Need help here. Very damaged PC

Infected PC user · June 5, 2010

I need help, REALLY need help. I scanned my PC everyday since I started getting trouble with a Trojan. Using Malware and Avast to remove these but it doesn't work and now, a huge variety of spyware suddenly rushed into the scene. Here's my latest log:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3962

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/5/2010 11:36:31 PM

mbam-log-2010-06-05 (23-36-31).txt

Scan type: Quick scan

Objects scanned: 121349

Time elapsed: 40 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 137

Registry Values Infected: 2

Registry Data Items Infected: 7

Folders Infected: 0

Files Infected: 22

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\conime.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwareprj.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus_pro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashbug.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashchest.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashcnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashlogv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashmaisv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashpopwz.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashquick.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashwebsv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswchlic.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswregsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswrundll.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcare.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinprocpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmsnscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanielow.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savedefense.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\history.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\identity.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieshow.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jsrcgen.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\malwareremoval.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oacat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oahlp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oareg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odsw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc_antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\peravir.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psancu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psanhost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psantomanager.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psunmain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quick heal.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savekeep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\security center.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthaux.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthlic.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\documents and settings\all users\application data\38dafaa\cu38da.exe (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2010&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\RECYCLER\S-1-5-21-3872074784-4377781281-390270658-3183\syscr.exe.vir (Worm.Autorun. -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BNL4S2ZA\dftk[1].jpg (Worm.Kido) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BNL4S2ZA\dhlsw[1].bmp (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BNL4S2ZA\izbsarip[1].png (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\eajvtkk[2].bmp (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\ayrjjctn[1].gif (Worm.Kido) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\dvxapduh[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\eajvtkk[1].bmp (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\uiwpbh[1].jpg (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\upgiazkh[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\xnqj[1].png (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\x[1] (Worm.SpyBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K7X7WV9O\x[2] (Worm.SpyBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R8LPZ02H\apotr[1].gif (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R8LPZ02H\rgkbihif[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R8LPZ02H\uuepbdjf[1].png (Worm.conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\jbcdw[1].jpg (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\iaevjcb[1].bmp (Worm.Kido) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\lltsolbz[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\skkotfha[1].bmp (Worm.Conficker) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\x[1] (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJAA5GCV\yipz[1].jpg (Worm.Conficker) -> Quarantined and deleted successfully.

It said it removes it but it doesn't. Please help me, I've tried everything but nothing's working. I don't want to reformat my PC. Thanks in Advance!

Infected PC user · June 5, 2010

I also installed several Anti-viruses or Anti-spywares to try to remove this threat before I posted the log.

Here's what I have on my PC now:

IObit Security 360

Avast!

COMODO Internet Security

SpywareBlaster

SUPER Antispyware Free Edition

Trojan Remover

and Malwarebytes' Anti-Malware

Also tried using MS-DOS at Safe Mode Command Prompt but when I use Safe Mode, it always restarts for some reason. I REALLY need help, please help me get this infection cured.

I'm also planning to use my USB to transfer my important files into my laptop but I'm not sure if my laptop won't get infected even if it has Avast! installed. Should I transfer my files or try to fix my PC first before doing any file transfers? Reformating is not an option to me. Please give me programs, advice or whatever to fix this problem.

kahdah · June 5, 2010

Hello Infected PC user

Welcome to Malwarebytes.

=====================

Download OTL to your desktop.
Double click on OTL to run it.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Under Custom scan's and fixes section paste in the below in bold

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
It may take a minute to load and become available.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
IAT/EAT
Drives/Partition other than Systemdrive (typically only C:\ should be checked)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Click OK and quit the GMER program.
Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
Post that log in your next reply.

Infected PC user · June 6, 2010

Thank you for your time kahdah

I did everything you said and here are the logs.

My PC restarted on it's own twice when I was using GMER and the sound becomes choppy.

OTL.Txt

Extras.Txt

ark.txt

kahdah · June 6, 2010

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

PLease remove any P2P sharing programs such as uTorrent.

You can do this by using the Control Panel> then Add\ Remove programs.

Click on that program and choose remove.

=========================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
[2010/04/15 13:25:55 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Vittorio Pajarillo\Application Data\Mozilla\Firefox\Profiles\oit14s16.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title]  File not found
O33 - MountPoints2\{22764aa2-f360-11de-b430-00e006090479}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{22764aa5-f360-11de-b430-00e006090479}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{40b5b2f4-fb31-11de-b458-00e006090479}\Shell\AutoRun\command - "" = ravira/ravira32.exe
O33 - MountPoints2\{40b5b2f4-fb31-11de-b458-00e006090479}\Shell\explore\command - "" = ravira/ravira32.exe
O33 - MountPoints2\{40b5b2f4-fb31-11de-b458-00e006090479}\Shell\open\command - "" = .\ravira/ravira32.exe
[2010/06/05 23:24:48 | 000,163,840 | ---- | M] () -- C:\WINDOWS\System32\54.exe
[2010/06/05 23:03:14 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\24.exe
[2010/06/05 22:46:31 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\asr_pdhmhn
[2010/06/05 22:43:26 | 000,094,208 | RHS- | M] () -- C:\WINDOWS\wndrive32.exe
[2010/06/05 22:42:55 | 000,188,416 | ---- | M] () -- C:\WINDOWS\System32\34.exe
[2010/06/05 22:12:10 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\43.exe
[2010/06/05 22:08:54 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\48.exe
[2010/06/05 21:53:26 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\74.exe
[2010/06/05 20:32:58 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\58.exe
[2010/06/05 20:28:13 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\02.exe
[2010/06/05 18:33:22 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\01.exe
[2010/06/05 17:57:13 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\28.exe
[2010/06/05 14:39:11 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\42.exe
[2010/06/05 11:50:51 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\82.exe
[2010/06/05 11:49:19 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\asr_tlwam
[2010/06/05 11:34:25 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\68.exe
[2010/06/05 10:29:45 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vegbipl.sys
[2010/06/05 10:08:03 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\33.exe
[2010/06/05 10:07:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\wndrive32.exe.vir
[2010/06/04 22:53:49 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\57.exe
[2010/06/04 22:48:35 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\05.exe
[2010/06/04 22:19:32 | 000,176,128 | ---- | M] () -- C:\WINDOWS\System32\85.exe
[2010/06/04 22:15:09 | 000,176,128 | ---- | M] () -- C:\WINDOWS\System32\13.exe
[2010/06/04 22:03:56 | 000,176,128 | ---- | M] () -- C:\WINDOWS\System32\50.exe
[2010/06/04 21:45:23 | 000,176,128 | ---- | M] () -- C:\WINDOWS\System32\04.exe
[2010/06/04 20:38:57 | 000,176,128 | ---- | M] () -- C:\WINDOWS\System32\17.exe
[2010/06/01 15:58:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\g45g.bat
[2010/04/07 16:10:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\38dafaa
[2010/02/19 10:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vittorio Pajarillo\Application Data\AskToolbar
[2010/06/06 11:01:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

:Files
c:\program files\ask.com
:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

Click on the update tab then click on Check for updates.
If an update is found, it will download and install the latest version.
Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Infected PC user · June 7, 2010

Thanks for your help Kahdah!

Did everything you said and my PC seems fine for now. I'm gonna keep scanning it daily to see if it's really cured.

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4174

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/7/2010 4:52:36 PM

mbam-log-2010-06-07 (16-52-36).txt

Scan type: Full scan (C:\|)

Objects scanned: 234721

Time elapsed: 4 hour(s), 1 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 44

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116517.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116572.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116574.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116575.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0116576.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117677.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117678.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117679.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117690.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117585.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117702.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117703.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0117737.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118132.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118730.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118731.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118732.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118733.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118735.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118737.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118738.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118761.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118846.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118864.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118872.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118873.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118875.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118736.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118953.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118948.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118949.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118950.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118951.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118952.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118954.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118955.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118956.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118957.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118958.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118959.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118960.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118961.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118962.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F7BDE24A-11AA-4656-8BAF-378D7432CF1D}\RP82\A0118963.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

And here's the rest are attached.

OTL2.txt

log.txt

kahdah · June 7, 2010

Great looks much better let me know of any remaining problems and do the following:

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Infected PC user · June 9, 2010

I did what you said and I attached the log here.

Everything seems fine but got a few warnings from Avast that pointed out that there's a virus in the other profile so I deleted the profile. The computer is slightly slower than usual but all is fine for now. Thanks a lot Kahdah!

OTL.Txt

kahdah · June 9, 2010

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2010/06/08 22:35:42 | 000,212,992 | RHS- | M] (owlRMNLQBuBgHsIMPG) -- C:\WINDOWS\wndrive32.exe
[2010/06/08 22:24:53 | 000,278,528 | ---- | M] (HFKvCJaAAQGIAZ) -- C:\WINDOWS\System32\73.exe

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

======================

After downloading the following utility please disconnect to the internet before running the following scanner.

Please click here to download Kaspersky Virus Removal Tool.

Double click on the file you just downloaded and let it install.
It will install to your desktop.
After that leave what is selected and put a check next to My Computer.
Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
Then click on Start Scan.
Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
When the scan is done no log will be produced.
Click on the bottom where it says Report to open the report.
Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
You can save this on the desktop.
Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

screen317 · June 26, 2010

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Need help here. Very damaged PC

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information