Operating memory - Win32/Olmarik trojan - unable to clean [Solved]
#16
Posted 10 September 2009 - 02:45 PM
#17
Posted 10 September 2009 - 02:54 PM
I cant find anything in add remove programs or on my program list accessed thru start/all programs
Any ideas?
#18
Posted 10 September 2009 - 10:00 PM
1. Please open Notepad
- If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:
KillAll:: Driver:: AlerterALG MEMSWEEP2 File:: c:\windows\system32\rezumatenoi.dat c:\windows\TEMP\fsdbvrkmst.exe c:\windows\system32\574.tmp
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
#19
Posted 11 September 2009 - 06:29 AM
Combofix
ComboFix 09-09-10.03 - Administrator 11/09/2009 13:08.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1680 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\windows\system32\574.tmp"
"c:\windows\system32\rezumatenoi.dat"
"c:\windows\TEMP\fsdbvrkmst.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\rezumatenoi.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ALERTERALG
-------\Legacy_MEMSWEEP2
-------\Service_AlerterALG
-------\Service_MEMSWEEP2
((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.
2009-09-10 20:17 . 2009-09-10 20:17 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-10 18:06 . 2009-09-10 18:06 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-10 18:06 . 2009-09-10 18:06 -------- d-----w- c:\windows\system32\xlive
2009-09-10 17:05 . 2009-09-10 17:05 -------- d-----w- c:\program files\trend micro
2009-09-10 17:05 . 2009-09-10 17:05 -------- d-----w- C:\rsit
2009-09-10 16:45 . 2009-09-10 16:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-09-10 03:44 . 2009-09-10 03:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AaaaaRecklessDisregard
2009-09-10 03:43 . 2009-09-10 03:44 -------- d-----w- c:\program files\AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
2009-09-08 18:34 . 2009-09-08 18:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-08 18:34 . 2009-09-08 18:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-08 18:30 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-08 18:30 . 2009-09-08 18:30 -------- d-----w- c:\windows\ie8updates
2009-09-08 18:30 . 2009-07-19 17:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-08 18:30 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-08 18:30 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-08 18:30 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-08 18:30 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-08 18:30 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-08 18:29 . 2009-09-08 18:29 -------- dc-h--w- c:\windows\ie8
2009-09-08 18:27 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-08 18:21 . 2009-09-08 18:21 -------- d-----w- c:\program files\MSXML 4.0
2009-09-08 18:15 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-08 18:10 . 2009-09-08 18:10 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-09-08 17:54 . 2009-09-08 17:59 15 ----a-w- c:\documents and settings\Administrator\settings.dat
2009-09-08 17:47 . 2009-09-10 18:32 -------- d--h--w- c:\windows\PIF
2009-09-08 17:39 . 2009-09-08 17:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-08 17:39 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 17:39 . 2009-09-08 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 17:39 . 2009-09-08 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 17:39 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 17:37 . 2009-09-09 16:47 -------- d-----w- c:\program files\ERUNT
2009-09-07 23:19 . 2009-09-07 23:19 -------- d-----w- c:\program files\Sophos
2009-09-07 22:20 . 2009-09-07 22:20 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-09-07 22:20 . 2009-09-07 22:20 16 ----a-w- c:\windows\system32\asdict.dat
2009-09-07 21:48 . 2009-09-07 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-09-07 21:47 . 2009-09-07 21:48 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-07 16:31 . 2009-09-07 16:31 -------- d-----w- c:\program files\ESET
2009-09-06 16:11 . 2009-09-06 16:11 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-09-06 12:58 . 2009-09-06 12:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-06 12:47 . 2009-09-06 12:56 -------- d-----w- c:\program files\Total Video Converter
2009-09-06 12:42 . 2009-09-06 12:42 -------- d-----w- c:\program files\Common Files\Common Share
2009-09-06 12:42 . 2008-12-18 12:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-09-06 12:42 . 2008-12-18 12:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-09-06 12:42 . 2009-09-06 12:42 -------- d-----w- c:\program files\OJOsoft
2009-09-06 12:25 . 2009-09-06 12:25 -------- d-----w- c:\program files\Common Files\NSV
2009-09-06 11:21 . 2009-09-06 11:21 -------- d-----w- c:\program files\Common Files\DirectX
2009-09-06 11:17 . 1999-12-13 00:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-09-06 11:17 . 1999-11-18 00:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-09-06 11:17 . 2009-09-06 11:17 -------- d--h--w- c:\program files\Creative Installation Information
2009-09-06 11:17 . 2009-09-06 11:17 -------- d-----w- c:\program files\Common Files\Creative
2009-09-06 10:02 . 2009-09-06 10:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2009-09-06 07:16 . 2009-09-06 07:16 -------- d-----w- c:\program files\Common Files\Doblon
