Removing Win32/agent.SDG.Gen trojan

View previous topic View next topic Go down

Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Fri Sep 16, 2011 10:17 pm

Please help, I am running Win7 Ultimate and every time I start up windows there is a warning from NOD32 that there is a Win32/agent.SDG.Gen trojan that cannot be deleted.
This is a new fresh copy of WIn7 ultimate. Previous to this I had XP Pro installed.
I've tried to Google ways of removing said trojan, but none of them seemed to work.
Please help.

Thank you.

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Fri Sep 16, 2011 11:28 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
******************************************************
Download DDS from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.].Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 17, 2011 1:16 am

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 09/17/2011 at 12:56 PM

Application Version : 5.0.1118

Core Rules Database Version : 7704
Trace Rules Database Version: 5516

Scan type : Complete Scan
Total Scan Time : 00:52:40

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 783
Memory threats detected : 0
Registry items scanned : 37013
Registry threats detected : 0
File items scanned : 192547
File threats detected : 202

Adware.Tracking Cookie
media.kyte.tv [ C:\USERS\REX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AK5TXGCG ]
secure-uk.imrworldwide.com [ C:\USERS\REX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AK5TXGCG ]
.fastclick.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.anrtx.tacoda.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
a.visualrevenue.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 17, 2011 1:17 am

.msnportal.112.2o7.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
track.prd1.netshelter.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.ehg-twi.hitbox.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.ehg-twi.hitbox.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2mdn.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.premiumtv.122.2o7.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
www3.addfreestats.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.myroitracking.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.traffichaus.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.s1.tldadserv.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.s1.tldadserv.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.s1.tldadserv.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adultbay.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adultbay.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adultbay.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ads2.zeusclicks.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.porn-w.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.porn-w.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.porn-w.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.porn-w.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.porn-w.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.porn-w.org [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
1xxx.cqcounter.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.pornotube.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.pornotube.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.pornotube.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.pornotube.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2adultflashgames.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2adultflashgames.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.2adultflashgames.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.www.seekclicks.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.hentaicounter.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
media.adsvelocity.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
media.adsvelocity.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
media.adsvelocity.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
media.adsvelocity.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\REX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X1CIUUO3.DEFAULT\COOKIES.SQLITE ]

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 17, 2011 2:09 am

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 7730

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/17/2011 2:08:29 PM
mbam-log-2011-09-17 (14-08-29).txt

Scan type: Full scan (C:\|D:\|H:\|)
Objects scanned: 409586
Time elapsed: 37 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Rex\poker\mysterty case\ravenhearst.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
h:\other games\3d_sv2.058_mod400-425-430\mod 425\fc3dsexvilla.dll (Trojan.Agent) -> Quarantined and deleted successfully.

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 17, 2011 2:16 am

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Rex at 14:13:26 on 2011-09-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3328.2107 [GMT 12:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDRSS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDClock.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDMedia.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Launch LCore] "c:\program files\logitech gaming software\LCore.exe" /minimized
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\rex\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{21DB6A62-678A-457D-AB1E-81FDE6FB8371} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rex\appdata\roaming\mozilla\firefox\profiles\x1ciuuo3.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\rex\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\rex\appdata\roaming\mozilla\firefox\profiles\x1ciuuo3.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-17 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-15 2214504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-16 1153368]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-9-15 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-9-15 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-17 22216]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-15 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-15 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-16 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-16 1343400]
.

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 17, 2011 2:17 am

=============== Created Last 30 ================
.
2011-09-17 00:02:08 -------- d-----w- c:\users\rex\appdata\roaming\SUPERAntiSpyware.com
2011-09-17 00:01:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-17 00:01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-17 00:00:12 -------- d-----w- c:\windows\system32\appmgmt
2011-09-16 23:50:13 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-16 23:43:40 -------- d-----w- C:\Combo-Fix16578C
2011-09-16 23:31:48 -------- d-----w- C:\Combo-Fix7353C
2011-09-16 23:19:03 -------- d-----w- C:\Combo-Fix28344C
2011-09-16 23:07:45 -------- d-----w- c:\users\rex\appdata\local\temp
2011-09-16 22:59:18 98816 ----a-w- c:\windows\sed.exe
2011-09-16 22:59:18 518144 ----a-w- c:\windows\SWREG.exe
2011-09-16 22:59:18 256000 ----a-w- c:\windows\PEV.exe
2011-09-16 22:59:18 208896 ----a-w- c:\windows\MBR.exe
2011-09-16 22:59:13 -------- d-----w- C:\Combo-Fix
2011-09-16 22:45:45 -------- d-----w- c:\windows\system32\zh-CHS
2011-09-16 22:45:45 -------- d-----w- c:\windows\system32\drivers\zh-CN
2011-09-16 22:45:45 -------- d-----w- c:\windows\system32\drivers\umdf\zh-CN
2011-09-16 22:45:43 -------- d-----w- c:\windows\system32\wbem\zh-CN
2011-09-16 22:45:37 -------- d-----w- c:\windows\zh-CN
2011-09-16 22:45:30 -------- d-----w- c:\windows\ja-JP
2011-09-16 22:45:24 -------- d-----w- c:\windows\system32\ja
2011-09-16 22:45:24 -------- d-----w- c:\windows\system32\0411
2011-09-16 22:45:23 -------- d-----w- c:\windows\system32\drivers\umdf\ja-JP
2011-09-16 22:45:23 -------- d-----w- c:\windows\system32\drivers\ja-JP
2011-09-16 22:45:21 -------- d-----w- c:\windows\system32\wbem\ja-JP
2011-09-16 22:38:45 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-cn\LXKPTPRC.DLL.mui
2011-09-16 22:38:42 378368 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchs.dll
2011-09-16 22:38:42 12607488 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchsr.dll
2011-09-16 22:34:17 266240 ----a-w- c:\windows\system32\lzhfldr2.dll
2011-09-16 22:34:07 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui
2011-09-16 22:34:03 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll
2011-09-16 22:34:03 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll
2011-09-16 22:34:03 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll
2011-09-16 22:34:03 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll
2011-09-16 22:32:15 -------- d-----w- c:\windows\zh-TW
2011-09-16 22:32:15 -------- d-----w- c:\windows\system32\zh-CHT
2011-09-16 22:32:12 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-16 22:32:12 -------- d-----w- c:\windows\system32\drivers\zh-TW
2011-09-16 22:32:12 -------- d-----w- c:\windows\system32\drivers\umdf\zh-TW
2011-09-16 22:32:11 -------- d-----w- c:\windows\system32\drivers\zh-HK
2011-09-16 22:32:09 -------- d-----w- c:\windows\system32\wbem\zh-TW
2011-09-16 22:32:09 -------- d-----w- c:\windows\system32\wbem\zh-HK
2011-09-16 22:28:29 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-tw\LXKPTPRC.DLL.mui
2011-09-16 22:28:26 27136 ----a-w- c:\program files\common files\microsoft shared\ink\imchxlm.dll
2011-09-16 22:28:25 424448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwcht.dll
2011-09-16 22:28:25 15720448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchtr.dll
2011-09-16 22:22:52 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-09-16 22:22:52 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-09-16 22:22:52 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-09-16 20:58:01 -------- d-----w- c:\users\rex\appdata\local\Norman Malware Cleaner
2011-09-16 20:06:58 -------- d-----w- c:\programdata\PC Tools
2011-09-16 12:03:54 -------- d-----w- c:\users\rex\appdata\roaming\Malwarebytes
2011-09-16 12:03:48 -------- d-----w- c:\programdata\Malwarebytes
2011-09-16 12:03:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-16 12:03:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-16 11:19:38 -------- d-----w- c:\windows\system32\SPReview
2011-09-16 11:18:59 -------- d-----w- c:\windows\system32\EventProviders
2011-09-16 11:15:59 50688 ----a-w- c:\windows\system32\umb.dll
2011-09-16 11:14:59 94208 ----a-w- c:\program files\common files\system\msadc\msadcf.dll
2011-09-16 10:34:36 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-16 10:34:34 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-09-16 09:55:24 -------- d-----w- c:\windows\system32\Wat
2011-09-16 09:53:56 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-09-16 09:53:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-16 09:53:56 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-16 09:53:32 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-16 09:53:10 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-16 09:53:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-16 09:41:32 -------- d-----w- c:\program files\CCleaner
2011-09-16 09:20:57 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-09-16 09:20:56 850944 ----a-w- c:\windows\system32\sbe.dll
2011-09-16 09:20:56 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-09-16 09:20:55 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-09-16 09:20:24 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-09-16 09:20:21 2616320 ----a-w- c:\windows\explorer.exe
2011-09-16 09:20:05 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-09-16 09:19:58 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-09-16 09:19:35 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-09-16 09:19:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-09-16 09:17:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-16 09:17:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-16 09:10:58 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-09-16 09:10:55 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6a2f79dc-955a-48d8-960a-2abee3139332}\mpengine.dll
