Page 2 of 9 FirstFirst 123456 ... LastLast
Results 11 to 20 of 89

Thread: system infected with security suite

  1. 2010-09-20, 21:58 #11
    karman
    karman is offline
    Member
    Join Date
    Sep 2010
    Posts
    47

    Default Malwarelog

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4657

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18943

    9/20/2010 8:25:37 PM
    mbam-log-2010-09-20 (20-25-37).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 317966
    Time elapsed: 1 hour(s), 14 minute(s), 59 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 7
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 9

    Memory Processes Infected:
    C:\Users\Home\.COMMgr\complmgr.exe (Trojan.Agent) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\MSoftware (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvgciejlpe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvgciejlne (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvgciejlne.com&p=r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagiaagacagicagmdawp8aaad/ap//aaaa//8a/wd/
    /////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazgaamqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
    aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
    mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
    zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
    mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
    zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
    /5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
    ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
    m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
    zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
    mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
    zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
    aaj/ap8jhdiqgsgdcbmqxmiwocohecnknejritwdff8zxjgxisenbtu2/nixjeksjk1expkvfcap
    qvjjbjnsyuyzcjlarmmz58mcinw2polsonchlfegpaj0j0e/qad6cwmuktorbi8ufloxqteyu1ts
    +xqz58axk5saxsnwplaif7gk9inwzlmidvpq3cvxrp+3gghztaqxyngubl0khcqy6thdn6h69sqv
    mtnjyo9apcv0ytiqjc9ezcs4a2lnaimofrxtp96/mgoxpjnwk2fvaz9njgx4c93eq9nwpflwnump
    z+fqpt14rnphgskqty3u6thli9m+ly6tommxbcss/8/qeytduailhuyofp3e2jcbci+8pbf58ecj
    tp6t0ib4xvfrpr15prlxhuawhrswvoaplha1cwyvv2lhtbgdry79xv9/el1vgwhyeagdhqp9nrv4
    hpg4oxw6ybewwlfr5tsdq0nlh3rqvrsyhg+lpsniad2oowsguwrkcd/kjttfgr02fecncodgezyt
    ynr8mww23hdkmtezyj6ceasymkkhn4v6tavgvg62pggmdzo0xy3oacfwzwapv9yfpcjpzgsgtlxh
    u5krbthgtk7ognscfwyxcihmurucqef0i51fzsdjneucydxhfujn1is1tyxmmusj6prudoe3xrsr
    pv9jawebhtjojvmspegiiulzj6+ooydnhngkjtzxn1j2fypaefpidjlhbbokkbrlpu/xanspkv0q
    5kuts/1kbjtovpssxfaphmrbakycqaszdmyjvztyduul0duz0mhbgtiqsji2z6i/tsp4lp7wsdsa
    aqxrqrn4kakqbuaxvmxxgc0tdoel4kxykqxecroshiftofkkltiuilotlexaieej6c4kcmfr5hrg
    +mjxzhbp6xbvfsd6ccsruoevsyb+q+6+s1hzsc/u0ervv9ffzttcsrukxmcevvp0t7mmoxep11ym
    1dnb4/rxzkrvckn9s9mammdpzwl1futnh6ttddb/jzxleeuyan2hbw1tvqrf6vjqommiodasp1xx
    wdxxpkdofmr0mevrx75ozgnj+yo1eb+axl3rjayrtqyl23s4euell4+nh1501i1f6rnuwgaonjqh
    xrr2zh9hlblzptbnb9gkr4opnsy+/y/xmt4g042heu7jabzpxn1bzjfq4kkyy4ieejq/citn6in6
    jphca0ut5arxvflxq777om4hylrtm4wtjnmi1abfsszpgwovwf7ks7ndau4mcxljnduzmurfelci
    mqevwd7dzjbkdnni5qg3e2ktl2acyw2suvon7lgmvaukll2kt59jmq5cxcgcgia1nqyyh0t5utt8
    /3afocrjrioiytl/viicfqnsvvnxi3acdusovc0+ullid9igm+dsxvmgedpcfgim1b0kkgsuysjs
    y0t/yqujr5xy6bbfwnvgzgmexa9yzceq3wmpijstlog2v5pcrssxkijnxkrclv5fazkzhffgfeov
    6rjpext5tnain6rtrcv0azqwyljgljrhxgnzulkgxiutev4onmvjpii+mcbwxcchm2sicadzr56c
    yf2pzofd0igz43igmxzsioumxxwnqde7+zolv6ifnzaallykwsq1grm/khkfe6e5pvfwocrcbbjl
    k0hm9matrbstjhe+g+yjw8kozvurvvou4xkbmv+/prwmq49bvjdlrliwrja2xcgj5xqvojehkyxo
    fjpeh2ezeojrwjdqdqmkpb+kyljr73ly1djjxp0w6ddo5n3c+ljmw50ntcjrdbcpu7cgag9ma6em
    ghotuerurx+yus0ts5qfnsjqq0l7yugycefkwczsxtne5o7er3qelyeh2ijihnyqboboitvkyams
    lxk65ckno/wkk/ng0udkazlllclocna8s9iivqinjljlltsnekhoewsoucfhoisxat/je5z3gmm4
    mmxitytxkf/tb68y7vr9arnd2wrctxbl0kudy0gglag0ha6hrpjp1b8oofg0ntvfa3kjbwwfu8v/
    qst4ouvku7pkziafbz1msrwi4hnlrd52tj6jjbsl4qlfjowlhbrl9yb3fswmk5zknfzgosormbgk
    tv/syz+ygybagdc6xjnxfvymm9pcr6am8gzp3klw0ipsk0bt2uggezqw+emmgtnaj+hfyh1rx17o
    fjo16sq0e2wwec2r7oawd9gzsxhhyqwnct9apou0v44+pu++jdnsfryhz2ob4trnc8bffjv0p4qt
    lld7txq/wiicpbljmbzef1lvbcglznk2bkhzyjvjsigjavdlypzxgkwr4t1fkdbkkrzomp0k5wzl
    5jld1cxc9rrarh7yzfxtxg0io0lywdxzke9l/8rqznuuqfou8tmxkl0oznnym7nnxjkrg5qw9ybd
    o7jgvf+h6c2bcmlkse15ayqg8bqpt51ysrjqwxeufakxker6+muz2kmmu6uvhkwpniansz30dbad
    ywos9ysheqp1klhnbmqlk69kdu1j08lojor+zulstvduxcdgz3ai2fjgk7xsnfwaskvoaprp7gx5
    vlf5m2h+iz3svnkg216x5iik5l8fcsyqmrq2o9le+tyirrsmdfu+t05rkyxy/y3tgoxhpq9v5hj8
    a7qr6sxzav57jll0k8sqwo0if+q0ortqlzleuk1prkpjoqslmrpzmoewwej8l6culrt3rfvtx94z
    g36+rcwjgxpkkbkutqa6r3xaecvj2z6scl7u3lyasga2we16ngij6pxyvms1mp+d6dljeylnzqpx
    qmzxgwu2wkfqb861ll55ppixbz9yyuusshhduktt8tm5he5ngn/7k0jecsjnckhevjp2tpyji2/6
    ajphfdeofyitjc2sonehs3dt41laldk9sz086tgsrx//up0n5c9+n5uh8u353zhis1ycrme7n+ki
    uobe6lexd3djepu8hxstlyvnk3y1kim89h15kk3nc604ax4x9lp83v/6bqob5+q+cqgaow (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvgciejlqvc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Home\AppData\Local\vpwkxpvvr\jhxpotxuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
    C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD\handlerfix70700en00.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Rootkit.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfteml.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msftldr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Home\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Home\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
  2. 2010-09-20, 21:59 #12
    karman
    karman is offline
    Member
    Join Date
    Sep 2010
    Posts
    47

    Default

    Hi many Thanks for your help......

    Extract,txt didn't create when i ran OTL after removal.

    Hope it should not have any problem ..Please let me know if there is an issue.

    AGain Many Thanks for this...................................
  3. 2010-09-21, 07:10 #13
    jmw3
    jmw3 is offline
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    Hi

    Still a bit to do:

    Erunt
    This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
    • Click Start >> All Programs >> ERUNT, then double-click ERUNT from the menu
      Vista/Windows 7 users: Right-click on ERUNT in the menu, then select Run As Administrator. If UAC prompts, please allow it.
    • Click on OK within the pop-up menu
    • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
      • System registry.
      • Current user registry.
    • Next click on OK... at the prompt... reply Yes.
      After a short duration the Registry backup is complete! pop-up message will appear
    • Now click on OK. A registry backup should now been created


    Run Fix With OTL
    Highlight the following in the code box and press Ctrl+C on the keyboard
    Make sure you include the first colon (:)

    Code:
    :Otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKCU..\Run: [Lvgciejl/z+me\AppData\Local\Temp\961095171.exe] C:\Users\Home\AppData\Local\Temp\961095171.exe File not found
O4 - HKCU..\Run: [Lvgciejl82xme\AppData\Local\Temp\2314884205.exe] C:\Users\Home\AppData\Local\Temp\2314884205.exe File not found
O4 - HKCU..\Run: [Lvgciejl91+me\AppData\Local\Temp\440669226.exe] C:\Users\Home\AppData\Local\Temp\440669226.exe File not found
O4 - HKCU..\Run: [Lvgciejl9yyme\AppData\Local\Temp\1535015731.exe] C:\Users\Home\AppData\Local\Temp\1535015731.exe File not found
O4 - HKCU..\Run: [Lvgciejlhb] C:\Users\Home\AppData\Local\Temp\debug.exe File not found
O4 - HKCU..\Run: [Lvgciejlk+] C:\Users\Home\AppData\Local\Temp\gdi32.exe File not found
O4 - HKCU..\Run: [Lvgciejlmc] C:\Users\Home\AppData\Local\Temp\mdm.exe File not found
O4 - HKCU..\Run: [Lvgciejlna] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlo+] C:\Users\Home\AppData\Local\Temp\avp32.exe File not found
O4 - HKCU..\Run: [Lvgciejloc] C:\Users\Home\AppData\Local\Temp\avp.exe File not found
O4 - HKCU..\Run: [Lvgciejlora] C:\Users\Home\AppData\Local\Temp\iexplarer.exe File not found
O4 - HKCU..\Run: [Lvgciejlotc] C:\Users\Home\AppData\Local\Temp\hexdump.exe File not found
O4 - HKCU..\Run: [Lvgciejlpsc] C:\Users\Home\AppData\Local\Temp\taskmgr.exe File not found
O4 - HKCU..\Run: [Lvgciejlq+] C:\Users\Home\AppData\Local\Temp\win16.exe File not found
O4 - HKCU..\Run: [Lvgciejlqb] C:\Users\Home\AppData\Local\Temp\winamp.exe File not found
O4 - HKCU..\Run: [Lvgciejlqc] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [Lvgciejlqf] C:\Users\Home\AppData\Local\Temp\user.exe File not found
O4 - HKCU..\Run: [LvgciejlqMc] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe File not found
O4 - HKCU..\Run: [LvgciejlqMcmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe File not found
O4 - HKCU..\Run: [LvgciejlqW] C:\Users\Home\AppData\Local\Temp\drweb.exe File not found
O4 - HKCU..\Run: [Lvgciejlrxc] C:\Users\Home\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKCU..\Run: [LvgciejlsPc] C:\Users\Home\AppData\Local\Temp\nvsvc32.exe File not found
O4 - HKCU..\Run: [Lvgciejlud] C:\Users\Home\AppData\Local\Temp\system.exe File not found
O4 - HKCU..\Run: [Lvgciejlupc] C:\Users\Home\AppData\Local\Temp\sysedit.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O33 - MountPoints2\{1727ee65-a14d-11de-836d-002219ec09f3}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell - "" = Autorun
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell\Open\command - "" = regsvr.exe
:Files
C:\Users\Home\AppData\Local\vpwkxpvvr
:Commands
[Purity]
[EmptyTemp]
[Reboot]
    Right-click on the OTL.exe file & choose Run as Administrator to start OTL. OK any warning about running OTL.
    Click in the Custom Scans/Fixes box at the bottom of the OTL window
    Press Ctrl+V to paste the above code in the box (check that the code appears)
    Click the Run Fix button
    Please post the resulting log and close OTL.

    Re-scan With OTL
    Once done, re-run OTL again following instructions posted previously here:
    http://forums.spybot.info/showpost.p...81&postcount=4

    To post in next reply:
    OTL Fix log
    New OTL log
    Update on how the computer is running
  4. 2010-09-23, 20:15 #14
    karman
    karman is offline
    Member
    Join Date
    Sep 2010
    Posts
    47

    Default log after runnng eerunt

    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejl/z+me\AppData\Local\Temp\961095171.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejl82xme\AppData\Local\Temp\2314884205.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejl91+me\AppData\Local\Temp\440669226.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejl9yyme\AppData\Local\Temp\1535015731.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlhb deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlk+ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlmc deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlna deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
    File Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlo+ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejloc deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlora deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlotc deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlpsc deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlq+ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlqb deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlqc deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
    File Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlqf deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvgciejlqMc deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvgciejlqMcmd.com/dw/dw.php?id=%s&ver=d01 deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvgciejlqW deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlrxc deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvgciejlsPc deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlud deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlupc deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1727ee65-a14d-11de-836d-002219ec09f3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1727ee65-a14d-11de-836d-002219ec09f3}\ not found.
    File F:\WDSetup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\ not found.
    File F:\Setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826839c6-809f-11df-a589-002219ec09f3}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826839c6-809f-11df-a589-002219ec09f3}\ not found.
    File regsvr.exe not found.
    ========== FILES ==========
    C:\Users\Home\AppData\Local\vpwkxpvvr folder moved successfully.
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.14.0 log created on 09232010_190900
  5. 2010-09-23, 20:18 #15
    karman
    karman is offline
    Member
    Join Date
    Sep 2010
    Posts
    47

    Default

    Hi ,

    I have done the first step but i couldn't do Rescan OTL step as i am not able to access the below link.It is throwing an error http404 not found

    http://forums.spybot.info/showpost.p...81&postcount=4
  6. 2010-09-23, 22:20 #16
    jmw3
    jmw3 is offline
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    http://forums.spybot.info/showpost.p...81&postcount=4

    Try the link above... Alternatively, here's the instructions again:
    OTL
    • Right click on OTL.exe then choose Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted
    • When the window appears, ensure Include 64bit Scans is ticked
    • Click on Minimal Output at the top
    • Download the following file scan.txt to your Desktop - Click here to download it. You may need to right click on it and select "Save"
    • Double click inside the Custom Scan box at the bottom
    • A window will appear saying Click Ok to load a custom scan from a file or Cancel to cancel
    • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
    • Select scan.txt & click Open. Writing will now appear under the Custom Scan box
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long
      • When the scan completes, it will open a notepad window OTL.Txt. These are saved in the same location as OTL.
      • Copy/paste the contents of the log & post it in your next reply
    To post in next reply:
    Contents of OTL.txt
  7. 2010-09-28, 22:15 #17
    karman
    karman is offline
    Member
    Join Date
    Sep 2010
    Posts
    47

    Default again infected

    Hi ,
    My system seems to be infected again by security suite :(. I am not able to connect to internet now. I am posting this from my friend's system. I think I need to disable the proxy setting to connect to internet. Not tried that yet. Will try it and try to run OTL log tomorrow. Please dont close this thread.
  8. 2010-09-29, 02:34 #18
    jmw3
    jmw3 is offline
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    OK, no worries.
  9. 2010-09-30, 20:07 #19
    karman
    karman is offline
    Member
    Join Date
    Sep 2010
    Posts
    47

    Default MBAM-log

    Hi , I ran MBAM today and removed some files. I am posting the MBAM log file. Please advice on the next step. I have not run OTL yet. Not sure if I have to use the custom scan fle provided in the previuos steps. So I am not running OTL until I hear from you.
    ----------------------------MABM-LOG-------------------
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4657

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18943

    9/30/2010 6:56:19 PM
    mbam-log-2010-09-30 (18-56-19).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 318101
    Time elapsed: 1 hour(s), 20 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\706588211 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Home\AppData\Local\706588211.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
    C:\Users\Home\AppData\Local\Temp\PWwsduGWim.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
    C:\Users\Home\AppData\Local\Temp\0.045902130943854536.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Home\AppData\Local\Temp\0.585349650371498.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
  10. 2010-10-01, 00:39 #20
    jmw3
    jmw3 is offline
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    Not sure if I have to use the custom scan fle provided in the previuos steps.
    That Custom scan text file is constantly being updated so delete the copy you have & download it again. Then run OTL using the instructions previously provided & the new Custom scan text file.
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules