Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Ywd, Ypudia, Asam

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Ywd, Ypudia, Asam

Unread postby waterinacio » June 13th, 2010, 11:07 am

Ywd, Ypudia, and Asam.exe seem to have taken over my machine. The symptoms are: phantom internet sessions, sometimes to a unannounced yahoo search, re-directed searches, while on the internet occasionally stop and sent to an advertising site, broken links to some news sites. I use primarily Mozilla, which seems to work OK. IE can't seem to "locate that address" no matter what I do, but it starts on it's own (multiply) trying to link to (sorry the exact wording was not written done but I'm sure it'll happen again) looking for a "javascript page" or something to that effect. Thank you in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:00 AM, on 6/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Ypuvia.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTEQA.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [vitbkcag] C:\Documents and Settings\bridic\Local Settings\Application Data\uppafvaug\rdlakrjtssd.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\bridic\LOCALS~1\Temp\Ywd.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{368CB5D9-E82F-4A70-91D4-F5400940404A}: NameServer = 93.188.163.18,93.188.161.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB91549B-E55E-4525-9AD5-236C15EFD694}: NameServer = 93.188.163.18,93.188.161.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.18,93.188.161.196
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.18,93.188.161.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.18,93.188.161.196
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cryptnet32 - C:\WINDOWS\SYSTEM32\cryptnet32.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MSWU-2b5176f2 - Unknown owner - C:\WINDOWS\system32\2b5176f2.exe
O23 - Service: MSWU-f36decbb - Unknown owner - C:\WINDOWS\system32\f36decbb.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6142 bytes

3D Home Architect Deluxe
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Aptana Studio 2.0
AutoCAD R14.0
CCleaner
COMcheck 3.7.0
Conexant D110 MDC V.9x Modem
Corel WordPerfect Suite 8
Dell ResourceCD
Dell Wireless WLAN Card
DirectX 9 Runtime
EPSON Scan
EPSON Web-To-Page
EPSON WorkForce 500 Series Printer Uninstall
Golden Classic Mahjong
Hard Disk Scrubber 3.2 (Remove Only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB943232)
Intel RSX 3D
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Adapters and Drivers
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.6.3)
MSXML 6.0 Parser (KB933579)
Nitro PDF Professional
OpenOffice.org 3.0
Palm Desktop and Synchronization Software
PhotoScape
Roxio Activation Module
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Content
Roxio RecordNow Premier
Roxio RecordNow Premier
Roxio RecordNow Premier
Skype™ 4.0
Sonic RecordNow!
Sonic Update Manager
Update for Windows XP (KB898461)
VC 9.0 Runtime
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
WinZip 14.0
ZoneAlarm Extreme Security
waterinacio
Active Member
 
Posts: 4
Joined: June 13th, 2010, 10:45 am
Top
Advertisement
Register to Remove

Re: Ywd, Ypudia, Asam

Unread postby Airscape » June 14th, 2010, 4:36 pm

Hello waterinacio... welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
The logs can take a while to research. Please be patient with me.

Take note of the following before we begin:
  • Post to this thread only and please stick to it until you are given an All Clean. Absence of symptoms does not mean that your computer is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.
  • ALL USERS OF THIS FORUM MUST READ THIS FIRST

Note: As I'm still in training here at MRU everything I post must be checked by an expert first. So there may be a slight delay in between posts.

Important:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before we start.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Ywd, Ypudia, Asam

Unread postby waterinacio » June 14th, 2010, 9:08 pm

Thank you Airscape!
I have all the patience in the world, but this three day limit is making me nervous! I don't doubt that you will be as careful as necessary, just whether I can respond in a prompt manner.
waterinacio
Active Member
 
Posts: 4
Joined: June 13th, 2010, 10:45 am
Top

Re: Ywd, Ypudia, Asam

Unread postby Airscape » June 16th, 2010, 7:19 pm

Hi waterinacio,

Please take note of the following topic:
Attention: Windows XP and Vista Users!
Support for Windows XP with Service Pack 2 (SP2) will end on July 13, 2010. To continue support, make sure you've installed Windows XP Service Pack 3 (SP3).

Once the operating system (OS) is unsupported it won't receive any security updates and will be wide open for infection, leaving the only option but to reformat and reinstall the OS.

IMPORTANT: The above mentioned Service Packs should only be installed on a malware free computer.

So in light of the above, don't try and update to Windows SP3 yet, wait untill your pc is clean. Thank you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download/Run Rkill
Please download Rkill from Here, Here,Here, or Here and save to the desktop.
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Don't Restart the pc after running Rkill untill instructed later in the fix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

TDSSKiller
  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: only run this fix once.
  • Double click on TDSSKiller.exe to run it.
  • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
  • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
  • a log file should be created on your C: drive named something like TDSSKiller 2.1.1 Jun 17 2010 02:40:02
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click finish.
  • If an update is found, it will download and install the latest version. Or click the Update tab in MBAM.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post this log in your next reply.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • If asked to restart the computer to finish cleaning, please do so.
  • Failure to reboot will prevent MBAM from removing all the malware.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

If you receive an (Error Loading) error on reboot, please reboot a second time.
It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logs/information to post in next reply:
  • TDSSKiller log
  • MBAM log
  • How is the pc running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Ywd, Ypudia, Asam

Unread postby waterinacio » June 16th, 2010, 9:10 pm

Airscape: some problems
1. ran RKill, log below
2. ran TDSSKiller, generated a log, did not ask for a re-boot so re-booted manually, log below,
3. trying to get to Malwarebytes', "address not found", tried several times: no go, can't get there from here.

