ESET - 7/31/13

1. ESETSmartInstaller@High as downloader log:
2. all ok
3. # version=8
4. # OnlineScannerApp.exe=1.0.0.1
5. # OnlineScanner.ocx=1.0.0.6920
6. # api_version=3.0.2
7. # EOSSerial=6807475ee7c29840baa8f6cfbf7ec43b
8. # engine=14059
9. # end=finished
10. # remove_checked=true
11. # archives_checked=false
12. # unwanted_checked=true
13. # unsafe_checked=false
14. # antistealth_checked=true
15. # utc_time=2013-06-13 02:24:36
16. # local_time=2013-06-12 10:24:36 (-0500, Eastern Daylight Time)
17. # country="United States"
18. # lang=1033
19. # osver=6.1.7601 NT Service Pack 1
20. # compatibility_mode=5893 16776573 100 94 9629 122633726 0 0
21. # scanned=776370
22. # found=16
23. # cleaned=16
24. # scan_time=10249
25. sh=22776B8904278AC0164F50E698133BF60BBE19A7 ft=1 fh=b05f84bdbcc119ab vn="a variant of MSIL/Injector.ACY trojan (cleaned by deleting - quarantined)" ac=C fn="G:\backup\documents\Visual Studio 2010\Projects\Cryptex1\Cryptex1\Resources\NewRunPE.dll"
26. sh=CADB2CDD7F9434322A305A9618A099CDB9DAED97 ft=1 fh=cf398dcc42cc01d0 vn="a variant of MSIL/HackTool.Crypter.B trojan (cleaned by deleting - quarantined)" ac=C fn="G:\backup\documents\Visual Studio 2010\Projects\Heaven\Crypter\bin\Debug\Heaven.exe"
27. sh=3B3219724846F52183EF5E014D7C40A5A1FF056B ft=1 fh=609d006f18c8e9c3 vn="a variant of MSIL/HackTool.Crypter.B trojan (cleaned by deleting - quarantined)" ac=C fn="G:\backup\documents\Visual Studio 2010\Projects\Heaven\Crypter\bin\Release\Heaven.exe"
28. sh=CADB2CDD7F9434322A305A9618A099CDB9DAED97 ft=1 fh=cf398dcc42cc01d0 vn="a variant of MSIL/HackTool.Crypter.B trojan (cleaned by deleting - quarantined)" ac=C fn="G:\backup\documents\Visual Studio 2010\Projects\Heaven\Crypter\obj\x86\Debug\Heaven.exe"
29. sh=3B3219724846F52183EF5E014D7C40A5A1FF056B ft=1 fh=609d006f18c8e9c3 vn="a variant of MSIL/HackTool.Crypter.B trojan (cleaned by deleting - quarantined)" ac=C fn="G:\backup\documents\Visual Studio 2010\Projects\Heaven\Crypter\obj\x86\Release\Heaven.exe"
30. sh=15CD0E74D8FB1EE3009C2C146F6D0AD28D550856 ft=1 fh=f9f5d6304064d731 vn="a variant of MSIL/Packed.CryptoObfuscator.D application (cleaned by deleting - quarantined)" ac=C fn="H:\$RECYCLE.BIN\S-1-5-21-2689693463-2547593886-1435293553-1000\$RTNB8LE\Senuke.exe"
31. sh=B2BB7D5C57D6867D4BD34303C54685381856B739 ft=1 fh=3acc304ec878c1d5 vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="H:\storage\full backup 2-13-13\Local Disk\Users\admin\Downloads\SoftonicDownloader_for_safari.exe"
32. sh=5C56FA5D01314C7C9BA9000611E23F9C9BF8F5BA ft=1 fh=c22e99223a44071f vn="Win32/HackKMS application (cleaned by deleting - quarantined)" ac=C fn="H:\storage\full backup 2-13-13\Local Disk\Windows\AutoKMS.exe"
33. sh=761D7330287B3E6EF4F7194B01F756D4128192C3 ft=1 fh=1506a73212615668 vn="Win32/Sality.NAR virus (deleted - quarantined)" ac=C fn="H:\storage\full backup 9-18-12\Desktop\for VM\setup.EXE"
34. sh=22776B8904278AC0164F50E698133BF60BBE19A7 ft=1 fh=b05f84bdbcc119ab vn="a variant of MSIL/Injector.ACY trojan (cleaned by deleting - quarantined)" ac=C fn="H:\storage\full backup 9-18-12\documents\Visual Studio 2010\Projects\Cryptex1\Cryptex1\Resources\NewRunPE.dll"
35. sh=CADB2CDD7F9434322A305A9618A099CDB9DAED97 ft=1 fh=cf398dcc42cc01d0 vn="a variant of MSIL/HackTool.Crypter.B trojan (cleaned by deleting - quarantined)" ac=C fn="H:\storage\full backup 9-18-12\documents\Visual Studio 2010\Projects\Heaven\Crypter\bin\Debug\Heaven.exe"
36. sh=3B3219724846F52183EF5E014D7C40A5A1FF056B ft=1 fh=609d006f18c8e9c3 vn="a variant of MSIL/HackTool.Crypter.B trojan (cleaned by deleting - quarantined)" ac=C fn="H:\storage\full backup 9-18-12\documents\Visual Studio 2010\Projects\Heaven\Crypter\bin\Release\Heaven.exe"
37. sh=CADB2CDD7F9434322A305A9618A099CDB9DAED97 ft=1 fh=cf398dcc42cc01d0 vn="a variant of MSIL/HackTool.Crypter.B trojan (cleaned by deleting - quarantined)" ac=C fn="H:\storage\full backup 9-18-12\documents\Visual Studio 2010\Projects\Heaven\Crypter\obj\x86\Debug\Heaven.exe"
38. sh=3B3219724846F52183EF5E014D7C40A5A1FF056B ft=1 fh=609d006f18c8e9c3 vn="a variant of MSIL/HackTool.Crypter.B trojan (cleaned by deleting - quarantined)" ac=C fn="H:\storage\full backup 9-18-12\documents\Visual Studio 2010\Projects\Heaven\Crypter\obj\x86\Release\Heaven.exe"
39. sh=42A7DE42E7CF2BFF9009DADE67C71217D3D5153C ft=1 fh=c71c00118589250e vn="a variant of Win32/CoinMiner.CF trojan (cleaned by deleting - quarantined)" ac=C fn="H:\storage\full backup 9-18-12\documents\Visual Studio 2010\Projects\leominer\Release\bitcoin-miner.exe"
40. sh=652780BAB1436410F1EE0681C31A8D307792929C ft=1 fh=3b5631b94036a600 vn="a variant of MSIL/Packed.Confuser.B application (deleted - quarantined)" ac=C fn="H:\storage\full backup 9-18-12\documents\Visual Studio 2010\Projects\Youtube View Baus\Youtube View Baus\bin\Debug\Confused\Youtube View Baus v2.exe"
41. ESETSmartInstaller@High as downloader log:
42. all ok
43. # version=8
44. # OnlineScannerApp.exe=1.0.0.1
45. # OnlineScanner.ocx=1.0.0.6920
46. # api_version=3.0.2
47. # EOSSerial=6807475ee7c29840baa8f6cfbf7ec43b
48. # engine=14602
49. # end=finished
50. # remove_checked=true
51. # archives_checked=false
52. # unwanted_checked=true
53. # unsafe_checked=false
54. # antistealth_checked=true
55. # utc_time=2013-07-31 08:29:30
56. # local_time=2013-07-31 04:29:30 (-0500, Eastern Daylight Time)
57. # country="United States"
58. # lang=1033
59. # osver=6.1.7601 NT Service Pack 1
60. # compatibility_mode=5893 16776573 100 94 0 126846020 0 0
61. # scanned=802631
62. # found=9
63. # cleaned=9
64. # scan_time=10308
65. sh=E797E5ADDBA3590B89BB2C5CD165B8AC67511ABA ft=1 fh=379735e50d27e4ad vn="a variant of MSIL/Injector.BAX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\diZluCdnrrH7t5SwUMAG.exe"
66. sh=4C50DB4E062020C383E40FB098EC7D655A118A4F ft=1 fh=379735e528c1751a vn="a variant of MSIL/Injector.BAX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\code\AppData\Local\Microsoft\VisualStudio\10.0\ProjectAssemblies\coaequhn01\Castle Crypter.exe"
67. sh=816157CD0B2B5894D3A32D7E1BA173EA573CD2E1 ft=1 fh=379735e5662a6c31 vn="a variant of MSIL/Injector.BAX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\code\AppData\Local\Microsoft\VisualStudio\10.0\ProjectAssemblies\sgn1tyjb01\Castle Crypter.exe"
68. sh=5BC3B570121CFFFE4026683B7F7BB6EB9361C0B5 ft=1 fh=379735e59fd4a593 vn="a variant of MSIL/Injector.BAX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\code\AppData\Local\Microsoft\VisualStudio\10.0\ProjectAssemblies\srxu2bn-01\Castle Crypter.exe"
69. sh=E797E5ADDBA3590B89BB2C5CD165B8AC67511ABA ft=1 fh=379735e50d27e4ad vn="a variant of MSIL/Injector.BAX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\code\AppData\Local\Microsoft\VisualStudio\10.0\ProjectAssemblies\xvjltq4f01\Castle Crypter.exe"
70. sh=E797E5ADDBA3590B89BB2C5CD165B8AC67511ABA ft=1 fh=379735e50d27e4ad vn="a variant of MSIL/Injector.BAX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\code\Desktop\Castle Crypter.exe"
71. sh=816157CD0B2B5894D3A32D7E1BA173EA573CD2E1 ft=1 fh=379735e5662a6c31 vn="a variant of MSIL/Injector.BAX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\code\Documents\Visual Studio 2010\Projects\Castle Crypter\Castle Crypter\bin\Debug\Castle Crypter.exe"
72. sh=816157CD0B2B5894D3A32D7E1BA173EA573CD2E1 ft=1 fh=379735e5662a6c31 vn="a variant of MSIL/Injector.BAX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\code\Documents\Visual Studio 2010\Projects\Castle Crypter\Castle Crypter\obj\Debug\Castle Crypter.exe"
73. sh=C8BE0426788C3574025A98CA291305A364A645CE ft=1 fh=9757ec4c40327358 vn="Win32/InstalleRex.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\code\Downloads\apollo122.rar.exe"