Problems. :( HiJackThis Log included

[xrainxbowx]

So...my computer is being retarded, or either I am. It is slow. Sometimes it won't let me click on the address bar. It takes me a few clicks to be able to type. Sometimes I type but it stops coming up. And sometimes when I try to click on stuff it highlights the page. I run Norton and Symantec all the time with weekly scans. It hasn't found anything. Spybot S&D didn't find anything. Avg didn't find anything either. About two weeks ago Norton informed me I was infected with Trojan.Vundo and Trojan.Nebular(I can't remember how it was spelled) also something just called Downloader. There were infected files in my Documents and Settings and also in my system32. I follwed a five page instruction book I printed off a message board to clean up my mess. So it was clean and working fine up until recently. I thought that maybe there was some leftovers from those Trojans that are still effecting or (affecting?) my computer. I didn't have any problems with my computer until I tried to clean it up. Seems like the more I delete the more problomatic files are created. There was one file Norton could never delete lo1[1].exe. While doing all the steps I was told to do, SdFix, VundoFix, Fix Wareout, Avg that filed was never deleted to my knowledge. Maybe it is still there hiding? I can't find it. Norton said it was in my temporary internet files so I deleted them. But I am still having problems.

Anyways if someone more knowledgeable about these things could take a look at my HiJackThis log and tell me when I should delete I wouldvery much appreciate it. And if there are any other things you think I should do to try and fix my computer suggestions are more than welcome. Thanks a bunch in advance.

Here is my log. My log is attached.

 

[momok]

Hi xrainxbowx and welcome to techspot. =)

You are running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature.

Download LSPFix from HERE.
1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
3. Check the "I know what I am doing" checkbox.
4. Select (highlight) all instances of 'mdnsnsp.dll' in the left column under "Keep".
5. Click the arrow >> so it goes over to the right column under "Remove".
6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.
7. Restart your computer

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.

Enter the following file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button:
C:\WINDOWS\SYSTEM32\urqomml.dll

Click the remove vundo button and let Vundofix do its stuff.

Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

AlcxMonitor

After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\urqomml.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O20 - Winlogon Notify: urqomml - C:\WINDOWS\SYSTEM32\urqomml.dll

Close HJT.

Navigate in Windows Explorer and delete the following files and folders in bold.

C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\SYSTEM32\urqomml.dll

Reboot into normal mode and rehide your protected OS files.

After you are done, please post a fresh HJT, ComboFix and AVG Antispyware log from normal mode as well as C:\Vundofix.txt as an attachment into this thread. The utilities may be downloaded from the links in my signature.


Regards,
Your friendly momok =)

This thread is for the use of xrainxbowx only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[xrainxbowx]

I tired....

First step to delete mdnsnsp.dll I didn't do because I think I need that for my Ipod.

Also when I was supposed to run services.msc and delete AlcxMonitor, I couuld't find it. I ran sevices in safe mode and showed all files hidden folders and protected system folders, but I didn't see it.

In HIJackThis I deleted all the ones you told me except o20-Winlogon NOtify: urqomml..... I couldn't find it either.

But I did everything else. Here are my logs.

Thanks a bunch
Amy

 

[momok]

Hi,

I'd like you to boot into safe mode and unhide all your files and folders again.

Then, delete the following files:

C:\WINDOWS\system32\jkkhecy.dll.vir
C:\WINDOWS\system32\20715CDAC1.sys
C:\Winnt\lsass.exe

Reboot into normal mode and rehide all your files.

Please visit this link http://virusscan.jotti.org/

Click the Browse... button and navigate to the following file:
C:\Program Files\SavingsKey\savingskey.exe
Click Open

Please let me know the results.

Please post fresh HijackThis and ComboFix logs as attachments after doing the above.


Regards,
Your friendly momok =)

This thread is for the use of xrainxbowx only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.