Laptop infection

Ipheuria · Oct 25, 2009

My GF's laptop got a nasty infection on Friday. After removing the hard drive and scanning it externally. I used some of my usual tools HiJack This, Combofix, and MalwareBytes. Then I ran into this forum grabbed all the tools and run through the steps outlined. After removing many different infections I still have a registry startup item that cannot be removed. I am attaching all the logs and any help would be much appreciated.

There were two registry startup items

HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0

HKLM\..\Run: [Rdoxosuwulecugof] rundll32.exe "C:\WINDOWS\ovowakec.dll",Startup

The are re-created everytime they were removed. The first one has been successfully removed but the HKLM\..\Run: [Rdoxosuwulecugof] rundll32.exe "C:\WINDOWS\ovowakec.dll",Startup has not been removed by any of the tools.

Kestrel13! · Oct 26, 2009

Then I ran into this forum grabbed all the tools and run through the steps outlined
Click to expand...

We did not request a log of quarantined items from combofix. Could you please attach the complete C:\combofix.txt log into your next reply?

Also you did not attach the C:\mglogs.zip log from running MGTools.exe

I will need to see both of those before I can give you a fix.

Thanks
Kes13!

Ipheuria · Oct 30, 2009

sorry for the delay, wanted to update. It's hard to get the laptop from my GF once it works even a bit. So I will get it tonight and grab the logs and post up later.

Kestrel13! · Oct 31, 2009

No problem, post logs when you are ready. I shall be here waiting

Log in or Sign up

Laptop infection

Ipheuria Private E-2

Attached Files:

ComboFix-quarantined-files.txt

hijackthis.log

mbam-log-2009-10-23 (15-24-05).txt

RRepeal.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Ipheuria Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member