1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active kaspersky won't get rid of this

Discussion in 'Malware and Virus Removal Archive' started by shardtard, 2009/05/10.

  1. 2009/05/10
    shardtard

    shardtard Inactive Thread Starter

    Joined:
    2008/04/30
    Messages:
    10
    Likes Received:
    0
    [Active] kaspersky won't get rid of this

    When kaspersky does it's start up scan it keeps detecting this:
    E:\WINDOWS\system32\zxtabmwm.dll
    It says it will delete on reboot but it keeps detecting this same file.

    Logs:
    dds.txt

    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Buddha at 4:12:44.51 on Sun 05/10/2009
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1424 [GMT -4:00]

    AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost -k DcomLaunch
    E:\WINDOWS\system32\svchost -k rpcss
    E:\WINDOWS\System32\svchost.exe -k netsvcs
    E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost.exe -k NetworkService
    E:\WINDOWS\system32\svchost.exe -k LocalService
    E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    E:\WINDOWS\system32\Rundll32.exe
    E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    E:\Program Files\Java\jre6\bin\jusched.exe
    E:\WINDOWS\System32\DLA\DLACTRLW.EXE
    E:\WINDOWS\system32\rundll32.exe
    E:\Program Files\Microsoft IntelliPoint\ipoint.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\DAEMON Tools Lite\daemon.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    E:\WINDOWS\system32\svchost.exe -k bthsvcs
    E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    E:\Program Files\Java\jre6\bin\jqs.exe
    E:\WINDOWS\system32\svchost.exe -k imgsvc
    E:\WINDOWS\System32\alg.exe
    E:\WINDOWS\system32\wscntfy.exe
    E:\WINDOWS\System32\svchost.exe -k HTTPFilter
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Documents and Settings\Buddha\Desktop\dds.scr
    E:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearchAssistant = hxxp://www.google.com
    BHO: {50905937-40b0-4c9b-9767-bb96a8b76122} - e:\windows\system32\zxtabmwm.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - e:\windows\system32\dla\DLASHX_W.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program files\java\jre6\bin\ssv.dll
    BHO: : {81ea1cfa-9ba3-4bf4-a74a-aa206172f819} - e:\windows\system32\xhxolvb.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - e:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
    uRun: [EPSON Stylus CX8400 Series] e:\windows\system32\spool\drivers\w32x86\3\e_faticea.exe /fu "e:\windows\temp\E_S85.tmp" /EF "HKCU "
    uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
    uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\daemon.exe" -autorun
    mRun: [CTSysVol] e:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [UpdReg] e:\windows\UpdReg.EXE
    mRun: [AVP] "e:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe "
    mRun: [CTXFIREG] CTxfiReg.exe
    mRun: [ISUSPM Startup] e:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "e:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe "
    mRun: [DLA] e:\windows\system32\dla\DLACTRLW.EXE
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [IntelliPoint] "e:\program files\microsoft intellipoint\ipoint.exe "
    mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    StartupFolder: e:\docume~1\buddha\startm~1\programs\startup\buddha.lnk - e:\documents and settings\buddha\application data\realtime soft\ultramon\3.0.2\profiles\buddha\Buddha.umprofile
    uPolicies-explorer: NoSMMyDocs = 01000000
    uPolicies-explorer: NoSMMyPictures = 01000000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - e:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: klogon - e:\windows\system32\klogon.dll
    Notify: qhaaxcls - xhxolvb.dll
    AppInit_DLLs: karna.dat
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    ================= FIREFOX ===================

    FF - ProfilePath - e:\docume~1\buddha\applic~1\mozilla\firefox\profiles\ny3cqpor.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
    FF - plugin: e:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
    FF - plugin: e:\program files\mozilla firefox\plugins\npampx3.0.84.2.dll
    FF - plugin: e:\program files\mozilla firefox\plugins\NPAskSBr.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R0 kl1;Kl1;e:\windows\system32\drivers\kl1.sys [2007-10-31 112144]
    R1 klif;Klif;e:\windows\system32\drivers\klif.sys [2007-12-19 195344]
    R2 aawservice;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
    R2 AVP;Kaspersky Anti-Virus 7.0;e:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2007-12-18 227856]
    R2 vunkbmyl;Volume Manager Support;e:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;e:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
    S3 LycoFltr;Lycosa Keyboard;e:\windows\system32\drivers\lycosa.sys --> e:\windows\system32\drivers\Lycosa.sys [?]
    S3 mamotou;mamotou;e:\windows\system32\drivers\mamotou.sys [2008-7-13 49377]
    S3 motccgp;Motorola USB Composite Device Driver;e:\windows\system32\drivers\motccgp.sys [2009-4-23 18688]
    S3 motccgpfl;MotCcgpFlService;e:\windows\system32\drivers\motccgpfl.sys [2009-4-23 8320]
    S3 MotDev;Motorola Inc. USB Device;e:\windows\system32\drivers\motodrv.sys [2008-7-13 42112]
    S3 UltraMonMirror;UltraMonMirror;e:\windows\system32\drivers\ultramonmirror.sys --> e:\windows\system32\drivers\UltraMonMirror.sys [?]

    ============== File Associations ===============

    scrfile= "%1" %*

    =============== Created Last 30 ================

    2009-05-02 16:51 <DIR> --d----- E:\thewire1
    2009-05-02 16:43 <DIR> --d----- e:\program files\DVDFab 5
    2009-04-30 11:20 <DIR> --d----- e:\program files\Bethesda Softworks
    2009-04-29 15:29 <DIR> --d----- e:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
    2009-04-29 15:29 <DIR> --d----- e:\program files\DAEMON Tools Toolbar
    2009-04-29 15:29 <DIR> --d----- e:\program files\DAEMON Tools Lite
    2009-04-29 15:29 <DIR> --d----- e:\docume~1\buddha\applic~1\DAEMON Tools Lite
    2009-04-29 15:17 <DIR> --d----- e:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
    2009-04-29 15:17 <DIR> --d----- e:\program files\DAEMON Tools Pro
    2009-04-29 15:14 <DIR> --d----- e:\docume~1\buddha\applic~1\DAEMON Tools Pro
    2009-04-28 18:51 <DIR> --d----- E:\mp3
    2009-04-24 12:46 139,264 a------- e:\windows\War3Unin.exe
    2009-04-24 12:46 77,655 a------- e:\windows\War3Unin.dat
    2009-04-24 12:46 2,829 a------- e:\windows\War3Unin.pif
    2009-04-23 03:44 18,688 a------- e:\windows\system32\drivers\motccgp.sys
    2009-04-23 03:44 8,320 a------- e:\windows\system32\drivers\motccgpfl.sys
    2009-04-18 18:20 <DIR> --d----- e:\program files\common files\DivX Shared

    ==================== Find3M ====================

    2009-05-10 04:12 961,056 a--sh--- e:\windows\system32\drivers\fidbox2.dat
    2009-05-10 04:10 18,101,024 a--sh--- e:\windows\system32\drivers\fidbox.dat
    2009-05-10 04:06 245,516 a--sh--- e:\windows\system32\drivers\fidbox.idx
    2009-05-10 04:06 93,212 a--sh--- e:\windows\system32\drivers\fidbox2.idx
    2009-04-29 15:14 721,904 a------- e:\windows\system32\drivers\sptd.sys
    2009-04-17 17:14 101,287 a------- e:\windows\system32\drivers\klin.dat
    2009-04-17 17:14 89,601 a------- e:\windows\system32\drivers\klick.dat
    2009-04-06 15:32 38,496 a------- e:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 15:32 15,504 a------- e:\windows\system32\drivers\mbam.sys
    2009-04-05 18:27 107,888 a------- e:\windows\system32\CmdLineExt.dll
    2009-03-17 21:05 593,920 -------- e:\windows\system32\ati2sgag.exe
    2009-03-16 17:33 3,597,312 a------- e:\windows\system32\drivers\ati2mtag.sys
    2009-03-16 16:27 442,368 a------- e:\windows\system32\ATIDEMGX.dll
    2009-03-16 16:26 328,704 a------- e:\windows\system32\ati2dvag.dll
    2009-03-16 16:17 307,200 a------- e:\windows\system32\atiiiexx.dll
    2009-03-16 16:17 204,800 a------- e:\windows\system32\atipdlxx.dll
    2009-03-16 16:16 155,648 a------- e:\windows\system32\Oemdspif.dll
    2009-03-16 16:16 26,112 a------- e:\windows\system32\Ati2mdxx.exe
    2009-03-16 16:16 43,520 a------- e:\windows\system32\ati2edxx.dll
    2009-03-16 16:16 155,648 a------- e:\windows\system32\ati2evxx.dll
    2009-03-16 16:15 602,112 a------- e:\windows\system32\ati2evxx.exe
    2009-03-16 16:13 53,248 a------- e:\windows\system32\ATIDDC.DLL
    2009-03-16 16:06 3,820,736 a------- e:\windows\system32\ati3duag.dll
    2009-03-16 16:04 11,563,008 a------- e:\windows\system32\atioglxx.dll
    2009-03-16 15:53 2,675,328 a------- e:\windows\system32\ativvaxx.dll
    2009-03-16 15:40 49,664 a------- e:\windows\system32\atimpc32.dll
    2009-03-16 15:40 49,664 a------- e:\windows\system32\amdpcom32.dll
    2009-03-16 15:36 475,136 a------- e:\windows\system32\atikvmag.dll
    2009-03-16 15:35 303,104 a------- e:\windows\system32\atiok3x2.dll
    2009-03-16 15:35 131,072 a------- e:\windows\system32\atiadlxx.dll
    2009-03-16 15:35 45,056 a------- e:\windows\system32\aticalrt.dll
    2009-03-16 15:34 45,056 a------- e:\windows\system32\aticalcl.dll
    2009-03-16 15:34 17,408 a------- e:\windows\system32\atitvo32.dll
    2009-03-16 15:34 53,248 a------- e:\windows\system32\drivers\ati2erec.dll
    2009-03-16 15:33 3,264,512 a------- e:\windows\system32\aticaldd.dll
    2009-03-16 15:28 630,784 a------- e:\windows\system32\ati2cqag.dll
    2009-03-03 15:56 118,784 a------- e:\windows\system32\atibtmon.exe
    2009-02-24 15:34 90,112 a------- e:\windows\system32\dpl100.dll
    2009-02-24 15:34 823,296 a------- e:\windows\system32\divx_xx0c.dll
    2009-02-24 15:34 823,296 a------- e:\windows\system32\divx_xx07.dll
    2009-02-24 15:34 815,104 a------- e:\windows\system32\divx_xx0a.dll
    2009-02-24 15:34 802,816 a------- e:\windows\system32\divx_xx11.dll
    2009-02-24 15:34 684,032 a------- e:\windows\system32\DivX.dll
    2009-02-23 17:39 184,394 a------- e:\windows\system32\atiicdxx.dat
    2009-02-18 13:55 294,912 a------- e:\windows\system32\ATIODE.exe
    2008-06-25 01:17 22,328 a------- e:\docume~1\buddha\applic~1\PnkBstrK.sys
    2008-05-25 06:11 87,608 a------- e:\docume~1\buddha\applic~1\inst.exe
    2008-05-25 06:11 47,360 a------- e:\docume~1\buddha\applic~1\pcouffin.sys

