also @ TechSpot: Blizzard talks Diablo 3 facts, nerfing and buffs for legendary items

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Closed] AV protection problem?

Discussion in 'Virus and Malware Removal' started by antweezy, Nov 23, 2011.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Bobbye Helper on the Fringe

    --------------------------
    Download and run LSP-Fix

    • [1][ Download LSP-Fix and Save to its own directory on the desktop..
      [2] Double-click on the file to open.
      It is important to note that these buttons will not become useable unless you put a checkmark in the checkbox labeled "I know what I'm doing"
      [3] In the left hand column, you should see the nwprovau.dll files listed.
      [o[Click on it to highlight
      [o] Click the arrow in the middle of the screen that points to the right
      [4] This will move the filename to the right-hand column labeled Remove
      [o]NOTE: If the arrow is greyed out and does not allow you to click it, you need to check the box above labeled "I know what I'm doing"
      [5] Once the file has been transferred to the Remove column, click Finish at the bottom of the screen.
      [6]You'll be presented with a results screen showing the file was removed from the Winsock layer entries in the registry.
      [7] Close the LSPFix .

    Note: If the problem DLL does not show as in #3, it has already been removed for some other reasons and you can just click the Finish button

    The final result should resemble the following:
    [IMG]
    (Image courtest bleeping\computer)

    Rescan with HijackThis. The LSP nwprovau.dll entries should be gone.
    Bobbye, Dec 3, 2011
    #21

  2. antweezy Newcomer, in training

    When I DL that file and try to open it this is what happens....

    a pop up that says...
    "winsock 2 registry key
    (HKey_Local_Machines\System\CurrentControlSet\Services\Winsock2\Parameters) is missing or could not be accessed.
    antweezy, Dec 4, 2011
    #22

  3. Bobbye Helper on the Fringe

    You're going to have to do a better job of following directions. It is too time consuming to have to go back and repeat:

    Although I should have caught this, you were asked to remove any of the scanning programs if on your system and download from the links you are given. That assures you that it is the correct, current version.

    The Malwarebytes you ran is very outdated. The current version has over 4000 more entries in it's database.. So it's not going to have current, newer malware entries to look for. Please do the following:

    1. Uninstall Malwarebytes in Add/Remove Programs
    Then use Windows Explorer to go to Computer> Local Drive(C)> Programs> look for the Malwarebytes folder and do a right click> Delete.
    Delete any logs remaining.
    Reboot the system.
    -----------------------
    [IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    Please read all of my directions carefully. You were asked to remove any of the scanning program you may have had on the system and use our links to download the programs.
    =======================
    2. You did not follow the directions for the HJT Directory: they are important! The reason you do it is because HJT makes backups. If it's in a temp folder, those backups will not be available in the event:
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    (Your temp folder: C:\Users\Mr Roboto\AppData\Local\temp\Temp1_HijackThis.zip\HijackThis.exe)

    Now go back to my instructions for HJT and repeat the scan
    ------------------------------------
    After setting up the Directory correctly and running a new scan, follow this:
    Please reopen HijackThs to 'do system scan only' Check each of the following, if present:

    C:\Users\Mr Roboto\AppData\Local\temp\Temp1_HijackThis.zip\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...estbuy&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    O1 - Hosts: 217.23.4.166 www.google-analytics.com.
    O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    O1 - Hosts: 217.23.4.166 www.statcounter.com.
    O1 - Hosts: 69.72.252.254 www.google-analytics.com.
    O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
    O1 - Hosts: 69.72.252.254 www.statcounter.com.
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing

    Close all Windows except for Hijack This and click on "Fix Checked"
    =================================
    Please repeat the Eset online virus scan when finished.
    Bobbye, Dec 4, 2011
    #23

  4. antweezy Newcomer, in training

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8314

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19088

    12/5/2011 2:09:06 AM
    mbam-log-2011-12-05 (02-09-06).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 385353
    Time elapsed: 1 hour(s), 0 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 23

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator32 (Trojan.Tracur) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CreoLab (Heuristics.Shuriken) -> Value: CreoLab -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecey (Trojan.Downloader) -> Value: ecey -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\738F9AED-4083-A57B-9B4E-BD0A606290B0 (Trojan.FakeAlert) -> Value: 738F9AED-4083-A57B-9B4E-BD0A606290B0 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files (x86)\security defender (Rogue.SecurityDefender) -> Quarantined and deleted successfully.

    Files Infected:
    c:\programdata\qykuat\gqfsoffmj.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Local\App\ecey.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\program files (x86)\security defender\security defender.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\programdata\738f9aed-4083-a57b-9b4e-bd0a606290b0.avi (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\programdata\qykuat\FRed32.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\programdata\qykuat\smartgeargqfsoffmj.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Qoobox\quarantine\C\Users\mr roboto\AppData\Roaming\dwme.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
    c:\Qoobox\quarantine\C\Users\mr roboto\AppData\Roaming\74E7E\4b666.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
    c:\Qoobox\quarantine\C\Users\mr roboto\AppData\Roaming\7E23F\lvvm.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
    c:\Qoobox\quarantine\C\Users\mr roboto\AppData\Roaming\microsoft\6627\48c.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
    c:\Qoobox\quarantine\C\Users\mr roboto\AppData\Roaming\microsoft\6627\716a.tmp.vir (Malware.Packer) -> Quarantined and deleted successfully.
    c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Not selected for removal.
    c:\Windows\System32\738f9aed-4083-a57b-9b4e-bd0a606290b0.avi (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Local\738f9aed-4083-a57b-9b4e-bd0a606290b0.avi (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\738f9aed-4083-a57b-9b4e-bd0a606290b0.avi (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\738f9aed-4083-a57b-9b4e-bd0a606290b0.avi (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\config\systemprofile\AppData\Local\738f9aed-4083-a57b-9b4e-bd0a606290b0.avi (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\config\systemprofile\AppData\Local\App\ecey.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\738f9aed-4083-a57b-9b4e-bd0a606290b0.avi (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\temp\OC9s.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Windows\temp\_ex-68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\temp\fldtyw\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\program files (x86)\security defender\security defender.ico (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    antweezy, Dec 5, 2011
    #24

  5. antweezy Newcomer, in training

    Ok, here is the initial Hi Jack This log re done...

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:20:26 AM, on 12/5/2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.19088)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\HiJackThis\HijackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 216.240.133.193 www.google-analytics.com.
    O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
    O1 - Hosts: 216.240.133.193 www.statcounter.com.
    O1 - Hosts: 69.72.252.254 www.google-analytics.com.
    O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
    O1 - Hosts: 69.72.252.254 www.statcounter.com.
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKUS\S-1-5-18\..\Run: [738F9AED-4083-A57B-9B4E-BD0A606290B0] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Roaming\738F9AED-4083-A57B-9B4E-BD0A606290B0.avi", start minimized (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [738F9AED-4083-A57B-9B4E-BD0A606290B0] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Roaming\738F9AED-4083-A57B-9B4E-BD0A606290B0.avi", start minimized (User 'Default user')
    O4 - Global Startup: 738F9AED-4083-A57B-9B4E-BD0A606290B0.lnk = C:\Windows\System32\rundll32.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8586 bytes
    antweezy, Dec 5, 2011
    #25

  6. antweezy Newcomer, in training

    I ran it again and fixed the checked boxes you told me to check.
    antweezy, Dec 5, 2011
    #26

  7. antweezy Newcomer, in training

    Doing the ESET scan now...says 2 hours was last scan so I' m going to go to bed and will post it in morning. THanks.
    antweezy, Dec 5, 2011
    #27

  8. antweezy Newcomer, in training

    C:\ProgramData\qykuat\spoof.avi Win32/Agent.SWD trojan
    C:\Qoobox\Quarantine\C\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
    C:\Qoobox\Quarantine\C\Users\Mr Roboto\AppData\Roaming\firefox.exe.vir Win32/Adware.WinAntiVirus.AD application
    C:\Qoobox\Quarantine\C\Users\Mr Roboto\AppData\Roaming\r000uccS1ib3\AV Protection 2011v121.exe.vir Win32/Adware.WinAntiVirus.AD application
    C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan
    C:\Qoobox\Quarantine\C\Windows\SysWOW64\AV Protection 2011v121.exe.vir Win32/Adware.WinAntiVirus.AD application
    C:\Users\All Users\qykuat\spoof.avi Win32/Agent.SWD trojan
    C:\Windows\system64\consrv.dll Win64/Sirefef.E trojan
    C:\_OTM\MovedFiles\12012011_084200\C_Users\Mr Roboto\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\773490-5eab2bdc a variant of Win32/Kryptik.WFA trojan
    Operating memory a variant of Win32/Sirefef.DN trojan
    antweezy, Dec 5, 2011
    #28

  9. Bobbye Helper on the Fringe

    You are continuing to get active malware. You also have this: Operating memory a variant of Win32/Sirefef.DN trojan

    We have removed extensive files from the system. At this point, I think your heavy use of file sharing and lack of security has left the system too vulnerable to clean.

    I am recommending that you do a reformat and reinstall of the operating system. Assume that the system has been compromised. Change all of your passwords and monitor any online banking or other financial transactions.

    You will find excellent reformat/reinstall instructions here:
    http://www.tech-101.com/support/ind...and-repair-xp-vista-7/page__p__5329#entry5329
    Bobbye, Dec 14, 2011
    #29
Page 2 of 2
Thread Status:
Not open for further replies.