Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB Mouse Problem (possible virus)


  • This topic is locked This topic is locked
20 replies to this topic

#1 Bo1965

Bo1965

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 06 July 2010 - 09:02 PM

Hi. I have been having an issue with my mouse recently. It will freeze and then unfreeze sporadically. Sometimes it freezes and does not unfreeze unless I restart my computer. At each time, it makes the sound as though I have unplugged it from the USB port. Do you think this is from a virus hiding in my computer or could this be my USB acting up? Any information you can provide would be greatly appreciated. I look forward to hearing from you.

Bo

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:11 PM

Posted 07 July 2010 - 01:50 PM

If you have a wireless mouse, low batteries can result in weak, mixed or no signals that can affect its functionality so start by replacing them. If that does not help, confirm that the mouse works on another machine. It is possible the mouse could be defective or gone bad. Another thing to try is to use a different mouse or a PS2 adapter if its a USB mouse.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jdbaker82

jdbaker82

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 07 July 2010 - 02:32 PM

There is actually a new rootkit out that infects the mouse.drv or something not sure if the symptoms would be a spuradic mouse or not but you can find some info on it at remove-malware.com

#4 Bo1965

Bo1965
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 07 July 2010 - 06:59 PM

Thanks guys for the info. My mouse is a wired mouse. I will try it on other machines as well to verify that it is indeed the mouse itself and not anything worse. I will also read up on the root kit info as well. Thanks guys, I will let you know what I find out.

#5 Bo1965

Bo1965
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 07 July 2010 - 10:38 PM

Ok, looking into this I may have discovered some deeper issues. I plugged my mouse in another computer and used it for several hours with no problems. I am not really sure if that is enough time to test it but on my laptop, it was acting up about two or three times an hour. So, for now I will conisider that a valid test.

I then went to the remove-malware.com site and read up on it. For the first time, I ran a GMER rootkit scan on my computer. That is when things started happening that I have never encountered before. First, my comptuer froze. I checked my taskmanager and found out that there were four applications that were maxing out my system but the only programs I was running were IE explorer and GMER. One of the applications was very annoying. It was the wuauclt.exe application. I would end the process on task manager and then it would return. I must have ended the process of that application about 5 times and then gave up on it. I had to restart my computer again and all was fine....until I ran GMER again. Then, yep, you guessed it, three or four applications began to max out again. I even saw an application appear on task manager using 34% of my system and then dissapear never to come back. I thought that was odd. Of course, the wuauclt.exe application was working overtime too. Still not sure if all of this was supposed to happen. After a third time of attempting GMER, I was able to go through the scan in its entirety. However, when GMER had finnished, I made the mistake of trying to open up Internet Explorer to research the wuauclt.exe program. Well, because my computer was maxed out with applications, my computer froze and I was not able to do anything but see the files that were written on the GMER Malware scan page. Any idea as to what this is all about? Looking forward to your reply. Thanks.

Oh, I just checked task manager and the wauaclt.exe is not found on it right now, but it will be back I am sure. Also, the other application that was at 30%+ during the GMER run was the sprtcmd.exe.

#6 jdbaker82

jdbaker82

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 07 July 2010 - 11:43 PM

Ok, looking into this I may have discovered some deeper issues. I plugged my mouse in another computer and used it for several hours with no problems. I am not really sure if that is enough time to test it but on my laptop, it was acting up about two or three times an hour. So, for now I will conisider that a valid test.

I then went to the remove-malware.com site and read up on it. For the first time, I ran a GMER rootkit scan on my computer. That is when things started happening that I have never encountered before. First, my comptuer froze. I checked my taskmanager and found out that there were four applications that were maxing out my system but the only programs I was running were IE explorer and GMER. One of the applications was very annoying. It was the wuauclt.exe application. I would end the process on task manager and then it would return. I must have ended the process of that application about 5 times and then gave up on it. I had to restart my computer again and all was fine....until I ran GMER again. Then, yep, you guessed it, three or four applications began to max out again. I even saw an application appear on task manager using 34% of my system and then dissapear never to come back. I thought that was odd. Of course, the wuauclt.exe application was working overtime too. Still not sure if all of this was supposed to happen. After a third time of attempting GMER, I was able to go through the scan in its entirety. However, when GMER had finnished, I made the mistake of trying to open up Internet Explorer to research the wuauclt.exe program. Well, because my computer was maxed out with applications, my computer froze and I was not able to do anything but see the files that were written on the GMER Malware scan page. Any idea as to what this is all about? Looking forward to your reply. Thanks.

Oh, I just checked task manager and the wauaclt.exe is not found on it right now, but it will be back I am sure. Also, the other application that was at 30%+ during the GMER run was the sprtcmd.exe.


Sounds like you might be infected with the new Mouse.drv virus did you run combofix yet?

#7 Bo1965

Bo1965
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 08 July 2010 - 12:43 AM

I just ran a combofix and below are the results:

Edited by quietman7, 08 July 2010 - 07:07 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:11 PM

Posted 08 July 2010 - 07:09 AM

Please read the pinned sticky How do I get help? Who is helping me?

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

Further, ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logs forum and then only when requested by a Malware Response Team member. However, the Malware Response Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. Referrals are made to that forum if we cannot assist you in this forum. As such, I have edited your previous post.

I ran a GMER rootkit scan on my computer. That is when things started happening that I have never encountered before

GMER is a stand-alone tool that will help investigate for the presence of rootkits. It will not actually tell you if you are infected or not unless you know what you're looking for. If you're unsure how to use a particular Anti-rootkit (ARK) tool or interpret the log it generates, then you should not be using it. Some ARK tools are intended for advanced users or to be used under the guidance of an expert who can interpret the log results. Arks are powerful tools and using them incorrectly could lead to disastrous problems with your operating system. Most of the more effective ARK tools like GMER should only be used under the guidance of an expert who knows how to investigate its log for malicious entries before taking any removal action. One reason is that you can encounter issues when performing a scan which results in crashes or system freezes and a trained helper would be able to provide additional instructions in order to get GMER to run properly.

One of the applications was very annoying. It was the wuauclt.exe application.

wuauclt.exe is Windows Automatic Updates application which checks the Microsoft Windows Update website for updates to be installed. This file is known to cause high CPU usage when performing its updating task. Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate wuauclt.exe file is located in the C:\Windows\system32, C:\Windows\system32\dllcache, C:\Windows\ServicePackFiles, C:\I386 folders and sometimes in C:\Windows\Prefetch with a random set of alpha-numeric characters followed by the .pf extension. If found running from a different location it is probably malware.

Also, the other application that was at 30%+ during the GMER run was the sprtcmd.exe.

Are you using a Dell machine?

sprtcmd.exe is related to the Dell Support Center and located in the C:\Program Files\Dell Support Center\bin\ folder. See here...there also appears to be a variety of complaints with that file such as described by Dell Tech Support.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Bo1965

Bo1965
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 08 July 2010 - 01:41 PM

Sorry for the Combofix post in this forum, wont happen again. I have attached the quick scan MBAM log below. I also ran the TFC program as well.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4275

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2010 12:21:23 PM
mbam-log-2010-07-08 (12-21-23).txt

Scan type: Quick scan
Objects scanned: 141818
Time elapsed: 15 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:11 PM

Posted 08 July 2010 - 01:47 PM

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Follow these instructions: How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Bo1965

Bo1965
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 09 July 2010 - 11:42 PM

Ok, below is the log from SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2010 at 00:03 AM

Application Version : 4.40.1002

Core Rules Database Version : 5176
Trace Rules Database Version: 2988

Scan type : Complete Scan
Total Scan Time : 01:14:20

Memory items scanned : 567
Memory threats detected : 0
Registry items scanned : 7997
Registry threats detected : 2
File items scanned : 19870
File threats detected : 29

Adware.Tracking Cookie
C:\Documents and Settings\Robert B\Cookies\robert_b@tracking.foxnews[1].txt
C:\Documents and Settings\Robert B\Cookies\robert_b@tracking.foxnews[2].txt

Registry Cleaner Trial
HKU\S-1-5-21-1626153198-3097306306-3046137363-1006\Software\Registry Cleaner
HKU\S-1-5-21-1626153198-3097306306-3046137363-1006\Software\SoftwareOnline.com
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-03-14,23-44 54 251.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-03-15,10-22 39 484.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-03-15,10-24 38 859.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-03-15,10-27 42 265.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-03-26,10-32 19 406.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-03-31,11-53 40 343.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-04-25,21-49 43 593.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-04-29,20-27 26 781.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-05-05,22-24 38 328.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-06-01,00-53 26 734.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-06-12,13-33 28 046.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-07-11,12-10 56 609.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-08-09,11-42 52 187.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-08-21,22-30 53 000.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2007-11-17,18-45 56 984.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2008-05-06,15-29 44 796.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2008-05-06,16-17 57 093.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2008-05-26,15-46 57 500.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2008-06-10,14-39 29 750.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2008-06-14,10-46 22 796.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2009-01-19,19-01 50 531.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2009-01-26,19-02 31 415.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2009-03-14,15-19 46 531.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups\2009-04-12,21-26 48 718.zip
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Backups
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner\Regclean.ini
C:\Documents and Settings\Robert B\Application Data\Registry Cleaner


I have tried to run Kaspersky three times and all three times my computer acted up. I will run it again tonight and it should be done by the morning. I will post the results.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:11 PM

Posted 10 July 2010 - 07:06 AM

If you continue to have problems with Kaspersky, do this instead.

Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to begin.
  • If offered the option to get information or buy software. Just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

    C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Bo1965

Bo1965
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 10 July 2010 - 10:21 AM

First of all, I want to thank you again for your assistance with this issue I am having. As I continue to run these scanners, I discover deeper problems with my computer which I never knew I had.

Now for the frustrating part. I ran the Kaspersky all night. When I got up to check it this morning, it said my computer was infected and I had one object and one threat detected. I went to open and save my log report and it would not open. In fact my computer was frozen and all of my tool bars were gone. When I directed my mouse over the tool bar area, the tool bar would appear only where the cursor was. It was as if the kaspersky webpage was acting like a blanket over the whole screen. Anyway, it would not let me open the report/log and eventually went back to the main menu asking me if I accept the policy of Kaspersky.

I will run ESET Online. Thanks again for all you are doing with this.

#14 Bo1965

Bo1965
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 10 July 2010 - 11:11 AM

Ok Quietman, below are the results of my ESET scan. It found 5 threats:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b5aca493cf04184c94d7b2b19e7e27cc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-10 04:04:33
# local_time=2010-07-10 10:04:33 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 34676069 34676069 0 0
# compatibility_mode=1026 16777214 0 2 17663569 17663569 0 0
# compatibility_mode=5891 16776533 100 100 0 8279787 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66336
# found=5
# cleaned=5
# scan_time=2264
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent23.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent39.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent69.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:11 PM

Posted 10 July 2010 - 12:40 PM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users