Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/Malware problem.


  • This topic is locked This topic is locked
10 replies to this topic

#1 PearlIzumi

PearlIzumi

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 25 March 2009 - 02:02 PM

Receiving various pop ups and random windows. Computer running extremely slow. Tried to use Microsoft Defender but it can't seem to find the problem.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Pearl Izumi at 11:54:58.27 on Wed 03/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.363 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iPass\iPassConnect Nautilus Remote Access\iPCAgent.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpywareRemover2009\SR.exe
C:\v8\Rpro\Schedule.exe
C:\v8\Rpro\EFT\PPMSERVR.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\iPass\iPassConnect Nautilus Remote Access\downloader\ipccheck.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pearl Izumi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pearlizumi.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 172.23.136.11:8080
uInternet Settings,ProxyOverride = <local>
BHO: {2b3f8654-7217-4a4c-8ef3-65347cf23323} - c:\windows\system32\sirirami.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [Client Access PC5250 Sound] "c:\program files\ibm\client access\emulator\pcssnd.exe"
mRun: [FinishOptions] c:\docume~1\pearli~1\locals~1\temp\hpbinxst.exe
mRun: [EPSON Stylus CX3200] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
mRun: [dupogaseka] Rundll32.exe "c:\windows\system32\jobimimi.dll",s
mRun: [c4e8c1d2] rundll32.exe "c:\windows\system32\fovaseku.dll",b
mRun: [CPMc7dbf24e] Rundll32.exe "c:\windows\system32\jefotumo.dll",a
mRun: [SpywareRemover2009] c:\program files\spywareremover2009\SR.exe
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rprosc~1.lnk - c:\v8\rpro\Schedule.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\v8\rpro\eft\PPMSERVR.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E0AE4FAE-7E6B-4C1F-B93D-2A446DCB7FA8} = 172.23.136.10,172.23.136.12
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\kanirayo.dll zacrqk.dll bhgjfu.dll rgfjmq.dll blzxxu.dll c:\windows\system32\jefotumo.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jefotumo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jefotumo.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\kanirayo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pearli~1\applic~1\mozilla\firefox\profiles\h9e6gsiq.default\
FF - prefs.js: browser.startup.homepage - www.pearlizumi.com
FF - prefs.js: network.proxy.ftp - 172.23.136.11
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 172.23.136.11
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 172.23.136.11
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 172.23.136.11
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 172.23.136.11
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1

============= SERVICES / DRIVERS ===============

R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2005-12-20 160325]
R2 iPCAgent;iPCAgent;c:\program files\ipass\ipassconnect nautilus remote access\iPCAgent.exe [2005-12-20 90112]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [2005-12-20 15793]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-12-20 472352]

=============== Created Last 30 ================

2009-03-25 10:33 <DIR> --d----- c:\docume~1\pearli~1\applic~1\Logs
2009-03-25 10:28 <DIR> --d----- c:\program files\SpywareRemover2009
2009-03-25 10:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpywareRemover2009
2009-03-25 10:13 <DIR> --ds---- c:\documents and settings\pearl izumi\UserData
2009-03-25 02:30 129,024 a--sh--- c:\windows\system32\blzxxu.dll
2009-03-25 02:30 3,327,218 ---sh--- c:\windows\system32\ukesavof.ini
2009-03-24 14:29 129,024 a--sh--- c:\windows\system32\rgfjmq.dll
2009-03-24 14:29 3,327,200 ---sh--- c:\windows\system32\edajorek.ini
2009-03-23 23:28 2,098 ---sh--- c:\windows\system32\rawuyona.exe
2009-03-21 17:25 129,536 a--sh--- c:\windows\system32\bhgjfu.dll
2009-03-21 17:25 1,410,288 ---sh--- c:\windows\system32\avotiruy.ini
2009-03-21 05:25 1,791,160 ---sh--- c:\windows\system32\oliyukeh.ini
2009-03-21 05:25 128,000 a--sh--- c:\windows\system32\fhusxw.dll
2009-03-20 17:25 1,791,147 ---sh--- c:\windows\system32\ebofogef.ini
2009-03-20 17:24 129,536 a--sh--- c:\windows\system32\zacrqk.dll

==================== Find3M ====================

2009-03-25 02:30 95,232 a--sh--- c:\windows\system32\jefotumo.dll
2009-03-25 02:30 129,024 a--sh--- c:\windows\system32\diyidubo.dll
2009-03-25 02:30 89,600 a--sh--- c:\windows\system32\fovaseku.dll
2009-03-24 14:29 129,024 a--sh--- c:\windows\system32\puvutabo.dll
2009-03-24 14:29 95,744 a--sh--- c:\windows\system32\fahapera.dll
2009-03-24 14:29 89,088 -------- c:\windows\system32\kerojade.dll
2009-03-21 17:25 129,536 a--sh--- c:\windows\system32\putiwuwa.dll
2009-03-21 17:25 90,624 -------- c:\windows\system32\yuritova.dll
2009-03-21 17:25 95,232 a--sh--- c:\windows\system32\duzokoho.dll
2009-03-21 05:25 90,112 -------- c:\windows\system32\hekuyilo.dll
2009-03-21 05:25 128,000 a--sh--- c:\windows\system32\sepukuti.dll
2009-03-21 05:25 95,232 a--sh--- c:\windows\system32\zirofija.dll
2009-03-20 17:25 90,624 -------- c:\windows\system32\fegofobe.dll
2009-03-20 17:24 129,536 a--sh--- c:\windows\system32\takesebo.dll
2009-03-20 17:24 95,744 a--sh--- c:\windows\system32\kudodibo.dll
0000-00-00 00:00 57,856 a--sh--- c:\windows\system32\jobimimi.dll
0000-00-00 00:00 57,856 a--sh--- c:\windows\system32\kanirayo.dll
0000-00-00 00:00 57,856 a--sh--- c:\windows\system32\sirirami.dll

============= FINISH: 11:58:12.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:57 PM

Posted 25 March 2009 - 02:34 PM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 25 March 2009 - 03:11 PM

The MBAM Log:

Malwarebytes' Anti-Malware 1.34
Database version: 1897
Windows 5.1.2600 Service Pack 2

3/25/2009 1:02:19 PM
mbam-log-2009-03-25 (13-02-19).txt

Scan type: Quick Scan
Objects scanned: 104035
Time elapsed: 14 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 11
Registry Values Infected: 6
Registry Data Items Infected: 6
Folders Infected: 8
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fovaseku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kanirayo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sirirami.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jobimimi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\jefotumo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b3f8654-7217-4a4c-8ef3-65347cf23323} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2b3f8654-7217-4a4c-8ef3-65347cf23323} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b3f8654-7217-4a4c-8ef3-65347cf23323} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\SpywareRemover2009 (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USRM_is1 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c4e8c1d2 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dupogaseka (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmc7dbf24e (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareremover2009 (Rogue.SpywareRemover) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kanirayo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kanirayo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kanirayo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jefotumo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jefotumo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\quarantine.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Quarantine (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\quaratine.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fegofobe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebofogef.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fovaseku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ukesavof.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hekuyilo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oliyukeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kerojade.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edajorek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuritova.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avotiruy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jobimimi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\jefotumo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sirirami.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kanirayo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\SpywareRemover2009\SR.exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pearl Izumi\Local Settings\Temp\e.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pearl Izumi\Local Settings\Temporary Internet Files\Content.IE5\2VQ74NA9\load[1].php (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pearl Izumi\Local Settings\Temporary Internet Files\Content.IE5\OV9RU2FT\virusremover2009_setup_free_rezer_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pearl Izumi\Local Settings\Temporary Internet Files\Content.IE5\QDXQNYHG\SpywareRemover2009_Installer_Dual_br1_en[1].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pearl Izumi\Desktop\SpywareRemover2009_Installer_Dual_br1_en.exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\Abbr (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ActivationCode (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ProductCode (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Contact customer support.url (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover2009 Online Manual.url (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover2009.lnk (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Uninstall SpywareRemover2009.lnk (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\ATL80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\cn.exe (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\cn.xml (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\diagnosis.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\InstUp.exe (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\license.rtf (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\mfc80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Microsoft.VC80.ATL.manifest (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Microsoft.VC80.CRT.manifest (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Microsoft.VC80.MFC.manifest (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\msvcm80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\msvcp80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\msvcr80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\PP.exe (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\pv.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\readme.rtf (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\settings.ini (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\SR.xml (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\unins000.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\unins000.exe (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\updateapp.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\updatedb.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Updater.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\UserAgent.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\AutoProcess.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\common.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\enemies.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\Summary.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\vbpv.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\quarantine.dat\#post_quarantine (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diyidubo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pearl Izumi\Desktop\SpywareRemover2009.lnk (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pearl Izumi\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareRemover2009.lnk (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.


I am assuming the Hijack this log is what i get when I run the d.d.s program? Sorry for my ignorance. Here that is:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Pearl Izumi at 13:08:50.72 on Wed 03/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.650 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iPass\iPassConnect Nautilus Remote Access\iPCAgent.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\v8\Rpro\Schedule.exe
C:\v8\Rpro\EFT\PPMSERVR.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPass\iPassConnect Nautilus Remote Access\downloader\ipccheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pearl Izumi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pearlizumi.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 172.23.136.11:8080
uInternet Settings,ProxyOverride = <local>
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [Client Access PC5250 Sound] "c:\program files\ibm\client access\emulator\pcssnd.exe"
mRun: [FinishOptions] c:\docume~1\pearli~1\locals~1\temp\hpbinxst.exe
mRun: [EPSON Stylus CX3200] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rprosc~1.lnk - c:\v8\rpro\Schedule.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\v8\rpro\eft\PPMSERVR.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E0AE4FAE-7E6B-4C1F-B93D-2A446DCB7FA8} = 172.23.136.10,172.23.136.12
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: zacrqk.dll bhgjfu.dll rgfjmq.dll blzxxu.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pearli~1\applic~1\mozilla\firefox\profiles\h9e6gsiq.default\
FF - prefs.js: browser.startup.homepage - www.pearlizumi.com
FF - prefs.js: network.proxy.ftp - 172.23.136.11
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 172.23.136.11
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 172.23.136.11
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 172.23.136.11
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 172.23.136.11
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1

============= SERVICES / DRIVERS ===============

R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2005-12-20 160325]
R2 iPCAgent;iPCAgent;c:\program files\ipass\ipassconnect nautilus remote access\iPCAgent.exe [2005-12-20 90112]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [2005-12-20 15793]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-12-20 472352]

=============== Created Last 30 ================

2009-03-25 12:44 <DIR> --d----- c:\docume~1\pearli~1\applic~1\Malwarebytes
2009-03-25 12:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-25 12:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 12:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-25 10:33 <DIR> --d----- c:\docume~1\pearli~1\applic~1\Logs
2009-03-25 10:13 <DIR> --ds---- c:\documents and settings\pearl izumi\UserData
2009-03-25 02:30 129,024 a--sh--- c:\windows\system32\blzxxu.dll
2009-03-24 14:29 129,024 a--sh--- c:\windows\system32\rgfjmq.dll
2009-03-23 23:28 2,098 ---sh--- c:\windows\system32\rawuyona.exe
2009-03-21 17:25 129,536 a--sh--- c:\windows\system32\bhgjfu.dll
2009-03-21 05:25 128,000 a--sh--- c:\windows\system32\fhusxw.dll
2009-03-20 17:24 129,536 a--sh--- c:\windows\system32\zacrqk.dll

==================== Find3M ====================

2009-03-24 14:29 129,024 a--sh--- c:\windows\system32\puvutabo.dll
2009-03-24 14:29 95,744 a--sh--- c:\windows\system32\fahapera.dll
2009-03-21 17:25 129,536 a--sh--- c:\windows\system32\putiwuwa.dll
2009-03-21 17:25 95,232 a--sh--- c:\windows\system32\duzokoho.dll
2009-03-21 05:25 128,000 a--sh--- c:\windows\system32\sepukuti.dll
2009-03-21 05:25 95,232 a--sh--- c:\windows\system32\zirofija.dll
2009-03-20 17:24 129,536 a--sh--- c:\windows\system32\takesebo.dll
2009-03-20 17:24 95,744 a--sh--- c:\windows\system32\kudodibo.dll

============= FINISH: 13:09:54.99 ===============

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:57 PM

Posted 25 March 2009 - 03:18 PM

Hi,

Almost done...

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Then,

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.


Then, navigate to and delete the following files:

c:\windows\system32\puvutabo.dll
c:\windows\system32\fahapera.dll
c:\windows\system32\putiwuwa.dll
c:\windows\system32\duzokoho.dll
c:\windows\system32\sepukuti.dll
c:\windows\system32\zirofija.dll
c:\windows\system32\takesebo.dll
c:\windows\system32\kudodibo.dll
c:\windows\system32\blzxxu.dll
c:\windows\system32\rgfjmq.dll
c:\windows\system32\rawuyona.exe
c:\windows\system32\bhgjfu.dll
c:\windows\system32\fhusxw.dll
c:\windows\system32\zacrqk.dll

Then, you really need an Antivirus, so * Please install Avira Antivirus: http://www.free-av.com/

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new DDS log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 25 March 2009 - 03:28 PM

It wouldn't let me delete these. It told me that they were either read only or currently in use?

c:\windows\system32\blzxxu.dll
c:\windows\system32\rgfjmq.dll
c:\windows\system32\bhgjfu.dll
c:\windows\system32\zacrqk.dll

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:57 PM

Posted 25 March 2009 - 03:35 PM

Did you perform the step with the fix.reg?
If so, reboot first.

Then try to delete the files again after reboot.

If it still didn't work, let me know.

Edit.. can you upload one of these files here as well please?
http://www.bleepingcomputer.com/submit-malware.php?channel=8

Edited by miekiemoes, 25 March 2009 - 03:37 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 25 March 2009 - 04:34 PM

I'm sorry - I rebooted and deleted them before I saw the note to upload one of the files. They deleted this time around.

AVIRA Report:




Avira AntiVir Personal
Report file date: Wednesday, March 25, 2009 13:55

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : AO9-REG1

Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 3/11/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 19:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 03:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 14:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 21:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/28/2009 00:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 03:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 18:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 01:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 20:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 03:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 22:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 03:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 20:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 21:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 21:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 17:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 21:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 14:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 18:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 22:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,+JOKE,+SPR,

Start of the scan: Wednesday, March 25, 2009 13:55

Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting search for hidden objects.
'82215' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'ipccheck.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'PPMSERVR.exe' - '1' Module(s) have been scanned
Scan process 'Schedule.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'E_S10IC2.EXE' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LxrJD31s.exe' - '1' Module(s) have been scanned
Scan process 'iPCAgent.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'eEBSvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '77' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Install\ArmsTechCD\Install Files\DRIVERS\MODEM\USR PNP\Software\Control\setup.exe
[0] Archive type: CAB SFX (self extracting)
--> \atmdlusr.exe
[DETECTION] Is the TR/Dldr.Aveo Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043247.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043250.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043252.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043254.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043256.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043257.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043260.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043261.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043262.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043263.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043267.dll
[DETECTION] Is the TR/Killav.28714 Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043268.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043269.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043270.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043271.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043272.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043273.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043274.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043283.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043284.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043285.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043286.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043287.dll
[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:
C:\Install\ArmsTechCD\Install Files\DRIVERS\MODEM\USR PNP\Software\Control\setup.exe
[NOTE] The file was moved to '4a3ea329.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043247.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49faa2f4.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043250.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4886933d.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043252.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d52aab5.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043254.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '487af21d.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043256.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d5b7b65.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043257.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '489443bd.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043260.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49faa2f5.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043261.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4878c28e.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043262.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d594bd6.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043263.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d5843ae.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043267.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '49faa2f6.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043268.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d5e521f.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043269.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d5f5a47.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043270.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4d5da28f.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043271.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49faa2f7.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043272.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f4e8328.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043273.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f4d93e8.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043274.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f429a20.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043283.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d518280.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043284.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d568ab8.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043285.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d5792f0.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043286.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d549528.qua'!
C:\System Volume Information\_restore{734B5BD2-78CE-45B7-AA05-6772E4343EBA}\RP879\A0043287.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4d559d60.qua'!


End of the scan: Wednesday, March 25, 2009 14:31
Used time: 35:50 Minute(s)

The scan has been done completely.

5764 Scanned directories
367697 Files were scanned
24 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
24 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
367672 Files not concerned
1971 Archives were scanned
1 Warnings
25 Notes
82215 Objects were scanned with rootkit scan
0 Hidden objects were found

New DDS Log



DDS (Ver_09-03-16.01) - NTFSx86
Run by Pearl Izumi at 14:33:28.49 on Wed 03/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.466 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\v8\Rpro\Schedule.exe
C:\v8\Rpro\EFT\PPMSERVR.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Documents and Settings\Pearl Izumi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pearlizumi.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 172.23.136.11:8080
uInternet Settings,ProxyOverride = <local>
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [Client Access PC5250 Sound] "c:\program files\ibm\client access\emulator\pcssnd.exe"
mRun: [FinishOptions] c:\docume~1\pearli~1\locals~1\temp\hpbinxst.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rprosc~1.lnk - c:\v8\rpro\Schedule.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\v8\rpro\eft\PPMSERVR.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E0AE4FAE-7E6B-4C1F-B93D-2A446DCB7FA8} = 172.23.136.10,172.23.136.12
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pearli~1\applic~1\mozilla\firefox\profiles\h9e6gsiq.default\
FF - prefs.js: browser.startup.homepage - www.pearlizumi.com
FF - prefs.js: network.proxy.ftp - 172.23.136.11
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 172.23.136.11
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 172.23.136.11
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 172.23.136.11
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 172.23.136.11
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-25 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-25 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-25 55640]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2005-12-20 160325]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-12-20 472352]

=============== Created Last 30 ================

2009-03-25 13:45 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-25 13:45 <DIR> --d----- c:\program files\Avira
2009-03-25 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-25 12:44 <DIR> --d----- c:\docume~1\pearli~1\applic~1\Malwarebytes
2009-03-25 12:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-25 12:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 12:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-25 10:33 <DIR> --d----- c:\docume~1\pearli~1\applic~1\Logs
2009-03-25 10:13 <DIR> --ds---- c:\documents and settings\pearl izumi\UserData

==================== Find3M ====================


============= FINISH: 14:33:45.14 ===============

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:57 PM

Posted 25 March 2009 - 05:03 PM

Hi,

I rebooted and deleted them before I saw the note to upload one of the files. They deleted this time around.

That's OK.
Good they weren't stubborn, because in many cases, when applying the fix.reg, I won't work either.

What Avira found were only leftovers in your System restore points, so you should be OK now.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 25 March 2009 - 05:05 PM

So much faster! Thank you SO much. I couldn't have figured this out by myself. You guys are awesome! I really appreciate your time and goodwill! :thumbup2:

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:57 PM

Posted 25 March 2009 - 05:09 PM

Glad I could help. :thumbup2:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:57 PM

Posted 31 March 2009 - 08:10 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users