2011-09-16 09:10:22 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-09-16 09:07:20 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-09-16 09:00:08 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-09-16 09:00:08 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-09-16 08:59:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-09-16 06:27:32 -------- d-----w- c:\users\rex\car
2011-09-16 06:26:57 -------- d-----w- c:\users\rex\COD backup
2011-09-16 06:26:56 -------- d-----w- c:\users\rex\ELECTRA IS MY MULE
2011-09-16 06:26:56 -------- d-----w- c:\users\rex\DOOMTRAIN ORIGINAL FROM GAME CAN PLAY 100% NOT EXPANSION
2011-09-16 06:26:26 -------- d-----w- c:\users\rex\for work
2011-09-16 06:25:34 -------- d-----w- c:\users\rex\Games Backup
2011-09-16 06:25:33 -------- d-----w- c:\users\rex\HILDEBRAND COMPLETE 100%
2011-09-16 06:25:27 -------- d-----w- c:\users\rex\mix
2011-09-16 06:24:57 -------- d-----w- c:\users\rex\mix2
2011-09-16 06:24:32 -------- d-----w- c:\users\rex\My Games
2011-09-16 06:24:31 -------- d-----w- c:\users\rex\My Other Pictures
2011-09-16 06:24:27 -------- d-----r- c:\users\rex\My Pictures
2011-09-16 06:24:23 -------- d-----w- c:\users\rex\My Received Files
2011-09-16 06:21:31 -------- d-----w- c:\users\rex\Photos
2011-09-16 06:20:13 -------- d-----w- c:\users\rex\poker
2011-09-16 06:11:29 -------- d-----w- c:\users\rex\Uni Works
2011-09-16 05:58:11 -------- d-----w- c:\users\rex\warranty_files
2011-09-16 05:58:11 -------- d-----w- c:\users\rex\Verse
2011-09-15 10:55:16 -------- d-----w- c:\windows\system32\RTCOM
2011-09-15 10:40:23 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-09-15 10:40:23 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-09-15 10:40:23 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-09-15 10:40:23 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-09-15 10:40:23 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-09-15 10:40:23 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-09-15 10:40:22 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-09-15 10:40:09 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-09-15 10:39:54 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-09-15 10:39:54 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-15 10:39:54 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-15 10:39:54 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-15 10:39:54 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-09-15 10:39:54 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-15 10:39:54 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-15 10:39:54 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-15 10:39:54 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-15 10:39:20 -------- d-----w- c:\program files\NVIDIA Corporation
2011-09-15 10:39:02 -------- d-----w- C:\NVIDIA
2011-09-15 10:29:27 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2011-09-15 10:29:27 -------- d-----w- c:\users\rex\appdata\local\eSupport.com
2011-09-15 09:54:08 129784 ------w- c:\windows\system32\pxafs.dll
2011-09-15 09:42:06 -------- d-----w- c:\users\rex\appdata\local\Google
2011-09-15 09:34:16 -------- d-----w- c:\users\rex\appdata\roaming\ACD Systems
2011-09-15 09:34:16 -------- d-----w- c:\users\rex\appdata\local\ACD Systems
2011-09-15 09:34:07 -------- d-----w- c:\programdata\ACD Systems
2011-09-15 09:34:05 -------- d-----w- c:\program files\common files\ACD Systems
2011-09-15 09:34:05 -------- d-----w- c:\program files\ACD Systems
2011-09-15 09:33:39 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2011-09-15 09:32:58 -------- d-----w- c:\windows\Downloaded Installations
2011-09-15 09:31:48 -------- d-----w- c:\users\rex\appdata\local\ESET
2011-09-15 09:31:25 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-09-15 09:31:24 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-09-15 09:25:10 -------- d-----w- c:\program files\ESET
2011-09-15 09:16:47 -------- d-----w- c:\program files\The KMPlayer
2011-09-15 09:09:10 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-09-15 09:09:09 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-09-15 09:09:09 107520 ----a-w- c:\windows\system32\cdd.dll
2011-09-15 08:54:17 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-09-15 08:53:25 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-09-15 08:53:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-15 08:53:24 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-09-15 08:50:12 -------- d-----w- c:\users\rex\appdata\roaming\IrfanView
2011-09-15 08:50:12 -------- d-----w- c:\program files\IrfanView
2011-09-15 08:40:03 -------- d-----w- c:\users\rex\appdata\local\LogiShrd
2011-09-15 08:39:58 53248 ----a-r- c:\users\rex\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-09-15 08:39:52 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-15 08:38:53 -------- d-----w- c:\users\rex\appdata\roaming\Logishrd
2011-09-15 08:32:58 -------- d-----w- c:\users\rex\appdata\local\Logitech
2011-09-15 08:32:38 341000 ----a-w- c:\windows\system32\drivers\umdf\lgSSQVGA.dll
2011-09-15 08:32:38 19720 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2011-09-15 08:32:38 14856 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2011-09-15 08:32:38 140808 ----a-w- c:\windows\system32\drivers\umdf\lgSSBW.dll
2011-09-15 08:32:35 -------- d-----w- c:\program files\Logitech Gaming Software
2011-09-15 08:13:06 -------- d-----w- c:\program files\Microsoft LifeCam
2011-09-15 08:13:03 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-09-15 08:13:03 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-15 08:12:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-15 08:11:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-15 08:10:03 -------- d-----w- c:\program files\Yahoo!
2011-09-15 08:09:36 -------- d-----r- c:\program files\Skype
2011-09-15 08:09:35 -------- d-sh--w- c:\windows\Installer
2011-09-15 07:11:14 -------- d-----w- c:\windows\system32\wbem\Performance
.
==================== Find3M ====================
.
2011-09-16 11:28:16 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 14:14:48.62 ===============

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 17, 2011 2:20 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/15/2011 7:06:36 PM
System Uptime: 9/17/2011 2:10:45 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M57SLI-S4
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket M2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 63.721 GiB free.
D: is FIXED (NTFS) - 368 GiB total, 350.03 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is FIXED (NTFS) - 932 GiB total, 229.229 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ACDSee Pro
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
CCleaner
Click to Call with Skype
Combined Community Codec Pack 2011-07-30
DriverAgent by eSupport.com
eReg
ESET NOD32 Antivirus
Google Chrome
Google Earth
Google Update Helper
IrfanView (remove only)
Logitech Gaming Software 8.01
Logitech SetPoint 6.30
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 6.0.2 (x86 en-US)
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.3.5
NVIDIA Update Components
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Skype™ 5.3
Spybot - Search & Destroy
SUPERAntiSpyware
The KMPlayer (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Winamp
WinRAR archiver
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/17/2011 8:43:35 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2011 8:43:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/17/2011 8:43:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/17/2011 8:43:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/17/2011 8:43:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/17/2011 8:43:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr Wanarpv6
9/17/2011 8:38:27 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
9/17/2011 8:08:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/17/2011 11:49:00 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/17/2011 11:27:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2518869).
9/17/2011 10:03:50 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/16/2011 9:34:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7.
9/16/2011 8:56:43 PM, Error: Service Control Manager [7023] -
9/16/2011 11:38:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB980408).
9/16/2011 11:38:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB978542).
9/16/2011 11:38:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2423089).
9/16/2011 11:38:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2419640).
9/16/2011 11:37:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} and APPID {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} to the user AlphaDog\UpdatusUser SID (S-1-5-21-1632069383-3185540770-3265511779-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/16/2011 10:03:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2423089).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB980408).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2545698).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB978542).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2532531).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2425227).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2419640).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2305420).
9/15/2011 9:25:12 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/15/2011 9:00:32 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
.
==== End Of File ===========================

