virus heur: exploit.script.generic

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

virus heur: exploit.script.generic

Post by jesse white on Tue 07 Jun 2011, 11:20 am

kaspersky detected virus heur: exploit.script.generic what should i do

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Tue 07 Jun 2011, 11:22 am

kaspersky shows no active threats

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by Superdave on Tue 07 Jun 2011, 12:05 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Tue 07 Jun 2011, 4:17 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 5/7/2010 2:27:00 PM
System Uptime: 5/31/2011 2:58:56 PM (153 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Celeron(R) CPU 420 @ 1.60GHz | Socket 775 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 82.843 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 9.921 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_020D1028&REV_02\3&2411E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_020D1028&REV_02\3&2411E6FE&0&FB
Service:
.
==== System Restore Points ===================
.
RP261: 5/29/2011 12:00:05 AM - Scheduled Checkpoint
RP262: 5/30/2011 5:55:17 PM - Installed e-Sword
RP263: 5/31/2011 4:00:00 PM - Installed Photo Explosion 3.0 Special Edition.
RP264: 5/31/2011 9:23:44 PM - Windows Update
RP265: 6/2/2011 1:54:35 AM - Scheduled Checkpoint
RP266: 6/3/2011 12:50:45 AM - Scheduled Checkpoint
RP267: 6/3/2011 2:12:29 AM - Windows Update
RP268: 6/4/2011 11:14:44 AM - Scheduled Checkpoint
RP269: 6/5/2011 10:28:41 AM - Scheduled Checkpoint
RP270: 6/6/2011 4:05:27 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BE Downloadable Edition
Bonjour
Clone Wars
D3DX10
Dell Driver Download Manager
e-Sword
FastestTube-1.2.12.0
Free Download Manager 3.0 - Prime Time Freeware Edition
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inbox Toolbar
Intel(R) Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
Kaspersky Internet Security 2011
Lexmark 2500 Series
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
MobileMe Control Panel
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
Perfect Optimizer 5.2
Photo Explosion 3.0 Special Edition
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Segoe UI
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebEx
WebEx Support Manager for Firefox or Chrome
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/6/2011 5:59:14 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/6/2011 12:33:43 PM, Error: Service Control Manager [7030] - The lxdd_device service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/31/2011 2:58:42 PM, Error: EventLog [6008] - The previous system shutdown at 2:56:54 PM on 5/31/2011 was unexpected.
.
==== End Of File ===========================
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jesse at 22:59:31 on 2011-06-06
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.141 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\consent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:
mStart Page = about:
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FastestTubeBHO Class: {3e532ce8-c6d9-4a10-8ace-4348c96e8b6a} - c:\program files\fastesttube\1.2.12\WombatBHO.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PhotoExplosionCalCheck] c:\program files\nova development\photo explosion 3.0 se\calcheck.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: NoRealMode = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dllink.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{64F79CA5-8658-4C60-8B30-8C6D28415D55} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jesse\appdata\roaming\mozilla\firefox\profiles\ypnyio30.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\users\jesse\appdata\roaming\mozilla\firefox\profiles\ypnyio30.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jesse\appdata\roaming\mozilla\firefox\profiles\ypnyio30.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-06-07 01:30:56 -------- d-----w- c:\users\jesse\appdata\roaming\SUPERAntiSpyware.com
2011-06-07 01:30:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-07 01:30:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-06 23:32:13 -------- d-----w- C:\Rooter$
2011-06-03 06:12:55 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9ff7d9f2-c3e7-40a5-bcb9-62eaa226deff}\mpengine.dll
2011-05-31 20:29:02 -------- d-----w- c:\users\jesse\appdata\local\Nova Development
2011-05-31 20:16:03 -------- d-----w- c:\program files\common files\Nova Development
2011-05-31 20:05:33 -------- d-----w- c:\program files\common files\Ulead Systems
2011-05-31 20:04:06 -------- d-----w- c:\program files\Nova Development
2011-05-31 20:01:20 -------- d-----w- c:\program files\Web Publish
2011-05-31 01:06:42 -------- d-----w- c:\program files\Lexmark
2011-05-30 21:59:38 -------- d-----w- c:\program files\e-Sword
2011-05-30 21:59:38 -------- d-----w- c:\program files\common files\EzTools
2011-05-30 21:48:56 102400 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-30 21:48:51 -------- d-----w- c:\users\jesse\appdata\local\WSStepImport
2011-05-30 21:45:00 -------- dc-h--w- c:\programdata\{428BA3F5-8003-46AA-9B5C-D7496CECEB41}
2011-05-30 21:43:58 -------- d-----w- c:\programdata\wsc
2011-05-30 21:43:56 -------- d-----w- c:\users\jesse\appdata\local\Bible Explorer 4
2011-05-30 21:43:55 -------- d-----w- c:\programdata\WORDsearch
2011-05-30 21:43:55 -------- d-----w- c:\program files\common files\WORDsearch
2011-05-30 21:43:55 -------- d-----w- c:\program files\Bible Explorer 4
2011-05-30 21:42:01 -------- d-----w- c:\users\jesse\appdata\local\PackageAware
2011-05-30 21:13:11 -------- d-----w- C:\lexmark
2011-05-30 20:37:50 -------- d-----w- c:\programdata\WombatUpdater
2011-05-30 20:37:31 -------- d-----w- c:\program files\FastestTube
2011-05-30 20:37:18 -------- d-----w- c:\users\jesse\appdata\local\FastestTube
2011-05-30 20:36:37 -------- d-----w- c:\users\jesse\appdata\roaming\Free Download Manager
2011-05-30 20:36:02 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2011-05-30 20:35:59 -------- d-----w- c:\program files\Free Download Manager
2011-05-18 03:21:01 -------- d-----w- c:\users\jesse\appdata\local\Deployment
2011-05-18 03:21:01 -------- d-----w- c:\users\jesse\appdata\local\Apps
2011-05-18 02:21:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 02:12:18 -------- d-----w- c:\windows\system32\RTCOM
2011-05-18 01:50:29 -------- d-----w- c:\users\jesse\appdata\roaming\PeerNetworking
2011-05-13 22:01:18 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-13 22:01:17 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-13 22:01:17 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-13 22:01:17 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-13 22:01:17 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-13 22:01:16 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-13 22:01:16 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-13 22:01:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 14:48:17 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
============= FINISH: 23:07:04.54 ===============

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Tue 07 Jun 2011, 8:50 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 06/07/2011 at 05:26 AM

Application Version : 4.53.1000

Core Rules Database Version : 7219
Trace Rules Database Version: 5031

Scan type : Complete Scan
Total Scan Time : 07:47:37

Memory items scanned : 680
Memory threats detected : 0
Registry items scanned : 13065
Registry threats detected : 0
File items scanned : 114513
File threats detected : 19

Adware.Tracking Cookie
convoad.technoratimedia.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
i.adultswim.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
ia.media-imdb.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
liveperson.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
media.bimvid.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
media.gamefudge.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
media.mtvnservices.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
media.oprah.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
media.whas11.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
media.y8.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
mediaforgews.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
msnbcmedia.msn.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
objects.tremormedia.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
papprd.vantage-media.net [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
secure-uk.imrworldwide.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
secure-us.imrworldwide.com [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
[You must be registered and logged in to see this link.] [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]
[You must be registered and logged in to see this link.] [ C:\Users\Jesse\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H542AXDW ]

Trojan.Agent/Gen-FraudPack
C:\USERS\JESSE\PICTURES\FACETHEME_INSTALLER.EXE

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Wed 08 Jun 2011, 2:15 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6792

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/7/2011 11:13:45 AM
mbam-log-2011-06-07 (11-13-45).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 259280
Time elapsed: 4 hour(s), 9 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A14A8608-CF1C-4010-A348-7EA220C70305}_is1 (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\perfect optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\firstbackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\fullbackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\Jesse\AppData\Roaming\microsoft\Windows\start menu\Programs\perfect optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\perfect optimizer\FreeUse.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\License.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\perfectoptimizer.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SEClean.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SERes.DLL (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\winupdate.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\Users\Jesse\Pictures\perfectoptimizer.exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\Jesse\Desktop\perfect optimizer.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\aamd532.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\ActiveX.dat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Apps.dat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\components.dat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Config.db (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\installdll.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\License.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\miraclelib.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\perfectoptimizer.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\report.html (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\sqlite3.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\unins000.dat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\unins000.exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\website.url (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\about.bmp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\head.bmp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\lng2const.xml (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\logo.ico (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\Menu.xml (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\perfectoptimzer.chm (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\register.jpg (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\smalllogo.bmp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\splash.jpg (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\website.url (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\campus_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\default_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\home_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\interner_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\notebook_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\office_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\Jesse\AppData\Roaming\microsoft\Windows\start menu\Programs\perfect optimizer\perfect optimizer.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\Jesse\AppData\Roaming\microsoft\Windows\start menu\Programs\perfect optimizer\uninstall.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\Jesse\AppData\Roaming\microsoft\Windows\start menu\Programs\perfect optimizer\Website.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Wed 08 Jun 2011, 2:16 am

i think thats everything let me know if it isnt

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Wed 08 Jun 2011, 2:24 am

after my last restart it blocked some startup programs should i unblock or what

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by Superdave on Wed 08 Jun 2011, 6:37 am

after my last restart it blocked some startup programs should i unblock or what.
Just leave it for now. Let's run more scans.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Wed 08 Jun 2011, 7:13 am

Results of screen317's Security Check version 0.99.12
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kaspersky Internet Security 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player 10.3.181.14
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
``````````End of Log````````````

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Wed 08 Jun 2011, 8:12 am

ComboFix 11-06-06.07 - Jesse 06/07/2011 16:31:54.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1138 [GMT -4:00]
Running from: c:\users\Jesse\Documents\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 20:45 . 2011-06-07 20:46 -------- d-----w- c:\users\Jesse\AppData\Local\temp
2011-06-07 20:45 . 2011-06-07 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-07 06:25 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D1ACD67-5AAE-4322-9A53-FFD9FE8BC189}\mpengine.dll
2011-06-07 03:04 . 2011-06-07 03:04 -------- d-----w- c:\users\Jesse\AppData\Roaming\Malwarebytes
2011-06-07 03:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 03:03 . 2011-06-07 03:03 -------- d-----w- c:\programdata\Malwarebytes
2011-06-07 03:03 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-07 03:03 . 2011-06-07 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-07 01:30 . 2011-06-07 01:30 -------- d-----w- c:\users\Jesse\AppData\Roaming\SUPERAntiSpyware.com
2011-06-07 01:30 . 2011-06-07 01:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-07 01:30 . 2011-06-07 01:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-06 23:32 . 2011-06-06 23:32 -------- d-----w- C:\Rooter$
2011-05-31 20:47 . 2011-05-31 20:47 -------- d-----w- c:\users\Jesse\AppData\Roaming\Ulead Systems
2011-05-31 20:29 . 2011-05-31 20:29 -------- d-----w- c:\users\Jesse\AppData\Local\Nova Development
2011-05-31 20:16 . 2011-05-31 20:16 -------- d-----w- c:\program files\Common Files\Nova Development
2011-05-31 20:05 . 2011-05-31 20:10 -------- d-----w- c:\programdata\Ulead Systems
2011-05-31 20:05 . 2011-05-31 20:05 -------- d-----w- c:\program files\Common Files\Ulead Systems
2011-05-31 20:04 . 2011-05-31 20:04 -------- d-----w- c:\program files\Nova Development
2011-05-31 20:01 . 2011-05-31 20:01 -------- d-----w- c:\program files\Web Publish
2011-05-31 01:06 . 2011-05-31 01:06 -------- d-----w- c:\program files\Lexmark
2011-05-30 21:59 . 2011-05-31 03:34 -------- d-----w- c:\program files\e-Sword
2011-05-30 21:59 . 2011-05-31 02:22 -------- d-----w- c:\program files\Common Files\EzTools
2011-05-30 21:48 . 2005-06-15 07:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2011-05-30 21:48 . 2011-05-30 21:48 -------- d-----w- c:\users\Jesse\AppData\Local\WSStepImport
2011-05-30 21:45 . 2011-05-30 21:45 -------- dc-h--w- c:\programdata\{428BA3F5-8003-46AA-9B5C-D7496CECEB41}
2011-05-30 21:43 . 2011-05-30 21:43 -------- d-----w- c:\programdata\wsc
2011-05-30 21:43 . 2011-06-06 17:12 -------- d-----w- c:\users\Jesse\AppData\Local\Bible Explorer 4
2011-05-30 21:43 . 2011-05-31 01:28 -------- d-----w- c:\programdata\WORDsearch
2011-05-30 21:43 . 2011-05-30 21:44 -------- d-----w- c:\program files\Bible Explorer 4
2011-05-30 21:43 . 2011-05-30 21:43 -------- d-----w- c:\program files\Common Files\WORDsearch
2011-05-30 21:42 . 2011-05-30 21:42 -------- d-----w- c:\users\Jesse\AppData\Local\PackageAware
2011-05-30 21:13 . 2011-05-30 21:13 -------- d-----w- C:\lexmark
2011-05-30 20:37 . 2011-05-31 18:58 -------- d-----w- c:\programdata\WombatUpdater
2011-05-30 20:37 . 2011-05-30 20:37 -------- d-----w- c:\program files\FastestTube
2011-05-30 20:37 . 2011-05-31 01:13 -------- d-----w- c:\users\Jesse\AppData\Local\FastestTube
2011-05-30 20:36 . 2011-06-07 20:19 -------- d-----w- c:\users\Jesse\AppData\Roaming\Free Download Manager
2011-05-30 20:36 . 2011-05-30 20:36 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2011-05-30 20:35 . 2011-05-30 20:38 -------- d-----w- c:\program files\Free Download Manager
2011-05-18 03:21 . 2011-05-18 03:35 -------- d-----w- c:\users\Jesse\AppData\Local\Deployment
2011-05-18 03:21 . 2011-05-18 03:21 -------- d-----w- c:\users\Jesse\AppData\Local\Apps
2011-05-18 02:21 . 2011-05-18 02:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 02:12 . 2011-05-18 02:12 -------- d-----w- c:\windows\system32\RTCOM
2011-05-18 01:50 . 2011-05-18 01:50 -------- d-----w- c:\users\Jesse\AppData\Roaming\PeerNetworking
2011-05-13 22:01 . 2011-05-13 22:01 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-13 22:01 . 2011-05-13 22:01 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-13 22:01 . 2011-05-13 22:01 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-13 22:01 . 2011-05-13 22:01 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-13 22:01 . 2011-05-13 22:01 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-13 22:01 . 2011-05-13 22:01 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-13 22:01 . 2011-05-13 22:01 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-13 22:01 . 2011-05-13 22:01 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-11 14:48 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 16:39 . 2011-04-11 16:39 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-11 16:39 . 2011-04-11 16:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-11 16:39 . 2011-04-11 16:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-11 16:39 . 2011-04-11 16:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-11 16:39 . 2011-04-11 16:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-11 16:39 . 2011-04-11 16:39 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-11 16:39 . 2011-04-11 16:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-11 16:39 . 2011-04-11 16:39 367104 ----a-w- c:\windows\system32\html.iec
2011-04-11 16:39 . 2011-04-11 16:39 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-11 16:39 . 2011-04-11 16:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-11 16:39 . 2011-04-11 16:39 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-11 16:39 . 2011-04-11 16:39 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-11 16:39 . 2011-04-11 16:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-11 16:39 . 2011-04-11 16:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-11 16:39 . 2011-04-11 16:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-11 16:39 . 2011-04-11 16:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-11 16:39 . 2011-04-11 16:39 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-11 16:39 . 2011-04-11 16:39 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-11 16:39 . 2011-04-11 16:39 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-11 16:39 . 2011-04-11 16:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-11 16:39 . 2011-04-11 16:39 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-15 00:24 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-12 21:55 . 2011-04-27 22:32 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-13 22:54 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-13 22:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-05-13 22:01 . 2011-05-13 22:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A}]
2011-03-25 07:26 183296 ----a-w- c:\program files\FastestTube\1.2.12\WombatBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-29 3727411]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-13 352976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"PhotoExplosionCalCheck"="c:\program files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRealMode"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-11-02 116536]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 03:11]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 03:11]
.
2011-06-07 c:\windows\Tasks\Updater.job
- c:\programdata\WombatUpdater\WombatUpdater.exe [2010-12-30 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = about:
mStart Page = about:
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\ypnyio30.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-FastestTube - c:\program files\FastestTube\1.2.12\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-07 16:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-07 16:52:59
ComboFix-quarantined-files.txt 2011-06-07 20:52
.
Pre-Run: 89,015,189,504 bytes free
Post-Run: 89,056,247,808 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=17 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,35
- - End Of File - - 0E105598161C12BA9ABC16E87ADECAA1

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Wed 08 Jun 2011, 8:17 am

i thought i was in trouble i could open anything, so i restarted and everything came back it was telling me that it was deleted moved or unable to locate or something like that some about register key too

what happen to it

i turn just kaspersky on should i turn on defender

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Wed 08 Jun 2011, 8:19 am

so what now

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by Superdave on Wed 08 Jun 2011, 10:37 am

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
******************************************************
i turn just kaspersky on should i turn on defender.
Yes, please.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Wed 08 Jun 2011, 12:26 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8F954000
Module End: 8F95F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8F95F000
Module End: 8F967000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: 8E6EFD50
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwAlpcConnectPort
Address: 8E6F1F8E
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwAlpcCreatePort
Address: 8E6F2208
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwAlpcSendWaitReceivePort
Address: 8E6F247E
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwClose
Address: 8E6F0664
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwConnectPort
Address: 8E6F1498
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateEvent
Address: 8E6F19E2
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateFile
Address: 8E6F0940
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateMutant
Address: 8E6F18C8
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateNamedPipeFile
Address: 8E6EF93E
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreatePort
Address: 8E6F179C
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateSection
Address: 8E6EFAE6
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateSemaphore
Address: 8E6F1B02
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateSymbolicLinkObject
Address: 8E7091F0
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateThread
Address: 8E6F02EA
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateWaitablePort
Address: 8E6F1832
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwDebugActiveProcess
Address: 8E6F31F0
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwDeviceIoControlFile
Address: 8E6F0DC2
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwDuplicateObject
Address: 8E6F43FE
