Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I need help getting rid of trojan vundo! [Closed] [Solved]

Started by elee23 , Feb 12 2009 04:14 PM

  • This topic is locked This topic is locked

#1
elee23
Posted 12 February 2009 - 04:14 PM

elee23

    Member

  • Member
  • PipPipPip
  • 153 posts
this is my most latest hijackthis log (IGNORE THE POST BELOW THIS ONE)


Malwarebytes' Anti-Malware 1.34
Database version: 1756
Windows 5.1.2600 Service Pack 3

2/12/2009 3:21:53 PM
mbam-log-2009-02-12 (15-21-53).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 156509
Time elapsed: 52 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\senekakltoiynd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by elee23, 12 February 2009 - 05:28 PM.

  • 0

Advertisements

#2
elee23
Posted 12 February 2009 - 04:41 PM

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
latest log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:33 PM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netm...NMStarter23.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168541236718
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://12.183.160.108/WebDvr3.cab
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7206 bytes
  • 0

#3
fenzodahl512
Posted 13 February 2009 - 04:37 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#4
fenzodahl512
Posted 20 February 2009 - 01:20 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
fenzodahl512
Posted 23 February 2009 - 07:56 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Reopen as per user request.. I'll get back to you later..
  • 0

#6
fenzodahl512
Posted 23 February 2009 - 07:58 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
aylnlfdx
jjvqhmlw

Rootkit::
c:\windows\system32\drivers\phqghume.sys
c:\windows\system32\drivers\azqiqiay.sys

File::
c:\windows\ldxkbwjq

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
elee23
Posted 23 February 2009 - 09:11 PM

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
how long is the combofix supposed to take this time? the first time it was pretty fast, but when I put the file into it and open it, it takes a long time. It dosent show that the files are being checked either. It just says that they are.

heres the hijackthis log, is my comp really messed up?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08, on 2009-02-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfru07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netm...NMStarter23.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168541236718
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://12.183.160.108/WebDvr3.cab
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7518 bytes

Edited by elee23, 23 February 2009 - 09:12 PM.

  • 0

#8
fenzodahl512
Posted 24 February 2009 - 05:16 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Close ComboFix and do below...


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
explorer.exe

:services
aylnlfdx
jjvqhmlw

:files
c:\windows\system32\drivers\phqghume.sys
c:\windows\system32\drivers\azqiqiay.sys

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.





Download DDS by sUBs and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your Desktop and post them in your next reply



Post these logs in your next reply..

1. OTMoveIt3
2. DDS.txt
  • 0

#9
elee23
Posted 24 February 2009 - 07:37 PM

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
the OT log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service aylnlfdx stopped successfully.
Service aylnlfdx deleted successfully.
Service jjvqhmlw stopped successfully.
Service jjvqhmlw deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\drivers\phqghume.sys not found.
File/Folder c:\windows\system32\drivers\azqiqiay.sys not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Dad\LOCALS~1\Temp\Perflib_Perfdata_79c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dad\LOCALS~1\Temp\Perflib_Perfdata_fd4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dad\LOCALS~1\Temp\~DF1355.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_48c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02242009_145027

Files moved on Reboot...
File C:\DOCUME~1\Dad\LOCALS~1\Temp\Perflib_Perfdata_79c.dat not found!
File C:\DOCUME~1\Dad\LOCALS~1\Temp\Perflib_Perfdata_fd4.dat not found!
C:\DOCUME~1\Dad\LOCALS~1\Temp\~DF1355.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_48c.dat not found!


DDS log


DDS (Ver_09-02-01.01) - NTFSx86
Run by Dad at 17:35:01.76 on 2009-02-24
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.550 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = about:Blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [AHNSD] "c:\program files\ahnlab\smart update utility\AhnSD.exe"
mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.com/web/nmstarter/NMStarter23.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168541236718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://12.183.160.108/WebDvr3.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\ksmeg7be.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

============= SERVICES / DRIVERS ===============

R2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files\ahnlab\smart update utility\AhnSDsv.exe [2007-1-15 67264]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\estsoft\alyac\AYDrvSP.sys [2008-12-2 24312]
S3 XDva195;XDva195;\??\c:\windows\system32\xdva195.sys --> c:\windows\system32\XDva195.sys [?]
S3 XDva201;XDva201;\??\c:\windows\system32\xdva201.sys --> c:\windows\system32\XDva201.sys [?]
S3 XDva212;XDva212;\??\c:\windows\system32\xdva212.sys --> c:\windows\system32\XDva212.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\xdva215.sys --> c:\windows\system32\XDva215.sys [?]

