Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Multiple threat detection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Multiple threat detection

Unread postby maiki » December 6th, 2010, 6:16 pm

Good day,
Here is the CKScanner log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\qtracker\filters\game\call of duty 2\cracked\cracked.qtf
c:\program files\steinberg\cubase 5\track presets\audio\nutcracker synth brass.trackpreset
c:\program files\steinberg\cubase 5\vst3 presets\steinberg media technologies\grungelizer\vinyl crackles.vstpreset
c:\program files\steinberg\cubase 5\vst3 presets\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\users\postgres.siim-pc\desktop\pdf password cracker v3.0.lnk
c:\windows\crackpdf.ini
scanner sequence 3.BD.11
----- EOF -----
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm
Advertisement
Register to Remove

Re: Multiple threat detection

Unread postby maiki » December 6th, 2010, 7:17 pm

Hi again,

after I ran CKScanner I ran TDSSKiller (I hope that is what you ment by RKill). Then I tried the Script with Combofix (zzz.exe) again. Now I can not start any programs. The error message is:

Illegal operation attempted on a registry key that has been marked for deletion.

Here is the Combofix log 2:


ComboFix 10-12-04.06 - Siim 12/07/2010 0:30.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1257.372.1033.18.2046.1142 [GMT 2:00]
Running from: c:\users\Siim\Desktop\zzz.exe
Command switches used :: c:\users\Siim\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\aklmktks.sys"
"c:\windows\system32\drivers\cscllkfd.sys"
"c:\windows\system32\drivers\diqxquwj.sys"
"c:\windows\system32\drivers\gvzqshwl.sys"
"c:\windows\system32\drivers\hqckmixp.sys"
"c:\windows\system32\drivers\kplshmcg.sys"
"c:\windows\system32\drivers\kroover.exe"
"c:\windows\system32\drivers\qkzfskxq.sys"
"c:\windows\system32\drivers\rdtveihw.sys"
"c:\windows\system32\drivers\rengfkpj.sys"
"c:\windows\system32\drivers\sshgmxaq.sys"
"c:\windows\system32\drivers\xbkpptki.sys"
"c:\windows\system32\drivers\xpynmcif.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spool\prtprocs\w32x86\sst5A65.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_aklmktks
-------\Service_cscllkfd
-------\Service_diqxquwj
-------\Service_gvzqshwl
-------\Service_hqckmixp
-------\Service_kplshmcg
-------\Service_kroover
-------\Service_qkzfskxq
-------\Service_rdtveihw
-------\Service_rengfkpj
-------\Service_sshgmxaq
-------\Service_xbkpptki
-------\Service_xpynmcif


((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-06 22:36 . 2010-12-06 22:37 -------- d-----w- c:\users\postgres.Siim-PC\AppData\Local\temp
2010-12-06 22:36 . 2010-12-06 22:36 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-06 22:36 . 2010-12-06 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-06 18:42 . 2010-11-16 10:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1EC5C0D-5D51-47F8-B340-C0442E106F48}\mpengine.dll
2010-12-03 16:17 . 2010-12-03 16:17 -------- d-----w- c:\users\Siim\AppData\Roaming\ArcSoft
2010-12-03 16:17 . 2010-12-03 16:17 -------- d-----w- c:\users\Siim\AppData\Roaming\HP SimpleSave Application
2010-12-01 20:18 . 2010-12-01 20:18 -------- d-----w- c:\program files\ESET
2010-11-28 14:54 . 2010-11-28 14:54 -------- d-----w- c:\program files\Conduit
2010-11-28 14:53 . 2010-11-28 14:54 -------- d-----w- c:\program files\BitTorrentBar
2010-11-26 17:56 . 2010-11-26 17:56 -------- d-----w- c:\program files\Net Studio
2010-11-26 01:03 . 2010-11-26 01:03 -------- d-----w- c:\users\Siim\AppData\Roaming\AVG10
2010-11-26 01:01 . 2010-11-26 01:01 -------- d--h--w- c:\programdata\Common Files
2010-11-26 00:59 . 2010-12-05 22:52 -------- d-----w- c:\programdata\AVG10
2010-11-26 00:50 . 2010-12-05 19:55 -------- d-----w- c:\programdata\MFAData
2010-11-26 00:43 . 2010-11-26 00:44 -------- d-----w- c:\users\Siim\AppData\Roaming\QuickScan
2010-11-26 00:39 . 2010-11-26 00:39 -------- d-----w- c:\users\Siim\AppData\Roaming\AVG9
2010-11-25 12:00 . 2010-11-25 12:00 -------- d-----w- c:\users\Siim\AppData\Local\Installer2336
2010-11-25 03:13 . 2010-11-25 03:13 -------- d-----w- c:\users\Siim\POKKER
2010-11-24 23:24 . 2010-11-24 23:24 -------- d-----w- c:\users\Siim\Program Files
2010-11-24 14:42 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-11-24 14:42 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2010-11-24 14:42 . 2010-11-24 14:43 -------- d-----w- c:\program files\PDFCreator
2010-11-24 14:42 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-24 14:36 . 2010-11-24 14:36 -------- d-----w- c:\programdata\ReviverSoft
2010-11-24 14:35 . 2010-11-24 14:36 -------- d-----w- c:\users\Siim\AppData\Local\OpenCandy
2010-11-24 14:35 . 2010-11-24 14:35 -------- d-----w- c:\users\Siim\AppData\Roaming\OpenCandy
2010-11-24 14:33 . 2010-11-24 14:38 -------- d-----w- c:\program files\Acro Software
2010-11-23 07:05 . 2010-11-23 07:05 -------- d-----w- c:\program files\PokerStove
2010-11-22 15:59 . 2010-11-22 18:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-22 15:59 . 2010-11-22 15:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-15 14:06 . 2010-11-15 14:07 -------- d-----w- c:\users\Siim\AppData\Local\Installer1104
2010-11-15 12:33 . 2010-11-30 22:04 -------- d-----w- c:\program files\TableNinja
2010-11-15 09:59 . 2010-11-15 09:59 -------- d-----w- c:\users\Siim\AppData\Local\Installer5828
2010-11-14 15:29 . 2010-12-06 18:43 -------- d-----w- c:\users\Siim\Tracing
2010-11-14 11:06 . 2010-11-14 11:06 -------- d-----w- C:\PcSetup
2010-11-13 14:01 . 2010-11-13 14:01 229376 ----a-w- c:\windows\system32\drivers\sst5A89.sys
2010-11-13 14:01 . 2010-11-13 14:01 0 ----a-w- c:\windows\system32\drivers\sst5A89.tmp
2010-11-10 17:13 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-08 14:43 . 2010-11-08 14:46 -------- d-----w- C:\I

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 11:06 . 2009-04-07 18:15 47360 ----a-w- c:\users\Siim\AppData\Roaming\pcouffin.sys
2010-10-19 08:41 . 2009-10-02 22:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-13 13:56 . 2010-10-14 12:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 12:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 12:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 12:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 12:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 12:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 12:18 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 12:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 12:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C571FD-3CE1-4699-9AE3-22C129EE35AD}]
2010-02-04 08:38 153056 ----a-w- c:\windows\System32\idcertremoval.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Google Update"="c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-26 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SigmatelSysTrayApp"="sttray.exe" [2010-05-04 303104]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-11-24 23:24 323392 ----a-w- c:\users\Siim\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 09:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 14:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 12:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EasyViz Automatic Update;EasyViz Automatic Update;c:\program files\EasyViz 3.0\evauh.exe [2009-12-07 856728]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2008-09-08 12288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-11 717296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-29 176128]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637077607-2722662537-2985405444-1000Core.job
- c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-26 18:27]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637077607-2722662537-2985405444-1000UA.job
- c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-26 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ee/
uInternet Settings,ProxyOverride = *.local
IE: {{BFBE0C3A-BD72-4d5e-8058-E9494F00C005} - c:\program files\PokerStars.EE\PokerStarsUpdate.exe
TCP: {21B2A37A-B9E1-401E-97F9-4AC0D8E37E82} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Siim\AppData\Roaming\Mozilla\Firefox\Profiles\uvw3lqsw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npidcard.dll
FF - plugin: c:\users\Siim\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Siim\AppData\Roaming\Mozilla\Firefox\Profiles\uvw3lqsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 00:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3d,4f,ca,46,df,51,41,b2,9f,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3d,4f,ca,46,df,51,41,b2,9f,20,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\sttray.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-12-07 00:46:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-06 22:46
ComboFix2.txt 2010-12-05 19:42

Pre-Run: 56,109,760,512 bytes free
Post-Run: 55,962,177,536 bytes free

- - End Of File - - FA7C92E5AD273BB92728147F4C8715A1
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » December 6th, 2010, 8:03 pm

maiki,
NO, actually, here is the instruction I gave earlier, so RKill should be on your desktop, if you performed the instruction:
Hi maiki,
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If ir does not, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Not running RKill first may be the main reason ComboFix did not work properly.

We also do not work on machines with cracked software.
May I draw your attention to the forum rules on the Use of "cracked" programmes

Regardless of the reason for the many infections, you will need to Reformat the hard drive, and Re-Install Windows to rescue this machine.
This machine is not fixable using online methods. I recommend you re-install windows as soon as possible.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple threat detection

Unread postby maiki » December 7th, 2010, 5:14 am

Hi askey127,

Reason I didn't run RKill was because before you asked me to do it I had some weird things going on with the computer and double-checked with you if I still should follow the steps provided. Instead you asked me to run ESET Online scanner. That is why I didn't have it on mu desktop. The storyline basically went like that:
askey127: Run RKill
maiki: My coputer did this and that. Should I still run RKill?
askey127: Run ESET Online Scanner.

Anyhow,

What about my M drive (external HardDrive)? It included music files which were infected. Can I just delete them? By the way, all the wma files which are infected are all ripped from oirginal CD-s. Is that weird?

//Maiki
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby maiki » December 7th, 2010, 5:29 am

Today I started my machine and it is working again. All programs start normally. Please advise.

I have no problem uninstalling cracked software.

//Maiki
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » December 7th, 2010, 8:41 am

maiki,
In my opinion, trying to clean this machine using online methods is a waste of time.
You will need to Reformat, and Re-Install Windows, or bring your machine to a repair shop and let them do it.
Continuing with this machine as it is will not be satisfactory, either.
You will also need to reformat your M: drive, and avoid P2P and cracked software so your reformatted machine is not ruined.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple threat detection

Unread postby maiki » December 7th, 2010, 12:28 pm

Hi askey127,

I understand now. Thank you.

Even if my computer didn't get fixed I still think it is a very good quality online help here. Easy do follow and quick. Keep up the good work!

Thanks again,
maiki
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » December 7th, 2010, 4:57 pm

As the resolution of this thread involves a Reformat and Re-Install, this thread is closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware