Infected by x.exe more than 20 times

[RZPogi]

bading ka ba?

Di ako bading! Trip ko lang.

[RZPogi]

http://www.mediafire.com/download.php?imjzm4xvomd

for new OTScanit log

http://www.mediafire.com/?hjymd2dmazl

for new hijackthis log

DR Web scanner detect sdfix.exe as malware. what is going on?

Also Vista Transformation Pack 9 is also detect as malware. Is this because vtp can modify system files?

Dr. Web is not bad. Scan archives highspeed.

[essexboy]

Whilst I look at the logsand to put your mind at rest sdfix.exe was reported as it can do good or bad.  In our case it is good

[essexboy]

The logs look OK are you still getting alerts ?

[RZPogi]

Dr. Web isn't done yet but it picked up t[1].txt and recognized as Win.irc.worm.virus
t[1].exe is partner of x.exe
x.exe might be a bot.

the alerts only appear when dr. web finds malware that is a partner of x.exe

[essexboy]

That will be as it opens them to see what they are

[RZPogi]

Since defense+ banned ftp.exe from downloading quicktime.exe, every 4-15 seconds comodo firewall blocks almost 700 intrusion attempts since midnight(my place).

Those blocks are similar all UDP and goes to port 50213 (The same port I use for utorrent). I might got x.exe from using utorrent. Should I change the port of utorrent or temporarily stop using utorrent for a while?

[essexboy]

That is the source of your problems yes.  As fast as the problems are cleared more keep coming

Lets try Combofix as that is a lot stronger and from that I may be able to detect and kill the driver/service that is downloading

Download Combofix from any of the links below. You must rename it before saving it.  Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.  
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

[RZPogi]

should I stop dr. web? It is still not done with full scan.

[essexboy]

I thought it had, no complete dr web then run combofix

[RZPogi]

ok,
Earlier, I was suddenly disconnected from the net. All the connections to the malware distributors are gone. It might resume if utorrent is started

[essexboy]

Was that when combofix was running as it will do that

[RZPogi]

Nope, while waiting for dr web to finish

[essexboy]

Is it still running,  you must have a large hard drive 

[RZPogi]

Quite and I have a lot of archives because of the many games installed in my pc.