lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Old IBM Computer Keeps Rebooting! TROJ_WIMAD.AN Problem.

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
 
Thread Tools
  #1  
Old 6th May 2009, 14:33
Member Group
  
I've been forced to use the old IBM computer downstairs since my laptop broke. It's not very fast but it does what I need it to.

There's just one problem with it; it reboots every few minutes unless you keep it busy i.e. scan the hard drive with an anti virus software, surf etc.

After scanning with Trend Micro and Avast I discovered the odd Trojan, and supposedly all but one or two have been removed, last one being "TROJ_WIMAD.AN" I believe. It's meant to be more easily removed when System Restore is disabled and System Restore crashes and shows an error report whenever I try to open it to disable it.

I looked for another solution and found a registry entry to disable system restore without opening it but after scanning again it wasn't able to remove the trojan. I've not got many other ideas and I don't want to do anything else I don't fully understand.

Can anyone shed some light on my problem? Many thanks in advance for reading and offering any help.
  #2  
Old 6th May 2009, 15:12
Moderator Group
  
Can you get this to run?

Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

When your computer has started in safe mode, and you see the desktop, close all open Windows.

* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button.

Code:
C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply.
__________________
  #3  
Old 9th May 2009, 14:08
Member Group
  
1
  #4  
Old 9th May 2009, 14:09
Member Group
  
SDFix: Version 1.240
Run by User on 09/05/2009 at 18:09

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 21:01:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\000ee75010a8]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:d2,80,08,56,c2,5c,a9,a7,89,24,31,f7,04 ,ed,56,0f,ac,6e,c5,d4,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000 001]
"a0"=hex:20,01,00,00,a7,41,8a,2c,53,6c,a8,07,bb,6c ,4e,5e,f9,d2,1b,0b,b9,..
"hdf12"=hex:db,37,0b,8d,9e,ca,17,41,a1,34,80,4d,18 ,6a,f1,6e,d0,b4,18,7e,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000 001\gdq0]
"hdf12"=hex:01,81,dd,6f,c8,e0,47,51,23,c8,68,8c,a6 ,94,f2,38,6a,38,3d,e6,b7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:37,4c,1d,81,d5,26,a9,dc,5c,c9,b6,1b,cf ,32,e1,bc,36,79,57,0e,4b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,a2,55,a2,f2,9a,81,3f,5e,fe,74 ,8a,18,02,b3,f9,14,14,..
"khjeh"=hex:4e,6b,55,3d,1f,fd,f0,db,ae,4b,21,43,39 ,68,72,29,04,0e,56,9b,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:8b,a5,6e,67,60,42,55,8b,bf,5d,26,10,f0 ,d6,c3,21,c8,14,97,9d,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\B THPORT\Parameters\Keys\000ee75010a8]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:d2,80,08,56,c2,5c,a9,a7,89,24,31,f7,04 ,ed,56,0f,ac,6e,c5,d4,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,a7,41,8a,2c,53,6c,a8,07,bb,6c ,4e,5e,f9,d2,1b,0b,b9,..
"hdf12"=hex:db,37,0b,8d,9e,ca,17,41,a1,34,80,4d,18 ,6a,f1,6e,d0,b4,18,7e,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\ gdq0]
"hdf12"=hex:01,81,dd,6f,c8,e0,47,51,23,c8,68,8c,a6 ,94,f2,38,6a,38,3d,e6,b7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:37,4c,1d,81,d5,26,a9,dc,5c,c9,b6,1b,cf ,32,e1,bc,36,79,57,0e,4b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a2,55,a2,f2,9a,81,3f,5e,fe,74 ,8a,18,02,b3,f9,14,14,..
"khjeh"=hex:4e,6b,55,3d,1f,fd,f0,db,ae,4b,21,43,39 ,68,72,29,04,0e,56,9b,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:8b,a5,6e,67,60,42,55,8b,bf,5d,26,10,f0 ,d6,c3,21,c8,14,97,9d,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:d2,80,08,56,c2,5c,a9,a7,89,24,31,f7,04 ,ed,56,0f,ac,6e,c5,d4,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,a7,41,8a,2c,53,6c,a8,07,bb,6c ,4e,5e,f9,d2,1b,0b,b9,..
"hdf12"=hex:db,37,0b,8d,9e,ca,17,41,a1,34,80,4d,18 ,6a,f1,6e,d0,b4,18,7e,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\ gdq0]
"hdf12"=hex:01,81,dd,6f,c8,e0,47,51,23,c8,68,8c,a6 ,94,f2,38,6a,38,3d,e6,b7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:37,4c,1d,81,d5,26,a9,dc,5c,c9,b6,1b,cf ,32,e1,bc,36,79,57,0e,4b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a2,55,a2,f2,9a,81,3f,5e,fe,74 ,8a,18,02,b3,f9,14,14,..
"khjeh"=hex:4e,6b,55,3d,1f,fd,f0,db,ae,4b,21,43,39 ,68,72,29,04,0e,56,9b,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:8b,a5,6e,67,60,42,55,8b,bf,5d,26,10,f0 ,d6,c3,21,c8,14,97,9d,e0,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\ \system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\HelpCtr .exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Prog ram Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled: BlueSoleil"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"="C:\\Progr am Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe:*:Enabled:F reelancer"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon \\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 30 May 2005 104 ..SHR --- "C:\WINDOWS\system32\594A177188.sys"
Sat 8 Apr 2006 56 ..SHR --- "C:\WINDOWS\system32\627F092879.sys"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 16 Mar 2008 216,064 ..SHR --- "C:\WINDOWS\system32\nbDX.dll"
Sun 24 Apr 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 24 Apr 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Tue 10 May 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Wed 17 Sep 2008 26,112 ...H. --- "C:\Documents and Settings\volume\My Documents\~WRL0004.tmp"
Sun 1 Feb 2009 25,600 ...H. --- "C:\Documents and Settings\volume\My Documents\~WRL1085.tmp"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Mon 4 May 2009 90,624 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Mon 18 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 15 Feb 2009 35,328 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0002.tmp"
Wed 25 Feb 2009 24,064 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0003.tmp"
Wed 25 Feb 2009 24,064 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0005.tmp"
Thu 26 Feb 2009 247,296 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0107.tmp"
Thu 26 Feb 2009 26,112 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0130.tmp"
Wed 25 Feb 2009 24,064 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0147.tmp"
Thu 26 Feb 2009 247,296 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0161.tmp"
Thu 26 Feb 2009 249,856 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0222.tmp"
Thu 26 Feb 2009 26,112 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0242.tmp"
Thu 26 Feb 2009 26,112 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0312.tmp"
Thu 26 Feb 2009 246,784 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0313.tmp"
Thu 26 Feb 2009 1,185,792 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0373.tmp"
Thu 26 Feb 2009 246,784 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0510.tmp"
Thu 26 Feb 2009 247,808 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0628.tmp"
Mon 16 Feb 2009 35,840 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0736.tmp"
Thu 26 Feb 2009 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0792.tmp"
Thu 26 Feb 2009 246,272 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL0934.tmp"
Thu 26 Feb 2009 248,832 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1038.tmp"
Mon 23 Feb 2009 27,648 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1118.tmp"
Thu 26 Feb 2009 660,480 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1123.tmp"
Wed 25 Feb 2009 25,088 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1357.tmp"
Thu 26 Feb 2009 247,808 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1359.tmp"
Thu 26 Feb 2009 1,185,792 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1557.tmp"
Thu 26 Feb 2009 247,296 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1687.tmp"
Thu 26 Feb 2009 249,344 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1755.tmp"
Thu 26 Feb 2009 250,880 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL1970.tmp"
Thu 26 Feb 2009 659,968 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL2029.tmp"
Wed 25 Feb 2009 24,576 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL2223.tmp"
Thu 26 Feb 2009 249,856 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL2312.tmp"
Thu 26 Feb 2009 1,186,304 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL2504.tmp"
Thu 26 Feb 2009 247,808 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL2573.tmp"
Thu 26 Feb 2009 1,186,816 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL2661.tmp"
Tue 10 Feb 2009 24,064 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL2708.tmp"
Thu 26 Feb 2009 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL2953.tmp"
Thu 26 Feb 2009 1,185,792 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL3026.tmp"
Mon 16 Feb 2009 39,424 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL3083.tmp"
Thu 26 Feb 2009 1,186,816 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL3088.tmp"
Thu 26 Feb 2009 248,320 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL3203.tmp"
Thu 26 Feb 2009 247,296 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL3309.tmp"
Mon 23 Feb 2009 28,672 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL3491.tmp"
Thu 26 Feb 2009 25,088 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL3646.tmp"
Wed 25 Feb 2009 25,088 ...H. --- "C:\Documents and Settings\User\My Documents\My Documents\~WRL3961.tmp"
Mon 1 Dec 2008 27,648 ...H. --- "C:\Documents and Settings\volume\My Documents\Word Documents\~WRL0001.tmp"
Mon 1 Dec 2008 28,160 ...H. --- "C:\Documents and Settings\volume\My Documents\Word Documents\~WRL0936.tmp"
Sun 15 Jun 2008 25,600 ...H. --- "C:\Documents and Settings\volume\My Documents\Word Documents\~WRL1713.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Sun 24 Apr 2005 4,348 ...H. --- "C:\Documents and Settings\Mark!!!\My Documents\My Music\License Backup\drmv1key.bak"
Fri 17 Feb 2006 782 A..H. --- "C:\Documents and Settings\Mark!!!\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 24 Apr 2005 312 A.SH. --- "C:\Documents and Settings\Mark!!!\My Documents\My Music\License Backup\drmv2key.bak"
Tue 14 Feb 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!

That's the whole report.

Also, during the finishing process, SDFix said it was unable to open a number of files. Just to let you know.
  #5  
Old 10th May 2009, 17:50
Moderator Group
  
Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

  • Double-click on drweb-cureit.exe and then click Start
  • An information notice will appear, click OK.
  • This starts a short scan that will scan the files currently running in memory.
  • If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
  • If or when something is found, click the Yes button when it asks you if you want to cure it.


  • Once the short scan has finished, Click Settings > Change Settings
  • Under the Scanning tab UNcheck Heuristic analysis and click OK
  • Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
  • When the scan is done.
  • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.


* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply
__________________
Reply

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.