2009-09-06 07:14 . 2009-09-06 07:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-09-06 07:11 . 2007-07-26 23:06 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-06 07:11 . 2007-07-26 23:06 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-06 07:11 . 2009-09-06 07:11 -------- d-----w- c:\program files\DivX
2009-09-06 06:20 . 2009-09-06 06:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\fofix
2009-09-06 04:42 . 2009-09-06 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-09-06 04:41 . 2009-09-06 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-09-06 01:58 . 2009-09-06 01:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo
2009-09-06 01:51 . 2009-09-06 01:51 -------- d-----w- c:\program files\Ventrilo
2009-09-05 19:31 . 2009-09-05 19:31 -------- d-----w- c:\program files\Logitech
2009-09-05 11:50 . 2009-09-05 11:50 -------- d-----w- c:\program files\JoyTechEurope
2009-09-05 08:56 . 2009-09-05 08:56 -------- d-----w- c:\program files\Atari
2009-09-05 08:46 . 2009-09-05 08:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-05 08:46 . 2009-09-05 08:46 -------- d-----w- c:\program files\Java
2009-09-05 05:39 . 2009-09-06 16:38 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-09-05 05:38 . 2009-09-05 05:38 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-05 05:36 . 2009-09-05 05:36 -------- d-----w- c:\program files\Microsoft
2009-09-05 05:36 . 2009-09-05 05:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-05 05:36 . 2009-09-05 05:38 -------- d-----w- c:\program files\Windows Live
2009-09-05 05:32 . 2009-09-05 05:32 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-05 05:05 . 2009-09-05 08:04 -------- d-----w- c:\program files\A Handful Of Audiosurf Addons
2009-09-04 22:15 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-09-04 22:15 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-09-04 22:15 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-09-04 22:15 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 22:15 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-09-04 22:15 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-09-04 22:15 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-09-04 21:05 . 2009-06-03 23:55 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
2009-09-04 18:21 . 2009-09-04 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin
2009-09-04 18:21 . 2009-09-04 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\iWin
2009-09-04 12:38 . 2009-09-07 22:26 -------- d-----w- c:\program files\Spyware Terminator
2009-09-04 01:02 . 2009-09-04 01:02 -------- d-----w- c:\program files\MP3+G Toolz .NET 4
2009-09-04 00:53 . 1999-03-25 23:00 101888 ----a-w- c:\windows\system32\vb6stkit.dll
2009-09-04 00:34 . 2009-09-04 00:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-09-04 00:34 . 2009-09-04 00:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Power_Karaoke
2009-09-03 23:13 . 2009-09-04 01:08 -------- d-----w- C:\pebuilder3110a
2009-09-03 06:07 . 2009-09-03 06:07 -------- d-----w- c:\program files\Conduit
2009-09-03 06:06 . 2009-09-03 06:07 -------- d-----w- c:\program files\Power_Karaoke
2009-09-03 06:06 . 2009-09-06 07:06 -------- d-----w- c:\program files\DOBLON
2009-09-02 17:44 . 2008-04-13 21:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-09-02 17:44 . 2008-04-13 21:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-09-02 17:43 . 2008-04-13 21:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-09-02 17:43 . 2008-04-13 21:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-09-02 17:43 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-09-02 17:43 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-09-02 17:43 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-09-02 17:43 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-09-02 17:42 . 2008-04-13 21:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-09-02 17:42 . 2008-04-13 21:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-09-02 17:42 . 2008-04-13 21:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-09-02 17:42 . 2008-04-13 21:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-09-02 17:41 . 2008-04-13 21:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-09-02 17:41 . 2008-04-13 21:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-09-02 17:40 . 2008-04-14 02:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-02 17:40 . 2008-04-14 02:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-09-02 17:40 . 2008-04-13 21:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-09-02 17:40 . 2008-04-13 21:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-09-02 17:32 . 2009-09-02 17:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-09-02 17:29 . 2009-09-02 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LeverageService
2009-09-02 17:29 . 2009-09-02 17:29 -------- d-----w- c:\program files\Pragmatic Solutions Inc
2009-09-01 20:05 . 2009-09-01 20:06 11789 ----a-w- c:\windows\unins000.dat
2009-09-01 20:05 . 2009-09-01 20:05 684313 ----a-w- c:\windows\unins000.exe
2009-09-01 20:00 . 2009-09-02 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Deckadance
2009-09-01 19:59 . 2009-09-01 19:59 -------- d-----w- c:\program files\Common Files\DigiDesign
2009-09-01 19:59 . 2009-09-01 19:59 -------- d-----w- c:\program files\XLN Audio
