Good evening gentlemen,

This assembled office desktop computer age 5 years have been used by several employee users.
For a week now, it has been handed to me and no other users anymore. Slightly slow on boot.
After scanning with ESET online scanner, the following threats are listed namely.

a variant of Win32/HiddenStart.A potentially unsafe application C:
Win32/Toolbar.Conduit.Y potentially unwanted application C:
a variant of Win32/Keygen.AK potentially unsafe application D:
a variant of MSIL/HackKMS.A potentially unsafe application D:

I wanted to start using this computer clean and would appreciate any help from this forum.

Attached are ESET log, FRST ,MBAM and aswMBR.

Thank you.

Attaching the FRST addition txt.

C:\Documents and Settings\viper\My Documents\Downloads\Remind-Me.v4.6\Remind-Me.v4.6\[b]keygen.exe[/b]

There are two exe files inside the folder.

1. rmndme46.exe
   2.keygen.exe

virustotal comment on no. 1 file. Rescanning now and will post

This file was last analysed by VirusTotal on 2014-09-11 23:42:21 UTC, it was first analysed by VirusTotal on 2009-07-16 14:56:34 UTC.

Detection ratio: 0/55

2. keygen.exe

This file was last analysed by VirusTotal on 2013-08-10 11:35:02 UTC, it was first analysed by VirusTotal on 2008-05-03 22:12:11 UTC.

Detection ratio: 9/45…
rescanning now and will post both links of new scan

Virus total reanalyze results.

https://www.virustotal.com/en/file/9041e1a1baffa854478051476306b0d64ca243bc65d0cc58ab5461bcea1bb09e/analysis/1412613530/

https://www.virustotal.com/en/file/b905c074f143b94112816988b66a92d1da3537eefc2a3b613a95c0ea5508ac98/analysis/1412613893/

seems somone have used this comp with torrents and cracked software

malware experts are notified, it may take some time before they are online

Thank you Pondus for your help and analysis. Will wait for the malware experts.

Just refreshing this post and good evening guys. If I can ask any help or assistance. Thank you in advance.

I’ll try to get you some attention.

Thank you Asyn, grateful for your help :-).

You’re welcome, please be patient.

Hi there, first I will hit it with the big boy

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

disabling kaspersky but still combo fix says the “real time scanner” is sitll active

Posting from another computer, combo fix stalled in " creating restore point". Closed the combo fix box, since nothing is happening and tried to restart computer, but seems the hardisk is still reading something continuously up to now and wont restart. Any advises?

Sorry for dual post, but the computer being repaired just finished and restarting now…

OK if the combofix log appears could you attach that please

Hi Essexboy, what happened before the combo fix, was that when I started it, I thought the Kasperky antivirus 15 which I already disabled and ok, but combo fix noted that before continuing , the real time scanner of Kaspersky should be disabled. Could not find it and at the same time kaspersky popped a message about a file to be disinfected which is the frst exe. Kaspersky wont close even, so just continued with combo fix and it stalled as I mentioned before. The computer restarts and no combo fix txt produced:-(

OK lets have a look at a new FRST log

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

Good evening again essexboy, since at the beginning frst logs were created and additon txt, I used DelFix to remove cleaning tools before. Then downloaded the FRST again. here are the logs for your perusal.