|
How can I remove this virus? |
Post Reply 
|
Page <1234 5> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
vbdotnet 
Newbie 
Joined: 24 November 2009 Location: Nigeria Online Status: Offline Posts: 20 |
 Post Options
 Quote Reply
 Topic: How can I remove this virus?Posted: 07 December 2009 at 10:27pm |
|
Sir, I don't think I have any problem with your instructions. They are clear simply to follow, maybe I have not taken time to say thanks.
May I use this opportunity to say a very and laudable thanks to you and to your country! You have really helped me, with your speedy response, I get satisfied. To also others with did the contribution, God Bless! |
|
|
God is my strength
|
|
 |
|
|
vbdotnet
Newbie
Joined: 24 November 2009 Location: Nigeria Online Status: Offline Posts: 20 |
Post Options
Quote Reply
Posted: 07 December 2009 at 10:18pm |
|
I do see it in my flash and some places I think I shoudnt see it only when I discover that I have virus in system. Do you understand?
|
|
|
God is my strength
|
|
|
|
|
nullptr
Senior Member 
Joined: 06 April 2008 Location: Australia Online Status: Offline Posts: 553 |
Post Options
Quote Reply
Posted: 07 December 2009 at 12:32am |
|
vbdotnet,
RECYCLER is your recycle bin. It seems that you are having some problems following my instructions, so I'm rather hesitant to give you further detailed clean up instructions. I'd recommend that you try geeks to go for assistance with your problem. king regards nullptr Edited by nullptr - 07 December 2009 at 4:01am |
|
|
|
|
vbdotnet
Newbie
Joined: 24 November 2009 Location: Nigeria Online Status: Offline Posts: 20 |
Post Options
Quote Reply
Posted: 06 December 2009 at 11:53pm |
|
Any information on the virus that creates folder name "RECYCLER", but will be difficult to delete?
|
|
|
God is my strength
|
|
|
|
|
Spynet
Senior Member
Joined: 13 September 2007 Location: Iran Online Status: Offline Posts: 112 |
Post Options
Quote Reply
Posted: 06 December 2009 at 5:49pm |
|
please if anyone has a pattern of malware upload it somewhere and put it here .
thanks, @nullptr : I think formatting the disk is not a good solution, do you think the only way for this piece of sh*t is reinstalling the os and so forth !? ...  |
|
|
|
|
nullptr
Senior Member
Joined: 06 April 2008 Location: Australia Online Status: Offline Posts: 553 |
Post Options
Quote Reply
Posted: 06 December 2009 at 5:07pm |
|
What a mess...Sality, Vundo and friends
 . I'll think about it when I'm not so tired.**A disk format and reinstall would be the quickest way to fix things. |
|
|
|
|
vbdotnet
Newbie
Joined: 24 November 2009 Location: Nigeria Online Status: Offline Posts: 20 |
Post Options
Quote Reply
Posted: 06 December 2009 at 2:48am |
|
At the end which, anitvirus will I leave in my system;
MalewareByte, antira, kerpersky, Dr. web? |
|
|
God is my strength
|
|
|
|
|
vbdotnet
Newbie
Joined: 24 November 2009 Location: Nigeria Online Status: Offline Posts: 20 |
Post Options
Quote Reply
Posted: 06 December 2009 at 2:46am |
|
I have scanned with all the tools given to me, still those two errors kept on coming.
Below is re-run of combofix log file ComboFix 09-11-29.03 - Admin 12/06/2009 3:10.2.1 - x86 MINIMAL Running from: d:\sharing\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lsprst7.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr ((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 ))))))))))))))))))))))))))))))) . 2009-12-05 06:02 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\08435002.sys 2009-12-05 06:02 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\0843500.sys 2009-12-05 06:02 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\08435001.sys 2009-12-05 01:07 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\17095352.sys 2009-12-05 01:07 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\1709535.sys 2009-12-05 01:07 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\17095351.sys 2009-12-05 00:53 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\51230612.sys 2009-12-05 00:53 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\5123061.sys 2009-12-05 00:53 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\51230611.sys 2009-12-05 00:45 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\81783272.sys 2009-12-05 00:45 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\81783271.sys 2009-12-05 00:45 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\8178327.sys 2009-12-04 17:15 . 2009-12-04 17:15 1025 ----a-w- c:\windows\system32\sysprs7.dll 2009-12-03 09:52 . 2009-12-03 09:53 -------- d-----w- c:\program files\Driver Magician Lite 2009-12-02 00:33 . 2009-12-03 04:01 -------- d-----w- c:\program files\U0vd Security Corporation 2009-11-29 08:22 . 2009-11-29 10:01 -------- d-----w- C:\12c0dda9ad42024be4e409 2009-11-27 21:48 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-27 21:48 . 2009-12-05 02:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-27 21:48 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-27 20:24 . 2005-05-04 09:01 9472 ----a-w- c:\windows\system32\drivers\pwi_oflt.sys 2009-11-27 20:24 . 2005-05-04 09:01 45056 ----a-w- c:\windows\system32\pwi_wmcp.dll 2009-11-27 20:24 . 2005-05-04 09:01 69632 ----a-w- c:\windows\system32\drivers\pwi_serd.sys 2009-11-27 20:24 . 2005-05-04 09:01 6144 ----a-w- c:\windows\system32\drivers\pwi_cmnt.sys 2009-11-27 20:24 . 2005-05-04 09:01 6144 ----a-w- c:\windows\system32\drivers\pwi_cm.sys 2009-11-27 20:24 . 2005-05-04 09:00 89936 ----a-w- c:\windows\system32\drivers\pwi_mdm.sys 2009-11-27 20:24 . 2005-05-04 09:00 9200 ----a-w- c:\windows\system32\drivers\pwi_mdfl.sys 2009-11-27 20:24 . 2005-05-04 08:59 55344 ----a-w- c:\windows\system32\drivers\pwi_bus.sys 2009-11-27 20:24 . 2005-05-04 08:59 5776 ----a-w- c:\windows\system32\drivers\pwi_whnt.sys 2009-11-27 20:24 . 2005-05-04 08:59 5776 ----a-w- c:\windows\system32\drivers\pwi_wh.sys 2009-11-27 20:24 . 2005-05-04 08:55 163840 ----a-w- c:\windows\system32\pwi_ir32.dll 2009-11-24 07:24 . 2009-11-24 07:24 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2009-11-24 07:23 . 2009-11-24 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-24 03:23 . 2009-11-24 03:23 -------- d-----w- c:\documents and settings\Admin\DoctorWeb 2009-11-19 14:47 . 2009-11-19 14:47 25214 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe 2009-11-18 18:12 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-11-18 18:12 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-11-18 18:11 . 2001-08-17 13:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-11-18 18:11 . 2001-08-17 13:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-11-09 09:47 . 2009-11-09 09:47 -------- d-----w- c:\program files\Common Files\Crystal Decisions 2009-11-09 09:44 . 2009-11-09 09:59 -------- d-----w- c:\program files\Shop Suit 5.0 2009-11-09 09:44 . 2009-11-09 09:44 249856 ------w- c:\windows\Setup1.exe 2009-11-09 09:43 . 2009-11-09 09:43 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-11-07 16:10 . 2009-11-07 17:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2009-11-06 13:57 . 2009-12-02 00:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\AskToolbar 2009-11-06 12:46 . 2009-11-06 12:46 -------- d-----w- c:\program files\PC Sync Manager 2009-11-06 12:46 . 2009-11-06 12:46 -------- d-----w- c:\documents and settings\Admin\WINDOWS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-05 04:17 . 2004-08-04 12:00 11776 ----a-w- c:\windows\system32\rasautou.exe 2009-12-05 02:27 . 2004-08-04 12:00 337920 ----a-w- c:\windows\system32\zipfldr.dll 2009-12-05 02:26 . 2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe 2009-12-05 02:25 . 2004-08-04 12:00 146432 ----a-w- c:\windows\regedit.exe 2009-12-05 02:25 . 2009-11-04 13:55 -------- d-----w- c:\program files\Ask.com 2009-12-05 02:23 . 2009-09-30 11:20 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint 2009-12-05 02:23 . 2009-09-28 12:43 -------- d-----w- c:\program files\MTN F@stLink 2009-12-05 02:16 . 2009-09-27 07:36 -------- d-----w- c:\program files\DAP 2009-12-02 00:36 . 2009-09-27 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-27 20:04 . 2009-09-27 07:35 -------- d-----w- c:\program files\SQLyog 2009-11-27 19:25 . 2004-08-04 12:00 11776 ----a-w- c:\windows\system32\rasautou.exe.tmp 2009-11-27 11:48 . 2009-09-28 13:58 -------- d-----w- c:\program files\SMS Blast Tool 5.0 2009-11-19 14:53 . 2009-09-27 15:53 1680064 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll 2009-11-19 14:47 . 2009-09-27 07:32 -------- d-----w- c:\program files\MySQL 2009-11-17 11:57 . 2009-09-27 08:00 -------- d-----w- c:\program files\x-File Mobile Office 2009-11-05 23:08 . 2009-11-05 23:08 90126 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_B9EA0E323B008CB5CE27F9.exe 2009-11-05 23:08 . 2009-11-05 23:08 90126 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_4F4E2AAAAA169CFB807520.exe 2009-11-05 23:08 . 2009-11-05 23:08 195478 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_692BCBCBF8DD37598B246C.exe 2009-11-05 23:08 . 2009-11-05 23:08 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_D1D86C9F9485671EFA0DBE.exe 2009-11-05 23:08 . 2009-11-05 23:08 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_C8B6D36C6D92F019D25F1B.exe 2009-11-05 23:08 . 2009-11-05 23:08 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_93F413DB3A556686DEA0A8.exe 2009-11-05 23:08 . 2009-11-05 23:08 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_00407C5CF3B6F0F68F544C.exe 2009-11-05 23:08 . 2009-11-05 23:08 90126 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_3AE9B989883A75131B5702.exe 2009-11-05 23:08 . 2009-11-05 23:08 195478 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_A227290A159047BA6BAEBC.exe 2009-11-05 23:08 . 2009-11-05 23:08 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{22F14699-ECED-440D-B6C8-F801E27B880E}\_1D6B1037258C7B1F3D6E16.exe 2009-11-04 13:55 . 2009-11-04 13:55 -------- d-----w- c:\documents and settings\Admin\Application Data\GlobalSCAPE 2009-11-04 13:55 . 2009-11-04 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE 2009-11-04 13:54 . 2009-11-04 13:54 -------- d-----w- c:\program files\GlobalSCAPE 2009-11-04 13:54 . 2009-09-27 07:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-02 18:51 . 2009-09-30 11:15 -------- d-----w- c:\program files\ScannerU 2009-10-29 17:20 . 2009-10-29 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth 2009-10-29 17:11 . 2009-10-29 17:11 -------- d-----w- c:\program files\IVT Corporation 2009-10-28 03:00 . 2009-09-30 09:42 -------- d-----w- c:\program files\ESET 2009-10-28 02:43 . 2009-10-28 02:43 -------- d-----w- c:\program files\Conduit 2009-10-23 14:17 . 2009-10-23 14:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Smith Micro 2009-10-23 14:14 . 2009-10-23 14:14 -------- d-----w- c:\program files\Verizon Wireless 2009-10-19 16:18 . 2009-10-12 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-10-17 10:20 . 2009-09-30 11:27 -------- d-----w- c:\program files\VB Decompiler Lite 2009-10-15 15:12 . 2009-10-15 14:31 -------- d-----w- c:\documents and settings\Admin\Application Data\Yahoo! 2009-10-15 14:31 . 2009-10-15 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-10-12 16:35 . 2009-09-30 10:59 -------- d-----w- c:\documents and settings\Admin\Application Data\Tangible Software Solutions Inc 2009-10-12 16:29 . 2009-09-27 12:56 -------- d-----w- c:\program files\Yahoo! 2009-10-05 10:14 . 2009-09-27 06:59 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-09-30 07:42 . 2009-09-30 07:42 90126 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{5488E1C0-5E0D-41FF-A017-017412D18232}\_BCC5042D589DB555AF3F0F.exe 2009-09-30 07:42 . 2009-09-30 07:42 90126 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{5488E1C0-5E0D-41FF-A017-017412D18232}\_6FEFF9B68218417F98F549.exe 2009-09-30 07:42 . 2009-09-30 07:42 90126 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{5488E1C0-5E0D-41FF-A017-017412D18232}\_1371ECACC3D8B231DCC4AA.exe 2009-09-30 07:42 . 2009-09-30 07:42 25214 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{5488E1C0-5E0D-41FF-A017-017412D18232}\_C7BD60826E5C5AF933F16B.exe 2009-09-30 07:42 . 2009-09-30 07:42 25214 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{5488E1C0-5E0D-41FF-A017-017412D18232}\_47F3DCC19ED936629B32E2.exe 2009-09-27 17:13 . 2009-09-27 17:13 2678 ----a-w- c:\windows\java\Packages\Data\WPN1VRHJ.DAT 2009-09-27 17:13 . 2009-09-27 17:13 2678 ----a-w- c:\windows\java\Packages\Data\IS0PB9ND.DAT 2009-09-27 17:13 . 2009-09-27 17:13 2678 ----a-w- c:\windows\java\Packages\Data\TNDBZD33.DAT 2009-09-27 17:13 . 2009-09-27 17:13 2678 ----a-w- c:\windows\java\Packages\Data\CW13N7D3.DAT 2009-09-27 17:13 . 2009-09-27 17:13 2678 ----a-w- c:\windows\java\Packages\Data\2DB7LZ5B.DAT 2009-09-27 16:27 . 2009-09-27 13:30 315872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-27 15:54 . 2009-09-27 15:54 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll 2009-09-27 15:45 . 2009-09-27 08:07 68896 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-27 13:35 . 2009-09-27 13:35 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2009-09-27 12:59 . 2009-09-27 12:59 0 ----a-w- c:\windows\nsreg.dat 2009-09-27 07:36 . 2009-09-27 07:36 50688 ----a-w- c:\windows\system32\wbhelp2.dll 2009-09-27 06:56 . 2009-09-27 06:56 21640 ----a-w- c:\windows\system32\emptyregdb.dat . ------- Sigcheck ------- [-] 2009-12-05 . E3487C9BA13AF080CF5A8F1F6B980F33 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe [7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ctfmon.exe [7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe . ((((((((((((((((((((((((((((( SnapShot@2009-12-01_23.49.08 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-06 02:29 . 2009-12-06 02:29 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat + 2009-09-27 07:35 . 2009-12-03 08:47 25214 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70800000002}\SC_Reader.exe - 2009-09-27 07:35 . 2009-09-27 07:35 25214 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70800000002}\SC_Reader.exe - 2009-09-27 07:26 . 2009-09-27 07:26 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2009-09-27 07:26 . 2009-12-02 00:36 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2009-09-27 07:26 . 2009-09-27 07:26 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2009-09-27 07:26 . 2009-12-02 00:36 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2009-09-27 07:26 . 2009-09-27 07:26 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-09-27 07:26 . 2009-12-02 00:36 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-09-27 07:52 . 2009-12-06 02:29 229141 c:\windows\system32\inetsrv\MetaBase.bin - 2009-09-27 07:26 . 2009-09-27 07:26 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2009-09-27 07:26 . 2009-12-02 00:36 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2009-09-27 07:26 . 2009-09-27 07:26 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2009-09-27 07:26 . 2009-12-02 00:36 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2009-09-27 07:26 . 2009-09-27 07:26 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2009-09-27 07:26 . 2009-12-02 00:36 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2009-09-27 07:26 . 2009-09-27 07:26 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2009-09-27 07:26 . 2009-12-02 00:36 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2009-09-27 07:26 . 2009-12-02 00:36 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2009-09-27 07:26 . 2009-09-27 07:26 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2009-09-27 07:26 . 2009-12-02 00:36 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2009-09-27 07:26 . 2009-09-27 07:26 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2009-09-27 07:26 . 2009-09-27 07:26 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2009-09-27 07:26 . 2009-12-02 00:36 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2009-09-27 07:26 . 2009-12-02 00:36 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2009-09-27 07:26 . 2009-09-27 07:26 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2009-09-27 07:26 . 2009-09-27 07:26 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2009-09-27 07:26 . 2009-12-02 00:36 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2009-11-29 08:23 . 2009-12-05 04:18 10980776 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-05 1312080] c:\documents and settings\Admin\Start Menu\Programs\Startup\ setup_9.0.0.722_04.12.2009_05-35.lnk - c:\documents and settings\Admin\Desktop\Virus Removal Tool3\setup_9.0.0.722_04.12.2009_05-35\startup.exe [2009-12-5 72208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "d:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "d:\\sharing\\fight vitus\\filesa\\yk8f87yh.exe"= "c:\\Program Files\\Ask.com\\UpdateTask.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\MTN F@stLink\\MTN F@stLink.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"= R0 51230612;51230612 Boot Guard Driver;c:\windows\system32\drivers\51230612.sys [12/5/2009 1:53 AM 37392] R1 08435001;08435001;c:\windows\system32\drivers\08435001.sys [12/5/2009 7:02 AM 128016] R1 08435002;08435002 Boot Guard Driver;c:\windows\system32\drivers\08435002.sys [12/5/2009 7:02 AM 37392] R1 17095351;17095351;c:\windows\system32\drivers\17095351.sys [12/5/2009 2:07 AM 128016] R1 17095352;17095352 Boot Guard Driver;c:\windows\system32\drivers\17095352.sys [12/5/2009 2:07 AM 37392] R1 51230611;51230611;c:\windows\system32\drivers\51230611.sys [12/5/2009 1:53 AM 128016] R1 81783271;81783271;c:\windows\system32\drivers\81783271.sys [12/5/2009 1:45 AM 128016] R1 81783272;81783272 Boot Guard Driver;c:\windows\system32\drivers\81783272.sys [12/5/2009 1:45 AM 37392] R1 setup_9.0.0.722_04.12.2009_05-35drv;setup_9.0.0.722_04.12.2009_05-35drv;c:\windows\system32\drivers\0843500.sys [12/5/2009 7:02 AM 315408] R3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [11/27/2009 9:24 PM 55344] R3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [11/27/2009 9:24 PM 9200] R3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [11/27/2009 9:24 PM 89936] R3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [11/27/2009 9:24 PM 9472] R3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [11/27/2009 9:24 PM 69632] S3 GT680xNT;715 USB Scanner Driver;c:\windows\system32\drivers\Gt680x.sys [10/5/2009 11:36 AM 17376] . Contents of the 'Scheduled Tasks' folder 2009-12-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-07-10 02:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\prbg2ftw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1638664&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Smart PC Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1638664&SearchSource=2&q= FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\prbg2ftw.default\extensions\{e3aaf71e-b295-4156-ae11-777237a1db3c}\components\FFExternalAlert.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-VA - c:\program files\U0vd Security Corporation\VA.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-06 03:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3360) c:\windows\system32\browselc.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll c:\windows\system32\shdoclc.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\WinRAR\rarext.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\inetsrv\inetinfo.exe c:\program files\MySQL\MySQL Server 5.1\bin\mysqld-nt.exe c:\windows\System32\snmp.exe c:\windows\system32\wscntfy.exe c:\documents and settings\Admin\Desktop\Virus Removal Tool3\setup_9.0.0.722_04.12.2009_05-35\setup_9.0.0.722_04.12.2009_05-35.exe . ************************************************************************** . Completion time: 2009-12-06 03:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-06 02:42 ComboFix2.txt 2009-12-01 23:57 Pre-Run: 9,979,740,160 bytes free Post-Run: 9,976,901,632 bytes free - - End Of File - - 5F3B49806E3470FC535EDDC21477A84E |
|
|
God is my strength
|
|
|
|
|
nullptr
Senior Member
Joined: 06 April 2008 Location: Australia Online Status: Offline Posts: 553 |
Post Options
Quote Reply
Posted: 04 December 2009 at 3:19am |
|
Try this link.
|
|
|
|
|
vbdotnet
Newbie
Joined: 24 November 2009 Location: Nigeria Online Status: Offline Posts: 20 |
Post Options
Quote Reply
Posted: 04 December 2009 at 2:58am |
|
I have tried my best to download the kerpserky with the link given but it could not . It tell me connection time out.Please can you give me another link?
|
|
|
God is my strength
|
|
|
|
|
Post Reply
|
Page <1234 5> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
