1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Repairing Family Lappy

Discussion in 'Malware and Virus Removal Archive' started by Kugarian, 2008/08/18.

  1. 2008/08/18
    Kugarian

    Kugarian Inactive Thread Starter

    Joined:
    2008/07/10
    Messages:
    1
    Likes Received:
    0
    Hi BBS,

    I Got stuck fixing the family-in-laws computer problems due to being the only who understands them...i'm currently working on a lappy that had over 8800 malware and virus problems...managed to get them down to just the hardone to removed namely Anitvirus 2009 and the Fav one "Your privacy is in Danger "...Your help would be greatly appreciated if you could help me with these 2 problems...i have the Hijack This Log and the Malwarebytes Log.


    Forever in your debt

    Kugarian

    HiJack This

    Logfile of HijackThis v1.99.1
    Scan saved at 1:36:13 AM, on 17/02/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {CE43E16D-49BC-4578-A8B7-9F1EC4C03070} - C:\WINDOWS\system32\yayyaBUk.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FF930DC0-54DE-4C56-89E8-AE2F5BDEAC0E}: Domain = wa.bigpond.net.au
    O20 - AppInit_DLLs: iSecurity.cpl
    O21 - SSODL: SrvcSetup - {e374e7a7-e607-4bae-ba19-4ec89d6df7ae} - C:\WINDOWS\Resources\SrvcSetup.dll (file missing)
    O21 - SSODL: PreBootCheck - {89e9b9c3-b358-4b59-bfb4-11ffd36f1fc2} - (no file)
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

    MalwareBytes

    Malwarebytes' Anti-Malware 1.25
    Database version: 1065
    Windows 5.1.2600 Service Pack 2

    1:23:50 AM 17/02/2005
    mbam-log-02-17-2005 (01-23-50).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 101678
    Time elapsed: 25 minute(s), 55 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 33
    Registry Values Infected: 3
    Registry Data Items Infected: 1
    Folders Infected: 54
    Files Infected: 73

    Memory Processes Infected:
    C:\Program Files\sprof\sprof.exe (Trojan.Downloader) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\WINDOWS\system32\freefbed.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96134abb-ad7c-4135-a927-329b735d524f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcaqnfd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{96134abb-ad7c-4135-a927-329b735d524f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\atfxqogp.bqfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cj.cjmgr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cj.cjmgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc021a21-6ac0-4bda-a503-68f041a7ead2} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shc520j0e1d7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\shc520j0e1d7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4cd0d2bf (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sprof (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zangotoolbar 4.8.2 (Adware.Zango) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\sprof (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\851174 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\818646 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\SystemDefender\logs (Rogue.SystemDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\SystemDefender\logs (Rogue.SystemDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Start Menu\Programs\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\shc520j0e1d7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\shc520j0e1d7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Application Data\shc520j0e1d7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Application Data\shc520j0e1d7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\ddcAqNfd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dtnnnovq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qvonnntd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\freefbed.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\debfeerf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lbuhulyd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dyluhubl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pxgpimnf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fnmipgxp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\sprof\sprof.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Local Settings\Temporary Internet Files\Content.IE5\4H27KHYB\kb456456[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\C9IVWX6N\CABIMXZN (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\EXJ8DWJ6\kb456456[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\ULSNA1SH\kb456456[3] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\tmp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\tmp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\tmp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\shc520j0e1d7Skin.dll (Rogue.MalwareProtector) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001225.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001212.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001213.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001220.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001222.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001224.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001226.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001227.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001229.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001230.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001232.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001235.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001236.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001237.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001243.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP3\A0001244.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP5\A0001880.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8355C44C-D01A-462B-9374-94723E1D5EB1}\RP5\A0001881.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\ealm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tsvqgjbv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\shc520j0e1d7.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\shc520j0e1d7\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\tmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Desktop\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jackson\Desktop\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Desktop\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jackson\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maddie\Start Menu\Programs\Startup\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ethan\Start Menu\Programs\Startup\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Danielle\Start Menu\Programs\Startup\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brad\Start Menu\Programs\Startup\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
     
    Last edited: 2008/08/18
    Kugarian,
    #1
  2. 2008/08/18
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Kugarian - Welcome to the Board :)

    Please read this and post the logs requested in your next post in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2008/08/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Kugarian

    Can I see a new HJT log.

    Thanks
    Geri
     
    Geri,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...