Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor


  • Please log in to reply
12 replies to this topic

#1 Lewisw60

Lewisw60

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 06:57 AM

Hey, im not too good with computers but I think i have a Backdoor on my computer and need help getting rid of it. I tried using somthing called Exterminate it but needed to purchase it to get rid of the backdoor. I have a log from the scan.


Exterminate It! Antimalware 2.12
Database: 03/09/2012 (7962288 signatures)
www.exterminate-it.com

System Information:

Windows: 6.0.6001 (32-bit)
Internet Explorer: 7.0.6001.18639
Chrome: 21.0.1180.83

Scan Type: Smart Scan

Scan Log:

12:00:13.375 Start Scan
12:02:42.234 Found Trojan.Generic.KDV.678425 Trojan c:\users\lewis\appdata\roaming\microsoft\windows\templates\themecpl.exe [3656] [file]
12:03:00.966 Found Gen:Variant.Barys.5639 Malware c:\users\lewis\appdata\local\temp\sppnp.exe [1064] [file]
12:03:02.345 Found Gen:Heur.VB.Krypt.13 Malware c:\windows\microsoft.net\framework\v2.0.50727\applaunch.exe [4104] [memory]
12:03:02.422 Found DeepScan:Generic.Keylogger.2.B88FCC51 Malware c:\windows\microsoft.net\framework\v2.0.50727\applaunch.exe [4104] [dump]
12:04:45.562 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer
12:04:45.563 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Components
12:04:45.564 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}
12:04:45.565 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}
12:04:45.565 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}
12:04:45.566 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}
12:04:45.567 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}
12:04:45.567 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Components\{FC1DD4E4-688F-4E9B-BAE5-BFB6A956AE51}
12:04:45.568 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Products
12:04:45.568 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
12:04:45.569 Found IconDrop Trojan HKEY_LOCAL_MACHINE\software\tarma installer\Products\{C049526F-B3EB-4151-9B11-B11F00F53A96}
12:04:48.618 Found Ad.YieldManager.com.Cookie Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@ad.yieldmanager[2].txt
12:04:48.674 Found adbrite.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@adbrite[2].txt
12:04:48.894 Found Advertising.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@advertising[1].txt
12:04:49.014 Found AtlasDMT.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@atdmt[2].txt
12:04:49.233 Found DoubleClick Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@doubleclick[1].txt
12:04:49.625 Found Incredimail.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@incredimail[2].txt
12:04:50.026 Found quantserve.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@quantserve[2].txt
12:04:50.335 Found Ru4.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@ru4[1].txt
12:04:50.480 Found Serving.Sys Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@serving-sys[1].txt
12:04:50.818 Found turn.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@turn[2].txt
12:04:50.883 Found virginmedia.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\lewis@virginmedia[1].txt
12:04:51.487 Found Com.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\Low\lewis@com[2].txt
12:04:53.090 Found unicast.com Tracking Cookie C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Cookies\Low\lewis@unicast[2].txt
12:04:53.230 Found 247RealMedia.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: 247realmedia.com
12:04:53.253 Found 2o7.net Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: 2o7.net
12:04:53.295 Found Trojan Adware, Backdoor, BHO, DoS, Downloader, Hacker Tool, Hijacker, RAT, Toolbar, Tracking Cookie, Trojan C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: 888.com
12:04:53.337 Found About.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: about.com
12:04:53.376 Found Ad.YieldManager.com.Cookie Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: ad.yieldmanager.com
12:04:53.402 Found adaos.ads.net Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: adaos-ads.net
12:04:53.424 Found adbrite.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: adbrite.com
12:04:53.454 Found adinterax.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: adinterax.com
12:04:53.510 Found cpxinteractive.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: adserving.cpxinteractive.com
12:04:53.537 Found Adtech.de Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: adtech.de
12:04:53.578 Found Advertising.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: advertising.com
12:04:53.602 Found Adviva Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: adviva.net
12:04:53.636 Found afy11.net Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: afy11.net
12:04:53.686 Found apmebf.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: apmebf.com
12:04:53.720 Found AtlasDMT.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: atdmt.com
12:04:53.741 Found atwola.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: atwola.com
12:04:53.809 Found bidvertiser.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: bidvertiser.com
12:04:53.845 Found BS.Serving.Sys Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: bs.serving-sys.com
12:04:53.877 Found BurstNet.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: burstnet.com
12:04:53.907 Found Casalemedia Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: casalemedia.com
12:04:53.970 Found Com.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: com.com
12:04:54.051 Found DoubleClick Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: doubleclick.net
12:04:54.096 Found HitBox.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: ehg-newscientist.hitbox.com
12:04:54.153 Found eyereturn.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: eyereturn.com
12:04:54.182 Found FastClick.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: fastclick.net
12:04:54.285 Found gostats.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: gostats.com
12:04:54.372 Found HitBox.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: hitbox.com
12:04:54.409 Found Mediaplex.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: img.mediaplex.com
12:04:54.495 Found interclick.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: interclick.com
12:04:54.555 Found kanoodle.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: kanoodle.com
12:04:54.597 Found liveperson.net Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: liveperson.net
12:04:54.674 Found Mediaplex.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: mediaplex.com
12:04:54.761 Found nbcuni.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: nbcuni.com
12:04:54.795 Found ning.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: ning.com
12:04:55.018 Found CyberTrader.Pro.Market Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: pro-market.net
12:04:55.059 Found quantserve.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: quantserve.com
12:04:55.084 Found QuestionMarket.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: questionmarket.com
12:04:55.188 Found RealMedia.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: realmedia.com
12:04:55.217 Found revsci.net Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: revsci.net
12:04:55.253 Found Ru4.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: ru4.com
12:04:55.321 Found cpmstar.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: server.cpmstar.com
12:04:55.357 Found Serving.Sys Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: serving-sys.com
12:04:55.454 Found SmartAdServer.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: smartadserver.com
12:04:55.486 Found Ads.SpecificClick.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: specificclick.net
12:04:55.515 Found Statcounter Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: statcounter.com
12:04:55.664 Found TradeDoubler.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: tradedoubler.com
12:04:55.719 Found TribalFusion.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: tribalfusion.com
12:04:55.746 Found turn.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: turn.com
12:04:55.797 Found ATDMT.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: view.atdmt.com
12:04:55.831 Found virginmedia.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: virginmedia.com
12:04:55.929 Found Weborama Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: weborama.fr
12:04:56.067 Found wunderloop.net Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: wunderloop.net
12:04:56.097 Found BurstNet.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: www.burstnet.com
12:04:56.144 Found xiti.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: xiti.com
12:04:56.195 Found yandex.ru Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: yandex.ru
12:04:56.221 Found YieldManager Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: yieldmanager.net
12:04:56.254 Found Zedo Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: zedo.com
12:04:56.376 Found 600z.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: aj.600z.com
12:04:56.570 Found webtrends.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: m.webtrends.com
12:04:56.759 Found DealTime Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: stat.dealtime.com
12:04:56.787 Found WebTrends Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: statse.webtrendslive.com
12:04:56.836 Found adform.net Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: track.adform.net
12:04:56.942 Found burstbeacon.com Tracking Cookie C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cookies: www.burstbeacon.com
12:28:14.129 Found Agent Backdoor, Trojan HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, Microsoft® Windows® Operating System
12:32:42.252 Found Gen:Variant.Barys.5639 Malware C:\Users\Lewis\AppData\Local\Temp\sppnp.exe
12:34:50.174 Found Trojan.Generic.KDV.678425 Trojan C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Templates\THEMECPL.exe
12:34:56.475 End Scan

Summary:
Scan Duration: 0:34:43.110
Threats Detected: 94

Please help

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:29 AM

Posted 04 September 2012 - 07:05 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Lewisw60

Lewisw60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 07:12 AM

The TDSS killer said No threats found?

#4 Lewisw60

Lewisw60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 07:15 AM

If anyone wants to talk to me in chat type in url lewisw60.chatango.com

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:29 AM

Posted 04 September 2012 - 07:16 AM

lol.

Move on to other scans :)

#6 Lewisw60

Lewisw60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 07:19 AM

http://www.google.co.uk/imgres?um=1&hl=en&newwindow=1&sa=N&biw=1280&bih=666&tbm=isch&tbnid=-bq0obO7N0vI6M:&imgrefurl=http://www.tumblr.com/tagged/ok-meme&imgurl=http://media.tumblr.com/tumblr_m6tw9a1QfI1qke9hh.jpg&w=300&h=272&ei=ePFFUJ-KBoKg0QXm5oCwCQ&zoom=1&iact=rc&dur=110&sig=105722626994556299636&page=1&tbnh=148&tbnw=163&start=0&ndsp=19&ved=1t:429,r:1,s:0,i:76&tx=101&ty=99

Mkay its scanning

#7 Lewisw60

Lewisw60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 07:29 AM

I think its still scanning but this is it so far aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 13:15:46
-----------------------------
13:15:46.495 OS Version: Windows 6.0.6001 Service Pack 1
13:15:46.495 Number of processors: 1 586 0xF0D
13:15:46.497 ComputerName: LEWIS-PC UserName: Lewis
13:16:24.696 Initialize success
13:19:01.214 AVAST engine defs: 12090400
13:19:10.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:19:10.720 Disk 0 Vendor: ST916031 0303 Size: 152627MB BusType: 3
13:19:10.759 Disk 0 MBR read successfully
13:19:10.762 Disk 0 MBR scan
13:19:10.776 Disk 0 unknown MBR code
13:19:10.785 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10001 MB offset 63
13:19:10.842 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 85575 MB offset 20484096
13:19:10.855 Disk 0 Partition - 00 0F Extended LBA 57049 MB offset 195741696
13:19:10.945 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 57048 MB offset 195743744
13:19:10.961 Disk 0 scanning sectors +312578048
13:19:11.219 Disk 0 scanning C:\Windows\system32\drivers
13:19:41.226 Service scanning
13:20:35.183 Modules scanning
13:20:51.099 Disk 0 trace - called modules:
13:20:51.153 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
13:20:51.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ca6ac8]
13:20:51.165 3 CLASSPNP.SYS[8819c745] -> nt!IofCallDriver -> [0x84a10348]
13:20:51.173 5 acpi.sys[8069a6a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84047028]
13:20:52.435 AVAST engine scan C:\Windows
13:20:56.534 AVAST engine scan C:\Windows\system32
13:27:21.616 AVAST engine scan C:\Windows\system32\drivers
13:27:42.747 AVAST engine scan C:\Users\Lewis
13:29:14.823 Disk 0 MBR has been saved successfully to "C:\Users\Lewis\Desktop\MBR.dat"
13:29:14.829 The log file has been saved successfully to "C:\Users\Lewis\Desktop\aswMBR1.txt"

#8 Lewisw60

Lewisw60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 07:37 AM

Ah its still scanning but it says somthing is infected.

#9 Lewisw60

Lewisw60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 07:49 AM

FInished scan AVAST:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 13:15:46
-----------------------------
13:15:46.495 OS Version: Windows 6.0.6001 Service Pack 1
13:15:46.495 Number of processors: 1 586 0xF0D
13:15:46.497 ComputerName: LEWIS-PC UserName: Lewis
13:16:24.696 Initialize success
13:19:01.214 AVAST engine defs: 12090400
13:19:10.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:19:10.720 Disk 0 Vendor: ST916031 0303 Size: 152627MB BusType: 3
13:19:10.759 Disk 0 MBR read successfully
13:19:10.762 Disk 0 MBR scan
13:19:10.776 Disk 0 unknown MBR code
13:19:10.785 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10001 MB offset 63
13:19:10.842 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 85575 MB offset 20484096
13:19:10.855 Disk 0 Partition - 00 0F Extended LBA 57049 MB offset 195741696
13:19:10.945 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 57048 MB offset 195743744
13:19:10.961 Disk 0 scanning sectors +312578048
13:19:11.219 Disk 0 scanning C:\Windows\system32\drivers
13:19:41.226 Service scanning
13:20:35.183 Modules scanning
13:20:51.099 Disk 0 trace - called modules:
13:20:51.153 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
13:20:51.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ca6ac8]
13:20:51.165 3 CLASSPNP.SYS[8819c745] -> nt!IofCallDriver -> [0x84a10348]
13:20:51.173 5 acpi.sys[8069a6a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84047028]
13:20:52.435 AVAST engine scan C:\Windows
13:20:56.534 AVAST engine scan C:\Windows\system32
13:27:21.616 AVAST engine scan C:\Windows\system32\drivers
13:27:42.747 AVAST engine scan C:\Users\Lewis
13:29:14.823 Disk 0 MBR has been saved successfully to "C:\Users\Lewis\Desktop\MBR.dat"
13:29:14.829 The log file has been saved successfully to "C:\Users\Lewis\Desktop\aswMBR1.txt"
13:35:57.225 File: C:\Users\Lewis\AppData\Local\Temp\sppnp.exe **INFECTED** Win32:Malware-gen
13:45:13.270 File: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Templates\THEMECPL.exe **INFECTED** Win32:Malware-gen
13:45:35.767 File: C:\Users\Lewis\Downloads\Primebot.exe **INFECTED** Win32:Malware-gen
13:46:21.616 AVAST engine scan C:\ProgramData
13:47:54.005 Scan finished successfully
13:48:01.183 Disk 0 MBR has been saved successfully to "C:\Users\Lewis\Desktop\MBR.dat"
13:48:01.194 The log file has been saved successfully to "C:\Users\Lewis\Desktop\aswMBR.txt"

Pls reply

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:29 AM

Posted 04 September 2012 - 08:00 AM

Read my instructions

#11 Lewisw60

Lewisw60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 08:05 AM

The last one is scanning

#12 Lewisw60

Lewisw60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 September 2012 - 11:53 AM

C:\$Recycle.Bin\S-1-5-21-3062781341-2296977396-4055372980-1000\$RY57Z44.exe a variant of MSIL/Injector.XP trojan cleaned by deleting - quarantined
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Lewis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQQBNIY0\index4[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Lewis\AppData\Local\Temp\Soft32_Stub_5741.exe Win32/InstallMonetizer.AB application cleaned by deleting - quarantined
C:\Users\Lewis\AppData\Local\Temp\sppnp.exe Win32/Agent.TUO trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Lewis\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Lewis\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\Lewis\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application cleaned by deleting - quarantined
C:\Users\Lewis\Downloads\aarons advanced auto clicker typer setup.exe a variant of Win32/Soft32Downloader.B application cleaned by deleting - quarantined
C:\Users\Lewis\Downloads\epicbot_520.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Lewis\Downloads\Primebot.exe Win32/Agent.TUO trojan cleaned by deleting - quarantined
C:\Users\Lewis\Downloads\SoftonicDownloader_for_simple-shutdown-timer.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:29 AM

Posted 04 September 2012 - 01:04 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users