2009-09-01 19:40 . 2009-09-01 19:40 -------- d-----w- c:\program files\ASIO4ALL v2
2009-09-01 19:40 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-09-01 19:39 . 2009-09-01 19:39 -------- d-----w- c:\program files\Outsim
2009-09-01 19:38 . 2009-09-07 22:47 -------- d-----w- c:\program files\Image-Line
2009-09-01 18:56 . 2009-09-01 18:56 -------- d-----w- C:\drumit
2009-09-01 16:36 . 2009-09-01 18:13 -------- d-----w- c:\program files\EndItAll
2009-09-01 04:57 . 2009-09-01 04:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 13:08 . 2009-08-28 21:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-09-06 12:23 . 2009-08-30 08:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-09-06 11:17 . 2009-08-28 22:50 -------- d-----w- c:\program files\Creative
2009-09-06 06:39 . 2009-08-28 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-09-04 21:16 . 2009-08-28 22:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-04 21:16 . 2009-08-28 22:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-30 08:56 . 2009-08-30 08:53 -------- d-----w- c:\program files\Winamp
2009-08-29 10:57 . 2009-08-29 10:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-08-29 10:56 . 2009-08-29 10:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-08-28 22:50 . 2009-08-28 22:50 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-08-28 22:49 . 2009-08-28 22:49 -------- d-----w- c:\program files\OpenAL
2009-08-28 21:03 . 2009-08-28 21:03 -------- d-----w- c:\program files\Driver-Soft
2009-08-28 20:41 . 2009-08-28 20:41 -------- d-----w- c:\program files\microsoft frontpage
2009-08-28 20:38 . 2009-08-28 20:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-17 02:04 . 2009-08-17 02:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 02:04 . 2009-08-17 02:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-17 02:03 . 2009-08-17 02:03 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 02:03 . 2009-08-17 02:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 02:03 . 2009-08-17 02:03 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 02:03 . 2009-08-17 02:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 02:03 . 2009-08-17 02:03 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 02:03 . 2009-08-17 02:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 02:03 . 2009-08-17 02:03 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 02:03 . 2009-08-17 02:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-17 02:03 . 2009-08-17 02:03 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-17 02:03 . 2009-08-17 02:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-17 02:02 . 2009-08-17 02:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57 . 2009-08-16 23:57 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57 . 2009-08-16 23:57 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 23:57 . 2009-08-16 23:57 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 23:57 . 2009-08-16 23:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-08-16 23:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2009-08-16 23:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-08-16 23:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57 . 2009-08-16 23:57 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57 . 2009-08-16 23:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2009-08-16 23:57 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-06 17:48 . 2009-08-06 17:48 16384 ----a-w- c:\windows\system32\Msdirectx.exe
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 16:17 . 2009-07-14 16:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 16:17 . 2009-07-14 16:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-12 11:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2009-06-09 18:12 915456 ------w- c:\windows\system32\wininet.dll
2009-06-26 14:11 . 2009-06-09 18:11 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:41 . 2009-06-09 18:11 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:41 . 2009-06-09 18:10 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:41 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:41 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:41 . 2008-04-14 12:00 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 10:28 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 16:06 . 2009-06-17 16:06 65544 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-06-17 16:06 . 2009-06-17 16:06 14984 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-06-17 16:05 . 2009-06-17 16:05 31752 ----a-w- c:\windows\system32\drivers\WmHidLo.sys
2009-06-17 16:05 . 2009-06-17 16:05 35208 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-06-17 16:05 . 2009-06-17 16:05 22792 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-06-17 16:05 . 2009-06-17 16:05 255496 ----a-w- c:\windows\system32\WmJoyFrc.dll
2009-08-07 09:38 . 2009-09-07 22:14 44544 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-10_19.23.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-09 18:09 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2009-06-09 18:09 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-06-09 18:09 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-06-09 18:09 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-10 23:10 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-10 23:10 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-10 23:10 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LeverageService"=2 (0x2)