    ============= FINISH: 4:13:34.34 ===============

    attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/24/2008 11:54:30 AM
    System Uptime: 5/10/2009 4:07:05 AM (0 hours ago)

    Motherboard: ASUSTek Computer INC. | | NAOS
    Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 49 GiB total, 5.297 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 1.417 GiB free.
    E: is FIXED (NTFS) - 140 GiB total, 11.624 GiB free.
    F: is CDROM ()
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Other PCI Bridge Device
    Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_2A45103C&REV_A3\3&2411E6FE&0&A0
    Manufacturer:
    Name: Other PCI Bridge Device
    PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_2A45103C&REV_A3\3&2411E6FE&0&A0
    Service:

    ==== System Restore Points ===================

    RP1: 5/10/2009 4:08:29 AM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    3D Windows XP Screen Saver
    530TX+
    AAC Decoder
    Ad-Aware
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.8
    ASIO4ALL
    Ask Toolbar
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI HYDRAVISION
    ATI Parental Control & Encoder
    ATI Problem Report Wizard
    AutoUpdate
    AVIVO Codecs
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    CDex extraction audio
    Chessmaster 10th Edition
    City Life
    Collab
    Command & Conquerâ„¢ Red Alertâ„¢ 3
    ConvertXtoDVD 2.2.3.258
    Creative EAX Console
    Creative EAX Settings
    Creative Software AutoUpdate
    Creative Speaker Settings
    Creative System Information
    D-Link PCI Fast Ethernet Adapter
    DAEMON Tools Toolbar
    DC++ 0.707
    Device Control
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0
    EPSON Printer Software
    FEAR
    FL Studio 8
    GameSpy Comrade
    GIMP 2.6.3
    Google Earth
    Google Updater
    GTK+ Runtime 2.12.8 rev a (remove only)
    H.264 Decoder
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    HijackThis 2.0.2
    Hotfix for Windows XP (KB952287)
    Iceows V4.20b
    IL Download Manager
    Java(TM) 6 Update 11
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    Kaspersky Anti-Virus 7.0
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft IntelliPoint 6.1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Reader
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MKV Splitter
    Motorola Software Update
    Mozilla Firefox (3.0.10)
    MSXML 4.0 SP2 (KB936181)
    Oblivion
    OpenOffice.org Installer 1.0
    PHP 5.2.6
    Pidgin
    PoiZone
    Portal
    PowerISO
    Real Alternative 1.9.0
    Roxio Audio Module
    Roxio Copy Module
    Roxio Data Module
    Roxio DLA
    Roxio MyDVD Plus
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Skins
    Sound Blaster Audigy
    Spybot - Search & Destroy
    Steam
    Team Fortress 2
    Toxic Biohazard
    Tweak UI
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    VC80CRTRedist - 8.0.50727.762
    VideoLAN VLC media player 0.8.6h
    VTFEdit 1.2.5
    Warcraft III: All Products
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Xvid 1.1.3 final uninstall

    ==== Event Viewer Messages From Past Week ========

    5/5/2009 5:06:13 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    5/4/2009 8:24:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    5/10/2009 4:05:01 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume5'. It has stopped monitoring the volume.

    ==== End Of File ===========================
     
    shardtard,
    #1
  2. 2009/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under Configuration and Preferences, click the Preferences button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * Back on the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
    NOTE: Tracking cookies may be omitted from the log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...