HJT log

Status
Not open for further replies.
partial logs

i knew that couldn't be right when i opened those (actually 2 log results) and that's all there was to them. i have found a few files, same time and date that i think are from the scan. i'll list them below but i haven't got a clue about this. one of the files only contains the row of parenthesis shown in other logs. i hope this helps.

ComboDel.txt

Files to Move:
C:\WINDOWS\system32\icqmlib.exe|C:\QooBox\Quarantine\C\WINDOWS\system32\icqmlib.exe.vir
C:\WINDOWS\system32\iepref32.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\iepref32.dll.vir
C:\WINDOWS\system32\ierplc.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\ierplc.dll.vir
C:\WINDOWS\system32\ips.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\ips.dll.vir
C:\WINDOWS\system32\lanmandrv.sys|C:\QooBox\Quarantine\C\WINDOWS\system32\lanmandrv.sys.vir
C:\WINDOWS\system32\lanmanwrk.exe|C:\QooBox\Quarantine\C\WINDOWS\system32\lanmanwrk.exe.vir
C:\WINDOWS\system32\laprxy.dllexe|C:\QooBox\Quarantine\C\WINDOWS\system32\laprxy.dllexe.vir
C:\WINDOWS\system32\ocxapi.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\ocxapi.dll.vir
C:\WINDOWS\system32\ocxloader.exe|C:\QooBox\Quarantine\C\WINDOWS\system32\ocxloader.exe.vir
C:\WINDOWS\system32\qmopt.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\qmopt.dll.vir

ComboFix.txt

ComboFix 08-02.05.3 - Owner 2008-02-09 11:52:20.6 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 36 bytes in 1 streams.
ADS - explorer.exe: deleted 68 bytes in 1 streams.

drevB.dat

"C:\WINDOWS\system32\ddcya.exe"
"C:\WINDOWS\system32\geebb.exe"
"C:\WINDOWS\system32\cqdtoipk.dll"
"C:\WINDOWS\system32\ddcya.dll"
"C:\WINDOWS\system32\geeda.dll"
"C:\WINDOWS\system32\mllml.dll"
"C:\WINDOWS\system32\oiiuirep.dll"
"C:\WINDOWS\system32\tdxyceek.dll"
"C:\WINDOWS\system32\wvusspn.dll"
"C:\WINDOWS\system32\aycdd.ini"
"C:\WINDOWS\system32\aycdd.ini2"
"C:\WINDOWS\system32\aycdd.ini"
"C:\WINDOWS\system32\periuiio.ini"
"C:\WINDOWS\system32\aycdd.ini"
"C:\WINDOWS\system32\aycdd.ini2"
"C:\WINDOWS\system32\periuiio.ini"

SvcTarget.dat

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.


d-del4AV.dat

""C:\WINDOWS\system32\icqmlib.exe""
""C:\WINDOWS\system32\iepref32.dll""
""C:\WINDOWS\system32\ierplc.dll""
""C:\WINDOWS\system32\ips.dll""
""C:\WINDOWS\system32\lanmandrv.sys""
""C:\WINDOWS\system32\lanmanwrk.exe""
""C:\WINDOWS\system32\laprxy.dllexe""
""C:\WINDOWS\system32\ocxapi.dll""
""C:\WINDOWS\system32\ocxloader.exe""
""C:\WINDOWS\system32\qmopt.dll""

and here is the only vundo log i can find anywhere...


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 10:22:14 AM 2/5/2008

Listing files found while scanning....

C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\kxyxepux.dll
C:\WINDOWS\system32\onstvhvy.dll
C:\WINDOWS\system32\qbtirtul.dll
C:\WINDOWS\system32\tpjymcvb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kxyxepux.dll
C:\WINDOWS\system32\kxyxepux.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onstvhvy.dll
C:\WINDOWS\system32\onstvhvy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qbtirtul.dll
C:\WINDOWS\system32\qbtirtul.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tpjymcvb.dll
C:\WINDOWS\system32\tpjymcvb.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tpjymcvb.dll
C:\WINDOWS\system32\tpjymcvb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 2:36:40 PM 2/5/2008

Listing files found while scanning....

No infected files were found.


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 3:29:51 PM 2/5/2008

Listing files found while scanning....

No infected files were found.


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 20:32:33 2008-02-05

Listing files found while scanning....


VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 05:56:42 2008-02-08

Listing files found while scanning....

C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\bxxxbwlp.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.exe
C:\WINDOWS\system32\geebb.exe
C:\windows\system32\geeda.dll
C:\WINDOWS\system32\mjosaxqs.dll
C:\windows\system32\mllml.dll
C:\WINDOWS\system32\pgrxdmry.dll
C:\WINDOWS\system32\wvusspn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bxxxbwlp.dll
C:\WINDOWS\system32\bxxxbwlp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcya.exe
C:\WINDOWS\system32\ddcya.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebb.exe
C:\WINDOWS\system32\geebb.exe Has been deleted!

Attempting to delete C:\windows\system32\geeda.dll
C:\windows\system32\geeda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mjosaxqs.dll
C:\WINDOWS\system32\mjosaxqs.dll Has been deleted!

Attempting to delete C:\windows\system32\mllml.dll
C:\windows\system32\mllml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pgrxdmry.dll
C:\WINDOWS\system32\pgrxdmry.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvusspn.dll
C:\WINDOWS\system32\wvusspn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 06:24:46 2008-02-08

Listing files found while scanning....

C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.exe
C:\WINDOWS\system32\wvusspn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\ijkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkji.exe
C:\WINDOWS\system32\pmkji.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvusspn.dll
C:\WINDOWS\system32\wvusspn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\wvusspn.dll
C:\WINDOWS\system32\wvusspn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 8:32:47 PM 2/8/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 01:39:30 2008-02-09

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 18:05:18 2008-02-09

Listing files found while scanning....

No infected files were found.

i hope you can make some sense of this. again i appreciate your patience in helping more than i can say. i know i'm of little help. i'd have made a good scarecrow in the wizard of oz. if i only had a brain. let me know what i need to do next.
 
OK, that still does not look like a complete combofix log but I will live with it, I can see it was installed correctly. What I want you to do is remove combofix, make sure to delete the C:\qoobox\quarantine\ folder and remove Vundofix, making sure to delete the C:\Vundofix\Backups\ folder. Once that is done, post a new Kaspersky Online Scan. Include feedback about how the computer is performing. Use these settings:
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Thanks
 
okay, i went to the site for the scan and it said if i had it on my pc to uninstall it or it wouldn't work correctly. i uninstalled it and clicked 'i agree' and it shows the window initializing the download now for four hours. it's never taken this long to d'load or upload the updates. it hasn't even got to the updates yet. have i done something wrong? is it better for you if i pm you with questions like this? thanks...
 
i meant to add, at the bottom of the IE window where the d'load is initializing there is a caution sign with error loading page.
 
I have no idea why it won't download, but all computers can't download it. Why don't we consider the situation. Suppost you post me a new HJT log and describe any malware issues you are experiencing.

Thanks
 
here's the new log. i haven't had any problems of any kind other than that. i had d'loaded the scanner twice before as you had instructed previously. the second time it said to uninstal previous versions and i did. both times it only took a few minutes to initiate, update and didn't take very log to run the scan. i'm running VERY smooth here now for maybe the last 24 hours but i've done no surfing, emailing or other internet activity of any kind as to be careful not to complicate things further.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highimpacthalo.org/forum
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5212
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5212
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

--
End of file - 6714 bytes
 
What are you running as your realtime antivirus program? I am not talking about an online scan, I see this:
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize

but I do not see it in running processes? If that is your antivirus provider, make sure it is running and run a system scan, let me know the results.
I can turn you loose, but I do want to make sure you are not going to have problems.

You can keep ATF-Cleaner if you wish, but I want you to remove from your computer all other tools we downloaded.

Thanks
 
Last edited:
i've been using zone alarm a-v, i had disabled it so not to interfere with the kas d'load and scan. i'll run a scan and post results. i removed combofix and vundofix as you said to earlier and all of their files except for the last log of vundofix which showed no findings. i don't need crutches if i can walk but a hankie to blow on comes in handy so i'll keep the cleaner for now and thanks.
 
virus scan results

i downloaded their free trial and ran a full scan. here is a copy of the report before actions and a copy of the results. it says all threats successfully disinfected. any suggestions on doing more?

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP10\A0051149.dll
deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0055997.EXE
deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0056156.EXE//WiseSFXDropper//WISE0012.BIN
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.eby File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0056985.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0057982.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP22\A0058981.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.edw File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP22\A0058982.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.edw File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060493.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.kp File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060495.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.kp File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060496.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060510.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060511.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060513.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060533.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060536.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP24\A0060558.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.giq File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP27\A0061171.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.idv File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP27\A0061177.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062150.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062152.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062153.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062154.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062155.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062156.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062157.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062158.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062159.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062160.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062161.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062162.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP30\A0062163.dll
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP31\A0064087.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP31\A0064088.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP31\A0065088.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP31\A0065089.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP31\A0065090.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP32\A0066242.dll
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP33\A0067025.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.giq File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP33\A0067044.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0067203.dll
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0068071.EXE
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0068073.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0068074.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0069077.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0069182.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0069183.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0069184.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0069185.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0069196.dll
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP34\A0069202.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP38\A0069826.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP39\A0069865.exe
deleted: adware not-a-virus:AdWare.Win32.PurityScan.gp File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP39\A0069940.exe//data0001
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP39\A0069941.dll
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP39\A0070050.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP39\A0070978.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.giq File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP39\A0071079.dll
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0073088.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0073089.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0073097.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0073245.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0073371.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0074388.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0074391.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0075371.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0075375.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0076374.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0076377.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0077373.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0077668.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0077669.dll
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0077670.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0077672.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0077674.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.giq File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP41\A0077787.dll
not found: virus Heur.Invader (modification) File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP42\A0077897.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
not found: virus Heur.Invader (modification) File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0085071.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0085828.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0085830.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0085831.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0086543.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0086544.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP45\A0086579.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP45\A0086580.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP46\A0086905.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP47\A0086910.exe
deleted: virus Virus.Win32.Trats.d File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP47\A0086911.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP47\A0086912.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP47\A0086913.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP47\A0086916.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP47\A0086917.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.giq File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP47\A0086918.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.giq File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP47\A0086986.dll
not found: virus Heur.Invader (modification) File: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP48\A0087372.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen File: C:\WINDOWS\system32\xlgmnhfl.dll.vzr
 
Looks to me like System Restore needs to be cleaned, Kaspersky can not clean those protected files, follow these directions:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

If you need anything else, let me know.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
 
okay sir! i did as suggested in that link. thanks for the other links, i'm going to visit them tonight and i always have room to learn.

now, i honestly can't say thanks enough to mr. kelley sir, gen norman schwartzkopf has nothing on you. you simply kick a$$. and to all other helpful people who kicked in help and are not named, my sons and i thank you as best we know how.

to those here looking for help, you are in the right place. my advice to you is be patient, do as they say and if there is a fix for what ails you, they'll help you.

mr. kelley again, THANK YOU!
 
Status
Not open for further replies.
Back
Top