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwFsControlFile
Address: 8E6F0BD0
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwLoadDriver
Address: 8E6F32E2
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwMapViewOfSection
Address: 8E6F3A4A
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenEvent
Address: 8E6F1A78
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenFile
Address: 8E6F06E6
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenMutant
Address: 8E6F1958
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenProcess
Address: 8E6EFF8E
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenSection
Address: 8E6F37E4
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenSemaphore
Address: 8E6F1B98
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenThread
Address: 8E6EFE7E
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwPlugPlayControl
Address: 8E709200
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwQueryDirectoryObject
Address: 8E6F2782
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwQuerySection
Address: 8E6F3D84
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwQueueApcThread
Address: 8E6F3676
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwReplaceKey
Address: 8E6EE5F8
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwReplyPort
Address: 8E6F1EFC
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwReplyWaitReceivePort
Address: 8E6F1DC2
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwRequestWaitReplyPort
Address: 8E6F2F8A
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwRestoreKey
Address: 8E6EE970
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwResumeThread
Address: 8E6F42A0
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSaveKey
Address: 8E6EE590
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSecureConnectPort
Address: 8E6F11DE
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetContextThread
Address: 8E6F0506
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetInformationToken
Address: 8E6F2824
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetSecurityObject
Address: 8E6F3480
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetSystemInformation
Address: 8E6F3ED4
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSuspendProcess
Address: 8E6F3FC6
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSuspendThread
Address: 8E6F4100
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSystemDebugControl
Address: 8E6F3114
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwTerminateProcess
Address: 8E6F0134
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwTerminateThread
Address: 8E6F008A
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwUnmapViewOfSection
Address: 8E6F3C28
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwWriteVirtualMemory
Address: 8E6F0220
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateThreadEx
Address: 8E6F03E8
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateUserProcess
Address: 8E6F26C8
Driver Base: 8E6C3000
Driver End: 8E746000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied


jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by Superdave on Thu 09 Jun 2011, 5:43 am

Is your computer working any better?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Thu 09 Jun 2011, 12:37 pm

yes its running some better still shows not responding sometimes



Last edited by jesse white on Fri 10 Jun 2011, 3:02 am; edited 1 time in total

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Thu 09 Jun 2011, 12:49 pm

thanks for all your help


Last edited by jesse white on Fri 10 Jun 2011, 3:05 am; edited 1 time in total

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Fri 10 Jun 2011, 1:42 am

no threats

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Fri 10 Jun 2011, 1:43 am

computer now shows that there is no pictures in my pictures but in pictures link at top there are there whats happening

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Fri 10 Jun 2011, 1:44 am

when my screen saver kicks on it says no pictures

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Fri 10 Jun 2011, 2:14 am

i have alot of files in documents link should i keep or delete when done

cheetah-anti-roque
cjq2500win7en.exe
cjr2500en.exe
ckscanner.exe
dds.scr
desktop.ini
desktop(2).ini
locksearch.exe
mbam-setup.exe
otl.com
rooter.exe
setup990.exe
setup991.exe
superantispyware.exe
sysprot.zip
attach.txt
checkup.txt
combo.txt
combofix.exe
dds.txt
securitycheck.exe
sysprot


Last edited by jesse white on Fri 10 Jun 2011, 3:11 am; edited 1 time in total

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Fri 10 Jun 2011, 2:25 am

why is my pictures, my music, my videos in documents and how comes if i click on my documents, my pictures and my videos it says

c:\users\jesse\documents\my pictures is not accessible. access is denied.
my music
my documents
my videos

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Fri 10 Jun 2011, 2:41 am

why is that desktop.ini in just about all folders

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by jesse white on Fri 10 Jun 2011, 2:59 am

everything is loading quicker though thanks but what is the deal with the other things i sent about

jesse white

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2011-06-07
Operating System : vista

View user profile

Back to top Go down

Re: virus heur: exploit.script.generic

Post by Sponsored content Today at 4:12 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum