Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: help with malware removal  (Read 5306 times)

0 Members and 1 Guest are viewing this topic.

trx902001

    Topic Starter


    Newbie

    help with malware removal
    « on: November 02, 2009, 08:40:57 PM »
    Hi guys
    I'm new to the forums and i followed all of your guide to removing the malware, I have all the logs ready but I'll give you some background info first.
    I let my friend use my laptop while I was on vacation last month. I got it back and he said there was a lot of viruses on it. Download AVG and ran that and deleted what I could than came here and now turning to you guys for advice. After running AVG it still seemed like i had spyware and malware problems because almost everytime i would click on a link to something it would redirect me to some weird search engine or a article not relating at all to what I searched. So i followed your guide step by step and here are the logs...

    Malwarebytes' Anti-Malware 1.41
    Database version: 3090
    Windows 5.1.2600 Service Pack 3

    11/2/2009 7:04:41 PM
    mbam-log-2009-11-02 (19-04-41).txt

    Scan type: Quick Scan
    Objects scanned: 95234
    Time elapsed: 5 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 2
    Registry Values Infected: 8
    Registry Data Items Infected: 5
    Folders Infected: 1
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\WINDOWS\system32\rahuziti.dll (Trojan.Vundo.H) -> Delete on reboot.
    \\?\globalroot\systemroot\system32\hjgruibyufoqov.dll (Trojan.FakeAlert) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{ca7654f9-4f26-43f5-b51a-a20648c4bc3f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\susukikiz (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ca7654f9-4f26-43f5-b51a-a20648c4bc3f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nogipovoz (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vturpndrv (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qonkjhdrv (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\rahuziti.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\rahuziti.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pqrs.tmo printer) Good: (Explorer.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\15888754 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Files Infected:
    c:\WINDOWS\system32\rahuziti.dll (Trojan.Vundo.H) -> Delete on reboot.
    \\?\globalroot\systemroot\system32\hjgruibyufoqov.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sheri Costa\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sheri Costa\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/02/2009 at 06:41 PM

    Application Version : 4.29.1004

    Core Rules Database Version : 4223
    Trace Rules Database Version: 2124

    Scan type       : Complete Scan
    Total Scan Time : 00:38:16

    Memory items scanned      : 502
    Memory threats detected   : 3
    Registry items scanned    : 4603
    Registry threats detected : 15
    File items scanned        : 28459
    File threats detected     : 60

    Adware.Vundo/Variant-[Fixed]
       C:\WINDOWS\SYSTEM32\LOLAJEYO.DLL
       C:\WINDOWS\SYSTEM32\LOLAJEYO.DLL
       C:\WINDOWS\SYSTEM32\SINODISI.DLL
       C:\WINDOWS\SYSTEM32\YISIWUSU.DLL

    Adware.Vundo/Variant-EC
       C:\WINDOWS\SYSTEM32\ZEPULABE.DLL
       C:\WINDOWS\SYSTEM32\ZEPULABE.DLL
       C:\WINDOWS\SYSTEM32\LAGOGUZE.DLL

    Trojan.Agent/Gen-FakeAlert
       C:\WINDOWS\SYSTEM32\PQRS.TMO
       C:\WINDOWS\SYSTEM32\PQRS.TMO

    Trojan.Agent/Gen-FakeAlert[Calc]
       [calc] C:\DOCUME~1\SHERIC~1\NTUSER.DLL
       C:\DOCUME~1\SHERIC~1\NTUSER.DLL

    Trojan.Sino-PWS/Gen
       HKLM\Software\Classes\CLSID\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{A2234B15-23F2-42AD-F4E4-00AAC39C0004}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}
       HKU\S-1-5-21-1715567821-1580818891-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}
       HKCR\CLSID\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}
       HKCR\CLSID\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}#ThreadingModel
       HKCR\CLSID\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}\InProcServer32
       HKCR\CLSID\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}\InProcServer32#ThreadingModel

    Trojan.Agent/Gen
       C:\WINDOWS\system32\WISPEX.HTML

    Rogue.WindowsPolicePro
       HKU\.DEFAULT\Software\Softimer
       HKU\S-1-5-18\Software\Softimer
       HKU\.DEFAULT\Software\Windows Police Pro
       HKU\S-1-5-18\Software\Windows Police Pro
       C:\Program Files\WINDOWS POLICE PRO\msvcm80.dll
       C:\Program Files\WINDOWS POLICE PRO\msvcp80.dll
       C:\Program Files\WINDOWS POLICE PRO\msvcr80.dll
       C:\Program Files\WINDOWS POLICE PRO\tmp\dbsinit.exe
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\i1.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\i2.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\i3.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\j1.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\j2.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\j3.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\jj1.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\jj2.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\jj3.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\l1.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\l2.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\l3.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\pix.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\t1.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\t2.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\up1.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\up2.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\w1.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\w11.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\w2.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\w3.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\w3.jpg
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\wt1.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\wt2.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images\wt3.gif
       C:\Program Files\WINDOWS POLICE PRO\tmp\images
       C:\Program Files\WINDOWS POLICE PRO\tmp\wispex.html
       C:\Program Files\WINDOWS POLICE PRO\tmp
       C:\Program Files\WINDOWS POLICE PRO\winivsetup.exe
       C:\Program Files\WINDOWS POLICE PRO
       C:\WINDOWS\Prefetch\DBSINIT.EXE-34ACFE34.pf
       C:\WINDOWS\Prefetch\WINIVSETUP.EXE-0D4DBA30.pf

    Adware.Tracking Cookie
       C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@insightexpressai[1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@realmedia[1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@specificclick[1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@tacoda[1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@toseeka[2].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\system@tribalfusion[1].txt
       C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:20:09 PM, on 11/2/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\AIM6\aim6.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
    R3 - URLSearchHook: (no name) - *{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nnkijhsys] rundll32.exe "ddddeb.dll",DllRegisterServer
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [xxywtudrv] rundll32.exe "jkjklk.dll",s
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [dddbawdrv] rundll32.exe "jkjklk.dll",s
    O4 - HKUS\S-1-5-18\..\Run: [urromnsys] rundll32.exe "ddddeb.dll",DllRegisterServer (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Login Software 2009] C:\WINDOWS\TEMP\ibju89qnp.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\WINDOWS\TEMP\mdm.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [opmmkhdrv] rundll32.exe "jkjklk.dll",s (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [urromnsys] rundll32.exe "ddddeb.dll",DllRegisterServer (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: lolajeyo.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 7756 bytes


    i couldnt attach the notepad files for some reason so i just copy pasted..
    So if you guys could let me know of any last steps to delete all of that stuff it would be greatly appreciated

    Thanks,
    Ryan
    Logged

    Quantos



      Guru
    • Veni, Vidi, Vici
      • Thanked: 170
      • Yes
      • Yes
    • Computer: Specs
    • Experience: Guru
    • OS: Linux variant
    Re: help with malware removal
    « Reply #1 on: November 02, 2009, 08:44:28 PM »
    Welcome to Computer Hope, a specialist will be along, please be patient.
    Logged
    Evil is an exact science.

    trx902001

      Topic Starter


      Newbie

      Re: help with malware removal
      « Reply #2 on: November 02, 2009, 10:22:13 PM »
      Thanks so much. My computers running a lot smoother now and I appreciate all
      the help I've already gotten.
      Logged
      Pages: [1]   Go Up
      « previous next »