Jump to content

Infected PC user

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by Infected PC user

  1. My PC suddenly turns itself off randomly for days now but I can't find any viruses in it except there's a hidden file found during one Avira scan. I'm suspect that it might be the virus. Help please.
  2. I did what you said and I attached the log here. Everything seems fine but got a few warnings from Avast that pointed out that there's a virus in the other profile so I deleted the profile. The computer is slightly slower than usual but all is fine for now. Thanks a lot Kahdah! OTL.Txt
  3. Thanks for your help Kahdah! Did everything you said and my PC seems fine for now. I'm gonna keep scanning it daily to see if it's really cured. Here's the MBAM log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4174 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 6/7/2010 4:52:36 PM mbam-log-2010-06-07 (16-52-36).txt Scan type: Full scan (C:\|) Objects scanned: 234721 Time elapsed: 4 hour(s), 1 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 44 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116517.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116572.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116574.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116575.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116576.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117677.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117678.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117679.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117690.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117585.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117702.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117703.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117737.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118132.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118730.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118731.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118732.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118733.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118735.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118737.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118738.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118761.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118846.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118864.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118872.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118873.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118875.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118736.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118953.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118948.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118949.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118950.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118951.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118952.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118954.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118955.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118956.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118957.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118958.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118959.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118960.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118961.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118962.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118963.exe (Trojan.Dropper) -> Quarantined and deleted successfully. And here's the rest are attached. OTL2.txt log.txt
  4. Thank you for your time kahdah I did everything you said and here are the logs. My PC restarted on it's own twice when I was using GMER and the sound becomes choppy. OTL.Txt Extras.Txt ark.txt
  5. I also installed several Anti-viruses or Anti-spywares to try to remove this threat before I posted the log. Here's what I have on my PC now: IObit Security 360 Avast! COMODO Internet Security SpywareBlaster SUPER Antispyware Free Edition Trojan Remover and Malwarebytes' Anti-Malware Also tried using MS-DOS at Safe Mode Command Prompt but when I use Safe Mode, it always restarts for some reason. I REALLY need help, please help me get this infection cured. I'm also planning to use my USB to transfer my important files into my laptop but I'm not sure if my laptop won't get infected even if it has Avast! installed. Should I transfer my files or try to fix my PC first before doing any file transfers? Reformating is not an option to me. Please give me programs, advice or whatever to fix this problem.
  6. I need help, REALLY need help. I scanned my PC everyday since I started getting trouble with a Trojan. Using Malware and Avast to remove these but it doesn't work and now, a huge variety of spyware suddenly rushed into the scene. Here's my latest log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3962 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 6/5/2010 11:36:31 PM mbam-log-2010-06-05 (23-36-31).txt Scan type: Quick scan Objects scanned: 121349 Time elapsed: 40 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 137 Registry Values Infected: 2 Registry Data Items Infected: 7 Folders Infected: 0 Files Infected: 22 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\conime.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwareprj.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus_pro.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashbug.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashchest.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashcnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashlogv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashmaisv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashpopwz.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashquick.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimp2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpcc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpck.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashwebsv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswchlic.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswregsvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswrundll.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcare.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinprocpatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmsnscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsurvey.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanielow.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savedefense.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\history.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\identity.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieshow.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jsrcgen.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\malwareremoval.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oacat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oahlp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oareg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odsw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc_antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\peravir.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psancu.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psanhost.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psantomanager.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psunmain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quick heal.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savekeep.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\security center.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthaux.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthlic.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\documents and settings\all users\application data\38dafaa\cu38da.exe (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\RECYCLER\S-1-5-21-3872074784-4377781281-390270658-3183\syscr.exe.vir (Worm.Autorun. -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BNL4S2ZA\dftk[1].jpg (Worm.Kido) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BNL4S2ZA\dhlsw[1].bmp (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BNL4S2ZA\izbsarip[1].png (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\eajvtkk[2].bmp (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\ayrjjctn[1].gif (Worm.Kido) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\dvxapduh[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\eajvtkk[1].bmp (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\uiwpbh[1].jpg (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\upgiazkh[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\xnqj[1].png (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\x[1] (Worm.SpyBot) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\x[2] (Worm.SpyBot) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R8LPZ02H\apotr[1].gif (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R8LPZ02H\rgkbihif[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R8LPZ02H\uuepbdjf[1].png (Worm.conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\jbcdw[1].jpg (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\iaevjcb[1].bmp (Worm.Kido) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\lltsolbz[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\skkotfha[1].bmp (Worm.Conficker) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\x[1] (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\yipz[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully. It said it removes it but it doesn't. Please help me, I've tried everything but nothing's working. I don't want to reformat my PC. Thanks in Advance!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.