=============== Created Last 30 ================

2009-02-24 14:50 <DIR> --d----- C:\_OTMoveIt
2009-02-24 14:48 <DIR> --d----- C:\ComboFix
2009-02-24 14:48 389,120 a------- c:\windows\system32\CF16154.exe
2009-02-24 14:48 389,120 a------- c:\windows\system32\CF16157.exe
2009-02-24 14:48 389,120 a------- c:\windows\system32\cmd.execf
2009-02-23 18:56 389,120 a------- c:\windows\system32\CF11904.exe
2009-02-23 18:54 389,120 a------- c:\windows\system32\CF11659.exe
2009-02-23 17:53 389,120 a------- c:\windows\system32\CF32325.exe
2009-02-23 17:44 389,120 a------- c:\windows\system32\CF30637.exe
2009-02-23 17:37 389,120 a------- c:\windows\system32\CF29245.exe
2009-02-23 17:36 389,120 a------- c:\windows\system32\CF29147.exe
2009-02-23 17:34 389,120 a------- c:\windows\system32\CF28700.exe
2009-02-23 17:33 389,120 a------- c:\windows\system32\CF28442.exe
2009-02-23 17:29 389,120 a------- c:\windows\system32\CF27727.exe
2009-02-23 17:28 389,120 a------- c:\windows\system32\CF27544.exe
2009-02-23 17:28 389,120 a------- c:\windows\system32\CF27492.exe
2009-02-23 17:26 389,120 a------- c:\windows\system32\CF27195.exe
2009-02-23 17:23 389,120 a------- c:\windows\system32\CF26548.exe
2009-02-23 17:18 389,120 a------- c:\windows\system32\CF25467.exe
2009-02-23 17:02 389,120 a------- c:\windows\system32\CF22391.exe
2009-02-23 17:02 389,120 a------- c:\windows\system32\CF22326.exe
2009-02-23 17:02 389,120 a------- c:\windows\system32\CF22319.exe
2009-02-23 17:02 389,120 a------- c:\windows\system32\CF22313.exe
2009-02-22 22:40 <DIR> --d----- C:\ProgramData
2009-02-22 22:35 7,208 a------- c:\windows\system32\ealregsnapshot1.reg
2009-02-22 18:01 <DIR> --d----- C:\cmdcons
2009-02-22 17:59 161,792 a------- c:\windows\SWREG.exe
2009-02-22 17:59 98,816 a------- c:\windows\sed.exe
2009-02-12 14:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-12 14:13 <DIR> --d----- c:\program files\Trend Micro
2009-02-12 14:12 <DIR> --d----- c:\docume~1\dad\applic~1\Malwarebytes
2009-02-12 14:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-12 14:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 14:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 14:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-31 10:44 <DIR> --d----- c:\program files\GALA-NET

==================== Find3M ====================

2009-02-22 22:40 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-08 23:54 34 a------- c:\documents and settings\dad\jagex_runescape_preferences.dat
2008-12-12 09:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-07 19:31 2,672 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-04-09 17:32 24,192 a------- c:\documents and settings\dad\usbsermptxp.sys
2008-04-09 17:32 22,768 a------- c:\documents and settings\dad\usbsermpt.sys
2007-01-11 10:36 0 a------- c:\docume~1\dad\applic~1\wklnhst.dat

============= FINISH: 17:35:24.04 ===============
  • 0

#10
fenzodahl512
Posted 24 February 2009 - 08:13 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Note: BitDefender Online Scan can only be used with Internet Explorer..

Lets do an online scan with BitDefender Online Scanner
  • Click on I Agree
  • Please install the Add-ons if requested
  • Click on Start Scan
  • Let it update its virus definition.. It will then automatically scan all your files and folders..
  • If infections found, it will attempt to disinfect/delete the infection..
  • After the scan finish, click on More Detail >>
  • Go to Detected Problems tab and click on Click here to export the scan report
  • Save the report as result.html on your Desktop. Copy the whole content of result.html and paste it in Notepad
  • Save the result in the Notepad and post the contents here in your next reply


How's the computer now? :)
  • 0

#11
elee23
Posted 25 February 2009 - 04:33 PM

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
BitDefender Online Scanner
Scan report generated at: Tue, Feb 24, 2009 - 21:26:59

Scan path: C:\;D:\;E:\;F:\;

Statistics
Time 01:14:28
Files 347883
Folders 8781
Boot Sectors 0
Archives 4982
Packed Files 17360

Results
Identified Viruses 11
Infected Files 25
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 25

Engines Info
Virus Definitions 2684301
Engine build AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins 17
Archive plugins 45
Unpack plugins 7
E-mail plugins 6
System plugins 4

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes


Scanned File Status
C:\aaa.cab Infected with: Trojan.Spy.Keylogger.BP
C:\aaa.cab Deleted
C:\Documents and Settings\Dad\Desktop\Elliot\Desktop\Autofighter_Package_WO.zip=>Autofighter Cheat Package/Hackers/ArtMoney710/artmoney710eng/ARTMONEY.EXE Infected with: Trojan.Generic.344052
C:\Documents and Settings\Dad\Desktop\Elliot\Desktop\Autofighter_Package_WO.zip=>Autofighter Cheat Package/Hackers/ArtMoney710/artmoney710eng/ARTMONEY.EXE Deleted
C:\Documents and Settings\Dad\Desktop\Elliot\Desktop\Autofighter_Package_WO.zip Updated
C:\Downloads\games\Need for Speed carbon\Razor1911\rzr-nfsc.iso=>Razor1911/Keygen.exe Infected with: Trojan.Horse.BAU
C:\Downloads\games\Need for Speed carbon\Razor1911\rzr-nfsc.iso=>Razor1911/Keygen.exe Deleted
C:\Downloads\games\Need for Speed carbon\Razor1911\rzr-nfsc.iso Update failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\998.exe.vir Infected with: Trojan.Generic.1426651
C:\Qoobox\Quarantine\C\WINDOWS\system32\998.exe.vir Deleted
C:\Qoobox\Quarantine\C\WINDOWS\system32\bxrufbtp.dll.vir Infected with: Trojan.Generic.1430040
C:\Qoobox\Quarantine\C\WINDOWS\system32\bxrufbtp.dll.vir Deleted
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuspcuoo.dll.vir Infected with: Trojan.Generic.1426137
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuspcuoo.dll.vir Deleted
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgtcefqa.dll.vir Infected with: Trojan.Generic.1429985
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgtcefqa.dll.vir Deleted
C:\Qoobox\Quarantine\C\WINDOWS\system32\hpmtjl.dll.vir Infected with: Trojan.Generic.1426137
C:\Qoobox\Quarantine\C\WINDOWS\system32\hpmtjl.dll.vir Deleted
C:\Qoobox\Quarantine\C\WINDOWS\system32\kulzvy.dll.vir Infected with: Trojan.Generic.1429985
C:\Qoobox\Quarantine\C\WINDOWS\system32\kulzvy.dll.vir Deleted
C:\Qoobox\Quarantine\C\WINDOWS\system32\mpkutrce.dll.vir Infected with: Trojan.Generic.1435991
C:\Qoobox\Quarantine\C\WINDOWS\system32\mpkutrce.dll.vir Deleted
C:\Qoobox\Quarantine\C\WINDOWS\system32\ujihar.dll.vir Infected with: Trojan.Generic.1435991
C:\Qoobox\Quarantine\C\WINDOWS\system32\ujihar.dll.vir Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP720\A0090926.exe Infected with: Backdoor.Generic.156844
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP720\A0090926.exe Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP720\A0090927.exe Infected with: Backdoor.Generic.156844
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP720\A0090927.exe Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091060.exe Infected with: Trojan.Generic.1426651
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091060.exe Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091062.dll Infected with: Trojan.Generic.1430040
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091062.dll Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091065.dll Infected with: Trojan.Generic.1426137
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091065.dll Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091066.dll Infected with: Trojan.Generic.1429985
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091066.dll Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091067.dll Infected with: Trojan.Generic.1426137
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091067.dll Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091071.dll Infected with: Trojan.Generic.1429985
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091071.dll Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091073.dll Infected with: Trojan.Generic.1435991
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091073.dll Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091077.dll Infected with: Trojan.Generic.1435991
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0091077.dll Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6V6VWDUJ\index[1] Infected with: Trojan.Generic.1429985
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6V6VWDUJ\index[1] Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXI9W307\upd105320[1] Infected with: Trojan.Generic.1430469
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXI9W307\upd105320[1] Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UZWZWFG3\lsp[1].exe Infected with: Backdoor.Generic.156844
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UZWZWFG3\lsp[1].exe Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YXAHWNAR\lsp[1].exe Infected with: Trojan.Generic.1425562
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YXAHWNAR\lsp[1].exe Deleted

Edited by elee23, 25 February 2009 - 04:45 PM.

  • 0

#12
fenzodahl512
Posted 25 February 2009 - 05:14 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good to me.. Lets do some cleanup...


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image




Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#13
elee23
Posted 26 February 2009 - 08:36 AM

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
my computer is a lot faster now, i think all the viruses are gone. thanks!
  • 0

#14
fenzodahl512
Posted 26 February 2009 - 08:47 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP