0

I have been having problems for last two days since someone downloaded something from Limewire on my pc. I finally got it to where it would boot up without being in safe mode but it is still really slow and browser windows appear when trying to surf web.
I have ran a bunch of stuff such as:
CCleaner, Spybot, Norton Antivirus, Stopzilla, RegCure, Zonealarm, Spyware Doctor, RootkitRevealer, Microsoft Malicious Software remover, Google updater, and Windows Defender.
The latest one was Malwarebytes Anti-Malware.

I ran another Hijack scan and still cannot seem to remove some stuff. Here is the log ----- any help would be appreciated!!!!
<code>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:39 PM, on 3/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PremierOpinion] c:\program files\premieropinion\pmropn.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ZDWlan.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {13EB7AC8-4811-461C-8581-89650F3D716B} (WallOfFame Control) - http://www.worldwinner.com/games/v44/walloffame/walloffame.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\gebojele.dll
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9126 bytes
</code>

3
Contributors
5
Replies
6
Views
8 Years
Discussion Span
Last Post by crunchie
0

Where is the MBA-M log?

Here is the log:

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 3

3/1/2009 7:06:36 PM
mbam-log-2009-03-01 (19-06-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 112920
Time elapsed: 1 hour(s), 32 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 19
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 62

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\herifolu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rutobuki.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\linanotu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yvmgji.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5687b0a2-8132-4820-bf76-3895c7d3f484} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5687b0a2-8132-4820-bf76-3895c7d3f484} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a4a610c-6517-4c24-8bd8-14753a10a116} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9a4a610c-6517-4c24-8bd8-14753a10a116} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5687b0a2-8132-4820-bf76-3895c7d3f484} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdss.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCSHIELD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe (Security.Hijack) -> No action taken.
HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb6629 (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd3263 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga8963 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc4409 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmff95ee1c (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\depiyafefa (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fca6dd80 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\rutobuki.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\rutobuki.dll -> No action taken.
HKEY_CLASSES_ROOT\txtfile\shell\open\command\ (Hijack.Notepad) -> Bad: ("C:\WINDOWS\system32\nxtepad.exe" "%1") Good: (notepad.exe %1) -> No action taken.

Folders Infected:
C:\Documents and Settings\Computer User\Application Data\comidle (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\LocalService32 (Worm.P2P) -> No action taken.

Files Infected:
C:\WINDOWS\system32\yvmgji.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\melidawa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\awadilem.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\togemobo.dll_old (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\obomegot.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\rutobuki.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\herifolu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\linanotu.dll (Trojan.Vundo.H) -> No action taken.
C:\kwfu.exe (Trojan.Downloader) -> No action taken.
C:\tbrtt.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\c66tafo806.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\i8tcx4.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\ib19uuv.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\jaglrn.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\nysstf1lnl5up.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\u50asmlz9tk.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\vky8axs54.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\xby2tc12p3v1p.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\My Documents\old files\scsiportt.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Computer User\Application Data\comidle\comidle.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\3DO\Might Magic VIII\setup.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\3DO\Might Magic VIII\serial\serial.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\HijackThis\backups\backup-20090228-190742-476.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001015.dll (Worm.P2P) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001016.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001137.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001138.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001139.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001140.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001141.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001170.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001174.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{DD5813A1-F232-4441-917E-231132400FFD}\RP0\A0001175.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\1.tmp (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\23.tmp (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\ghu02\ghu022328.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\h3\IT22B4E.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\LocalService32\39.music.mp3 (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\39.music.mp3.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\41.crack.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\41.crack.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\42.keymaker.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\42.keymaker.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\43.setup.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\43.setup.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\44.unpack.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\44.unpack.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\45.keygen.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\45.keygen.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\46.serial.zip (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\46.serial.zip.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\47.music.snd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\LocalService32\47.music.snd.kwd (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\senekadbxvhxvm.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\umtcdtw.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> No action taken.
C:\services.exe (Trojan.Agent) -> No action taken.
C:\lsass.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\diwunawo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\senekajoewxrer.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekawqgkxyvm.dat (Trojan.Agent) -> No action taken.

0

On most programs you do have to tell them to remove or clean. They rarely do it automatically

Update the MBA-M program, run a full system scan again and this time REMOVE ALL found.
Reboot the computer.
Run a new HJT scan save the log.

Post back here with both new logs.

0

On most programs you do have to tell them to remove or clean. They rarely do it automatically

Update the MBA-M program, run a full system scan again and this time REMOVE ALL found.
Reboot the computer.
Run a new HJT scan save the log.

Post back here with both new logs.

I did remove them and reboot after that. The HJT scan that is above is from after removing them.

0

I did remove them and reboot after that. The HJT scan that is above is from after removing them.

Then you should have posted the log from MBA-M that represents that :). It would save time for those members who assist waiting for the correct logs/information.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.