d-----w- C:\pebuilder3110a
2009-09-03 06:07 . 2009-09-03 06:07 -------- d-----w- c:\program files\Conduit
2009-09-03 06:06 . 2009-09-03 06:07 -------- d-----w- c:\program files\Power_Karaoke
2009-09-03 06:06 . 2009-09-06 07:06 -------- d-----w- c:\program files\DOBLON
2009-09-02 17:44 . 2008-04-13 21:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-09-02 17:44 . 2008-04-13 21:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-09-02 17:43 . 2008-04-13 21:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-09-02 17:43 . 2008-04-13 21:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-09-02 17:43 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-09-02 17:43 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-09-02 17:43 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-09-02 17:43 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-09-02 17:42 . 2008-04-13 21:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-09-02 17:42 . 2008-04-13 21:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-09-02 17:42 . 2008-04-13 21:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-09-02 17:42 . 2008-04-13 21:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-09-02 17:41 . 2008-04-13 21:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-09-02 17:41 . 2008-04-13 21:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-09-02 17:40 . 2008-04-14 02:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-02 17:40 . 2008-04-14 02:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-09-02 17:40 . 2008-04-13 21:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-09-02 17:40 . 2008-04-13 21:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-09-02 17:32 . 2009-09-02 17:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-09-02 17:29 . 2009-09-02 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LeverageService
2009-09-02 17:29 . 2009-09-02 17:29 -------- d-----w- c:\program files\Pragmatic Solutions Inc
2009-09-01 20:05 . 2009-09-01 20:06 11789 ----a-w- c:\windows\unins000.dat
2009-09-01 20:05 . 2009-09-01 20:05 684313 ----a-w- c:\windows\unins000.exe
2009-09-01 20:00 . 2009-09-02 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Deckadance
2009-09-01 19:59 . 2009-09-01 19:59 -------- d-----w- c:\program files\Common Files\DigiDesign
2009-09-01 19:59 . 2009-09-01 19:59 -------- d-----w- c:\program files\XLN Audio
2009-09-01 19:40 . 2009-09-01 19:40 -------- d-----w- c:\program files\ASIO4ALL v2
2009-09-01 19:40 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-09-01 19:39 . 2009-09-01 19:39 -------- d-----w- c:\program files\Outsim
2009-09-01 19:38 . 2009-09-07 22:47 -------- d-----w- c:\program files\Image-Line
2009-09-01 18:56 . 2009-09-01 18:56 -------- d-----w- C:\drumit
2009-09-01 16:36 . 2009-09-01 18:13 -------- d-----w- c:\program files\EndItAll
2009-09-01 04:57 . 2009-09-01 04:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 13:08 . 2009-08-28 21:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-09-06 12:23 . 2009-08-30 08:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-09-06 11:17 . 2009-08-28 22:50 -------- d-----w- c:\program files\Creative
2009-09-06 06:39 . 2009-08-28 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-09-04 21:16 . 2009-08-28 22:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-04 21:16 . 2009-08-28 22:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-30 08:56 . 2009-08-30 08:53 -------- d-----w- c:\program files\Winamp
2009-08-29 10:57 . 2009-08-29 10:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-08-29 10:56 . 2009-08-29 10:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-08-28 22:50 . 2009-08-28 22:50 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-08-28 22:49 . 2009-08-28 22:49 -------- d-----w- c:\program files\OpenAL
2009-08-28 21:03 . 2009-08-28 21:03 -------- d-----w- c:\program files\Driver-Soft
2009-08-28 20:41 . 2009-08-28 20:41 -------- d-----w- c:\program files\microsoft frontpage
2009-08-28 20:38 . 2009-08-28 20:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-17 02:04 . 2009-08-17 02:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 02:04 . 2009-08-17 02:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-17 02:03 . 2009-08-17 02:03 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 02:03 . 2009-08-17 02:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 02:03 . 2009-08-17 02:03 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 02:03 . 2009-08-17 02:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 02:03 . 2009-08-17 02:03 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 02:03 . 2009-08-17 02:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 02:03 . 2009-08-17 02:03 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 02:03 . 2009-08-17 02:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-17 02:03 . 2009-08-17 02:03 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-17 02:03 . 2009-08-17 02:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-17 02:02 . 2009-08-17 02:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57 . 2009-08-16 23:57 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57 . 2009-08-16 23:57 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 23:57 . 2009-08-16 23:57 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 23:57 . 2009-08-16 23:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-08-16 23:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2009-08-16 23:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-08-16 23:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57 . 2009-08-16 23:57 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57 . 2009-08-16 23:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2009-08-16 23:57 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-06 17:48 . 2009-08-06 17:48 16384 ----a-w- c:\windows\system32\Msdirectx.exe
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 16:17 . 2009-07-14 16:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 16:17 . 2009-07-14 16:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-12 11:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2009-06-09 18:12 915456 ------w- c:\windows\system32\wininet.dll
2009-06-26 14:11 . 2009-06-09 18:11 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:41 . 2009-06-09 18:11 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:41 . 2009-06-09 18:10 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:41 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:41 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:41 . 2008-04-14 12:00 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 10:28 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 16:06 . 2009-06-17 16:06 65544 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-06-17 16:06 . 2009-06-17 16:06 14984 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-06-17 16:05 . 2009-06-17 16:05 31752 ----a-w- c:\windows\system32\drivers\WmHidLo.sys
2009-06-17 16:05 . 2009-06-17 16:05 35208 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-06-17 16:05 . 2009-06-17 16:05 22792 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-06-17 16:05 . 2009-06-17 16:05 255496 ----a-w- c:\windows\system32\WmJoyFrc.dll
2009-08-07 09:38 . 2009-09-07 22:14 44544 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_19.23.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-09 18:09 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2009-06-09 18:09 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-06-09 18:09 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-06-09 18:09 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-10 23:10 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-10 23:10 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-10 23:10 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LeverageService"=2 (0x2)
"idsvc"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"Delete Duplicate Files Scan on Schedule Service"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"NeroMediaHomeService.4"=2 (0x2)
"SeaPort"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Audio Engine Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\newsbin pro\\nbpro.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"h:\\arca 08\\ARCA.exe"=
"h:\\guitar hero\\ghaero\\Guitar Hero Aerosmith.exe"=
"h:\\guitar hero\\gh3\\GH3.exe"=
"h:\\Program Files\\Codemasters\\Ashes Cricket 2009\\Cricket2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"h:\\MotoGP URT 3\\motogp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11217:TCP"= 11217:TCP:BitComet 11217 TCP
"11217:UDP"= 11217:UDP:BitComet 11217 UDP

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15:47 731840]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 02:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 02:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 02:46 72728]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 02:46 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 02:46 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 02:46 72728]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [28/08/2009 23:50 79360]
S4 LeverageService;LeverageService;c:\program files\Pragmatic Solutions Inc\LeverageService\LeverageService.exe [31/08/2009 10:57 40960]
S4 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe [29/08/2008 21:43 427304]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.driver-soft.com/html/110862.html
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0is16g9a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newzbin.com/
FF - prefs.js: keyword.enabled - false
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 13:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-11 13:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 12:20
ComboFix2.txt 2009-09-10 20:34
ComboFix3.txt 2009-09-10 19:26

Pre-Run: 132,458,332,160 bytes free
Post-Run: 132,424,425,472 bytes free

343 --- E O F --- 2009-09-10 23:11



hijack this system scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:17, on 11/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.driver-so...tml/110862.html
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...15108/CTPID.cab
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3781 bytes
  • 0

#20
fenzodahl512
Posted 11 September 2009 - 06:39 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :)
  • 0

#21
kev seal
Posted 11 September 2009 - 06:51 AM

kev seal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Computer seems fine,to tell the truth the malware wasnt causing me a problem,though i dont what outcome would have been if left to its own devices,my main concern wasnt with my system (i probably would have low level formatted the C drive) but with some of the files and software i have on my other drives,some of which would take some replacing,when these drives were flagged as infected i thought it was time to do something about it.

I cant thank you enough for what you have done upto now,you guys are doin a fantastic job and have my upmost respect and support.

Will my other drives be ok after this session is finished? or will we need to repeat for each drive singularly.

Is it ok to run software before the malware scan as I am an admin in a racing league and really need to be online tonight if possible,then i could run scan overnight when im asleep as i think its gonna take a couple of hours if previous scan are anything to go by.

Also EKRN.EXE keeps hogging 100% cpu for mins at a time altho i have no scans running or requested any to run,is this normal?
Wait a min,I see that hijackthis is still running would this cause the problem?
as after i closed hijackthis everything seems normal.

thx in advance
Kev Seal

Edited by kev seal, 11 September 2009 - 06:59 AM.

  • 0

#22
fenzodahl512
Posted 11 September 2009 - 07:06 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

Will my other drives be ok after this session is finished?


Err.. Which drives do you mean?.. How many hard drive in your PC? Or do you mean external hard drive? :)

Is it ok to run software before the malware scan as I am an admin in a racing league and really need to be online tonight if possible


Which racing league? May I join? :)

Just do the scan when you're not using the computer or when you're sleeping :)

Also EKRN.EXE keeps hogging 100% cpu for mins at a time altho i have no scans running or requested any to run,is this normal?


Erm.. not normal (unless if you set it to scan in the background)..
  • 0

#23
kev seal
Posted 11 September 2009 - 07:16 AM

kev seal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
yes i have multiple drives on my system,but only XP operating System,no multiboot etc

All internal drives

D: 78gig IDE
E: 80gig IDE
F: 250 gig SATA
G: 150 gig SATA
H: 500gig SATA

Your more than welcome to join our racing league my friend,you need to have full licensed copy of ARCA-SIM Racing or full licensed copy of RFACTOR both can be bought online and downloaded.

Since closing hijackthis all has returned to normal.

Will scan tonight and post logs sometime tomorrow morning,have a good weekend my friend,i will stay logged onto Go to Geeks for a while to see if you require me to do anything else in the meantime

thx again
Kev Seal

Edited by kev seal, 11 September 2009 - 07:20 AM.