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

This is after the restart, Offline, AV off

Post by manutd_20 on Sat Sep 17, 2011 2:38 am

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Rex at 14:26:47 on 2011-09-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3328.1988 [GMT 12:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDClock.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDMedia.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Launch LCore] "c:\program files\logitech gaming software\LCore.exe" /minimized
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\rex\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{21DB6A62-678A-457D-AB1E-81FDE6FB8371} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rex\appdata\roaming\mozilla\firefox\profiles\x1ciuuo3.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\rex\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\rex\appdata\roaming\mozilla\firefox\profiles\x1ciuuo3.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-17 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-15 2214504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-16 1153368]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-9-15 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-9-15 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-17 22216]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-15 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-15 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-16 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-16 1343400]
.

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

This is after the restart, Offline, AV off

Post by manutd_20 on Sat Sep 17, 2011 2:39 am

=============== Created Last 30 ================
.
2011-09-17 00:02:08 -------- d-----w- c:\users\rex\appdata\roaming\SUPERAntiSpyware.com
2011-09-17 00:01:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-17 00:01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-17 00:00:12 -------- d-----w- c:\windows\system32\appmgmt
2011-09-16 23:50:13 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-16 23:43:40 -------- d-----w- C:\Combo-Fix16578C
2011-09-16 23:31:48 -------- d-----w- C:\Combo-Fix7353C
2011-09-16 23:19:03 -------- d-----w- C:\Combo-Fix28344C
2011-09-16 23:07:45 -------- d-----w- c:\users\rex\appdata\local\temp
2011-09-16 22:59:18 98816 ----a-w- c:\windows\sed.exe
2011-09-16 22:59:18 518144 ----a-w- c:\windows\SWREG.exe
2011-09-16 22:59:18 256000 ----a-w- c:\windows\PEV.exe
2011-09-16 22:59:18 208896 ----a-w- c:\windows\MBR.exe
2011-09-16 22:59:13 -------- d-----w- C:\Combo-Fix
2011-09-16 22:45:45 -------- d-----w- c:\windows\system32\zh-CHS
2011-09-16 22:45:45 -------- d-----w- c:\windows\system32\drivers\zh-CN
2011-09-16 22:45:45 -------- d-----w- c:\windows\system32\drivers\umdf\zh-CN
2011-09-16 22:45:43 -------- d-----w- c:\windows\system32\wbem\zh-CN
2011-09-16 22:45:37 -------- d-----w- c:\windows\zh-CN
2011-09-16 22:45:30 -------- d-----w- c:\windows\ja-JP
2011-09-16 22:45:24 -------- d-----w- c:\windows\system32\ja
2011-09-16 22:45:24 -------- d-----w- c:\windows\system32\0411
2011-09-16 22:45:23 -------- d-----w- c:\windows\system32\drivers\umdf\ja-JP
2011-09-16 22:45:23 -------- d-----w- c:\windows\system32\drivers\ja-JP
2011-09-16 22:45:21 -------- d-----w- c:\windows\system32\wbem\ja-JP
2011-09-16 22:38:45 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-cn\LXKPTPRC.DLL.mui
2011-09-16 22:38:42 378368 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchs.dll
2011-09-16 22:38:42 12607488 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchsr.dll
2011-09-16 22:34:17 266240 ----a-w- c:\windows\system32\lzhfldr2.dll
2011-09-16 22:34:07 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui
2011-09-16 22:34:03 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll
2011-09-16 22:34:03 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll
2011-09-16 22:34:03 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll
2011-09-16 22:34:03 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll
2011-09-16 22:32:15 -------- d-----w- c:\windows\zh-TW
2011-09-16 22:32:15 -------- d-----w- c:\windows\system32\zh-CHT
2011-09-16 22:32:12 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-16 22:32:12 -------- d-----w- c:\windows\system32\drivers\zh-TW
2011-09-16 22:32:12 -------- d-----w- c:\windows\system32\drivers\umdf\zh-TW
2011-09-16 22:32:11 -------- d-----w- c:\windows\system32\drivers\zh-HK
2011-09-16 22:32:09 -------- d-----w- c:\windows\system32\wbem\zh-TW
2011-09-16 22:32:09 -------- d-----w- c:\windows\system32\wbem\zh-HK
2011-09-16 22:28:29 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-tw\LXKPTPRC.DLL.mui
2011-09-16 22:28:26 27136 ----a-w- c:\program files\common files\microsoft shared\ink\imchxlm.dll
2011-09-16 22:28:25 424448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwcht.dll
2011-09-16 22:28:25 15720448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchtr.dll
2011-09-16 22:22:52 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-09-16 22:22:52 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-09-16 22:22:52 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-09-16 20:58:01 -------- d-----w- c:\users\rex\appdata\local\Norman Malware Cleaner
2011-09-16 20:06:58 -------- d-----w- c:\programdata\PC Tools
2011-09-16 12:03:54 -------- d-----w- c:\users\rex\appdata\roaming\Malwarebytes
2011-09-16 12:03:48 -------- d-----w- c:\programdata\Malwarebytes
2011-09-16 12:03:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-16 12:03:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-16 11:19:38 -------- d-----w- c:\windows\system32\SPReview
2011-09-16 11:18:59 -------- d-----w- c:\windows\system32\EventProviders
2011-09-16 11:15:59 50688 ----a-w- c:\windows\system32\umb.dll
2011-09-16 11:14:59 94208 ----a-w- c:\program files\common files\system\msadc\msadcf.dll
2011-09-16 10:34:36 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-16 10:34:34 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-09-16 09:55:24 -------- d-----w- c:\windows\system32\Wat
2011-09-16 09:53:56 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-09-16 09:53:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-16 09:53:56 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-16 09:53:32 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-16 09:53:10 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-16 09:53:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-16 09:41:32 -------- d-----w- c:\program files\CCleaner
2011-09-16 09:20:57 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-09-16 09:20:56 850944 ----a-w- c:\windows\system32\sbe.dll
2011-09-16 09:20:56 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-09-16 09:20:55 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-09-16 09:20:24 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-09-16 09:20:21 2616320 ----a-w- c:\windows\explorer.exe
2011-09-16 09:20:05 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-09-16 09:19:58 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-09-16 09:19:35 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-09-16 09:19:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-09-16 09:17:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-16 09:17:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-16 09:10:58 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-09-16 09:10:55 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6a2f79dc-955a-48d8-960a-2abee3139332}\mpengine.dll
2011-09-16 09:10:22 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-09-16 09:07:20 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-09-16 09:00:08 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-09-16 09:00:08 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-09-16 08:59:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-09-16 06:27:32 -------- d-----w- c:\users\rex\car
2011-09-16 06:26:57 -------- d-----w- c:\users\rex\COD backup
2011-09-16 06:26:56 -------- d-----w- c:\users\rex\ELECTRA IS MY MULE
2011-09-16 06:26:56 -------- d-----w- c:\users\rex\DOOMTRAIN ORIGINAL FROM GAME CAN PLAY 100% NOT EXPANSION
2011-09-16 06:26:26 -------- d-----w- c:\users\rex\for work
2011-09-16 06:25:34 -------- d-----w- c:\users\rex\Games Backup
2011-09-16 06:25:33 -------- d-----w- c:\users\rex\HILDEBRAND COMPLETE 100%
2011-09-16 06:25:27 -------- d-----w- c:\users\rex\mix
2011-09-16 06:24:57 -------- d-----w- c:\users\rex\mix2
2011-09-16 06:24:32 -------- d-----w- c:\users\rex\My Games
2011-09-16 06:24:31 -------- d-----w- c:\users\rex\My Other Pictures
2011-09-16 06:24:27 -------- d-----r- c:\users\rex\My Pictures
2011-09-16 06:24:23 -------- d-----w- c:\users\rex\My Received Files
2011-09-16 06:21:31 -------- d-----w- c:\users\rex\Photos
2011-09-16 06:20:13 -------- d-----w- c:\users\rex\poker
2011-09-16 06:11:29 -------- d-----w- c:\users\rex\Uni Works
2011-09-16 05:58:11 -------- d-----w- c:\users\rex\warranty_files
2011-09-16 05:58:11 -------- d-----w- c:\users\rex\Verse
2011-09-15 10:55:16 -------- d-----w- c:\windows\system32\RTCOM
2011-09-15 10:40:23 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-09-15 10:40:23 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-09-15 10:40:23 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-09-15 10:40:23 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-09-15 10:40:23 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-09-15 10:40:23 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-09-15 10:40:22 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-09-15 10:40:09 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-09-15 10:39:54 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-09-15 10:39:54 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-15 10:39:54 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-15 10:39:54 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-15 10:39:54 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-09-15 10:39:54 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-15 10:39:54 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-15 10:39:54 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-15 10:39:54 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-15 10:39:20 -------- d-----w- c:\program files\NVIDIA Corporation
2011-09-15 10:39:02 -------- d-----w- C:\NVIDIA
2011-09-15 10:29:27 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2011-09-15 10:29:27 -------- d-----w- c:\users\rex\appdata\local\eSupport.com
2011-09-15 09:54:08 129784 ------w- c:\windows\system32\pxafs.dll
2011-09-15 09:42:06 -------- d-----w- c:\users\rex\appdata\local\Google
2011-09-15 09:34:16 -------- d-----w- c:\users\rex\appdata\roaming\ACD Systems
2011-09-15 09:34:16 -------- d-----w- c:\users\rex\appdata\local\ACD Systems
2011-09-15 09:34:07 -------- d-----w- c:\programdata\ACD Systems
2011-09-15 09:34:05 -------- d-----w- c:\program files\common files\ACD Systems
2011-09-15 09:34:05 -------- d-----w- c:\program files\ACD Systems
2011-09-15 09:33:39 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2011-09-15 09:32:58 -------- d-----w- c:\windows\Downloaded Installations
2011-09-15 09:31:48 -------- d-----w- c:\users\rex\appdata\local\ESET
2011-09-15 09:31:25 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-09-15 09:31:24 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-09-15 09:25:10 -------- d-----w- c:\program files\ESET
2011-09-15 09:16:47 -------- d-----w- c:\program files\The KMPlayer
2011-09-15 09:09:10 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-09-15 09:09:09 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-09-15 09:09:09 107520 ----a-w- c:\windows\system32\cdd.dll
2011-09-15 08:54:17 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-09-15 08:53:25 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-09-15 08:53:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-15 08:53:24 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-09-15 08:50:12 -------- d-----w- c:\users\rex\appdata\roaming\IrfanView
2011-09-15 08:50:12 -------- d-----w- c:\program files\IrfanView
2011-09-15 08:40:03 -------- d-----w- c:\users\rex\appdata\local\LogiShrd
2011-09-15 08:39:58 53248 ----a-r- c:\users\rex\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-09-15 08:39:52 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-15 08:38:53 -------- d-----w- c:\users\rex\appdata\roaming\Logishrd
2011-09-15 08:32:58 -------- d-----w- c:\users\rex\appdata\local\Logitech
2011-09-15 08:32:38 341000 ----a-w- c:\windows\system32\drivers\umdf\lgSSQVGA.dll
2011-09-15 08:32:38 19720 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2011-09-15 08:32:38 14856 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2011-09-15 08:32:38 140808 ----a-w- c:\windows\system32\drivers\umdf\lgSSBW.dll
2011-09-15 08:32:35 -------- d-----w- c:\program files\Logitech Gaming Software
2011-09-15 08:13:06 -------- d-----w- c:\program files\Microsoft LifeCam
2011-09-15 08:13:03 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-09-15 08:13:03 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-15 08:12:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-15 08:11:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-15 08:10:03 -------- d-----w- c:\program files\Yahoo!
2011-09-15 08:09:36 -------- d-----r- c:\program files\Skype
2011-09-15 08:09:35 -------- d-sh--w- c:\windows\Installer
2011-09-15 07:11:14 -------- d-----w- c:\windows\system32\wbem\Performance
.
==================== Find3M ====================
.
2011-09-16 11:28:16 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 14:27:51.37 ===============

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

This is after the restart, Offline, AV off

Post by manutd_20 on Sat Sep 17, 2011 2:39 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/15/2011 7:06:36 PM
System Uptime: 9/17/2011 2:22:29 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M57SLI-S4
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket M2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 63.726 GiB free.
D: is FIXED (NTFS) - 368 GiB total, 350.03 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is FIXED (NTFS) - 932 GiB total, 229.229 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ACDSee Pro
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
CCleaner
Click to Call with Skype
Combined Community Codec Pack 2011-07-30
DriverAgent by eSupport.com
eReg
ESET NOD32 Antivirus
Google Chrome
Google Earth
Google Update Helper
IrfanView (remove only)
Logitech Gaming Software 8.01
Logitech SetPoint 6.30
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 6.0.2 (x86 en-US)
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.3.5
NVIDIA Update Components
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Skype™ 5.3
Spybot - Search & Destroy
SUPERAntiSpyware
The KMPlayer (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Winamp
WinRAR archiver
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/17/2011 8:43:35 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2011 8:43:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/17/2011 8:43:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/17/2011 8:43:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/17/2011 8:43:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/17/2011 8:43:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr Wanarpv6
9/17/2011 8:38:27 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
9/17/2011 8:08:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/17/2011 11:49:00 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/17/2011 11:27:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2518869).
9/17/2011 10:03:50 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/16/2011 9:34:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7.
9/16/2011 8:56:43 PM, Error: Service Control Manager [7023] -
9/16/2011 11:38:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB980408).
9/16/2011 11:38:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB978542).
9/16/2011 11:38:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2423089).
9/16/2011 11:38:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2419640).
9/16/2011 11:37:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} and APPID {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} to the user AlphaDog\UpdatusUser SID (S-1-5-21-1632069383-3185540770-3265511779-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/16/2011 10:03:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2423089).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB980408).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2545698).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB978542).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2532531).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2425227).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2419640).
9/16/2011 10:03:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2305420).
9/15/2011 9:25:12 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/15/2011 9:00:32 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
.
==== End Of File ===========================

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 17, 2011 2:42 am

Hi Superdave, I have followed your instructions, but yet when I restart Windows I still get the ESET warning box.
FYI: I have 2 HDD, one is 500Gb partitioned 100Gb and 400Gb. OS is loaded into the 100Gb partition.
The other HDD is a 1Tb HDD, and I have noticed that when I unplug this HDD, I do not get the warning box.
So It's apparent that the trojan is inside the 1Tb HDD. Could the trojan possible replicate itself into the 500Gb HDD?

NB: I was just thinking, should I do all this while not connected to the internet and turning off System Restore?
Also after running the SuperAntiSpyware, I rebooted the computer and the warning box popped up again. I have also noticed that neither SuperAntiSpyware nor MalwareBytes picked up the trojan. Am I doing something wrong maybe?

Thank you, your help is greatly appreciated. :smile2:


Last edited by manutd_20 on Sat Sep 17, 2011 8:37 am; edited 1 time in total (Reason for editing : Had an idea.)

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Sat Sep 17, 2011 7:18 pm

So It's apparent that the trojan is inside the 1Tb HDD. Could the trojan possible replicate itself into the 500Gb HDD?
Highly unlikely unless you transfer files from one disk to the other. Why don't you re-format that drive?

