Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Help with removal of packed.generic.200 please!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Help with removal of packed.generic.200 please!

Unread postby baller7789 » March 4th, 2009, 3:18 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:22 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
C:\Program Files\AT&T\Communication Manager\bmctl.exe
C:\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\AT&T\Communication Manager\bmop.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\ross\LOCALS~1\Temp\x8gs7138mh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ross\Desktop\tools.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {48f79447-a085-4468-a099-fb2fe5e42437} - c:\windows\system32\nazmtta.dll
O2 - BHO: C:\WINDOWS\system32\hs3i7jdgfd.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ross\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ross\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ross\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [thjinc0xns3q] C:\DOCUME~1\ross\LOCALS~1\Temp\oc7gvlk3n2x.exe
O4 - HKCU\..\Run: [qxc6oqax6eu9q57yivgo8xi0otrlkr0bcpax6dvq] C:\DOCUME~1\ross\LOCALS~1\Temp\psf5s4u.exe
O4 - HKCU\..\Run: [y2ddmjzaikixacvk] C:\DOCUME~1\ross\LOCALS~1\Temp\boo8pqetwiq.exe
O4 - HKCU\..\Run: [fx30ny01u4yeaaj0k2yizos0rxfy4ptrsdu2hrl3ytqb8fdm] C:\DOCUME~1\ross\LOCALS~1\Temp\dqys7xob2jot.exe
O4 - HKCU\..\Run: [fgi99nsuk1oq357an43f4yzg2] C:\DOCUME~1\ross\LOCALS~1\Temp\kyy7bsca8.exe
O4 - HKCU\..\Run: [silg88udc5dvmo4gaom8uw97u3x9fu99] C:\DOCUME~1\ross\LOCALS~1\Temp\x00f25aw.exe
O4 - HKCU\..\Run: [x86k07n5ao3uj] C:\DOCUME~1\ross\LOCALS~1\Temp\q1un7f2llodl.exe
O4 - HKCU\..\Run: [sd16g61tdeirt2pb5] C:\DOCUME~1\ross\LOCALS~1\Temp\v1bau1.exe
O4 - HKCU\..\Run: [n1nh0uhj8fsp7tsziuo712gomf8z8q0] C:\DOCUME~1\ross\LOCALS~1\Temp\cvzs4wd4tdzib.exe
O4 - HKCU\..\Run: [sejqol53n] C:\DOCUME~1\ross\LOCALS~1\Temp\v8n9bl.exe
O4 - HKCU\..\Run: [l96w0yoka84hoadbfg7en9oaf09c254] C:\DOCUME~1\ross\LOCALS~1\Temp\rt6b4mr4.exe
O4 - HKCU\..\Run: [n137lqtihbz1c1itsx7ck14yzel5rn8xdrre0nk3] C:\DOCUME~1\ross\LOCALS~1\Temp\qe6d1wuopg.exe
O4 - HKCU\..\Run: [tfso4u0s2at1rhjmyr] C:\DOCUME~1\ross\LOCALS~1\Temp\v26ad31ou7l.exe
O4 - HKCU\..\Run: [nnev6tn5qd4ygfvrf2tbap6t5n2u6h4dq] C:\DOCUME~1\ross\LOCALS~1\Temp\flpex28ptd.exe
O4 - HKCU\..\Run: [bax8aelsta5diuyzkb5sc23b7mi4wzbuz1g01pvq] C:\DOCUME~1\ross\LOCALS~1\Temp\x5b8wr.exe
O4 - HKCU\..\Run: [q4191no7tbpezrdig1tgaf3nab8bz3wqsgwbmce] C:\DOCUME~1\ross\LOCALS~1\Temp\ink1o4czwvd.exe
O4 - HKCU\..\Run: [aup5l0xn9p9a5xvelwdhss] C:\DOCUME~1\ross\LOCALS~1\Temp\e5dyzam.exe
O4 - HKCU\..\Run: [saaw33g15yo8lijjhospj5] C:\DOCUME~1\ross\LOCALS~1\Temp\j337ps.exe
O4 - HKCU\..\Run: [whu2xquxo1] C:\DOCUME~1\ross\LOCALS~1\Temp\boljbe5vyyg.exe
O4 - HKCU\..\Run: [af6467zh8ic4s1q08rwae9npkwqmuztt4ri0] C:\DOCUME~1\ross\LOCALS~1\Temp\x9ll4f9h8oddh.exe
O4 - HKCU\..\Run: [ygw18y99owr3ueuv0a] C:\DOCUME~1\ross\LOCALS~1\Temp\e8b6namt3af.exe
O4 - HKCU\..\Run: [aq4ga5s74wl6hp5iu18jx4rr345g3g8drla0uzvcy] C:\DOCUME~1\ross\LOCALS~1\Temp\h6iqspfdpmr2.exe
O4 - HKCU\..\Run: [khb4j2x1vzg8yoyjxf3wnmth25jxip0zohz39] C:\DOCUME~1\ross\LOCALS~1\Temp\jckn5z5z.exe
O4 - HKCU\..\Run: [l2oxtshreqi87as3iz2hld5awc2n9lh] C:\DOCUME~1\ross\LOCALS~1\Temp\qg384abe62j.exe
O4 - HKCU\..\Run: [ddfxqxri9cw56qsidido7n0klg2o3koojvk6obc7] C:\DOCUME~1\ross\LOCALS~1\Temp\qbr8ob.exe
O4 - HKCU\..\Run: [jh6b8s3baunpivsn6wo6d0xl3th9dc80qctt0rlq0wxeesn7] C:\DOCUME~1\ross\LOCALS~1\Temp\wyzgut95qclw7.exe
O4 - HKCU\..\Run: [qodbvr5pwtaa8ntkioet] C:\DOCUME~1\ross\LOCALS~1\Temp\sjp2grzoe.exe
O4 - HKCU\..\Run: [xx3o5op7vqgy9gqa5yashsodwy8] C:\DOCUME~1\ross\LOCALS~1\Temp\a6bh74w.exe
O4 - HKCU\..\Run: [yhtva26xszn694] C:\DOCUME~1\ross\LOCALS~1\Temp\v7yj9qt.exe
O4 - HKCU\..\Run: [b2oxwi2ore6ke9] C:\DOCUME~1\ross\LOCALS~1\Temp\l02smjzlqe9.exe
O4 - HKCU\..\Run: [hz9pevghjfxblzwaquofdn9rojuq1rzncxc0h] C:\DOCUME~1\ross\LOCALS~1\Temp\sz9dovcx6.exe
O4 - HKCU\..\Run: [k5dknkvizcar3s8vqedz30resayw2doyj3twy5f76mn] C:\DOCUME~1\ross\LOCALS~1\Temp\diswb5eq98.exe
O4 - HKCU\..\Run: [imxazdnjhagwbymwixhbesiywahvstmcnej29x6f3hdj4ov3t] C:\DOCUME~1\ross\LOCALS~1\Temp\esxu2my1a23.exe
O4 - HKCU\..\Run: [ove3tobnm2j2i196u5] C:\DOCUME~1\ross\LOCALS~1\Temp\kmnk2091zc1.exe
O4 - HKCU\..\Run: [kmsg9reym6bnzs5hrrt8tju2dvfr1e7q1z9dp363s5x] C:\DOCUME~1\ross\LOCALS~1\Temp\qbp7dc22.exe
O4 - HKCU\..\Run: [oazfs33do9c0qtr5cf6ibf2jk1q2rodd9p0ke8lk99] C:\DOCUME~1\ross\LOCALS~1\Temp\yfi6e7sb.exe
O4 - HKCU\..\Run: [fqeyltnual67] C:\DOCUME~1\ross\LOCALS~1\Temp\u5oiug5jh.exe
O4 - HKCU\..\Run: [kovsf822kap5prpx] C:\DOCUME~1\ross\LOCALS~1\Temp\w03ebbbq.exe
O4 - HKCU\..\Run: [k7r4bzwrrme8xoyextwfs3jpopo] C:\DOCUME~1\ross\LOCALS~1\Temp\sq50dck9b.exe
O4 - HKCU\..\Run: [uz2geyc0qmj9p8vf7p6seavmok2297b4ir19p46] C:\DOCUME~1\ross\LOCALS~1\Temp\rg025c0y.exe
O4 - HKCU\..\Run: [zamw4868k55v7vuhwk3vgfyl2d9fz] C:\DOCUME~1\ross\LOCALS~1\Temp\rljmvt5.exe
O4 - HKCU\..\Run: [bsuzl57of89d9dy86wos2nlx] C:\DOCUME~1\ross\LOCALS~1\Temp\br61nhbaqfd.exe
O4 - HKCU\..\Run: [pugvmvzhhbivlhcfv8nrb6wb6p0zk7mengd8ktq4] C:\DOCUME~1\ross\LOCALS~1\Temp\bhavfj3yli8.exe
O4 - HKCU\..\Run: [q08zy9yyuysfwefk6mz458qhe9cy46s2krcnsnorw] C:\DOCUME~1\ross\LOCALS~1\Temp\x8gs7138mh.exe
O4 - HKCU\..\Run: [y9h7y5ugj6oo0v4ylo8efggnz1x3520rjygh23j67bxoprrzei] C:\DOCUME~1\ross\LOCALS~1\Temp\kai0yv1ut.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\ross\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3487108013
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{208DB1EC-780C-468B-A1BC-EE669B9F7335}: NameServer = 209.183.50.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{208DB1EC-780C-468B-A1BC-EE669B9F7335}: NameServer = 209.183.50.151
O17 - HKLM\System\CS2\Services\Tcpip\..\{208DB1EC-780C-468B-A1BC-EE669B9F7335}: NameServer = 209.183.50.151
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ochmvxuf - C:\WINDOWS\SYSTEM32\nazmtta.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 16107 bytes
baller7789
Active Member
 
Posts: 1
Joined: March 4th, 2009, 3:14 am
Top
Advertisement
Register to Remove

Re: Help with removal of packed.generic.200 please!

Unread postby peku006 » March 7th, 2009, 6:54 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache
      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

2 - Scan With ComboFix

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Top

Re: Help with removal of packed.generic.200 please!

Unread postby NonSuch » March 12th, 2009, 3:31 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 438 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index