Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BJI virus and others exe file corrupted


  • This topic is locked This topic is locked
2 replies to this topic

#1 jlanefwbbc

jlanefwbbc

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 19 October 2010 - 01:51 PM

I believe that I have a virus. I am receiving messages like "RAM critical" and "hard drive not found. Missing Harddrive." "Exe File corrupted and and cannot be run". Also, I am receiving a box that tells me that I need to scan for a harddrive with only one option "scan now". Once clicked, a program comes up called system defragmenter. I have not clicked on anything within that program. It does tell me that I need to download other programs to defrag my system.

I did run Malwarebytes and had several items that were found. Though they were quarentined and deleted, it did not change the issue. I am able to run all of my programs on one user, but when I log in to my main user (with all of my files) I cannot open anything. I cannot open the internet or any folders.

Thanks in advance for the help.


DDS (Ver_10-10-10.03) - NTFSx86
Run by FWB Connection at 12:40:53.39 on Mon 10/18/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2557.1551 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DRoster\Firebird\bin\fbguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lxcycoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DRoster\Firebird\bin\fbserver.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\FWB Connection\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F9XBCLL\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: GoodShopToolbar: {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - c:\program files\goodsearch.com\goodsearch toolbar\adxloader.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: GoodSearchBar: {10834e9a-d475-4a24-ad01-f3f24f71b28e} - c:\program files\goodsearch.com\goodsearch toolbar\adxloader.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\fwbcon~1\appdata\roaming\mozilla\firefox\profiles\3mk2y7g0.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20081203.001\IDSvix86.sys [2008-12-4 270384]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\droster\firebird\bin\fbguard.exe -s --> c:\program files\droster\firebird\bin\fbguard.exe -s [?]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-11-19 99376]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\droster\firebird\bin\fbserver.exe -s --> c:\program files\droster\firebird\bin\fbserver.exe -s [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-8-29 253952]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-10-15 84832]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-29 30192]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-29 1251720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-17 21:39:05 -------- d-----w- c:\users\fwbcon~1\appdata\roaming\Malwarebytes
2010-10-17 17:37:09 -------- d-----w- c:\progra~2\Update
2010-10-15 19:59:30 -------- d-----w- C:\easychurch
2010-10-14 16:09:10 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 16:09:10 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 16:07:27 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 16:07:27 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 16:07:27 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 16:07:26 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 16:07:26 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 16:05:59 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 16:05:55 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 15:46:05 -------- d-----w- c:\program files\LimeWire
2010-09-29 15:08:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 15:07:34 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-21 23:34:18 -------- d-----w- c:\program files\Screaming Bee
2010-09-21 14:33:50 -------- d-----w- c:\progra~2\Affinegy
2010-09-20 15:40:45 -------- d-----w- c:\program files\Microsoft
2010-09-20 15:40:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-20 15:38:33 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcC352.tmp
2010-09-20 15:37:01 -------- d-----w- c:\program files\common files\Windows Live

==================== Find3M ====================

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 12:41:42.34 ===============

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4864

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10/18/2010 12:16:58 PM
mbam-log-2010-10-18 (12-16-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 596966
Time elapsed: 4 hour(s), 0 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Registration.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\Update\seupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\FWB Connection\AppData\Local\Windows Server\duhfsb.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\FWB Connection\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\pcondn.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004f94 (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\vucot.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\win32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\login.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\mdm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\0.6299698682812354.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\avp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\ayscqxbi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\dmaky.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\4060769374.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\4065456874.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\sqcgw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\t9zh2d3ymr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\9c0ec39e.exe (Antivirus.Action) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\cfra.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\x95d4x5.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\qfyro.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\Bjg.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\Bji.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\Bjj.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\Bjk.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\Bjl.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\Bjm.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\hqsdhfglf\vcrkbtcyhsn.exe (Antivirus.Action) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jamie\Desktop\Adobe Registration\Registration.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\FWB Connection\Local Settings\Application Data\Windows Server\duhfsb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\FWB Connection\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:04 PM

Posted 28 October 2010 - 09:30 AM

Hi,

If help still needed post fresh dds logs (both dds.txt & attacht.txt contents).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:04 PM

Posted 04 November 2010 - 03:18 AM

Due to inactivity, this thread will now be closed. Should you have same or a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users