Member Avatar for rcanter

I have been having problems for last two days since someone downloaded something from Limewire on my pc. I finally got it to where it would boot up without being in safe mode but it is still really slow and browser windows appear when trying to surf web.
I have ran a bunch of stuff such as:
CCleaner, Spybot, Norton Antivirus, Stopzilla, RegCure, Zonealarm, Spyware Doctor, RootkitRevealer, Microsoft Malicious Software remover, Google updater, and Windows Defender.
The latest one was Malwarebytes Anti-Malware.

I ran another Hijack scan and still cannot seem to remove some stuff. Here is the log ----- any help would be appreciated!!!!
<code>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:39 PM, on 3/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PremierOpinion] c:\program files\premieropinion\pmropn.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ZDWlan.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {13EB7AC8-4811-461C-8581-89650F3D716B} (WallOfFame Control) - http://www.worldwinner.com/games/v44/walloffame/walloffame.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\gebojele.dll
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9126 bytes
</code>

  • 3 Contributors
  • 5 Replies
  • 114 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 5 Replies

Member Avatar for jholland1964

Where is the MBA-M log?

Member Avatar for rcanter

Where is the MBA-M log?

Here is the log:

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 3

3/1/2009 7:06:36 PM
mbam-log-2009-03-01 (19-06-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 112920
Time elapsed: 1 hour(s), 32 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 19
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 62

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\herifolu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rutobuki.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\linanotu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yvmgji.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5687b0a2-8132-4820-bf76-3895c7d3f484} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5687b0a2-8132-4820-bf76-3895c7d3f484} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a4a610c-6517-4c24-8bd8-14753a10a116} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9a4a610c-6517-4c24-8bd8-14753a10a116} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5687b0a2-8132-4820-bf76-3895c7d3f484} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdss.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCSHIELD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe (Security.Hijack) -> No action taken.
HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb6629 (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd3263 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga8963 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc4409 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmff95ee1c (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\depiyafefa (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fca6dd80 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\rutobuki.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\rutobuki.dll -> No action taken.
HKEY_CLASSES_ROOT\txtfile\shell\open\command\ (Hijack.Notepad) -> Bad: ("C:\WINDOWS\system32\nxtepad.exe" "%1") Good: (notepad.exe %1) -> No action taken.

Folders Infected:
C:\Documents and Settings\Computer User\Application Data\comidle (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\LocalService32 (Worm.P2P) -> No action taken.

Files Infected:
C:\WINDOWS\system32\yvmgji.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\melidawa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\awadilem.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\togemobo.dll_old (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\obomegot.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\rutobuki.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\herifolu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\linanotu.dll (Trojan.Vundo.H) -> No action taken.
C:\kwfu.exe (Trojan.Downloader) -> No action taken.
C:\tbrtt.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\c66tafo806.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\i8tcx4.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\ib19uuv.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\jaglrn.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\nysstf1lnl5up.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\u50asmlz9tk.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\vky8axs54.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\xby2tc12p3v1p.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\My Documents\old files\scsiportt.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Computer User\Application Data\comidle\comidle.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\3DO\Might Magic VIII\setup.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\3DO\Might Magic VIII\serial\serial.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\HijackThis\backups\backup-20090228-190742-476.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001015.dll (Worm.P2P) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001016.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001137.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001138.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001139.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001140.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001141.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001170.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001174.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001175.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\1.tmp (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\23.tmp (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\ghu02\ghu022328.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\h3\IT22B4E.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\LocalService32\39.music.mp3 (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\39.music.mp3.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\41.crack.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\41.crack.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\42.keymaker.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\42.keymaker.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\43.setup.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\43.setup.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\44.unpack.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\44.unpack.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\45.keygen.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\45.keygen.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\46.serial.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\46.serial.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\47.music.snd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\47.music.snd.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\senekadbxvhxvm.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\umtcdtw.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> No action taken.
C:\services.exe (Trojan.Agent) -> No action taken.
C:\lsass.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\diwunawo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\senekajoewxrer.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekawqgkxyvm.dat (Trojan.Agent) -> No action taken.

Member Avatar for jholland1964

On most programs you do have to tell them to remove or clean. They rarely do it automatically

Update the MBA-M program, run a full system scan again and this time REMOVE ALL found.
Reboot the computer.
Run a new HJT scan save the log.

Post back here with both new logs.

Member Avatar for rcanter

On most programs you do have to tell them to remove or clean. They rarely do it automatically

Update the MBA-M program, run a full system scan again and this time REMOVE ALL found.
Reboot the computer.
Run a new HJT scan save the log.

Post back here with both new logs.

I did remove them and reboot after that. The HJT scan that is above is from after removing them.

Member Avatar for crunchie

I did remove them and reboot after that. The HJT scan that is above is from after removing them.

Then you should have posted the log from MBA-M that represents that :). It would save time for those members who assist waiting for the correct logs/information.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.