"idsvc"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"Delete Duplicate Files Scan on Schedule Service"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"NeroMediaHomeService.4"=2 (0x2)
"SeaPort"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Audio Engine Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\newsbin pro\\nbpro.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"h:\\arca 08\\ARCA.exe"=
"h:\\guitar hero\\ghaero\\Guitar Hero Aerosmith.exe"=
"h:\\guitar hero\\gh3\\GH3.exe"=
"h:\\Program Files\\Codemasters\\Ashes Cricket 2009\\Cricket2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"h:\\MotoGP URT 3\\motogp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11217:TCP"= 11217:TCP:BitComet 11217 TCP
"11217:UDP"= 11217:UDP:BitComet 11217 UDP
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15:47 731840]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 02:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 02:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 02:46 72728]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 02:46 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 02:46 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 02:46 72728]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [28/08/2009 23:50 79360]
S4 LeverageService;LeverageService;c:\program files\Pragmatic Solutions Inc\LeverageService\LeverageService.exe [31/08/2009 10:57 40960]
S4 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe [29/08/2008 21:43 427304]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.driver-soft.com/html/110862.html
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0is16g9a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newzbin.com/
FF - prefs.js: keyword.enabled - false
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 13:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-11 13:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 12:20
ComboFix2.txt 2009-09-10 20:34
ComboFix3.txt 2009-09-10 19:26
Pre-Run: 132,458,332,160 bytes free
Post-Run: 132,424,425,472 bytes free
343 --- E O F --- 2009-09-10 23:11
hijack this system scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:17, on 11/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.driver-so...tml/110862.html
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...15108/CTPID.cab
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3781 bytes
#20
Posted 11 September 2009 - 06:39 AM
Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan
Wait for the scan to finish - Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
How's the computer now?
#21
Posted 11 September 2009 - 06:51 AM
I cant thank you enough for what you have done upto now,you guys are doin a fantastic job and have my upmost respect and support.
Will my other drives be ok after this session is finished? or will we need to repeat for each drive singularly.
Is it ok to run software before the malware scan as I am an admin in a racing league and really need to be online tonight if possible,then i could run scan overnight when im asleep as i think its gonna take a couple of hours if previous scan are anything to go by.
Also EKRN.EXE keeps hogging 100% cpu for mins at a time altho i have no scans running or requested any to run,is this normal?
Wait a min,I see that hijackthis is still running would this cause the problem?
as after i closed hijackthis everything seems normal.
thx in advance
Kev Seal
Edited by kev seal, 11 September 2009 - 06:59 AM.
#22
Posted 11 September 2009 - 07:06 AM
Will my other drives be ok after this session is finished?
Err.. Which drives do you mean?.. How many hard drive in your PC? Or do you mean external hard drive?
Is it ok to run software before the malware scan as I am an admin in a racing league and really need to be online tonight if possible
Which racing league? May I join?
Just do the scan when you're not using the computer or when you're sleeping
Also EKRN.EXE keeps hogging 100% cpu for mins at a time altho i have no scans running or requested any to run,is this normal?
Erm.. not normal (unless if you set it to scan in the background)..
#23
Posted 11 September 2009 - 07:16 AM
All internal drives
D: 78gig IDE
E: 80gig IDE
F: 250 gig SATA
G: 150 gig SATA
H: 500gig SATA
Your more than welcome to join our racing league my friend,you need to have full licensed copy of ARCA-SIM Racing or full licensed copy of RFACTOR both can be bought online and downloaded.
Since closing hijackthis all has returned to normal.
Will scan tonight and post logs sometime tomorrow morning,have a good weekend my friend,i will stay logged onto Go to Geeks for a while to see if you require me to do anything else in the meantime
thx again
Kev Seal
Edited by kev seal, 11 September 2009 - 07:20 AM.
#24
Posted 11 September 2009 - 07:29 AM
D: 78gig IDE
E: 80gig IDE
F: 250 gig SATA
G: 150 gig SATA
H: 500gig SATA
I feel the scans will take a looooooooonnggg time.. So, do it at your very free time
Your more than welcome to join our racing league my friend,you need to have full licensed copy of ARCA-SIM Racing or full licensed copy of RFACTOR both can be bought online and downloaded.
Thank you.. Any link for more info?
#25
Posted 11 September 2009 - 08:09 AM
you can purchase copy here
http://www.thesimfac...shop/ASR08.html
once you have installed arca you will have access to online servers,you can find me there most days after 5pm gmt,name as in here is kev seal
I recommend you use a wheel although you can use joystick gamepad etc.
#26
Posted 11 September 2009 - 09:32 AM
#27
Posted 14 September 2009 - 10:30 AM
Malwarebytes' Anti-Malware 1.41
Database version: 2784
Windows 5.1.2600 Service Pack 3
9/12/2009 7:01:41 PM
mbam-log-2009-09-12 (19-01-41).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 471671
Time elapsed: 3 hour(s), 35 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\vsfocehsvngejl.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\vsfocesauufyqr.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F38BFD4C-9AB1-4982-8FF2-0952AF468314}\RP10\A0010007.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F38BFD4C-9AB1-4982-8FF2-0952AF468314}\RP10\A0010008.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
F:\Downloads\rfactor\UBMTrial.exe (Adware.EShoper) -> Quarantined and deleted successfully.
#28
Posted 14 September 2009 - 10:44 AM
#29
Posted 14 September 2009 - 10:45 AM
ok wont let me post results says post data is to long,so heres uploaded log
ok wont let post file either says its to big
posting with error and informative filters removed
F:\images\offc\0106\Power.Data.Recovery.v4.0.Cracked.PROPER-[bleep]WEB\[bleep]web1.zip » ZIP » power.data.recovery.v4.0-patch.exe - Win32/HackTool.Patcher.A potentially unsafe application - was a part of the deleted object
G:\newsbin\selected_reports_20090712-031500\alt.binaries.comp\Glary Utilities PRO v2.14.0.711 WinALL Regged-YPOGEiOS [Sponsored by www.astinews.de].rar » RAR » Glary Utilities PRO v2.14.0.711 WinALL Regged-YPOGEiOS\setup.exe - probably a variant of Win32/Injector.QJ trojan - was a part of the deleted object
H:\downloads\Nero-9.4.12.3d_free.exe » 7ZIP » unit_app_75/Toolbar.exe - Win32/Toolbar.AskSBar potentially unwanted application - was a part of the deleted object
H:\images\NERO9\nero9.iso » ISO » Toolbar.exe - Win32/Toolbar.AskSBar potentially unwanted application - was a part of the deleted object
H:\images\NERO9\nero9.iso » ISO » Toolbar.exe - Win32/Toolbar.AskSBar potentially unwanted application - was a part of the deleted object
H:\images\NERO9\nero9.iso » ISO » Toolbar.exe - Win32/Toolbar.AskSBar potentially unwanted application - was a part of the deleted object
H:\malwarefix progs\SmitfraudFix.exe » RAR » SmitfraudFix\Process.exe - Win32/PrcView potentially unsafe application - was a part of the deleted object
H:\malwarefix progs\SmitfraudFix.exe » RAR » SmitfraudFix\restart.exe - Win32/Shutdown.NAA potentially unsafe application - was a part of the deleted object
H:\newsbin\alt.binaries.warez\FTD#1024521 Total Video Converter v3.21.part1.rar » RAR » Total Video Converter v3.21 + Patch By ChattChitto\Effectmatrix Total Video Converter Patch.exe - a variant of Win32/HackTool.Patcher.A potentially unsafe application - was a part of the deleted object
H:\newsbin\E-Gadgets Delete Duplicate Files v3.6.0.1\cxa1824a.zip » ZIP » cxa1824a.rar » RAR » keygen\keygen.exe - probably a variant of Win32/Agent trojan - was a part of the deleted object
H:\newsbin\E-Gadgets Delete Duplicate Files v3.6.0.1\cxa1824a\cxa1824a.rar » RAR » keygen\keygen.exe - probably a variant of Win32/Agent trojan - was a part of the deleted object
#30
Posted 14 September 2009 - 10:48 AM
Please download OTC and save it to Desktop.
- Make sure you have internet connection..
- Double-click OTC
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes
Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos
Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware
Read these great info's about safe internet surfing..
http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm
Please reply to this thread once more and tell us about the computer behaviour before we can close this thread
Have a safe and happy computing day!
Regards
fenzodahl512
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users