Will try malwarebytes' again, but what did I do wrong?
Thank you.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as bridic on 06/16/2010 at 19:46:04.


Processes terminated by Rkill or while it was running:


C:\DOCUME~1\bridic\LOCALS~1\Temp\Ywd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\bridic\Desktop\rkill.exe


Rkill completed on 06/16/2010 at 19:46:19.


19:46:52:671 1668 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
19:46:52:671 1668 ================================================================================
19:46:52:671 1668 SystemInfo:

19:46:52:671 1668 OS Version: 5.1.2600 ServicePack: 2.0
19:46:52:671 1668 Product type: Workstation
19:46:52:671 1668 ComputerName: C1133B72ECF1499
19:46:52:671 1668 UserName: bridic
19:46:52:671 1668 Windows directory: C:\WINDOWS
19:46:52:671 1668 Processor architecture: Intel x86
19:46:52:671 1668 Number of processors: 1
19:46:52:671 1668 Page size: 0x1000
19:46:52:671 1668 Boot type: Normal boot
19:46:52:671 1668 ================================================================================
19:46:52:843 1668 Initialize success
19:46:52:843 1668
19:46:52:843 1668 Scanning Services ...
19:46:53:281 1668 Raw services enum returned 326 services
19:46:53:296 1668
19:46:53:296 1668 Scanning Drivers ...
19:46:54:296 1668 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:54:359 1668 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:54:421 1668 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
19:46:54:453 1668 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:46:54:515 1668 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
19:46:54:625 1668 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:54:656 1668 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:54:703 1668 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:54:734 1668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:54:781 1668 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:46:54:828 1668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:46:54:921 1668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:54:937 1668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:54:984 1668 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:55:031 1668 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:55:062 1668 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
19:46:55:109 1668 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:46:55:125 1668 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:46:55:187 1668 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:55:250 1668 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
19:46:55:296 1668 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
19:46:55:312 1668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:46:55:359 1668 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:46:55:390 1668 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:55:468 1668 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:46:55:515 1668 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:55:562 1668 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
19:46:55:593 1668 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
19:46:55:640 1668 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:46:55:656 1668 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:46:55:671 1668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:55:703 1668 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:55:734 1668 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:55:765 1668 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:46:55:812 1668 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
19:46:55:875 1668 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:46:55:984 1668 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:56:031 1668 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:46:56:093 1668 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:46:56:203 1668 icsak (79245cf5331bb2b2c5a6d9f5e045a044) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
19:46:56:250 1668 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:56:281 1668 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:46:56:312 1668 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:56:375 1668 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:46:56:421 1668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:46:56:484 1668 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:56:515 1668 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:56:546 1668 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:56:578 1668 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:56:609 1668 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:56:687 1668 ISWKL (2f69151f243cc3a74a3887826ae69a97) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:46:56:750 1668 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:56:781 1668 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:46:56:796 1668 KLIF (9c53ff8d94f45166b23f8a410efe9f06) C:\WINDOWS\system32\DRIVERS\klif.sys
19:46:56:843 1668 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
19:46:56:921 1668 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
19:46:56:968 1668 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:57:031 1668 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:46:57:062 1668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:57:093 1668 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
19:46:57:109 1668 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:57:140 1668 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:46:57:156 1668 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:57:187 1668 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:57:234 1668 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:57:250 1668 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:46:57:312 1668 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:57:328 1668 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:57:375 1668 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:57:437 1668 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:57:453 1668 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:46:57:500 1668 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:46:57:562 1668 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:57:578 1668 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:57:593 1668 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:57:609 1668 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:57:625 1668 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:57:656 1668 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:57:671 1668 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:46:57:703 1668 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:58:078 1668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:46:58:203 1668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:58:328 1668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:58:375 1668 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:46:58:437 1668 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
19:46:58:484 1668 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:58:515 1668 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:58:562 1668 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:58:578 1668 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:46:58:593 1668 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:46:58:687 1668 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:58:703 1668 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:58:734 1668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:58:765 1668 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:46:58:812 1668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:58:843 1668 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:58:859 1668 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:58:875 1668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:58:906 1668 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:58:921 1668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:58:968 1668 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:46:59:031 1668 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:59:046 1668 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:59:062 1668 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:59:078 1668 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
19:46:59:109 1668 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:59:171 1668 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
19:46:59:234 1668 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:59:281 1668 srescan (bb1cc49b817d2551eb321f4a9afb7d8c) C:\WINDOWS\system32\ZoneLabs\srescan.sys
19:46:59:328 1668 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:59:406 1668 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
19:46:59:437 1668 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:59:468 1668 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:46:59:531 1668 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:59:578 1668 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:59:625 1668 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:59:656 1668 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:59:687 1668 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:59:734 1668 TPkd (2863eeba4d51eb745a5a1b612dfcdc1b) C:\WINDOWS\system32\drivers\TPkd.sys
19:46:59:828 1668 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:46:59:890 1668 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
19:46:59:921 1668 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:59:968 1668 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:47:00:078 1668 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:47:00:109 1668 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:47:00:140 1668 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:47:00:187 1668 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:47:00:218 1668 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:47:00:296 1668 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:47:00:375 1668 VisorUsb (7608c8327d19ecec1c21f5630a8dedb6) C:\WINDOWS\system32\DRIVERS\VisorUsb.sys
19:47:00:406 1668 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
19:47:00:515 1668 vsdatant (13a225a31f8d64a395373e9434d2d1ab) C:\WINDOWS\system32\vsdatant.sys
19:47:00:609 1668 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:47:00:703 1668 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
19:47:00:796 1668 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:47:00:906 1668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:47:00:906 1668 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:47:00:921 1668
19:47:00:921 1668 Completed
19:47:00:921 1668
19:47:00:921 1668 Results:
19:47:00:921 1668 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:47:00:921 1668 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:47:00:921 1668
19:47:00:968 1668 KLMD(ARK) unloaded successfully
waterinacio
Active Member
 
Posts: 4
Joined: June 13th, 2010, 10:45 am
Top

Re: Ywd, Ypudia, Asam

Unread postby Airscape » June 16th, 2010, 9:18 pm

Hi, can you please post the Malwarebytes log, try it from here:

http://www.filehippo.com/download_malwa ... c3de8dfea/
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Ywd, Ypudia, Asam

Unread postby waterinacio » June 16th, 2010, 11:28 pm

Finally was able to download it from the cnet site. Here it is:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4207

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/16/2010 9:25:03 PM
mbam-log-2010-06-16 (21-25-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 194409
Time elapsed: 38 minute(s), 52 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 71

Memory Processes Infected:
C:\WINDOWS\Ypuvia.exe (Malware.Packer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mswu-2b5176f2 (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mswu-f36decbb (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vitbkcag (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.18,93.188.161.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{368cb5d9-e82f-4a70-91d4-f5400940404a}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.18,93.188.161.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fb91549b-e55e-4525-9ad5-236c15efd694}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.18,93.188.161.196 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Ypuvia.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\bridic\Local Settings\Application Data\uppafvaug\rdlakrjtssd.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
C:\Documents and Settings\bridic\Local Settings\Temp\Ywd.exe (Malware.Packer.Gen) -> Delete on reboot.
C:\Documents and Settings\bridic\Local Settings\Application Data\asam.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\bridic\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\o.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP405\A0332754.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP420\A0333316.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP424\A0335748.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP424\A0335857.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP425\A0335914.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP425\A0335915.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP426\A0336156.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336243.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336253.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336255.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336309.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336244.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336316.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336334.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336318.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{92B0A660-8C44-4F98-8791-2C5FCC8B5693}\RP427\A0336333.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2b5176f2.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f36decbb.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\9sKU931aA.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\179317.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\17931a.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\17k3yW.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\1m9317.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\31mY317m.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\555eI.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\55eI5.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\793o79m.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\793uOC3.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7e31793.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7k3179c.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7u3mYW3.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\931o93m7g.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\93mY9c1sK.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\9a17e3a7k.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\9cEI931qG.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\A93e7a3.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\C7s31s.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\gMY9cE7a.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\i3qGMY179.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\K931w9u.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\M7gMYW.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\O3oCE31kU.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\qG31a9k.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\QGM17w3.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1gMYW7u3m.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\55y5cE5a5.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\5o5o5o5.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\5q55555.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\79uOCE31k.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7eIQGMY.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\aAA1k9y1.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\EIQ93c.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kU7mY17o.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\m17w3u7m.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\MYWS31.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\S31793.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\s9eI7931.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sK79g179.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\y179m179.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
waterinacio
Active Member
 
Posts: 4
Joined: June 13th, 2010, 10:45 am
Top

Re: Ywd, Ypudia, Asam

Unread postby Airscape » June 17th, 2010, 3:42 pm

Hi, is this pc used for business purposes (work/home business/company related)
19:46:52:671 1668 ComputerName: C1133B72ECF1499
19:46:52:671 1668 UserName: bridic


If the pc is for personal use and you want to continue, please post back a new HijackThis log.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Ywd, Ypudia, Asam

Unread postby NonSuch » June 20th, 2010, 11:24 pm

Due to a lack of activity within the proscribed time period, this topic is now closed.

Although we understand a poster may have difficulty responding to a helper's posts and following the instructions therein in a timely manner, that is the way we and most free online help forums function. Online help forums are usually not the most suitable choice for those who must be away from their infected computers for a period of time that exceeds the posted parameters for receiving assistance. Therefore, we suggest you consider availing yourself of other more suitable means for resolving your computer's issues.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 438 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index