  • 0

#24
fenzodahl512
Posted 11 September 2009 - 07:29 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

D: 78gig IDE
E: 80gig IDE
F: 250 gig SATA
G: 150 gig SATA
H: 500gig SATA


I feel the scans will take a looooooooonnggg time.. So, do it at your very free time :)

Your more than welcome to join our racing league my friend,you need to have full licensed copy of ARCA-SIM Racing or full licensed copy of RFACTOR both can be bought online and downloaded.


Thank you.. Any link for more info? :)
  • 0

#25
kev seal
Posted 11 September 2009 - 08:09 AM

kev seal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
heres a nice vid of what you can expect


you can purchase copy here
http://www.thesimfac...shop/ASR08.html

once you have installed arca you will have access to online servers,you can find me there most days after 5pm gmt,name as in here is kev seal

I recommend you use a wheel although you can use joystick gamepad etc.
  • 0

Advertisements

#26
fenzodahl512
Posted 11 September 2009 - 09:32 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Thank you.. Will wait for the scans results :)
  • 0

#27
kev seal
Posted 14 September 2009 - 10:30 AM

kev seal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
heres malware log

Malwarebytes' Anti-Malware 1.41
Database version: 2784
Windows 5.1.2600 Service Pack 3

9/12/2009 7:01:41 PM
mbam-log-2009-09-12 (19-01-41).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 471671
Time elapsed: 3 hour(s), 35 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\vsfocehsvngejl.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\vsfocesauufyqr.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F38BFD4C-9AB1-4982-8FF2-0952AF468314}\RP10\A0010007.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F38BFD4C-9AB1-4982-8FF2-0952AF468314}\RP10\A0010008.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
F:\Downloads\rfactor\UBMTrial.exe (Adware.EShoper) -> Quarantined and deleted successfully.
  • 0

#28
fenzodahl512
Posted 14 September 2009 - 10:44 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. waiting for ESET log :)
  • 0

#29
kev seal
Posted 14 September 2009 - 10:45 AM

kev seal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ESET online scanner kept resetting itself 2 - 3 hrs into scan,after 2 attempts decided to run my ESET antivirus,made sure i had latest updates heres log

ok wont let me post results says post data is to long,so heres uploaded log
ok wont let post file either says its to big
posting with error and informative filters removed

F:\images\offc\0106\Power.Data.Recovery.v4.0.Cracked.PROPER-[bleep]WEB\[bleep]web1.zip » ZIP » power.data.recovery.v4.0-patch.exe - Win32/HackTool.Patcher.A potentially unsafe application - was a part of the deleted object
G:\newsbin\selected_reports_20090712-031500\alt.binaries.comp\Glary Utilities PRO v2.14.0.711 WinALL Regged-YPOGEiOS [Sponsored by www.astinews.de].rar » RAR » Glary Utilities PRO v2.14.0.711 WinALL Regged-YPOGEiOS\setup.exe - probably a variant of Win32/Injector.QJ trojan - was a part of the deleted object
H:\downloads\Nero-9.4.12.3d_free.exe » 7ZIP » unit_app_75/Toolbar.exe - Win32/Toolbar.AskSBar potentially unwanted application - was a part of the deleted object
H:\images\NERO9\nero9.iso » ISO » Toolbar.exe - Win32/Toolbar.AskSBar potentially unwanted application - was a part of the deleted object
H:\images\NERO9\nero9.iso » ISO » Toolbar.exe - Win32/Toolbar.AskSBar potentially unwanted application - was a part of the deleted object
H:\images\NERO9\nero9.iso » ISO » Toolbar.exe - Win32/Toolbar.AskSBar potentially unwanted application - was a part of the deleted object
H:\malwarefix progs\SmitfraudFix.exe » RAR » SmitfraudFix\Process.exe - Win32/PrcView potentially unsafe application - was a part of the deleted object
H:\malwarefix progs\SmitfraudFix.exe » RAR » SmitfraudFix\restart.exe - Win32/Shutdown.NAA potentially unsafe application - was a part of the deleted object
H:\newsbin\alt.binaries.warez\FTD#1024521 Total Video Converter v3.21.part1.rar » RAR » Total Video Converter v3.21 + Patch By ChattChitto\Effectmatrix Total Video Converter Patch.exe - a variant of Win32/HackTool.Patcher.A potentially unsafe application - was a part of the deleted object
H:\newsbin\E-Gadgets Delete Duplicate Files v3.6.0.1\cxa1824a.zip » ZIP » cxa1824a.rar » RAR » keygen\keygen.exe - probably a variant of Win32/Agent trojan - was a part of the deleted object
H:\newsbin\E-Gadgets Delete Duplicate Files v3.6.0.1\cxa1824a\cxa1824a.rar » RAR » keygen\keygen.exe - probably a variant of Win32/Agent trojan - was a part of the deleted object
  • 0

#30
fenzodahl512
Posted 14 September 2009 - 10:48 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP