smitfraud issue, wont delete

[lavilev]

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\LaviLev\AppData\Local\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 moved successfully.
C:\ProgramData\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LaviLev
->Temp folder emptied: 62981 bytes
->Temporary Internet Files folder emptied: 118071 bytes
->Java cache emptied: 9093 bytes
->FireFox cache emptied: 1095783937 bytes
->Google Chrome cache emptied: 6910424 bytes
->Flash cache emptied: 146702 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 7829026 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19235508 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,078.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.35.1 log created on 03072012_214433

Files\Folders moved on Reboot...
C:\Users\LaviLev\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

--------------------------------------------------------------------


C:\Program Files (x86)\Registry Winner\Update.exe.bak Win32/Adware.RegistryWinner application
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\Users\LaviLev\Downloads\cnet_coretemp_coretemp_publisher_4645575_CNET_exe.exe a variant of Win32/InstallCore.D application
C:\Users\LaviLev\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application
D:\Photoshop CS4\Adobe.Keygen.And.Patch\Any Product Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
D:\Registry.Winner.v6.3.8.26.Multilingual.Incl.Keymaker-CORE\RegistryWinner_Setup.exe multiple threats
D:\Xilisoft iPhone Magic v3.3+Crack [ kk ]\Xilisoft iPhone Magic v3.3+Crack [ kk ]\x-iphone-magic.exe Win32/Toolbar.Zugo application

[oldman960]

Hi lavilev,

Cracks-Keygens-Warez-Pirate

We do not support the use of illegally obtained software. The 'cracker' has broken the 'End User License Agreement' (EULA) of the product.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations.

Thank you for your understanding.

http://forums.spybot.info/faq.php?fa...b3_board_usage

D:\Photoshop CS4\Adobe.Keygen.And.Patch\Any Product Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
D:\Registry.Winner.v6.3.8.26.Multilingual.Incl.Keymaker-CORE\RegistryWinner_Setup.exe multiple threats
D:\Xilisoft iPhone Magic v3.3+Crack [ kk ]\Xilisoft iPhone Magic v3.3+Crack [ kk ]\x-iphone-magic.exe Win32/Toolbar.Zugo application

The ESET log shows evidence of cracked programs. In order for me to continue helping please uninstall the following:

Registry Winner 6.3
Xilisoft iPhone Magic


µTorrent
You have µTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the program itself that is the problem but what can be downloaded with it usually from an unknown source. This is probably the source of the cracks and your current situation.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx

http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Please Download CKScanner by askey127 from HERE & save it to your Desktop.

• Doubleclick (Right click and "Run as administrator" in Vista/Win7) CKScanner.exe then click "Search For Files"
• When the cursor hourglass disappears, click "Save List To File"
• A message box will verify the file saved
• please only run the tool once
• Double-click the "CKFiles.txt" icon on your desktop then copy/paste the contents in your next reply

[lavilev]

programs uninstalled and folders of origin program "D: drive" deleted and removed!

----------------------------------------------------------

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.SNNAIJ
----- EOF -----

[oldman960]

Hi lavilev,

Thank you.

The rest of the ESET detections are Spybot's quarantined files and files we have quarantined with the tools. The ones we have quarantined will be removed along with the tools.


Everything looks good so if no problems we'll remove the tools.

From your desktop, please delete, if present

• any notepads/logs that we created
• DDS.scr
• aswMBR
• mbr.dat
• mbr.zip
• TDSSKiller
  
  

You can also delete this folder C:\TDSSKiller_Quarantine



Next

Click the Start button,in the search box type Run. At the top click run

Copy and paste the following line into the run box and click OK

Combofix /uninstall



Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.


Updates

Adobe Reader

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources. If you choose FoxIt be sure to decline the Foxit Toolbar offered during the install.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9.5.0 MUI first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware, IMO)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.


- Make sure you have reset Automatic Updates to your chosen option Click your start button > Control Panel > System and Security > Windows Updates > change settings


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE


Please post back if you have any problems.

[lavilev]

thank you sir! all good! I truly appreciate your assistance!

[oldman960]

Hi lavilev,

Glad I could help.

Take care, keep safe.

[oldman960]

Since this issue appears to be resolved ... this Topic has been closed.