GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Dealing with cloned files

View previous topic View next topic Go down

Dealing with cloned files

Post by Petuh2 on Fri Dec 25, 2009 11:08 pm

Hello. Merry X'Mas to everybody.
Iíve just discovered that there are too many cloned files and folders on my XP Pro PC. Some of them seem to be malicious. Here are a couple of example folders and files.
9866fb57abdc0ea2f5d4e132d055ba4e\ntkrpamp.exe
KB956572\SP3QFE\ntkrpamp.exe
And I have 6 more instances of the same file.
Does anyone know how to deal with them? I mean how to find which one are to be deleted? The more so that I have many more groups of 2 to 8 cloned files. Any help will be highly appreciated. Thank you. M

Petuh2
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-12-25
Gender : Male
OS : Windows XP Pro SP2
Points : 25413
# Likes : 0

View user profile

Back to top Go down

Re: Dealing with cloned files

Post by Dr Jay on Sat Dec 26, 2009 8:01 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Dealing with cloned files.

Post by Petuh2 on Mon Dec 28, 2009 6:30 am

Hello DragonMaster Jay. I really appreciate your quick answer. Here is the MBAM Log: Malwarebytes' Anti-Malware 1.42
Database version: 3437
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/27/2009 2:16:29 AM
mbam-log-2009-12-27 (02-16-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 169876
Time elapsed: 2 hour(s), 26 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Downloads\Antispyware\keygen\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SUPERAntiSpyware\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1801674531-152049171-1957994488-1003\Dc118.Patch-CRD\keygen\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

After cleaning my PC became more workable. Thank you very much. I still donít know how to deal with the cloned files. I would really appreciate any advice about dealing with them or about sources where such info may be found.
Best regards. M.

Petuh2
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-12-25
Gender : Male
OS : Windows XP Pro SP2
Points : 25413
# Likes : 0

View user profile

Back to top Go down

Re: Dealing with cloned files

Post by Dr Jay on Mon Dec 28, 2009 7:22 am

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Dealing with cloned files.

Post by Petuh2 on Sun Jan 03, 2010 6:23 am

Hello and happy New Year to you DragonMaster Jay. I still hope for some additional help. The situation: Iím already working from my main PC. But still a lot of functions and a lot of Apps are not working. I see it may be the result of my disabling many services. Iím just afraid to enable all . Some of them may be malware connected, some just unneeded. I would highly appreciate if you can tell how to find out what to do with each one. Here all the info youíve asked previously. I'm so sorry I couldn't find a way to send in an attachment or otherwise all the info I've collected in a compressed form.
Thank you very much. M.
========================
CKFiles.txt
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\documents\olddownloads\anydvd.v6.1.3.0-crack.rar
c:\documents and settings\all users\documents\olddownloads\crack.rar
c:\downloads\winxp\eth0\windows.genuine.advantage.validation.v1.7.36.0.cracked-eth0\eth0.nfo
c:\downloads\winxp\eth0\windows.genuine.advantage.validation.v1.7.36.0.cracked-eth0\wga17360.zip
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.EM.11
----- EOF -----
==============================
mbam-log-2010-01-01 (22-31-36).txt
Malwarebytes' Anti-Malware 1.43
Database version: 3475
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

1/1/2010 10:31:51 PM
mbam-log-2010-01-01 (22-31-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 410659
Time elapsed: 1 hour(s), 46 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wyyo (Adware.Zwangi) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PC MightyMax 2009 (Rogue.PcMightyMax) -> No action taken.
C:\Program Files\Wyyo (Adware.Zwangi) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Wyyo (Adware.Zwangi) -> No action taken.

Files Infected:
C:\Downloads\PCMightyMax2009_306.EXE (Rogue.PCMightyMax) -> No action taken.
D:\OldDownloads\ACDSee_9.0\CR-ACD90.exe (Trojan.Downloader) -> No action taken.
D:\OldDownloads\HDD.Regen.1.51-DVT (Repair)\HDD.Regen.1.51-DVT\crack\HDD Regenerator.exe (Malware.Packer.Morphine) -> No action taken.
D:\OldDownloads\UBCD4Win\UBCD4Win\plugin\400_main_xpe-progrrams\EasyRecoveryPRO\Files\VSGZIP.DLL (Trojan.Downloader) -> No action taken.
D:\Program Files\Bug Doctor\BugDoctorLiveUpdate.exe (Rogue.BugDoctor) -> No action taken.
C:\Program Files\PC MightyMax 2009\pcmm2009.error.log (Rogue.PcMightyMax) -> No action taken.
C:\Program Files\Wyyo\readme.html (Adware.Zwangi) -> No action taken.
C:\Program Files\Wyyo\uninstall.exe (Adware.Zwangi) -> No action taken.
========================================
Hijack Analysis Report.txt
Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 3:56:57 PM, on 1/1/2010
Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v7.0 (7.0.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Everything\Everything.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Blaze\Blaze.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Reimage\Reimage PC Booster\ReimageBooster.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Reimage\Reimage PC Booster\REI_Booster.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Groove GFS Browser Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Groove GFS Browser Helper - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Google Dictionary Compression sdch - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: - -
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Reimage PC Booster] "C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" false na "C:\Program Files\Reimage\Reimage PC Booster\ReimageBooster.exe" /tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O8 - Extra context menu item: &Download by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Do&wnload selected by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_15) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - [You must be registered and logged in to see this link.]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Petuh2
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-12-25
Gender : Male
OS : Windows XP Pro SP2
Points : 25413
# Likes : 0

View user profile

Back to top Go down

Re: Dealing with cloned files

Post by Dr Jay on Sun Jan 03, 2010 10:14 am

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


==

Please download [You must be registered and logged in to see this link.] to your desktop.


Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool.

When it's done, capture a screenshot of the finished scan, and post that.

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.

1. Press the Print screen key
2. Click the "Start" button (normally located in the bottom left of your screen).
3. Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
4. Wait while the application "Paint" opens. Once it is open, proceed to the next step.
5. Click the "Edit" menu and select "Paste".
6. Click the "File" menu and select "Save As...". A dialog box will appear.
7. In the "File name" field, enter a name of your choice.
8. Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
9. Click the "Save" button.


Then, go to [You must be registered and logged in to see this link.], and upload the picture for me please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Dealing with cloned files.

Post by Petuh2 on Sun Jan 03, 2010 10:22 pm

Hello DragonMaster Jay. Here are the codes for Forums and Message Boards from Imageshack for my
MGADiag Picture:
[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Here is the : ďCheetah Anti-Rogue v1.0.14
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Sun 01/03/2010 11:29:36.09

-- Known infection --

If objects found, full virus scan or anti-malware scan necessary
EOFĒ

My PC is an HP Media Center PC with preinstalled Windows, although I have reinstalled Windows a couple of times. I donít want to do it now, and already frustrated. I really hope for your help. Thank you.
Best regards. M.

Petuh2
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-12-25
Gender : Male
OS : Windows XP Pro SP2
Points : 25413
# Likes : 0

View user profile

Back to top Go down

Re: Dealing with cloned files

Post by Dr Jay on Mon Jan 04, 2010 1:25 am

c:\downloads\winxp\eth0\windows.genuine.advantage.validation.v1.7.36.0.cracked-eth0\eth0.nfo
c:\downloads\winxp\eth0\windows.genuine.advantage.validation.v1.7.36.0.cracked-eth0\wga17360.zip

This was why I had you run MGADiag. It just so happens these files are cracked Windows Genuine Advantage files, which were a potential attempt to crack Windows validation. Luckily, your Windows copy is genuine, so these files will have no effect on the system. However, they are probably part of the reason your system is infected.

=====

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Dealing with cloned files.

Post by Petuh2 on Thu Jan 07, 2010 5:14 am

Hello DragonMaster Jay. The results of the last scan: No malicious items detected. Lost Internet connection is reason for the delay and not being able to upend the "mbam-log-20-10-06.txt". My PC lost its IP Address, I couldn't find a way to restore it yet. Thanks for participation and help. Good luck. M.

Petuh2
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-12-25
Gender : Male
OS : Windows XP Pro SP2
Points : 25413
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum