Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Allaple Worm


  • This topic is locked This topic is locked
2 replies to this topic

#1 greenmachinefixup

greenmachinefixup

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 26 September 2010 - 06:21 PM

Hi

Two hiccups in the preparation process occurred: I was unable to create a back up of my system and GMER couldn't finish its scan. It gave me the blue screen of death and then the computer restarted both times I tried.

There are three warning popups that appear when I first turn on my computer and I forgot to write them down but I'll post them in another post after this one.

I also noticed that the logs for my scans with SAS and MBAM did not show up when I logged on in safe mode and alternatedly when I logged on in safe mode as administrator vs bethany I got a list of only the scans performed when logged on as that particular user. So I have three different places to look for the latest scans by each of SAS and MBAM.

Here is what I managed to get:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Bethany at 15:53:47.43 on 26/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1014.636 [GMT -7:00]

AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\USB Camera\VM331_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Ettin\EtEngineU.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe
C:\Documents and Settings\Bethany\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Bethany\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SRSTrayApp] c:\program files\srs labs\wowhd and tsxt driver\SRSTrayApp.exe
uRun: [Google Update] "c:\documents and settings\bethany\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Vficu] rundll32.exe "c:\windows\kbatasan.dll",Startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [331BigDog] c:\program files\usb camera\VM331_STI.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [KeybdUtility] "c:\program files\lg software\on screen display\HotKey.exe"
mRun: [zOSD] "c:\program files\lg software\on screen display\HotKey.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LG Magnifier] "c:\program files\lg software\lg magnifier\MagnifyingGlass.exe"
mRun: [LG Intelligent Update] "c:\program files\lg_swupdate\autoupdate.exe" Gilautouc
mRun: [batterymiser] "c:\program files\lg software\battery miser\batterymiser.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ettin] c:\windows\system32\ettin\EtEngineU.exe
mRun: [<NO NAME>]
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.17.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249444839296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: BatteryMiser PSAP Class: {26f5978f-6493-4ee3-b114-c0c3accf9d4d} - c:\windows\system32\bmpsap.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bethany\applic~1\mozilla\firefox\profiles\rc11sc63.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.ca/nwshp?hl=en&tab=wn|http://www.thehunters.ca/wp/|http://www.cbc.ca/news/
FF - plugin: c:\documents and settings\bethany\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: XULRunner: {439312FF-F8C3-4F82-9853-D7782CACC65B} - c:\documents and settings\bethany\local settings\application data\{439312FF-F8C3-4F82-9853-D7782CACC65B}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-2-26 315392]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\srs labs\wowhd and tsxt driver\SRS_PostInstaller.exe [2008-9-5 69632]
R3 vm331avs;FS13FF-183;c:\windows\system32\drivers\vm331avs.sys [2009-3-10 997888]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2008-9-5 22528]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-4 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-12 1684736]
S3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys --> c:\windows\system32\drivers\lgodd_filter.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-9-23 50704]
S3 Usbnic;OTi Network Driver Module;c:\windows\system32\drivers\Usbnic.sys [2009-8-9 18184]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-8-29 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-8-29 5248]

=============== Created Last 30 ================

2010-09-26 22:49:38 52 ----a-w- c:\documents and settings\bethany\defogger_reenable
2010-09-25 18:50:27 0 d-----w- c:\program files\Runtime Software
2010-09-24 05:04:07 0 d-----w- c:\docume~1\bethany\applic~1\SUPERAntiSpyware.com
2010-09-24 02:44:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-24 02:44:18 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-24 02:31:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-23 18:07:17 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-09-23 18:07:17 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-09-23 18:07:17 100880 ----a-w- c:\windows\system32\Packet.dll
2010-09-23 09:48:32 0 d-----w- c:\docume~1\bethany\applic~1\Malwarebytes
2010-09-23 09:48:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 09:48:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-23 09:48:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-23 09:48:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 08:58:11 120 ----a-w- c:\windows\Kpaqetekolasihi.dat
2010-09-23 08:58:11 0 ----a-w- c:\windows\Vrixu.bin

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 15:55:23.62 ===============




Here is the latest MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4675

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

26/09/2010 3:26:15 PM
mbam-log-2010-09-26 (15-26-15).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 276277
Time elapsed: 50 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Bethany's Computer\Bethanys C Drive\Program Files\Common Files\Microsoft Shared\Stationery\njbsvtll.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\i18n\bhlsktlj.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\i18n\kkvsrnns.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\i18n\nvwnkjnv.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\i18n\rzxlcbzt.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\i18n\tjjxlnze.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\runtime\hsrlhshn.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\web\templates\blackbg\hekzwejj.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\web\templates\whitebg\nthhseen.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Google\Picasa3\web\templates\whitefrm\hsnsrbez.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\CHS\ejtescqw.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\ENU\eccjkwsz.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\ENU\kvtjvhks.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\HUN\wlqvjzwb.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\ITA\rnbnnrjr.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\SVE\cbtbcskk.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\THA\ncejsezs.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\TRK\lvwkrjjq.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\Intel\Intel Matrix Storage Manager\TRK\zlsjxezs.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\lg_swupdate\html\Option\hejtlhlt.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\OpenOffice.org 3\nbwjhrnz.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\swrlbzsb.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\Program Files\OpenOffice.org 3\Basis\share\dtd\math\1_01\txkejvhs.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\Help\Tours\htmlTour\kzerbzks.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\Help\Tours\htmlTour\lwnssrtv.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\Help\Tours\htmlTour\zbcwlstj.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\I386\COMPDATA\bkvltnkv.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\I386\COMPDATA\enrztenr.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\I386\COMPDATA\nhhzhesl.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\I386\COMPDATA\stzkvnnw.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\I386\COMPDATA\trxrllew.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\pchealth\helpctr\System\DFS\nbzhnzrx.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\seshhtth.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\ekjvhbcn.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\rbntkevt.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\shrnxshq.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\kkrtrbns.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\system32\oobe\actsetup\lrlzztll.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\system32\oobe\actsetup\rkjenssc.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\system32\oobe\html\dslmain\nevttblh.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\system32\oobe\html\mouse\hcvxrtwz.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\system32\oobe\regerror\ehxzeshx.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\system32\oobe\setup\lnestrnt.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\Bethany's Computer\Bethanys C Drive\WINDOWS\system32\oobe\setup\seqtjbee.exe (Worm.Allaple) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{9348F368-AB7F-462A-81F0-7657632898D7}\RP2\A0001229.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.

Thank you for your help!

Attached Files


Edited by greenmachinefixup, 26 September 2010 - 06:24 PM.


BC AdBot (Login to Remove)

 


#2 greenmachinefixup

greenmachinefixup
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 27 September 2010 - 02:39 AM

My dad took it upon himself to use the built in LG Recover to reset my laptop to the factory settings. I wasn't going to do that unless there was need to, but he was happy to do it. My only fear is that something still could be hiding somewhere! :S

Thank you all for your time. This is a great site!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 PM

Posted 27 September 2010 - 03:58 AM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users