NecroFiendOG
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by NecroFiendOG
-
-
RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : phoenix [Admin rights]
Mode : Remove -- Date : 11/25/2012 11:27:11
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][NOTFOUND] HKCU\[...]\Run : BitTorrent (rundll32.exe C:\Users\phoenix\AppData\Local\BitTorrent\lnvgkvpz.dll,vlc_entry__1_0_0e) -> DELETED
[RUN][sUSP PATH] HKCU\[...]\Run : svñhîst (C:\Users\phoenix\AppData\Local\temp\cccccc.exe) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\phoenix\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg) -> REPLACED (C:\Users\phoenix\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-4196169661-3248010569-1916152541-1000\$e2bc573bd6af5595b63a310eacfe0b6a\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-4196169661-3248010569-1916152541-1000\$e2bc573bd6af5595b63a310eacfe0b6a\L --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAJS-65VWA0 ATA Device +++++
--- User ---
[MBR] e235f2ec69159c8bdf6821d07cb58a12
[bSP] c5b9dc4d4edaf6efac57e13321f2a738 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200AAJS-65VWA0 ATA Device +++++
--- User ---
[MBR] 542bb5ad18176a54948742d3d705a757
[bSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 295415 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 605011680 | Size: 9826 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_11252012_02d1127.txt >>
RKreport[1]_S_11252012_02d1125.txt ; RKreport[2]_D_11252012_02d1127.txt
-
Recently got my computer functional again after professional help to remove a virus & it seems that I'm right back where I started. Avira & Microsoft Security Essentials are blocked from running or updating by this virus & freshly updated MB didn't find anything. In the last 3 days I have been hit with: Win32/Pdfjsc.AEB, Win32/Sirefef!cfg, Win32/Kargany.E & Hiloti.F.
Below are my dds logs.
DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by phoenix at 19:37:49 on 2012-11-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1518.874 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate06112012
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [bitTorrent] rundll32.exe c:\users\phoenix\appdata\local\bittorrent\lnvgkvpz.dll,vlc_entry__1_0_0e
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [svñhîst] c:\users\phoenix\appdata\local\temp\cccccc.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{36937FF7-1F22-4576-8665-B5965D4D3BCC} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{E19F283A-040B-4D88-8320-26E6997DD217} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\itie7kdd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.rense.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-29 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-29 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-25 66616]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-22 21504]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-9-12 25760]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-1-22 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-1-22 251904]
S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-1-1 156928]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-11-7 913792]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-29 115168]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== Created Last 30 ================
.
2012-11-22 17:45:59 -------- d-----w- c:\users\phoenix\appdata\local\BitTorrent
2012-11-20 08:34:05 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-11-20 08:34:04 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{630d8651-2e29-45b5-a5b3-364de76112f2}\gapaengine.dll
2012-11-20 08:33:30 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-20 08:33:01 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{30afc8c1-f8df-4ebf-86f1-95e8d02af95f}\mpengine.dll
2012-11-08 02:54:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-08 02:29:33 21888 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-11-08 02:10:25 -------- d-----w- c:\users\phoenix\appdata\local\360Amigo
2012-11-08 02:10:18 -------- d-----w- c:\program files\360Amigo
2012-11-08 02:02:47 -------- d-----w- c:\programdata\IObit
2012-11-08 02:02:40 -------- d-----w- c:\users\phoenix\appdata\roaming\IObit
2012-11-08 02:02:27 -------- d-----w- c:\program files\IObit
2012-11-02 23:56:01 -------- d-----w- c:\programdata\mtgcijbuigdymhb
.
==================== Find3M ====================
.
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 19:38:49.41 ===============
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2007 9:43:00 AM
System Uptime: 11/24/2012 11:45:45 AM (8 hours ago)
.
Motherboard: Intel Corporation | | D101GGC
Processor: Intel® Celeron® D CPU 3.20GHz | | 3200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 13.906 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.32 GiB free.
E: is FIXED (NTFS) - 298 GiB total, 1.661 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Enhanced Multimedia PS/2 Keyboard
Device ID: ACPI\PNP0303\4&3348267E&0
Manufacturer: HP
Name: Enhanced Multimedia PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&3348267E&0
Service: i8042prt
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&3348267E&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&3348267E&0
Service: i8042prt
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
360Amigo System Speedup Free
AbiWord 2.6.8
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.0
Advanced SystemCare 5
Any Video Converter 3.2.7
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
AVI ReComp 1.5.5
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Content Transfer
Convergys Health Checker
CyberLink DVD Suite Deluxe
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Decrypter (Remove Only)
Enhanced Multimedia Keyboard Solution
ffdshow [rev 2583] [2009-01-05]
Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.2.1
Free Download Manager 2.5
Freecorder 5
GoldWave v5.55
Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS )
Haali Media Splitter
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
Java Auto Updater
Java 6 Update 26
Java 6 Update 3
Java SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.10.16.1
LightScribe Template Labeler
Logitech GamePanel Software 2.00
magicJack
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Miro
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Remix for Winamp
muvee autoProducer 6.1
My HP Games
NVIDIA Drivers
NWZ-E340 WALKMAN Guide
OpenOffice.org 2.3
Power2Go
PowerDirector
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Skype Click to Call
Skype™ 5.10
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Sothink Movie DVD Maker
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VideoLAN VLC media player 0.8.6e
VideoToolkit01
VirtualDJ Home FREE
VirtualDubMOD 1.5.10.3 US
VobSub 2.23
WeatherBug Gadget
Winamp
Windows Live installer
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 11.2
XEQ Winamp plugin (remove only)
Xvid 1.3.0
Xvid Video Codec
Yahoo! Detect
.
==== End Of File ===========================
-
While in safe mode I've downloaded & run several versions of the 'Rkill' program to terminate instances of the virus currently running before performing a full scan with MBAM.exe, although they terminate the instances of the virus they immediately pop back up before I can run the scan. I've updated & run the full scan numerous times (in safe & normal modes), but the virus is still there when I restart. What else can I do?
Here are the logs:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6666
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037
5/24/2011 4:42:14 PM
mbam-log-2011-05-24 (16-42-14).txt
Scan type: Quick scan
Objects scanned: 148325
Time elapsed: 2 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\phoenix\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\phoenix\AppData\Local\Temp\0.9188835689116667.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\programdata\34660112.exe (Trojan.Agent) -> Quarantined and deleted successfully.
mbam-log-2011-05-24 (19-09-46).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 320062
Time elapsed: 2 hour(s), 0 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\33742608.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6668
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037
5/24/2011 8:09:00 PM
mbam-log-2011-05-24 (20-09-00).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 323349
Time elapsed: 41 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\34529040.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6674
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037
5/25/2011 12:11:30 PM
mbam-log-2011-05-25 (12-11-30).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 323216
Time elapsed: 38 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NpLvkgdMCjJX (Trojan.FakeAlert) -> Value: NpLvkgdMCjJX -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\nplvkgdmcjjx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\phoenix\AppData\LocalLow\Sun\Java\deployment\cache\6.0\12\a51fecc-5ace1521 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Reoccuring infection
in Resolved Malware Removal Logs
Posted
Meant to only delete the bit torrent file, but Roguekiller deleted all of them.