Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 46

Thread: Virtumonde removal

  1. #31
    Member skybluelegend's Avatar
    Join Date
    Aug 2009
    Posts
    35

    Default

    problem sorted, I will post log as soon as it is finished

  2. #32
    Member skybluelegend's Avatar
    Join Date
    Aug 2009
    Posts
    35

    Default

    85 threats found, there was no option for a log just took me straight into purchase info.

  3. #33
    Member skybluelegend's Avatar
    Join Date
    Aug 2009
    Posts
    35

    Default Heres the log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=6
    # iexplore.exe=7.00.6000.16705 (vista_gdr.080618-1506)
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=3bda1fa8195f8b45bf8c184fe0db8245
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-08-10 07:37:22
    # local_time=2009-08-10 08:37:22 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=9
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=769 21 100 100 21318125000
    # scanned=61433
    # found=85
    # cleaned=85
    # scan_time=1523
    C:\Qoobox\Quarantine\C\WINDOWS\system32\daecefaddc.dll.vir Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\WINDOWS\system32\kdpini.dll.vir Win32/BHO.NKS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\quarantine\Av-test.txt.Vir Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\quarantine\Av-test.txt.Vir.0 Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\quarantine\Av-test.txt.Vir.1 Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP209\A0051285.sys probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP211\A0053523.exe Win32/TrojanDownloader.VB.NOY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP211\A0053539.exe a variant of Win32/TrojanDownloader.VB.NOY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP211\A0053553.exe Win32/TrojanDownloader.VB.NOY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP220\A0056025.sys probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP220\A0056066.dll Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP220\A0056067.dll Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP221\A0056111.dll Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP223\A0056238.rbf probably a variant of Win32/Adware.SpywareRemover.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP224\A0061631.dll Win32/BHO.NKS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP224\A0061846.dll Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP224\A0066256.dll a variant of Win32/Spy.Ambler trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCA0U9W3T.dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCA2JBWQK.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCA8ABUP3.dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCACIDI01.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCADUPT1W.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCAFTC6E2.dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCAZ91ZA3.dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[10].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[11].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[1].dll a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[2].dll a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[3].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[4].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[6].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[7].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[8].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[9].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\u570[1].ini a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[1].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[2].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[3].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[4].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[5].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[6].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[7].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[8].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[9].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\q[2].exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\q[3].exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\u888[1].exe a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\NewServer[1].dll a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\NewServer[2].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\NewServer[3].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\NewServer[4].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u167[1].ini a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u295[1].mp3 a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u437[1].nmp Win32/BHO.NNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u481[1].mp3 a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u674[1].ini Win32/BHO.NNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCA1AGKLI.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCA1T9V22.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCA51RL02.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCA6VDUMX.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCABW82FY.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCACT62EQ.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAD6HOU3.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAFL3HMS.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAFZCPPD.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAGRNEIX.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAHYHOKY.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAI8URNP.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAK0QAQ8.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAO3Q09S.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAS0VSZN.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAVUA0QJ.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAWNOUZT.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAY45DSU.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAYGXZ0J.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[10].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[11].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[1].dll a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[2].dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[3].dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[6].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[7].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[8].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[9].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\q[1].exe probably a variant of Win32/TrojanDownloader.Obfuscated trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

  4. #34
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Ok,

    Not to much to be worried about, lets clean out a few things.

    The files in Qoobox are what Combofix removed


    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.




    • When shown the disclaimer, Select "2"


    The above procedure will:
    • Delete the following:
      • ComboFix and its associated files and folders.
      • VundoFix backups, if present
      • The C:\Deckard folder, if present
      • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.





    You had bad files in the Windows System Restore program, lets flush that all out, it was going to be part of your final clean up.

    System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

    Turn off System Restore.

    • Right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore on all Drives.
    • Click Apply, and then click OK.


    Reboot your computer

    Turn ON System Restore.

    • Right-click My Computer.
    • ClickProperties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore on all Drives.
    • Click Apply, and then click OK.


    Create a new Restore Point <-- Very Important

    • Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point

    System Restore Tutorial <-- If you need it




    Open up Internet Explorer and go to Tools> Internet Options> General Tab and delete all temp files, cookies and browsing history.



    Then go to Start> Run and type in cleanmgr and have it remove all Temp Files and Temporary Internet Files.

    Close IE when done.



    Reboot your system and run ESET again and post the log please along with a new HJT log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #35
    Member skybluelegend's Avatar
    Join Date
    Aug 2009
    Posts
    35

    Default Eset log

    I don't know if this is the new log as there was only one saved to that area...

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=6
    # iexplore.exe=7.00.6000.16705 (vista_gdr.080618-1506)
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=3bda1fa8195f8b45bf8c184fe0db8245
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-08-10 07:37:22
    # local_time=2009-08-10 08:37:22 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=9
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=769 21 100 100 21318125000
    # scanned=61433
    # found=85
    # cleaned=85
    # scan_time=1523
    C:\Qoobox\Quarantine\C\WINDOWS\system32\daecefaddc.dll.vir Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\WINDOWS\system32\kdpini.dll.vir Win32/BHO.NKS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\quarantine\Av-test.txt.Vir Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\quarantine\Av-test.txt.Vir.0 Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\quarantine\Av-test.txt.Vir.1 Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP209\A0051285.sys probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP211\A0053523.exe Win32/TrojanDownloader.VB.NOY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP211\A0053539.exe a variant of Win32/TrojanDownloader.VB.NOY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP211\A0053553.exe Win32/TrojanDownloader.VB.NOY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP220\A0056025.sys probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP220\A0056066.dll Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP220\A0056067.dll Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP221\A0056111.dll Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP223\A0056238.rbf probably a variant of Win32/Adware.SpywareRemover.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP224\A0061631.dll Win32/BHO.NKS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP224\A0061846.dll Win32/Agent.BXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{5039AE2F-7CD7-4B8A-8F95-42A41EEFEACA}\RP224\A0066256.dll a variant of Win32/Spy.Ambler trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCA0U9W3T.dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCA2JBWQK.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCA8ABUP3.dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCACIDI01.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCADUPT1W.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCAFTC6E2.dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServerCAZ91ZA3.dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[10].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[11].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[1].dll a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[2].dll a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[3].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[4].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[6].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[7].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[8].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\NewServer[9].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9SK8VWX\u570[1].ini a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[1].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[2].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[3].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[4].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[5].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[6].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[7].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[8].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\NewServer[9].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\q[2].exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\q[3].exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KYHR1TUM\u888[1].exe a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\NewServer[1].dll a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\NewServer[2].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\NewServer[3].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\NewServer[4].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u167[1].ini a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u295[1].mp3 a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u437[1].nmp Win32/BHO.NNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u481[1].mp3 a variant of Win32/BHO.NSD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N1KUVA6P\u674[1].ini Win32/BHO.NNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCA1AGKLI.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCA1T9V22.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCA51RL02.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCA6VDUMX.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCABW82FY.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCACT62EQ.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAD6HOU3.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAFL3HMS.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAFZCPPD.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAGRNEIX.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAHYHOKY.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAI8URNP.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAK0QAQ8.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAO3Q09S.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAS0VSZN.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAVUA0QJ.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAWNOUZT.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAY45DSU.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServerCAYGXZ0J.dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[10].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[11].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[1].dll a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[2].dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[3].dll Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[6].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[7].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[8].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\NewServer[9].dll probably a variant of Win32/PSW.WOW.NDJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHWABQMN\q[1].exe probably a variant of Win32/TrojanDownloader.Obfuscated trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    esets_scanner_update returned -1 esets_gle=53251
    # version=6
    # iexplore.exe=7.00.6000.16705 (vista_gdr.080618-1506)
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=3bda1fa8195f8b45bf8c184fe0db8245
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-08-10 10:07:39
    # local_time=2009-08-10 11:07:39 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=9
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=769 21 100 100 15180937500
    # scanned=56062
    # found=0
    # cleaned=0
    # scan_time=1378

  6. #36
    Member skybluelegend's Avatar
    Join Date
    Aug 2009
    Posts
    35

    Default Hjt log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:10:36, on 10/08/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SMART Board Software\SMARTBoardService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SMART Board Software\SMARTBoardTools.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SMART Board Software\Aware.exe
    C:\Program Files\SMART Board Software\Marker.exe
    C:\DOCUME~1\alee\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = curric.cardinalwiseman.coventry.sch.uk
    O17 - HKLM\Software\..\Telephony: DomainName = curric.cardinalwiseman.coventry.sch.uk
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = curric.cardinalwiseman.coventry.sch.uk
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = curric.cardinalwiseman.coventry.sch.uk
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10451 bytes

  7. #37
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    The ESET log is same one you posted earlier. If you saved it to your desktop as per instructions, delete it , run the scan again and post the new log.

    Look though the instructions for saving the log and make sure you post the correct one
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #38
    Member skybluelegend's Avatar
    Join Date
    Aug 2009
    Posts
    35

    Default

    Hi Ken, ESET is currently scanning, after it finishes it just takes me away from the scan to the purchase page, where should the log be? Sorry for my lack of computer knowledge.

  9. #39
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not to worry, this stuff gets a bit confusing sometime.

    Try here, read the date on the log, it should be current
    C:\Program Files\EsetOnlineScanner\log.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #40
    Member skybluelegend's Avatar
    Join Date
    Aug 2009
    Posts
    35

    Default

    Whilst it is scanning may I ask; is it worth keeping the programmes/applications that you have previuosly told me to install such as TFC, rootrepeal and HJT for futur scenarios?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •