Jump to content

Im Infected


Recommended Posts

I did a mbam quick scan found about 8 files infected then i tried full scan found more than 200 infected, tried avast antivirus found loads more after that i was finally able to run hijackthisI scanned and deleted the viruses found and ran hijack this log now im here just to confirm that i am actually clean and there are no more hidden surprises

Thank You

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:09:26, on 06/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DRIVESYS] C:\Windows\System32\bycool\winacces.exe

O4 - HKLM\..\Run: [uSBcillin] C:\WINDOWS\system32\USBcillin.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: save youtube video as mp3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O16 - DPF: {149e45d8-163e-4189-86fc-45022ab2b6c9} (SpinTop DRM Control) - file:///C:/Program%20Files/UNO%20-%20Undercover/Images/stg_drm.ocx

O16 - DPF: {8100d56a-5661-482c-bee8-afece305d968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {cc450d71-cc90-424c-8638-1f2dbac87a54} (ArmHelper Control) - file:///C:/Program%20Files/UNO%20-%20Undercover/Images/armhelper.ocx

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bandoo Coordinator (bandoo coordinator) - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Sony Ericsson OMSI download service (omsi download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--

End of file - 5946 bytes

Thank You so much.:)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

full scan found more than 200 infected
Post its log please.

Then, please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.41

Database version: 2917

Windows 5.1.2600 Service Pack 2

07/10/2009 07:43:10

mbam-log-2009-10-07 (07-43-10).txt

Scan type: Quick Scan

Objects scanned: 99083

Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

________________________________________________________________________________

_________________________

and heres the combofix

ComboFix 09-10-06.03 - Bijay 07/10/2009 7:51.4.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191.85 [GMT 1:00]

Running from: c:\documents and settings\Bijay\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Bijay\Local Settings\Application Data\{575D8F52-A73C-497A-B343-6FE5FCA2AB50}

c:\documents and settings\Bijay\Local Settings\Application Data\{575D8F52-A73C-497A-B343-6FE5FCA2AB50}\chrome.manifest

c:\documents and settings\Bijay\Local Settings\Application Data\{575D8F52-A73C-497A-B343-6FE5FCA2AB50}\chrome\content\_cfg.js

c:\documents and settings\Bijay\Local Settings\Application Data\{575D8F52-A73C-497A-B343-6FE5FCA2AB50}\chrome\content\overlay.xul

c:\documents and settings\Bijay\Local Settings\Application Data\{575D8F52-A73C-497A-B343-6FE5FCA2AB50}\install.rdf

.

((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))

.

2009-10-06 20:58 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-10-06 20:58 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-10-06 20:58 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-10-06 20:58 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-10-06 20:58 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-10-06 20:58 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-10-06 20:58 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-10-06 20:58 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-10-06 20:58 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-10-06 20:58 . 2009-10-06 20:58 -------- d-----w- c:\program files\Alwil Software

2009-10-03 23:46 . 2009-10-03 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2009-09-29 21:16 . 2009-10-06 22:00 -------- d-sh--w- c:\windows\system32\bycool

2009-09-29 21:16 . 2009-09-29 21:16 -------- d-sh--w- c:\windows\system32\f

2009-09-08 19:57 . 2009-10-06 19:15 -------- d-----w- c:\documents and settings\Bijay\Application Data\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-06 22:08 . 2009-08-30 12:47 -------- d-----w- c:\program files\Trend Micro

2009-10-06 20:41 . 2009-08-30 12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-29 18:03 . 2009-08-10 20:32 -------- d-----w- c:\program files\Call of Duty

2009-09-13 16:57 . 2009-05-17 09:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2009-09-11 17:19 . 2009-06-04 18:02 -------- d-----w- c:\program files\Opera 10 Beta

2009-09-10 13:54 . 2009-08-30 12:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 13:53 . 2009-08-30 12:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-05 19:25 . 2009-08-07 14:38 -------- d-----w- c:\documents and settings\Bijay\Application Data\dvdcss

2009-09-04 18:53 . 2009-09-04 11:57 -------- d-----w- c:\documents and settings\Bijay\Application Data\Nero

2009-09-04 12:29 . 2009-09-04 12:28 -------- d-----w- c:\program files\CyberLink

2009-09-04 12:28 . 2009-04-26 08:36 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-04 12:28 . 2009-06-13 15:02 -------- d-----w- c:\program files\Common Files\InstallShield

2009-09-04 11:51 . 2009-09-04 11:51 -------- d-----w- c:\program files\Windows Sidebar

2009-09-04 11:49 . 2009-09-04 11:27 -------- d-----w- c:\program files\Nero

2009-09-04 11:34 . 2009-09-04 11:26 -------- d-----w- c:\program files\Common Files\Nero

2009-09-04 11:31 . 2009-09-04 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-09-04 10:57 . 2009-04-19 06:11 42752 ----a-w- c:\documents and settings\Bijay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-04 10:35 . 2009-09-04 10:35 -------- d-----w- c:\program files\MSBuild

2009-09-04 10:35 . 2009-09-04 10:35 116456 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-09-04 10:28 . 2009-09-04 10:28 -------- d-----w- c:\program files\Reference Assemblies

2009-08-31 08:26 . 2009-05-28 10:39 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-08-31 08:25 . 2009-08-31 08:25 -------- d-----w- c:\program files\Java

2009-08-29 22:03 . 2009-08-29 22:03 -------- d-----w- c:\documents and settings\Bijay\Application Data\Malwarebytes

2009-08-29 22:02 . 2009-08-29 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-29 11:13 . 2009-04-19 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-29 10:39 . 2009-05-20 14:39 -------- d-----w- c:\documents and settings\Bijay\Application Data\MegauploadToolbar

2009-08-28 14:02 . 2009-04-19 20:36 -------- d-----w- c:\program files\CLE

2009-08-28 14:02 . 2009-04-26 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier

2009-08-28 10:56 . 2009-08-28 10:56 -------- d-----w- c:\program files\Burn4Free Toolbar

2009-08-28 10:56 . 2009-08-28 10:56 -------- d-----w- c:\program files\UNO - Undercover

2009-08-28 10:56 . 2009-05-14 18:12 -------- d-----w- c:\program files\Unity

2009-08-23 11:51 . 2009-04-27 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!

2009-08-19 21:08 . 2009-08-19 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

2009-08-16 10:05 . 2009-08-16 10:05 -------- d-----w- c:\program files\VS Revo Group

2009-08-11 13:13 . 2009-08-11 13:13 -------- d-----w- c:\documents and settings\Bijay\Application Data\UNOUndercover

2009-08-11 13:12 . 2009-08-11 13:12 -------- d-----w- c:\documents and settings\Bijay\Application Data\SpinTop

2009-08-10 20:39 . 2004-07-17 10:36 12528 ----a-w- c:\windows\system32\drivers\secdrv.sys

2009-08-10 20:24 . 2009-08-10 20:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

------- Sigcheck -------

[-] 2008-04-21 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-31 149280]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-02-16 49152]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoPrinters"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoPrinters"= 0 (0x0)

[HKLM\~\startupfolder\c:^documents and settings^bijay^start menu^programs^startup^rncsys32.exe]

path=c:\documents and settings\Bijay\Start Menu\Programs\Startup\rncsys32.exe

backup=c:\windows\pss\rncsys32.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/10/2009 21:58 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/10/2009 21:58 20560]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [19/08/2009 22:07 27632]

S2 omsi download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [19/08/2009 22:05 90112]

.

Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-706699826-725345543-1004Core.job

- c:\documents and settings\Bijay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-26 19:33]

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-706699826-725345543-1004UA.job

- c:\documents and settings\Bijay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-26 19:33]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: save youtube video as mp3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

FF - ProfilePath - c:\documents and settings\Bijay\Application Data\Mozilla\Firefox\Profiles\457ac5wk.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=

FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll

FF - plugin: c:\documents and settings\Bijay\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-DRIVESYS - c:\windows\System32\bycool\winacces.exe

HKLM-Run-USBcillin - c:\windows\system32\USBcillin.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-07 07:59

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-10-07 8:02

ComboFix-quarantined-files.txt 2009-10-07 07:01

ComboFix2.txt 2009-09-01 13:15

Pre-Run: 3,712,770,048 bytes free

Post-Run: 3,873,284,096 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=3,4,5,6

153

Link to post
Share on other sites

oops srry heres the full scan of mbam which found 200+ spyware etc

Malwarebytes' Anti-Malware 1.40

Database version: 2719

Windows 5.1.2600 Service Pack 2

06/10/2009 21:40:12

mbam-log-2009-10-06 (21-40-12).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 152495

Time elapsed: 45 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 211

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Bijay\My Documents\Downloads\DivX.Pro.v7.0.0.Incl.Keygen.FFF\Keymaker.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP16\A0000933.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP16\A0000951.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP16\A0000934.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP16\A0000941.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP16\A0000942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP16\A0000950.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP16\A0000959.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP16\A0000960.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0001020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0000982.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0000983.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0000990.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0000991.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0000998.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0000999.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0001008.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0001009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP17\A0001019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP18\A0001029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP18\A0001030.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP18\A0001038.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP18\A0001039.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP19\A0001097.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP19\A0001087.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP19\A0001088.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP19\A0001096.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP19\A0001110.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP19\A0001111.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001123.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001124.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001135.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001136.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001147.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001148.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001155.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001168.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001169.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001179.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP20\A0001180.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP21\A0001276.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP21\A0001277.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP21\A0001285.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP21\A0001286.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP21\A0001294.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP21\A0001295.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001322.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001323.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001336.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001378.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001379.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001394.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001395.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001409.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001410.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001425.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001335.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001426.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001435.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP22\A0001436.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0001449.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0001450.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0001458.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0001459.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0001468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0001469.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0001491.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0001492.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0002491.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0002492.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0002502.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP23\A0002503.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP24\A0002527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP24\A0002528.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP24\A0002539.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP24\A0002540.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP24\A0002548.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP24\A0002549.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP24\A0002561.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP24\A0002562.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003561.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003562.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003573.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003581.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003582.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003719.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003702.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003703.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003711.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003712.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP25\A0003720.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP26\A0003733.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP26\A0003734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP26\A0003757.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP26\A0003758.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP26\A0003765.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP26\A0003766.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP26\A0003773.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP26\A0003774.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003793.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003794.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003804.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003805.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003813.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003814.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003822.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003823.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003833.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP27\A0003834.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003844.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003845.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003853.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003854.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003874.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003886.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003887.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003912.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003913.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003919.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003920.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003927.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003928.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003938.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003939.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003947.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003948.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP28\A0003875.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP29\A0003970.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP29\A0003971.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP29\A0003979.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP29\A0003980.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP29\A0003986.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP29\A0003987.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP30\A0003994.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP30\A0003995.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP30\A0004001.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP30\A0004002.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP30\A0004008.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP30\A0004009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0004039.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0004040.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005039.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005053.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005054.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005063.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005064.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005089.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005090.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005102.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005108.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005109.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005040.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005117.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP31\A0005118.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0005134.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0005135.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0005142.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0005143.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0005150.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0005151.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006150.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006151.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006165.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006166.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006174.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006175.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006181.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006182.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006202.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006203.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006204.exe (Malware.Packer.Mew) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006206.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006207.exe (Malware.Packer.Mew) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006208.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP34\A0008306.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP34\A0008307.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0008319.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0008320.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0009319.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0009320.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0009338.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0009339.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0010338.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0010339.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0011338.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP35\A0011339.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP36\A0011347.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP36\A0011348.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP36\A0011362.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP36\A0011363.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP36\A0012362.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP36\A0012363.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP36\A0012382.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP36\A0012383.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP37\A0012397.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP37\A0012398.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP37\A0012408.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP37\A0012409.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP37\A0012417.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP37\A0012418.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP37\A0012426.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP37\A0012427.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

D:\copy.exe (Malware.Packer.Mew) -> Quarantined and deleted successfully.

D:\host.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

D:\Backup\Bijay\Downloads\DivX.Pro.v7.0.0.Incl.Keygen.FFF\Keymaker.exe (Malware.Packer) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006209.exe (Malware.Packer.Mew) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{B7C03CB2-DDC9-4DAC-A2AE-93B428D192DF}\RP32\A0006210.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites

oh yh and i scanned the pc with avast it said it would be beter if i did it in boot mode before the virus files opened so i did then it found lots of infected files in the system folder, so naturally i thought they were spywares and deleted them this was yesterday and i used the pc couple of times after that bt now i cant seem to start windows without using Safe Mode

Please Help Asap

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.41

Database version: 2944

Windows 5.1.2600 Service Pack 3

11/10/2009 23:11:08

mbam-log-2009-10-11 (23-11-08).txt

Scan type: Quick Scan

Objects scanned: 97452

Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

Before we continue, please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\dllcache\hwxkor.dll

c:\windows\system32\dllcache\hwxjpn.dll

c:\windows\system32\dllcache\hwxcht.dll

Post the results in your reply.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

File hwxkor.dll received on 2009.09.07 20:43:35 (UTC)

Current status: finished

Result: 0/41 (0.00%)

Compact

Print results Antivirus Version Last Update Result

a-squared 4.5.0.24 2009.09.07 -

AhnLab-V3 5.0.0.2 2009.09.07 -

AntiVir 7.9.1.12 2009.09.07 -

Antiy-AVL 2.0.3.7 2009.09.07 -

Authentium 5.1.2.4 2009.09.07 -

Avast 4.8.1351.0 2009.09.07 -

AVG 8.5.0.409 2009.09.07 -

BitDefender 7.2 2009.09.07 -

CAT-QuickHeal 10.00 2009.09.07 -

ClamAV 0.94.1 2009.09.07 -

Comodo 2210 2009.09.07 -

DrWeb 5.0.0.12182 2009.09.07 -

eSafe 7.0.17.0 2009.09.06 -

eTrust-Vet 31.6.6724 2009.09.07 -

F-Prot 4.5.1.85 2009.09.07 -

F-Secure 8.0.14470.0 2009.09.07 -

Fortinet 3.120.0.0 2009.09.07 -

GData 19 2009.09.07 -

Ikarus T3.1.1.72.0 2009.09.07 -

Jiangmin 11.0.800 2009.09.07 -

K7AntiVirus 7.10.837 2009.09.05 -

Kaspersky 7.0.0.125 2009.09.07 -

McAfee 5734 2009.09.07 -

McAfee+Artemis 5734 2009.09.07 -

McAfee-GW-Edition 6.8.5 2009.09.07 -

Microsoft 1.5005 2009.09.07 -

NOD32 4403 2009.09.07 -

Norman 6.01.09 2009.09.07 -

nProtect 2009.1.8.0 2009.09.07 -

Panda 10.0.2.2 2009.09.07 -

PCTools 4.4.2.0 2009.09.07 -

Prevx 3.0 2009.09.07 -

Rising 21.46.04.00 2009.09.07 -

Sophos 4.45.0 2009.09.07 -

Sunbelt 3.2.1858.2 2009.09.07 -

Symantec 1.4.4.12 2009.09.07 -

TheHacker 6.3.4.3.396 2009.09.04 -

TrendMicro 8.950.0.1094 2009.09.07 -

VBA32 3.12.10.10 2009.09.06 -

ViRobot 2009.9.7.1921 2009.09.07 -

VirusBuster 4.6.5.0 2009.09.07 -

Additional information

File size: 10129408 bytes

MD5 : 2a50d8ad12b16758df06e7c0848abf48

SHA1 : 57aa93ea6d39a4baa1f4cfbca8ee43a2284d67b7

SHA256: 349a5842b2cc94f667499d63631964405682f9857289089b02d8cfe01be8f091

TrID : File type identification

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

ssdeep: 98304:RseohyKK28mwEksj/2hjiNeq3HTa5f+4dVwVI37z5flqomeT6traboha3pOiJ:FGyKK2wEkUaGNza9+4kVILzjicJOi

PEiD : -

RDS : NSRL Reference Data Set

( Microsoft )

2261A: Supporting Users Running the Microsoft Windows XP Operating System: hwxkor.dll2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: hwxkor.dllImplementing and Supporting Microsoft Windows XP Professional: hwxkor.dllMicrosoft Security Resource Kit: hwxkor.dllMicrosoft TechNet Trial Software 2002 Volume 1: hwxkor.dllMicrosoft Windows XP Professional: hwxkor.dllMSDN Disc 2041: hwxkor.dllMSDN Disc 2307: hwxkor.dllMSDN Disc 2428.1: hwxkor.dllMSDN Disc 2428.2: hwxkor.dllMSDN Disc 2428.4: hwxkor.dllMSDN Disc 2428.5: hwxkor.dllMSDN Disc 2428.8: hwxkor.dllMSDN Disc 3264: hwxkor.dllMSDN Disc2428.3: hwxkor.dllOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: hwxkor.dllPlatforms SDKs/DDKs: hwxkor.dllPlatforms, SDK/DDK: hwxkor.dllPlatforms, SDK/DDK, Developer Tools: hwxkor.dllVirtual PC for Mac Windows XP Home Edition: hwxkor.dllVirtual PC for Mac Windows XP Professional Edition: hwxkor.dllWindows XP: hwxkor.dllWindows XP: hwxkor.dllWindows XP: hwxkor.dllWindows XP Home Edition: hwxkor.dllWindows XP Professional: hwxkor.dllWindows XP Professional: hwxkor.dllWindows XP Professional 2002 Service Pack 1: hwxkor.dllWindows XP Tablet PC Edition: hwxkor.dll

( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: hwxkor.dll

( Compaq )

Compaq Operating System CD: hwxkor.dll

( Dell )

Reinstallation CD Microsoft Windows XP Professional: hwxkor.dll

Link to post
Share on other sites

File HWXCHT.DLL received on 2009.07.10 22:18:49 (UTC)

Current status: finished

Result: 0/41 (0.00%)

Compact

Print results Antivirus Version Last Update Result

a-squared 4.5.0.18 2009.07.10 -

AhnLab-V3 5.0.0.2 2009.07.10 -

AntiVir 7.9.0.204 2009.07.10 -

Antiy-AVL 2.0.3.1 2009.07.10 -

Authentium 5.1.2.4 2009.07.10 -

Avast 4.8.1335.0 2009.07.10 -

AVG 8.5.0.387 2009.07.10 -

BitDefender 7.2 2009.07.10 -

CAT-QuickHeal 10.00 2009.07.10 -

ClamAV 0.94.1 2009.07.10 -

Comodo 1609 2009.07.11 -

DrWeb 5.0.0.12182 2009.07.10 -

eSafe 7.0.17.0 2009.07.09 -

eTrust-Vet 31.6.6608 2009.07.10 -

F-Prot 4.4.4.56 2009.07.10 -

F-Secure 8.0.14470.0 2009.07.10 -

Fortinet 3.120.0.0 2009.07.10 -

GData 19 2009.07.10 -

Ikarus T3.1.1.64.0 2009.07.10 -

Jiangmin 11.0.706 2009.07.09 -

K7AntiVirus 7.10.789 2009.07.10 -

Kaspersky 7.0.0.125 2009.07.10 -

McAfee 5672 2009.07.10 -

McAfee+Artemis 5672 2009.07.10 -

McAfee-GW-Edition 6.8.5 2009.07.10 -

Microsoft 1.4803 2009.07.11 -

NOD32 4232 2009.07.10 -

Norman 6.01.09 2009.07.10 -

nProtect 2009.1.8.0 2009.07.10 -

Panda 10.0.0.14 2009.07.10 -

PCTools 4.4.2.0 2009.07.10 -

Prevx 3.0 2009.07.11 -

Rising 21.37.44.00 2009.07.10 -

Sophos 4.43.0 2009.07.10 -

Sunbelt 3.2.1858.2 2009.07.10 -

Symantec 1.4.4.12 2009.07.10 -

TheHacker 6.3.4.3.363 2009.07.08 -

TrendMicro 8.950.0.1094 2009.07.10 -

VBA32 3.12.10.8 2009.07.10 -

ViRobot 2009.7.10.1829 2009.07.10 -

VirusBuster 4.6.5.0 2009.07.10 -

Additional information

File size: 10096640 bytes

MD5 : ae60e8f7a33e3527c2ead08c8a8a8953

SHA1 : dca036c94e522b451340fac80c391a23a4fb63a1

SHA256: d4e107c4143e8d589a91c20cfdc3ff842f7baa840241bf56c1f17ef6185313bf

ssdeep: 98304:SVMAHRhVV+m3Ae/AM96QCFHruimdK7tYNCVZ0f5DCfKUSR:3cQfc1DUqL15+fa

PEiD : Armadillo v1.xx - v2.xx

RDS : NSRL Reference Data Set

( Microsoft )

2261A: Supporting Users Running the Microsoft Windows XP Operating System: hwxcht.dll2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: hwxcht.dllImplementing and Supporting Microsoft Windows XP Professional: hwxcht.dllMicrosoft Security Resource Kit: hwxcht.dllMicrosoft TechNet Trial Software 2002 Volume 1: hwxcht.dllMicrosoft Windows XP Professional: hwxcht.dllMSDN Disc 2041: hwxcht.dllMSDN Disc 2307: hwxcht.dllMSDN Disc 2428.1: hwxcht.dllMSDN Disc 2428.2: hwxcht.dllMSDN Disc 2428.4: hwxcht.dllMSDN Disc 2428.5: hwxcht.dllMSDN Disc 2428.8: hwxcht.dllMSDN Disc 3264: hwxcht.dllMSDN Disc2428.3: hwxcht.dllOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: hwxcht.dllPlatforms SDKs/DDKs: hwxcht.dllPlatforms, SDK/DDK: hwxcht.dllPlatforms, SDK/DDK, Developer Tools: hwxcht.dllVirtual PC for Mac Windows XP Home Edition: hwxcht.dllVirtual PC for Mac Windows XP Professional Edition: hwxcht.dllWindows CE .NET Evaluation Software: hwxcht.dllWindows XP: hwxcht.dllWindows XP: hwxcht.dllWindows XP: hwxcht.dllWindows XP eMbedded Evaluation Software: hwxcht.dllWindows XP Home Edition: hwxcht.dllWindows XP Professional: hwxcht.dllWindows XP Professional: hwxcht.dllWindows XP Professional 2002 Service Pack 1: hwxcht.dllWindows XP Tablet PC Edition: hwxcht.dll

( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: hwxcht.dll

( Compaq )

Compaq Operating System CD: hwxcht.dll

( Dell )

Reinstallation CD Microsoft Windows XP Professional: hwxcht.dll

Link to post
Share on other sites

File hwxjpn.dll received on 2009.10.13 06:29:21 (UTC)

Current status: finished

Result: 0/41 (0%)

Compact

Print results Antivirus Version Last Update Result

a-squared 4.5.0.41 2009.10.13 -

AhnLab-V3 5.0.0.2 2009.10.13 -

AntiVir 7.9.1.35 2009.10.12 -

Antiy-AVL 2.0.3.7 2009.10.13 -

Authentium 5.1.2.4 2009.10.13 -

Avast 4.8.1351.0 2009.10.13 -

AVG 8.5.0.420 2009.10.12 -

BitDefender 7.2 2009.10.13 -

CAT-QuickHeal 10.00 2009.10.12 -

ClamAV 0.94.1 2009.10.12 -

Comodo 2591 2009.10.13 -

DrWeb 5.0.0.12182 2009.10.13 -

eSafe 7.0.17.0 2009.10.12 -

eTrust-Vet 35.1.7064 2009.10.12 -

F-Prot 4.5.1.85 2009.10.13 -

F-Secure 8.0.14470.0 2009.10.13 -

Fortinet 3.120.0.0 2009.10.13 -

GData 19 2009.10.13 -

Ikarus T3.1.1.72.0 2009.10.13 -

Jiangmin 11.0.800 2009.10.08 -

K7AntiVirus 7.10.868 2009.10.12 -

Kaspersky 7.0.0.125 2009.10.13 -

McAfee 5769 2009.10.12 -

McAfee+Artemis 5769 2009.10.12 -

McAfee-GW-Edition 6.8.5 2009.10.13 -

Microsoft 1.5101 2009.10.13 -

NOD32 4501 2009.10.12 -

Norman 6.01.09 2009.10.12 -

nProtect 2009.1.8.0 2009.10.13 -

Panda 10.0.2.2 2009.10.12 -

PCTools 4.4.2.0 2009.10.12 -

Prevx 3.0 2009.10.13 -

Rising 21.51.10.00 2009.10.13 -

Sophos 4.45.0 2009.10.13 -

Sunbelt 3.2.1858.2 2009.10.13 -

Symantec 1.4.4.12 2009.10.13 -

TheHacker 6.5.0.2.040 2009.10.13 -

TrendMicro 8.950.0.1094 2009.10.13 -

VBA32 3.12.10.11 2009.10.12 -

ViRobot 2009.10.13.1981 2009.10.13 -

VirusBuster 4.6.5.0 2009.10.12 -

Additional information

File size: 13463552 bytes

MD5...: 208b369d5e40d6d73c81252b0d73411e

SHA1..: 39e56bb19d0e0d0cc4c562db451a640fd4bbb272

SHA256: b576817ea21cc813ae9f28860c633ee43209b09c69904496edc898586b43e139

ssdeep: 196608:7Wa6HYQI91a2lszvJCZX7N7YqMwe7xAqwsJ:7IHma2laJCZmqMwe7qqV

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

Link to post
Share on other sites

Scanning Report

Tuesday, October 13, 2009 16:06:36 - 17:38:17

Computer name: BIJAY-7ED3AC63B

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\

--------------------------------------------------------------------------------

14 malware found

TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Advertising (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Adtech (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Adrevolver (spyware)

System (Disinfected)

TrackingCookie.Adbrite (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Mediaplex (spyware)

System (Disinfected)

TrackingCookie.Statcounter (spyware)

System (Disinfected)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Trojan.Generic.1455173 (virus)

C:\WINDOWS\SYSTEM32\BYCOOL\COMPILATEUR_AUTO.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 48396

System: 2889

Not scanned: 7

Actions:

Disinfected: 13

Renamed: 1

Deleted: 0

Not cleaned: 0

Submitted: 1

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

--------------------------------------------------------------------------------

Copyright

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

``````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Java 6 Update 16

Adobe Flash Player 10

Adobe Reader 9.1

``````````````````````````````

Process Check:

objlist.exe by Laurent

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

Ok While Im using the pc everything works fine and good...I turn it Off...Turn it On....System Tries To Load as it normally Does Then Suddenly a blue screen appears with some stuff written on it for less than half a second then kaboom computer restarts and goes to F8 function where im given a choice how to run windows afe mode...with networking...last known configuration...normally Lask known configuration fixes it sometimes bt the other time the pc refuses to boot.

Link to post
Share on other sites

  • Staff

Hi,

Do you have your Windows XP CD?

Boot into Windows, then get Windows XP Service Pack 3. Service Pack 2, which is what you currently have, has vulnerabilities that leave you wide open for re-infection. To upgrade, please visit Windows Update and download all critical updates. It will also update all of your system files and hopefully prevent the boot issue.

Let me know if the update was successful.

-screen317

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.