also @ TechSpot: Blizzard talks Diablo 3 facts, nerfing and buffs for legendary items

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Resolved] Win32:Bamital-x Virus Issue

Discussion in 'Virus and Malware Removal' started by jsf, Oct 18, 2010.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. jsf Newcomer, in training

    Error - 11/17/2009 10:44:00 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 12/1/2009 12:09:14 AM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 12/23/2009 9:59:01 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/27/2010 6:34:57 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 10/18/2010 3:17:31 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:32 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:36 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 10/18/2010 3:19:05 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:21:07 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =


    < End of report >
    jsf, Oct 24, 2010
    #21

  2. jsf Newcomer, in training

    Hey, sorry to bump but I figure you answer lots of these and some might get lost in the mix. Still having my issue, so I would appreciate any additional help.
    jsf, Nov 4, 2010
    #22

  3. Bobbye Helper on the Fringe

    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
"TCP Query User{4DEECD8E-B16A-4071-9F16-DC132E31E6CA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [FAStartup] File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12f84631-a917-11de-851f-002556d8d8b4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{38fb6d56-0ab5-11df-bd78-002556d8d8b4}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{a45403fc-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a4540498-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a45404df-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a45404fd-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
@Alternate Data Stream - 64 bytes -> C:\Users\Jordan\Desktop\video.mp4:TOC.WMV
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:456A69E6
 
:Reg
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
helpfile [open] -- Reg Error: Key error.
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
helpfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ViewpointMediaPlayer"
"StreamTorrent 1.0" 
:Files
:Commands
[purity]
[emptytemp]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ============================================
    I see see processes for multiple AV programs. If you used a removal tool for an AV, then the tool can be deleted after the program is deleted:
    Decide which AV you want to keep. Then run the removal tool for the others. Delete the program folder in Windows Explorer> My Comuter> Local Drive> Programs:
    [2010/10/19 10:45:44 C] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
    [2010/10/18 09:27:39 C] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
    [2010/10/18 09:51:17 |C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Jordan\Desktop\JavaRa.exe
    [2010/10/18 01:47:17 | -D | C] -- C:\Program Files\Alwil Software
    [2010/10/19 14:45:02 | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu(2).exe
    [2010/10/19 11:32:03 | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe
    [2010/10/19 10:45:44 | M] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
    [2010/10/18 09:29:26 | M] () -- C:\Users\Jordan\Desktop\SystemLook.exe
    [2010/10/04 09:08:00 | M] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
    [2010/10/22 19:27:21 | C] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
    [2010/10/19 17:09:07 | C] () -- C:\Program Files (x86)\ComboFix(2).exe
    [2010/10/22 19:27:21 | M] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
    [2010/10/19 17:09:08 | M] () -- C:\Program Files (x86)\ComboFix(2).exe
    ====================================================
    Solutions that have worked for the faulting explorer.exe app.faulting explorer.exe module:
    Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005
    1 For AMD> Disable K8 Cool n Quiet in bios;
    2.Intel> Disable any energy saving features in bios.
    3.You will find it necessary to disable in the BIOS any hardware based CPU throttling capability, including hardware based energy controls. The desktop clock no longer runs slow.
    ====================================
    The description of all the System Event Errors were missing:
    [ System Events ]
    Error - 10/18/2010 3:17:31 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description = ??????
    =======================================
    You should also go into the User Accounts in the Control Panel. See if you hove 2 Administrators- of you do, reduce the privileges of one or the other.
    Bobbye, Nov 5, 2010
    #23

  4. jsf Newcomer, in training

    Hey so the fix is running but is now not responding and has been stuck at this part for like 11 hours: [HKEY_LOCAL_MACHINE\Classes\<key>\shell\[command]\command]. It ran really quickly until then and has been frozen ever since. I know you said don't interrupt it so I've left it for now.

    Sorry for the issue, thanks for your help :)
    jsf, Nov 6, 2010
    #24

  5. Bobbye Helper on the Fringe

    Please bring me current to your status at this point
    Bobbye, Nov 11, 2010
    #25

  6. jsf Newcomer, in training

    Hey, thanks for your help, but I decided in the end to just reformat.
    jsf, Nov 13, 2010
    #26

  7. Bobbye Helper on the Fringe

    That may be the best thing. Thanks for the update,
    Bobbye, Nov 13, 2010
    #27
Page 2 of 2
Thread Status:
Not open for further replies.