I was just thinking, should I do all this while not connected to the internet and turning off System Restore?
Some scan require a connection to the net to function. Don't bother messing around with System Restore.
I have also noticed that neither SuperAntiSpyware nor MalwareBytes picked up the trojan. Am I doing something wrong maybe?
You can set up both of these scanners to scan your second HDD. Why not run the scans on that drive and see what comes up. Is there anything important on that second HDD?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 17, 2011 8:53 pm

I've got movies, music, photos, comics, games, installers and photoshop files inside the 1Tb HDD.
If I buy another HDD and transfer everything from the 1Tb to the new HDD, could the trojan get transferred as well?

What about installing another AV? Since NOD32 can't delete it, what if I get another AV and let it scan for the trojan and delete it. Will that work?

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Sat Sep 17, 2011 9:56 pm

could the trojan get transferred as well?
Yes. All the files would have to be scanned before putting them back on the drive. Let's try this scanner and make sure that your D drive is selected.

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.
********************************************************
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Customized Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sun Sep 18, 2011 1:17 am

Hi Dave, I just ran the AVP tool and it didn't seem to pick up anything. I also ran the mrt.exe and that didn't pick up anything as well.
Is it safe to assume that the trojan is well and truly gone/deleted?

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Sun Sep 18, 2011 1:39 am

[You must be registered and logged in to see this link.] wrote:Hi Dave, I just ran the AVP tool and it didn't seem to pick up anything. I also ran the mrt.exe and that didn't pick up anything as well.
Is it safe to assume that the trojan is well and truly gone/deleted?
Are you still receiving the warning from ESET?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sun Sep 18, 2011 2:41 am

Sadly yes. Maybe I should change AV? If NOD32 can't delete the virus then maybe another AV can do the job. What do you think?

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Sun Sep 18, 2011 6:54 pm

Did you try run SAS and MBAM to scan that drive?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Mon Sep 19, 2011 8:13 am

I have done the ESET Online Scanner, and nothing was detected. There was no list of found threats so I couldn't post anything here.

I have ran the SAS and MBAM on the drive and found nothing. I also ran SAS and MBAM on the OS drive and found nothing as well.
I think I will try and redo the steps that you gave me at the beginning and go through it one by one.

I just tried and search for the trojan inside registry and I couldn't find it.
A. Is it possible that the trojan is well and truly gone/deleted? or
B. Is it also possible that the trojan has another name?

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Mon Sep 19, 2011 7:32 pm

Is it possible that the trojan is well and truly gone/deleted? or
B. Is it also possible that the trojan has another name?.
If you're still receiving the warning from your AV, it must be still there.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 24, 2011 9:50 am

Hi again, today I repeated the steps mentioned at the beginning of this thread and still no luck.
I still get the red box saying that Win32/Agent.SDG.Gen is detected. NOD32 still can't delete it. I've ran Kaspersky virus removal which took over 10 hours to do, and still the same result.
I've searched in the registry and it's not there. I'm thinking that this could be a false positive, but I don't want to take any chances.
I feel like I'm at a dead end Sad tearing

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Sat Sep 24, 2011 7:26 pm

This is strange because none of the scanners we've used has picked up this particular file. Let's try this. Download, install and activate MSE. Disable your present AV program and run a full scan with MSE and see if it picks up anything.
Make sure that you select the correct AV for your computer.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Sat Sep 24, 2011 11:30 pm

I just ran MSE and it didn't detect anything.
Now I'm thinking maybe I should do a clean install.

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Sun Sep 25, 2011 1:12 am

I have a couple more suggestions. Please try running MRT. If it's not included in Windows 7, you can download it [You must be registered and logged in to see this link.]
My second suggestion is that you use MSE for a few days as your AV and see what happens


* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Mon Sep 26, 2011 7:00 am

I just finished the scan, and nothing was found. It's clean and this is what I don't understand. Clearly NOD32 picks up the trojan, but yet it's not in the system.

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by Superdave on Mon Sep 26, 2011 10:35 pm

I just finished the scan, and nothing was found. It's clean and this is what I don't understand. Clearly NOD32 picks up the trojan, but yet it's not in the system. .
It could be a false-positive from NOD32. Did you try a few days with MSE?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Tue Sep 27, 2011 5:56 am

I am now trying MSE. I will let you know if there is anything MSE picks up.

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Win32/agent.SDG.Gen trojan

Post by manutd_20 on Thu Sep 29, 2011 7:42 am

I have ran MSE for 2 days, and still nothing. So I decided to format my HDD and do a clean install of Windows 7.
That fixed the problem. The trojan is no longer detected.
Thank you Superdave for all your help Thank You!
I really appreciate it Smile

manutd_20
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-16
OS OS : Windows 7 Ultimate
Points Points : 19368
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum