Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.dll, Monderc.gen, Podnuha.zn


  • This topic is locked This topic is locked
19 replies to this topic

#1 atorabli

atorabli

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2008 - 10:11 PM

I started getting random pop ups this afternoon and some of my programs are not closing correctly. I found virtumonde.dll with Spybot and monderc.gen, adware.win32.BHO.cbd, and rootkit.win32.podnuha.zn with Kaspersky's online scanner. Kaspersky's scanner is still running and I can post the results tomorrow morning. I have posted my HJT logs below. I now have Kaspersky Internet Security 2009 installed and I didn't want to delete any of the malware it detected since the infections are in my system folder. Thanks for everyone's help in advance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:05 PM, on 7/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Areya\Desktop\dss.exe
C:\Users\Areya\Desktop\Areya.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0789D2D5-2529-4F14-BCBD-96AE82FB6461} - C:\Windows\SysWow64\fgtulxtv.dll
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: (no name) - {140ADA7B-1BAB-45D5-B7AB-B77B1AE731A8} - C:\Windows\SysWow64\qoMfedAT.dll
O2 - BHO: {61ec21bc-c744-8079-4994-ef57e8825762} - {2675288e-75fe-4994-9708-447ccb12ce16} - C:\Windows\SysWow64\qxefcf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {59CF8D60-F8D7-42F5-9808-CD4594816FD0} - C:\Windows\SysWow64\yayaxYrS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C11330A3-A4B1-463F-B98E-C5F63BEE68AA} - C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8A7YB08\3077ahntdksr[1].dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayaxYrS.dll,#1
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Citrus Alarm Clock.lnk = C:\Program Files (x86)\Citrus Alarm Clock\Citrus Alarm Clock.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} (WebPriKRX Control) - http://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11893 bytes







Deckard's System Scanner v20071014.68
Run by Areya on 2008-07-22 19:55:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Areya.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:05 PM, on 7/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Areya\Desktop\dss.exe
C:\Users\Areya\Desktop\Areya.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0789D2D5-2529-4F14-BCBD-96AE82FB6461} - C:\Windows\SysWow64\fgtulxtv.dll
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: (no name) - {140ADA7B-1BAB-45D5-B7AB-B77B1AE731A8} - C:\Windows\SysWow64\qoMfedAT.dll
O2 - BHO: {61ec21bc-c744-8079-4994-ef57e8825762} - {2675288e-75fe-4994-9708-447ccb12ce16} - C:\Windows\SysWow64\qxefcf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {59CF8D60-F8D7-42F5-9808-CD4594816FD0} - C:\Windows\SysWow64\yayaxYrS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C11330A3-A4B1-463F-B98E-C5F63BEE68AA} - C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8A7YB08\3077ahntdksr[1].dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayaxYrS.dll,#1
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Citrus Alarm Clock.lnk = C:\Program Files (x86)\Citrus Alarm Clock\Citrus Alarm Clock.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} (WebPriKRX Control) - http://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11893 bytes

-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 19:47:59 245760 --a------ C:\Windows\system32\tuvvSjjG.dll
2008-07-22 19:42:19 26112 --a------ C:\Windows\system32\yayaxYrS.dll
2008-07-22 19:26:10 0 d-------- C:\Users\All Users\Lavasoft
2008-07-22 19:21:42 0 d-------- C:\VundoFix Backups
2008-07-22 18:54:13 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-07-22 18:54:13 0 d-------- C:\Program Files (x86)\Kaspersky Lab
2008-07-22 18:52:39 26112 --a------ C:\Windows\system32\geBqOigd.dll
2008-07-22 18:52:39 26112 --a------ C:\Windows\system32\byXRiIyv.dll
2008-07-22 17:55:52 245760 --a------ C:\Windows\system32\ddcAsqPj.dll
2008-07-22 17:24:52 118784 --a------ C:\Windows\system32\fgtulxtv.dll
2008-07-22 17:24:49 96256 --a------ C:\Windows\system32\qxefcf.dll
2008-07-22 17:24:49 96256 --a------ C:\Windows\system32\ewxfovjo.dll
2008-07-22 17:24:18 91136 --a------ C:\Windows\system32\jfahrqdt.dll
2008-07-22 17:24:18 96256 --a------ C:\Windows\system32\bgpbbf.dll
2008-07-22 17:24:17 96256 --a------ C:\Windows\system32\olneurvx.dll
2008-07-22 17:08:01 91136 --a------ C:\Windows\system32\vxyyafqa.dll
2008-07-22 17:04:59 5380 --ahs---- C:\Windows\system32\TAdefMoq.ini2
2008-07-22 17:04:54 345 --ahs---- C:\Windows\system32\rtAGOXbc.ini2
2008-07-22 17:04:54 405 --ahs---- C:\Windows\system32\QBdKQXyb.ini2
2008-07-22 17:04:54 345 --ahs---- C:\Windows\system32\ISYFOqss.ini2
2008-07-22 17:04:54 345 --ahs---- C:\Windows\system32\Aceedfii.ini2
2008-07-22 17:04:53 345 --ahs---- C:\Windows\system32\YHNpoUtv.ini2
2008-07-22 17:04:53 345 --ahs---- C:\Windows\system32\svxHNqss.ini2
2008-07-22 16:54:22 118784 --a------ C:\Windows\system32\pjmomncq.dll
2008-07-22 16:54:20 118784 --a------ C:\Windows\system32\khsgasdb.dll
2008-07-22 16:54:06 91136 --a------ C:\Windows\system32\sywjluqb.dll
2008-07-22 15:55:47 245760 --a------ C:\Windows\system32\vtUopNHY.dll
2008-07-22 14:55:46 245760 --a------ C:\Windows\system32\ssqNHxvs.dll
2008-07-22 13:55:51 245760 --a------ C:\Windows\system32\iifdeecA.dll
2008-07-22 12:55:45 245760 --a------ C:\Windows\system32\cbXOGAtr.dll
2008-07-22 11:55:46 245760 --a------ C:\Windows\system32\ssqOFYSI.dll
2008-07-22 11:37:14 345 --ahs---- C:\Windows\system32\LonTEfhk.ini2
2008-07-22 11:37:14 829374 --ahs---- C:\Windows\system32\JPssDfhk.ini2
2008-07-22 11:37:13 345 --ahs---- C:\Windows\system32\yHPrttwa.ini2
2008-07-22 11:37:13 851294 --ahs---- C:\Windows\system32\WGhhQqss.ini2
2008-07-22 11:37:13 405 --ahs---- C:\Windows\system32\WaKQstwa.ini2
2008-07-22 11:37:13 405 --ahs---- C:\Windows\system32\vEghknpo.ini2
2008-07-22 11:37:13 405 --ahs---- C:\Windows\system32\tvDfPXbc.ini2
2008-07-22 11:37:13 345 --ahs---- C:\Windows\system32\OUwEOXbc.ini2
2008-07-22 11:37:13 345 --ahs---- C:\Windows\system32\ISBJRqru.ini2
2008-07-22 11:37:13 345 --ahs---- C:\Windows\system32\illRtBeg.ini2
2008-07-22 11:37:13 405 --ahs---- C:\Windows\system32\Hkknmnnn.ini2
2008-07-22 11:37:13 405 --ahs---- C:\Windows\system32\FffMUvut.ini2
2008-07-22 11:37:13 345 --ahs---- C:\Windows\system32\eOqqrBeg.ini2
2008-07-22 11:37:12 405 --ahs---- C:\Windows\system32\YbIhQqru.ini2
2008-07-22 10:55:41 245760 --a------ C:\Windows\system32\tuvUMffF.dll
2008-07-22 09:55:41 245760 --a------ C:\Windows\system32\nnnmnkkH.dll
2008-07-22 08:55:40 245760 --a------ C:\Windows\system32\urqQhIbY.dll
2008-07-22 07:55:38 245760 --a------ C:\Windows\system32\opnkhgEv.dll
2008-07-22 06:55:40 245760 --a------ C:\Windows\system32\awtsQKaW.dll
2008-07-22 05:55:40 246784 --a------ C:\Windows\system32\byXQKdBQ.dll
2008-07-22 04:55:38 246784 --a------ C:\Windows\system32\cbXPfDvt.dll
2008-07-22 03:55:37 246784 --a------ C:\Windows\system32\cbXOEwUO.dll
2008-07-22 02:55:37 246784 --a------ C:\Windows\system32\awttrPHy.dll
2008-07-22 01:55:34 245760 --a------ C:\Windows\system32\ssqQhhGW.dll
2008-07-22 00:55:36 245760 --a------ C:\Windows\system32\geBrqqOe.dll
2008-07-21 23:55:32 245760 --a------ C:\Windows\system32\qoMfedAT.dll
2008-07-21 22:55:33 245760 --a------ C:\Windows\system32\khfDssPJ.dll
2008-07-21 21:55:29 245760 --a------ C:\Windows\system32\urqRJBSI.dll
2008-07-21 20:55:28 245760 --a------ C:\Windows\system32\nnnmlKDW.dll
2008-07-21 19:55:26 245760 --a------ C:\Windows\system32\geBtRlli.dll
2008-07-21 18:55:36 245760 --a------ C:\Windows\system32\khfETnoL.dll
2008-07-21 18:49:54 26112 --a------ C:\Windows\system32\urqPfGXQ.dll
2008-07-20 16:05:06 0 d-------- C:\Users\All Users\Kaspersky Lab(30)
2008-07-20 16:05:06 0 d-------- C:\Program Files (x86)\Kaspersky Lab(8)
2008-07-17 13:30:51 0 d-------- C:\Program Files (x86)\vso
2008-07-12 18:52:17 0 d-------- C:\Users\Areya\browser - logitech
2008-07-12 18:51:21 0 d-------- C:\Users\Areya\logitech
2008-07-12 18:50:49 0 d-------- C:\Program Files (x86)\Common Files\Remote Control Software Common
2008-07-12 18:50:45 0 d-------- C:\Program Files (x86)\Logitech
2008-07-12 18:49:48 0 d-------- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2008-07-12 17:09:20 0 d-------- C:\Program Files (x86)\iPod
2008-07-12 17:08:00 0 d-------- C:\Program Files (x86)\QuickTime
2008-07-12 14:10:04 0 d-------- C:\Users\All Users\Kaspersky Lab(448)
2008-07-12 14:10:04 0 d-------- C:\Program Files (x86)\Kaspersky Lab(134)
2008-07-12 01:27:53 0 d-------- C:\Program Files (x86)\Netflix
2008-07-02 11:36:56 0 d-------- C:\Users\All Users\Rosetta Stone
2008-07-02 11:36:56 0 d-------- C:\Program Files (x86)\Rosetta Stone
2008-06-30 11:10:53 0 d-------- C:\Program Files (x86)\VistaCodecPack
2008-06-30 11:06:37 0 d-------- C:\Users\All Users\VistaCodecs


-- Find3M Report ---------------------------------------------------------------

2008-07-22 19:26:10 0 d-------- C:\Users\Areya\AppData\Roaming\uTorrent
2008-07-22 19:26:10 0 d-------- C:\Program Files (x86)\Lavasoft
2008-07-22 19:25:32 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-07-22 18:59:32 0 d-------- C:\Program Files (x86)\SpywareBlaster
2008-07-22 18:05:35 0 d-------- C:\Program Files (x86)\Trillian
2008-07-22 07:47:27 0 d-------- C:\Program Files (x86)\eSignal
2008-07-21 16:24:15 0 d-------- C:\Users\Areya\AppData\Roaming\Adobe
2008-07-21 08:33:16 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-07-20 14:54:50 0 d-------- C:\Users\Areya\AppData\Roaming\Download Manager
2008-07-13 00:54:50 0 d-------- C:\Program Files (x86)\Common Files
2008-07-13 00:54:03 0 d-------- C:\Program Files (x86)\Bonjour
2008-07-12 18:50:44 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-07-12 15:07:54 0 d-------- C:\Program Files (x86)\Ventrilo
2008-07-12 15:07:53 0 d-------- C:\Program Files (x86)\SpeedFan
2008-07-12 15:07:52 0 d-------- C:\Program Files (x86)\MagicISO
2008-07-12 15:07:52 0 d-------- C:\Program Files (x86)\MagicDisc
2008-07-12 15:07:51 0 d-------- C:\Program Files (x86)\DivX
2008-07-12 15:07:51 0 d-------- C:\Program Files (x86)\Alarm
2008-07-12 15:06:19 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1631)
2008-07-12 15:06:19 0 d-------- C:\Program Files (x86)\Common Files\Acronis
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Java
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Futuremark
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Common Files\Real
2008-07-12 15:06:17 0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Windows Mail
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Reference Assemblies
2008-06-21 15:15:35 0 d-------- C:\Program Files (x86)\Full Tilt Poker
2008-06-21 15:13:12 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1630)
2008-06-12 20:36:38 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-12 19:25:06 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-06-08 21:29:59 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-08 21:29:58 0 d-------- C:\Users\Areya\AppData\Roaming\skypePM
2008-06-05 14:55:22 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1615)
2008-05-23 23:58:27 0 d-------- C:\Program Files (x86)\Folding@Home
2008-05-03 15:07:22 529 --a------ C:\Windows\eReg.dat


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-07-22 19:57:12 ------------

Edited by atorabli, 22 July 2008 - 10:31 PM.


BC AdBot (Login to Remove)

 


#2 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2008 - 11:12 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 22, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 23, 2008 03:31:27
Records in database: 1000105
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Program Files
C:\Program Files (x86)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Areya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Windows

Scan statistics:
Files scanned: 179774
Threat name: 3
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 01:15:10


File name / Threat name / Threats count
C:\Windows\system32\yayaxYrS.dll/C:\Windows\system32\yayaxYrS.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Windows\SysWow64\fgtulxtv.dll/C:\Windows\SysWow64\fgtulxtv.dll Infected: not-a-virus:AdWare.Win32.BHO.cbd 1
C:\Windows\SysWow64\yayaxYrS.dll/C:\Windows\SysWow64\yayaxYrS.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8A7YB08\3077ahntdksr[1].dll//PE_Patch.UPX//UPX/C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8A7YB08\3077ahntdksr[1].dll//PE_Patch.UPX//UPX Infected: Rootkit.Win32.Podnuha.zn 1
C:\Windows\System32\byXRiIyv.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Windows\System32\fgtulxtv.dll Infected: not-a-virus:AdWare.Win32.BHO.cbd 1
C:\Windows\System32\geBqOigd.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Windows\System32\khsgasdb.dll Infected: not-a-virus:AdWare.Win32.BHO.cbd 1
C:\Windows\System32\pjmomncq.dll Infected: not-a-virus:AdWare.Win32.BHO.cbd 1
C:\Windows\System32\urqPfGXQ.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Windows\System32\yayaxYrS.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Windows\SysWOW64\byXRiIyv.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Windows\SysWOW64\fgtulxtv.dll Infected: not-a-virus:AdWare.Win32.BHO.cbd 1
C:\Windows\SysWOW64\geBqOigd.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Windows\SysWOW64\khsgasdb.dll Infected: not-a-virus:AdWare.Win32.BHO.cbd 1
C:\Windows\SysWOW64\pjmomncq.dll Infected: not-a-virus:AdWare.Win32.BHO.cbd 1
C:\Windows\SysWOW64\urqPfGXQ.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Windows\SysWOW64\yayaxYrS.dll Infected: Trojan.Win32.Monderc.gen 1

The selected area was scanned.

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 July 2008 - 07:12 PM

Hello, my name is fenzodahl512 and welcome to BC., Please do the following....


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.





NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.




Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2008 - 07:59 PM

Hi fenzodahl512,

Thanks for helping me out. I ran ATF cleaner and I downloaded ComboFix. When I tried to run ComboFix I received a "Win32 only" error. I tried renaming ComboFix to Combo-Fix, but that didn't make a difference. I am using Vista Ultimate x64.

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 July 2008 - 08:11 PM

Hi fenzodahl512,

Thanks for helping me out. I ran ATF cleaner and I downloaded ComboFix. When I tried to run ComboFix I received a "Win32 only" error. I tried renaming ComboFix to Combo-Fix, but that didn't make a difference. I am using Vista Ultimate x64.



Erm.. Firstly I don't see any antivirus in your log?.. Tell me, what antivirus do you use?..


Lets do this..


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Windows\system32\tuvvSjjG.dll
    C:\Windows\system32\yayaxYrS.dll
    C:\Windows\system32\geBqOigd.dll
    C:\Windows\system32\byXRiIyv.dll
    C:\Windows\system32\ddcAsqPj.dll
    C:\Windows\system32\fgtulxtv.dll
    C:\Windows\system32\qxefcf.dll
    C:\Windows\system32\ewxfovjo.dll
    C:\Windows\system32\jfahrqdt.dll
    C:\Windows\system32\bgpbbf.dll
    C:\Windows\system32\olneurvx.dll
    C:\Windows\system32\vxyyafqa.dll
    C:\Windows\system32\TAdefMoq.ini2
    C:\Windows\system32\rtAGOXbc.ini2
    C:\Windows\system32\QBdKQXyb.ini2
    C:\Windows\system32\ISYFOqss.ini2
    C:\Windows\system32\Aceedfii.ini2
    C:\Windows\system32\YHNpoUtv.ini2
    C:\Windows\system32\svxHNqss.ini2
    C:\Windows\system32\pjmomncq.dll
    C:\Windows\system32\khsgasdb.dll
    C:\Windows\system32\sywjluqb.dll
    C:\Windows\system32\vtUopNHY.dll
    C:\Windows\system32\ssqNHxvs.dll
    C:\Windows\system32\iifdeecA.dll
    C:\Windows\system32\cbXOGAtr.dll
    C:\Windows\system32\ssqOFYSI.dll
    C:\Windows\system32\LonTEfhk.ini2
    C:\Windows\system32\JPssDfhk.ini2
    C:\Windows\system32\yHPrttwa.ini2
    C:\Windows\system32\WGhhQqss.ini2
    C:\Windows\system32\WaKQstwa.ini2
    C:\Windows\system32\vEghknpo.ini2
    C:\Windows\system32\tvDfPXbc.ini2
    C:\Windows\system32\OUwEOXbc.ini2
    C:\Windows\system32\ISBJRqru.ini2
    C:\Windows\system32\illRtBeg.ini2
    C:\Windows\system32\Hkknmnnn.ini2
    C:\Windows\system32\FffMUvut.ini2
    C:\Windows\system32\eOqqrBeg.ini2
    C:\Windows\system32\YbIhQqru.ini2
    C:\Windows\system32\tuvUMffF.dll
    C:\Windows\system32\nnnmnkkH.dll
    C:\Windows\system32\urqQhIbY.dll
    C:\Windows\system32\opnkhgEv.dll
    C:\Windows\system32\awtsQKaW.dll
    C:\Windows\system32\byXQKdBQ.dll
    C:\Windows\system32\cbXPfDvt.dll
    C:\Windows\system32\cbXOEwUO.dll
    C:\Windows\system32\awttrPHy.dll
    C:\Windows\system32\ssqQhhGW.dll
    C:\Windows\system32\geBrqqOe.dll
    C:\Windows\system32\qoMfedAT.dll
    C:\Windows\system32\khfDssPJ.dll
    C:\Windows\system32\urqRJBSI.dll
    C:\Windows\system32\nnnmlKDW.dll
    C:\Windows\system32\geBtRlli.dll
    C:\Windows\system32\khfETnoL.dll
    C:\Windows\system32\urqPfGXQ.dll
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please also include a fresh DSS log (after OTMoveIt2 step) in your next reply...


Regards
fenzodahl512

Edited by fenzodahl512, 24 July 2008 - 08:12 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2008 - 08:22 PM

I am running Kaspersky Internet Security 2009. My MoveIt log is below. It stopped working 3 times and finally completed the script on the 4th try.

Unable to kill explorer.exe
File/Folder C:\Windows\system32\tuvvSjjG.dll not found.
File/Folder C:\Windows\system32\yayaxYrS.dll not found.
File/Folder C:\Windows\system32\geBqOigd.dll not found.
File/Folder C:\Windows\system32\byXRiIyv.dll not found.
File/Folder C:\Windows\system32\ddcAsqPj.dll not found.
File/Folder C:\Windows\system32\fgtulxtv.dll not found.
File/Folder C:\Windows\system32\qxefcf.dll not found.
File/Folder C:\Windows\system32\ewxfovjo.dll not found.
File/Folder C:\Windows\system32\jfahrqdt.dll not found.
File/Folder C:\Windows\system32\bgpbbf.dll not found.
File/Folder C:\Windows\system32\olneurvx.dll not found.
File/Folder C:\Windows\system32\vxyyafqa.dll not found.
File/Folder C:\Windows\system32\TAdefMoq.ini2 not found.
File/Folder C:\Windows\system32\rtAGOXbc.ini2 not found.
File/Folder C:\Windows\system32\QBdKQXyb.ini2 not found.
File/Folder C:\Windows\system32\ISYFOqss.ini2 not found.
File/Folder C:\Windows\system32\Aceedfii.ini2 not found.
File/Folder C:\Windows\system32\YHNpoUtv.ini2 not found.
File/Folder C:\Windows\system32\svxHNqss.ini2 not found.
File/Folder C:\Windows\system32\pjmomncq.dll not found.
File/Folder C:\Windows\system32\khsgasdb.dll not found.
DllUnregisterServer procedure not found in C:\Windows\system32\sywjluqb.dll
C:\Windows\system32\sywjluqb.dll NOT unregistered.
C:\Windows\system32\sywjluqb.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\vtUopNHY.dll
C:\Windows\system32\vtUopNHY.dll NOT unregistered.
C:\Windows\system32\vtUopNHY.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ssqNHxvs.dll
C:\Windows\system32\ssqNHxvs.dll NOT unregistered.
C:\Windows\system32\ssqNHxvs.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\iifdeecA.dll
C:\Windows\system32\iifdeecA.dll NOT unregistered.
C:\Windows\system32\iifdeecA.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\cbXOGAtr.dll
C:\Windows\system32\cbXOGAtr.dll NOT unregistered.
C:\Windows\system32\cbXOGAtr.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ssqOFYSI.dll
C:\Windows\system32\ssqOFYSI.dll NOT unregistered.
C:\Windows\system32\ssqOFYSI.dll moved successfully.
C:\Windows\system32\LonTEfhk.ini2 moved successfully.
C:\Windows\system32\JPssDfhk.ini2 moved successfully.
C:\Windows\system32\yHPrttwa.ini2 moved successfully.
C:\Windows\system32\WGhhQqss.ini2 moved successfully.
C:\Windows\system32\WaKQstwa.ini2 moved successfully.
C:\Windows\system32\vEghknpo.ini2 moved successfully.
C:\Windows\system32\tvDfPXbc.ini2 moved successfully.
C:\Windows\system32\OUwEOXbc.ini2 moved successfully.
C:\Windows\system32\ISBJRqru.ini2 moved successfully.
C:\Windows\system32\illRtBeg.ini2 moved successfully.
C:\Windows\system32\Hkknmnnn.ini2 moved successfully.
C:\Windows\system32\FffMUvut.ini2 moved successfully.
C:\Windows\system32\eOqqrBeg.ini2 moved successfully.
C:\Windows\system32\YbIhQqru.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\tuvUMffF.dll
C:\Windows\system32\tuvUMffF.dll NOT unregistered.
C:\Windows\system32\tuvUMffF.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\nnnmnkkH.dll
C:\Windows\system32\nnnmnkkH.dll NOT unregistered.
C:\Windows\system32\nnnmnkkH.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\urqQhIbY.dll
C:\Windows\system32\urqQhIbY.dll NOT unregistered.
C:\Windows\system32\urqQhIbY.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\opnkhgEv.dll
C:\Windows\system32\opnkhgEv.dll NOT unregistered.
C:\Windows\system32\opnkhgEv.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\awtsQKaW.dll
C:\Windows\system32\awtsQKaW.dll NOT unregistered.
C:\Windows\system32\awtsQKaW.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\byXQKdBQ.dll
C:\Windows\system32\byXQKdBQ.dll NOT unregistered.
C:\Windows\system32\byXQKdBQ.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\cbXPfDvt.dll
C:\Windows\system32\cbXPfDvt.dll NOT unregistered.
C:\Windows\system32\cbXPfDvt.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\cbXOEwUO.dll
C:\Windows\system32\cbXOEwUO.dll NOT unregistered.
C:\Windows\system32\cbXOEwUO.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\awttrPHy.dll
C:\Windows\system32\awttrPHy.dll NOT unregistered.
C:\Windows\system32\awttrPHy.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ssqQhhGW.dll
C:\Windows\system32\ssqQhhGW.dll NOT unregistered.
C:\Windows\system32\ssqQhhGW.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\geBrqqOe.dll
C:\Windows\system32\geBrqqOe.dll NOT unregistered.
C:\Windows\system32\geBrqqOe.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\qoMfedAT.dll
C:\Windows\system32\qoMfedAT.dll NOT unregistered.
C:\Windows\system32\qoMfedAT.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\khfDssPJ.dll
C:\Windows\system32\khfDssPJ.dll NOT unregistered.
C:\Windows\system32\khfDssPJ.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\urqRJBSI.dll
C:\Windows\system32\urqRJBSI.dll NOT unregistered.
C:\Windows\system32\urqRJBSI.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\nnnmlKDW.dll
C:\Windows\system32\nnnmlKDW.dll NOT unregistered.
C:\Windows\system32\nnnmlKDW.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\geBtRlli.dll
C:\Windows\system32\geBtRlli.dll NOT unregistered.
C:\Windows\system32\geBtRlli.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\khfETnoL.dll
C:\Windows\system32\khfETnoL.dll NOT unregistered.
C:\Windows\system32\khfETnoL.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\urqPfGXQ.dll
C:\Windows\system32\urqPfGXQ.dll NOT unregistered.
C:\Windows\system32\urqPfGXQ.dll moved successfully.
< EmptyTemp >
File delete failed. C:\Users\Areya\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Areya\AppData\Local\Temp\~DF1342.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Areya\AppData\Local\Temp\~DF1357.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07242008_201448

Files moved on Reboot...
File C:\Users\Areya\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Areya\AppData\Local\Temp\~DF1342.tmp not found!
File C:\Users\Areya\AppData\Local\Temp\~DF1357.tmp not found!

#7 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2008 - 08:24 PM

Deckard's System Scanner v20071014.68
Run by Areya on 2008-07-24 20:22:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Areya.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:43 PM, on 7/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Areya\Desktop\dss.exe
C:\Users\Areya\Desktop\Areya.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0789D2D5-2529-4F14-BCBD-96AE82FB6461} - C:\Windows\SysWow64\khsgasdb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {3b9b09d8-11f5-ddfb-df64-19a9f2553218} - {8123552f-9a91-46fd-bfdd-5f118d90b9b3} - C:\Windows\SysWow64\mjjnpn.dll
O2 - BHO: (no name) - {B35D247B-AB73-4E12-BD2C-7A43E3B51B2D} - C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ01Y85M\3077ahntdksr[1].dll
O2 - BHO: (no name) - {EF749362-8095-4968-9FBD-04DF20B56BAA} - C:\Windows\SysWow64\qoMfedAT.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayaxYrS.dll,#1
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [e82c1a69] rundll32.exe "C:\Windows\system32\cvnhiokh.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Citrus Alarm Clock.lnk = C:\Program Files (x86)\Citrus Alarm Clock\Citrus Alarm Clock.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} (WebPriKRX Control) - http://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10395 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 19:56:14 0 d-------- C:\Combo-Fix
2008-07-24 16:54:55 26112 --a------ C:\Windows\system32\rqRJYsPI.dll
2008-07-24 15:21:22 94208 --a------ C:\Windows\system32\uaxovjid.dll
2008-07-24 15:21:22 94208 --a------ C:\Windows\system32\mjjnpn.dll
2008-07-24 15:21:20 81408 --a------ C:\Windows\system32\cvnhiokh.dll
2008-07-23 18:39:03 26112 --a------ C:\Windows\system32\ddcDvsSI.dll
2008-07-23 17:51:58 0 d-------- C:\Users\All Users\vsosdk
2008-07-23 17:30:07 26112 --a------ C:\Windows\system32\rqRKbASK.dll
2008-07-23 17:23:31 0 d-------- C:\Program Files (x86)\DVDFab 5
2008-07-23 17:23:07 90112 --a------ C:\Windows\system32\jecnqypj.dll
2008-07-23 13:13:22 26112 --a------ C:\Windows\system32\fccyYPgd.dll
2008-07-22 23:29:20 26112 --a------ C:\Windows\system32\awtqpNGA.dll
2008-07-22 22:47:54 245760 --a------ C:\Windows\system32\urqQiHbx.dll
2008-07-22 21:47:53 245760 --a------ C:\Windows\system32\iifgeffd.dll
2008-07-22 20:47:53 245760 --a------ C:\Windows\system32\cbXOHyWP.dll
2008-07-22 19:26:10 0 d-------- C:\Users\All Users\Lavasoft
2008-07-22 19:21:42 0 d-------- C:\VundoFix Backups
2008-07-22 18:54:13 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-07-22 18:54:13 0 d-------- C:\Program Files (x86)\Kaspersky Lab
2008-07-20 16:05:06 0 d-------- C:\Users\All Users\Kaspersky Lab(30)
2008-07-20 16:05:06 0 d-------- C:\Program Files (x86)\Kaspersky Lab(8)
2008-07-17 13:30:51 0 d-------- C:\Program Files (x86)\vso
2008-07-12 18:52:17 0 d-------- C:\Users\Areya\browser - logitech
2008-07-12 18:51:21 0 d-------- C:\Users\Areya\logitech
2008-07-12 18:50:49 0 d-------- C:\Program Files (x86)\Common Files\Remote Control Software Common
2008-07-12 18:50:45 0 d-------- C:\Program Files (x86)\Logitech
2008-07-12 18:49:48 0 d-------- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2008-07-12 17:09:20 0 d-------- C:\Program Files (x86)\iPod
2008-07-12 17:08:00 0 d-------- C:\Program Files (x86)\QuickTime
2008-07-12 14:10:04 0 d-------- C:\Users\All Users\Kaspersky Lab(448)
2008-07-12 14:10:04 0 d-------- C:\Program Files (x86)\Kaspersky Lab(134)
2008-07-12 01:27:53 0 d-------- C:\Program Files (x86)\Netflix
2008-07-02 11:36:56 0 d-------- C:\Users\All Users\Rosetta Stone
2008-07-02 11:36:56 0 d-------- C:\Program Files (x86)\Rosetta Stone
2008-06-30 11:10:53 0 d-------- C:\Program Files (x86)\VistaCodecPack
2008-06-30 11:06:37 0 d-------- C:\Users\All Users\VistaCodecs


-- Find3M Report ---------------------------------------------------------------

2008-07-24 16:52:00 0 d-------- C:\Users\Areya\AppData\Roaming\uTorrent
2008-07-24 16:51:59 0 d-------- C:\Program Files (x86)\Trillian
2008-07-24 00:10:14 0 d-------- C:\Program Files (x86)\eSignal
2008-07-23 18:40:18 0 d-------- C:\Users\Areya\AppData\Roaming\Vso
2008-07-23 17:42:04 0 d-------- C:\Users\Areya\AppData\Roaming\DVDFab
2008-07-23 17:35:04 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-07-23 17:24:45 34 --a------ C:\Users\Areya\AppData\Roaming\pcouffin.log
2008-07-23 17:24:01 7859 --a------ C:\Users\Areya\AppData\Roaming\pcouffin.cat
2008-07-22 19:26:10 0 d-------- C:\Program Files (x86)\Lavasoft
2008-07-22 19:25:32 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-07-22 18:59:32 0 d-------- C:\Program Files (x86)\SpywareBlaster
2008-07-21 16:24:15 0 d-------- C:\Users\Areya\AppData\Roaming\Adobe
2008-07-21 08:33:16 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-07-20 14:54:50 0 d-------- C:\Users\Areya\AppData\Roaming\Download Manager
2008-07-13 00:54:50 0 d-------- C:\Program Files (x86)\Common Files
2008-07-13 00:54:03 0 d-------- C:\Program Files (x86)\Bonjour
2008-07-12 15:07:54 0 d-------- C:\Program Files (x86)\Ventrilo
2008-07-12 15:07:53 0 d-------- C:\Program Files (x86)\SpeedFan
2008-07-12 15:07:52 0 d-------- C:\Program Files (x86)\MagicISO
2008-07-12 15:07:52 0 d-------- C:\Program Files (x86)\MagicDisc
2008-07-12 15:07:51 0 d-------- C:\Program Files (x86)\DivX
2008-07-12 15:07:51 0 d-------- C:\Program Files (x86)\Alarm
2008-07-12 15:06:19 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1631)
2008-07-12 15:06:19 0 d-------- C:\Program Files (x86)\Common Files\Acronis
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Java
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Futuremark
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Common Files\Real
2008-07-12 15:06:17 0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Windows Mail
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Reference Assemblies
2008-06-21 15:15:35 0 d-------- C:\Program Files (x86)\Full Tilt Poker
2008-06-21 15:13:12 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1630)
2008-06-12 20:36:38 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-12 19:25:06 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-06-08 21:29:59 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-08 21:29:58 0 d-------- C:\Users\Areya\AppData\Roaming\skypePM
2008-06-05 14:55:22 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1615)
2008-05-03 15:07:22 529 --a------ C:\Windows\eReg.dat


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-07-24 20:23:47 ------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 July 2008 - 08:45 PM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {0789D2D5-2529-4F14-BCBD-96AE82FB6461} - C:\Windows\SysWow64\khsgasdb.dll (file missing)
O2 - BHO: (no name) - {B35D247B-AB73-4E12-BD2C-7A43E3B51B2D} - C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ01Y85M\3077ahntdksr[1].dll
O2 - BHO: (no name) - {EF749362-8095-4968-9FBD-04DF20B56BAA} - C:\Windows\SysWow64\qoMfedAT.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayaxYrS.dll,#1
O4 - HKLM\..\Run: [e82c1a69] rundll32.exe "C:\Windows\system32\cvnhiokh.dll",b
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Windows\System32\byXRiIyv.dll
    C:\Windows\System32\fgtulxtv.dll
    C:\Windows\System32\geBqOigd.dll
    C:\Windows\System32\khsgasdb.dll
    C:\Windows\System32\pjmomncq.dll
    C:\Windows\System32\urqPfGXQ.dll
    C:\Windows\System32\yayaxYrS.dll
    C:\Windows\SysWOW64\byXRiIyv.dll
    C:\Windows\SysWOW64\fgtulxtv.dll
    C:\Windows\SysWOW64\geBqOigd.dll
    C:\Windows\SysWOW64\khsgasdb.dll
    C:\Windows\SysWOW64\pjmomncq.dll
    C:\Windows\SysWOW64\urqPfGXQ.dll
    C:\Windows\SysWOW64\yayaxYrS.dll
    C:\Windows\system32\rqRJYsPI.dll
    C:\Windows\system32\uaxovjid.dll
    C:\Windows\system32\mjjnpn.dll
    C:\Windows\system32\cvnhiokh.dll
    C:\Windows\system32\ddcDvsSI.dll
    C:\Windows\system32\rqRKbASK.dll
    C:\Windows\system32\jecnqypj.dll
    C:\Windows\system32\fccyYPgd.dll
    C:\Windows\system32\awtqpNGA.dll
    C:\Windows\system32\urqQiHbx.dll
    C:\Windows\system32\iifgeffd.dll
    C:\Windows\system32\cbXOHyWP.dll
    C:\Windows\SysWow64\khsgasdb.dll
    C:\Windows\SysWow64\qoMfedAT.dll
    C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8A7YB08\3077ahntdksr*.dll
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please also include a fresh DSS log in your next reply...


Regards
fenzodahl512

Edited by fenzodahl512, 24 July 2008 - 08:46 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2008 - 08:57 PM

Unable to kill explorer.exe
File/Folder C:\Windows\System32\byXRiIyv.dll not found.
File/Folder C:\Windows\System32\fgtulxtv.dll not found.
File/Folder C:\Windows\System32\geBqOigd.dll not found.
File/Folder C:\Windows\System32\khsgasdb.dll not found.
File/Folder C:\Windows\System32\pjmomncq.dll not found.
File/Folder C:\Windows\System32\urqPfGXQ.dll not found.
File/Folder C:\Windows\System32\yayaxYrS.dll not found.
File/Folder C:\Windows\SysWOW64\byXRiIyv.dll not found.
File/Folder C:\Windows\SysWOW64\fgtulxtv.dll not found.
File/Folder C:\Windows\SysWOW64\geBqOigd.dll not found.
File/Folder C:\Windows\SysWOW64\khsgasdb.dll not found.
File/Folder C:\Windows\SysWOW64\pjmomncq.dll not found.
File/Folder C:\Windows\SysWOW64\urqPfGXQ.dll not found.
File/Folder C:\Windows\SysWOW64\yayaxYrS.dll not found.
DllUnregisterServer procedure not found in C:\Windows\system32\rqRJYsPI.dll
C:\Windows\system32\rqRJYsPI.dll NOT unregistered.
C:\Windows\system32\rqRJYsPI.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\uaxovjid.dll
C:\Windows\system32\uaxovjid.dll NOT unregistered.
C:\Windows\system32\uaxovjid.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\mjjnpn.dll
C:\Windows\system32\mjjnpn.dll NOT unregistered.
C:\Windows\system32\mjjnpn.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\cvnhiokh.dll
C:\Windows\system32\cvnhiokh.dll NOT unregistered.
C:\Windows\system32\cvnhiokh.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ddcDvsSI.dll
C:\Windows\system32\ddcDvsSI.dll NOT unregistered.
C:\Windows\system32\ddcDvsSI.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\rqRKbASK.dll
C:\Windows\system32\rqRKbASK.dll NOT unregistered.
C:\Windows\system32\rqRKbASK.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\jecnqypj.dll
C:\Windows\system32\jecnqypj.dll NOT unregistered.
C:\Windows\system32\jecnqypj.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\fccyYPgd.dll
C:\Windows\system32\fccyYPgd.dll NOT unregistered.
C:\Windows\system32\fccyYPgd.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\awtqpNGA.dll
C:\Windows\system32\awtqpNGA.dll NOT unregistered.
C:\Windows\system32\awtqpNGA.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\urqQiHbx.dll
C:\Windows\system32\urqQiHbx.dll NOT unregistered.
C:\Windows\system32\urqQiHbx.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\iifgeffd.dll
C:\Windows\system32\iifgeffd.dll NOT unregistered.
C:\Windows\system32\iifgeffd.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\cbXOHyWP.dll
C:\Windows\system32\cbXOHyWP.dll NOT unregistered.
C:\Windows\system32\cbXOHyWP.dll moved successfully.
File/Folder C:\Windows\SysWow64\khsgasdb.dll not found.
File/Folder C:\Windows\SysWow64\qoMfedAT.dll not found.
< C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8A7YB08\3077ahntdksr*.dll >
File/Folder C:\Users\Areya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8A7YB08\3077ahntdksr*.dll not found.
< EmptyTemp >
File delete failed. C:\Users\Areya\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07242008_205343

Files moved on Reboot...
C:\Users\Areya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

#10 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2008 - 08:58 PM

Deckard's System Scanner v20071014.68
Run by Areya on 2008-07-24 20:57:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Areya.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:50 PM, on 7/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Users\Areya\Desktop\dss.exe
C:\Users\Areya\Desktop\Areya.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {3b9b09d8-11f5-ddfb-df64-19a9f2553218} - {8123552f-9a91-46fd-bfdd-5f118d90b9b3} - C:\Windows\SysWow64\mjjnpn.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Citrus Alarm Clock.lnk = C:\Program Files (x86)\Citrus Alarm Clock\Citrus Alarm Clock.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} (WebPriKRX Control) - http://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9645 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 19:56:14 0 d-------- C:\Combo-Fix
2008-07-23 17:51:58 0 d-------- C:\Users\All Users\vsosdk
2008-07-23 17:23:31 0 d-------- C:\Program Files (x86)\DVDFab 5
2008-07-22 19:26:10 0 d-------- C:\Users\All Users\Lavasoft
2008-07-22 19:21:42 0 d-------- C:\VundoFix Backups
2008-07-22 18:54:13 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-07-22 18:54:13 0 d-------- C:\Program Files (x86)\Kaspersky Lab
2008-07-20 16:05:06 0 d-------- C:\Users\All Users\Kaspersky Lab(30)
2008-07-20 16:05:06 0 d-------- C:\Program Files (x86)\Kaspersky Lab(8)
2008-07-17 13:30:51 0 d-------- C:\Program Files (x86)\vso
2008-07-12 18:52:17 0 d-------- C:\Users\Areya\browser - logitech
2008-07-12 18:51:21 0 d-------- C:\Users\Areya\logitech
2008-07-12 18:50:49 0 d-------- C:\Program Files (x86)\Common Files\Remote Control Software Common
2008-07-12 18:50:45 0 d-------- C:\Program Files (x86)\Logitech
2008-07-12 18:49:48 0 d-------- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2008-07-12 17:09:20 0 d-------- C:\Program Files (x86)\iPod
2008-07-12 17:08:00 0 d-------- C:\Program Files (x86)\QuickTime
2008-07-12 14:10:04 0 d-------- C:\Users\All Users\Kaspersky Lab(448)
2008-07-12 14:10:04 0 d-------- C:\Program Files (x86)\Kaspersky Lab(134)
2008-07-12 01:27:53 0 d-------- C:\Program Files (x86)\Netflix
2008-07-02 11:36:56 0 d-------- C:\Users\All Users\Rosetta Stone
2008-07-02 11:36:56 0 d-------- C:\Program Files (x86)\Rosetta Stone
2008-06-30 11:10:53 0 d-------- C:\Program Files (x86)\VistaCodecPack
2008-06-30 11:06:37 0 d-------- C:\Users\All Users\VistaCodecs


-- Find3M Report ---------------------------------------------------------------

2008-07-24 20:49:37 0 d-------- C:\Program Files (x86)\Trillian
2008-07-24 16:52:00 0 d-------- C:\Users\Areya\AppData\Roaming\uTorrent
2008-07-24 00:10:14 0 d-------- C:\Program Files (x86)\eSignal
2008-07-23 18:40:18 0 d-------- C:\Users\Areya\AppData\Roaming\Vso
2008-07-23 17:42:04 0 d-------- C:\Users\Areya\AppData\Roaming\DVDFab
2008-07-23 17:35:04 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-07-23 17:24:45 34 --a------ C:\Users\Areya\AppData\Roaming\pcouffin.log
2008-07-23 17:24:01 7859 --a------ C:\Users\Areya\AppData\Roaming\pcouffin.cat
2008-07-22 19:26:10 0 d-------- C:\Program Files (x86)\Lavasoft
2008-07-22 19:25:32 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-07-22 18:59:32 0 d-------- C:\Program Files (x86)\SpywareBlaster
2008-07-21 16:24:15 0 d-------- C:\Users\Areya\AppData\Roaming\Adobe
2008-07-21 08:33:16 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-07-20 14:54:50 0 d-------- C:\Users\Areya\AppData\Roaming\Download Manager
2008-07-13 00:54:50 0 d-------- C:\Program Files (x86)\Common Files
2008-07-13 00:54:03 0 d-------- C:\Program Files (x86)\Bonjour
2008-07-12 15:07:54 0 d-------- C:\Program Files (x86)\Ventrilo
2008-07-12 15:07:53 0 d-------- C:\Program Files (x86)\SpeedFan
2008-07-12 15:07:52 0 d-------- C:\Program Files (x86)\MagicISO
2008-07-12 15:07:52 0 d-------- C:\Program Files (x86)\MagicDisc
2008-07-12 15:07:51 0 d-------- C:\Program Files (x86)\DivX
2008-07-12 15:07:51 0 d-------- C:\Program Files (x86)\Alarm
2008-07-12 15:06:19 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1631)
2008-07-12 15:06:19 0 d-------- C:\Program Files (x86)\Common Files\Acronis
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Java
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Futuremark
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Common Files\Real
2008-07-12 15:06:17 0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Windows Mail
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Reference Assemblies
2008-06-21 15:15:35 0 d-------- C:\Program Files (x86)\Full Tilt Poker
2008-06-21 15:13:12 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1630)
2008-06-12 20:36:38 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-12 19:25:06 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-06-08 21:29:59 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-08 21:29:58 0 d-------- C:\Users\Areya\AppData\Roaming\skypePM
2008-06-05 14:55:22 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1615)
2008-05-03 15:07:22 529 --a------ C:\Windows\eReg.dat


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-07-24 20:57:53 ------------

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 July 2008 - 09:09 PM

For some reason, you are getting re-infected.. But your log looks much better now..


Fix this with HijackThis

O2 - BHO: {3b9b09d8-11f5-ddfb-df64-19a9f2553218} - {8123552f-9a91-46fd-bfdd-5f118d90b9b3} - C:\Windows\SysWow64\mjjnpn.dll (file missing)



Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Windows\SysWow64\mjjnpn.dll
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


-------------------------


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

If you cant download/install Malwarebytes, please try below link

http://www.malwarebytes.org/mbam.php




Post the following logs in your next reply

1. OTMoveIt2
2. Malwarebytes'
3. a fresh DSS log (after Malwarebytes' step)


Regards
fenzodahl512

Edited by fenzodahl512, 24 July 2008 - 09:11 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2008 - 10:29 PM

Unable to kill explorer.exe
File/Folder C:\Windows\SysWow64\mjjnpn.dll not found.
< EmptyTemp >
File delete failed. C:\Users\Areya\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07242008_211304

Files moved on Reboot...
C:\Users\Areya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.







Malwarebytes' Anti-Malware 1.23
Database version: 989
Windows 6.0.6001 Service Pack 1

10:25:40 PM 7/24/2008
mbam-log-7-24-2008 (22-25-40).txt

Scan type: Full Scan (C:\|F:\|G:\|H:\|M:\|S:\|X:\|)
Objects scanned: 414515
Time elapsed: 1 hour(s), 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Areya\Desktop\backups\backup-20080724-205219-219.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201349\Windows\system32\byXRiIyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201349\Windows\system32\ddcAsqPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201349\Windows\system32\fgtulxtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201349\Windows\system32\geBqOigd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201349\Windows\system32\tuvvSjjG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201349\Windows\system32\yayaxYrS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201406\Windows\system32\jfahrqdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201406\Windows\system32\pjmomncq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201406\Windows\system32\vxyyafqa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201422\Windows\system32\khsgasdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\awtsQKaW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\cbXOGAtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\geBrqqOe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\geBtRlli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\iifdeecA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\khfDssPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\khfETnoL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\nnnmlKDW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\nnnmnkkH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\opnkhgEv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\qoMfedAT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\ssqNHxvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\ssqOFYSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\ssqQhhGW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\sywjluqb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\tuvUMffF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\urqPfGXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\urqQhIbY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\urqRJBSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_201448\Windows\system32\vtUopNHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\awtqpNGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\cbXOHyWP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\ddcDvsSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\fccyYPgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\iifgeffd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\jecnqypj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\rqRJYsPI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\rqRKbASK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07242008_205343\Windows\system32\urqQiHbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
S:\Downloaded Programs\Spyware Programs\Ewido Anti-Spyware 4\Patch.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
S:\Downloaded Programs\Windows\WGA Crack\Windows XP Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Users\Areya\AppData\Roaming\RBXML550.dll (Trojan.Agent) -> Quarantined and deleted successfully.











Deckard's System Scanner v20071014.68
Run by Areya on 2008-07-24 22:26:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Areya.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:58 PM, on 7/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Users\Areya\Desktop\dss.exe
C:\Users\Areya\Desktop\Areya.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Citrus Alarm Clock.lnk = C:\Program Files (x86)\Citrus Alarm Clock\Citrus Alarm Clock.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} (WebPriKRX Control) - http://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll,
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9464 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 21:16:19 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-24 21:16:19 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-07-24 19:56:14 0 d-------- C:\Combo-Fix
2008-07-23 17:51:58 0 d-------- C:\Users\All Users\vsosdk
2008-07-23 17:23:31 0 d-------- C:\Program Files (x86)\DVDFab 5
2008-07-22 19:26:10 0 d-------- C:\Users\All Users\Lavasoft
2008-07-22 19:21:42 0 d-------- C:\VundoFix Backups
2008-07-22 18:54:13 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-07-22 18:54:13 0 d-------- C:\Program Files (x86)\Kaspersky Lab
2008-07-20 16:05:06 0 d-------- C:\Users\All Users\Kaspersky Lab(30)
2008-07-20 16:05:06 0 d-------- C:\Program Files (x86)\Kaspersky Lab(8)
2008-07-17 13:30:51 0 d-------- C:\Program Files (x86)\vso
2008-07-12 18:52:17 0 d-------- C:\Users\Areya\browser - logitech
2008-07-12 18:51:21 0 d-------- C:\Users\Areya\logitech
2008-07-12 18:50:49 0 d-------- C:\Program Files (x86)\Common Files\Remote Control Software Common
2008-07-12 18:50:45 0 d-------- C:\Program Files (x86)\Logitech
2008-07-12 18:49:48 0 d-------- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2008-07-12 17:09:20 0 d-------- C:\Program Files (x86)\iPod
2008-07-12 17:08:00 0 d-------- C:\Program Files (x86)\QuickTime
2008-07-12 14:10:04 0 d-------- C:\Users\All Users\Kaspersky Lab(448)
2008-07-12 14:10:04 0 d-------- C:\Program Files (x86)\Kaspersky Lab(134)
2008-07-12 01:27:53 0 d-------- C:\Program Files (x86)\Netflix
2008-07-02 11:36:56 0 d-------- C:\Users\All Users\Rosetta Stone
2008-07-02 11:36:56 0 d-------- C:\Program Files (x86)\Rosetta Stone
2008-06-30 11:10:53 0 d-------- C:\Program Files (x86)\VistaCodecPack
2008-06-30 11:06:37 0 d-------- C:\Users\All Users\VistaCodecs


-- Find3M Report ---------------------------------------------------------------

2008-07-24 21:16:21 0 d-------- C:\Users\Areya\AppData\Roaming\Malwarebytes
2008-07-24 20:49:37 0 d-------- C:\Program Files (x86)\Trillian
2008-07-24 16:52:00 0 d-------- C:\Users\Areya\AppData\Roaming\uTorrent
2008-07-24 00:10:14 0 d-------- C:\Program Files (x86)\eSignal
2008-07-23 18:40:18 0 d-------- C:\Users\Areya\AppData\Roaming\Vso
2008-07-23 17:42:04 0 d-------- C:\Users\Areya\AppData\Roaming\DVDFab
2008-07-23 17:35:04 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-07-23 17:24:45 34 --a------ C:\Users\Areya\AppData\Roaming\pcouffin.log
2008-07-23 17:24:01 7859 --a------ C:\Users\Areya\AppData\Roaming\pcouffin.cat
2008-07-22 19:26:10 0 d-------- C:\Program Files (x86)\Lavasoft
2008-07-22 19:25:32 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-07-22 18:59:32 0 d-------- C:\Program Files (x86)\SpywareBlaster
2008-07-21 16:24:15 0 d-------- C:\Users\Areya\AppData\Roaming\Adobe
2008-07-21 08:33:16 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-07-20 14:54:50 0 d-------- C:\Users\Areya\AppData\Roaming\Download Manager
2008-07-13 00:54:50 0 d-------- C:\Program Files (x86)\Common Files
2008-07-13 00:54:03 0 d-------- C:\Program Files (x86)\Bonjour
2008-07-12 15:07:54 0 d-------- C:\Program Files (x86)\Ventrilo
2008-07-12 15:07:53 0 d-------- C:\Program Files (x86)\SpeedFan
2008-07-12 15:07:52 0 d-------- C:\Program Files (x86)\MagicISO
2008-07-12 15:07:52 0 d-------- C:\Program Files (x86)\MagicDisc
2008-07-12 15:07:51 0 d-------- C:\Program Files (x86)\DivX
2008-07-12 15:07:51 0 d-------- C:\Program Files (x86)\Alarm
2008-07-12 15:06:19 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1631)
2008-07-12 15:06:19 0 d-------- C:\Program Files (x86)\Common Files\Acronis
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Java
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Futuremark
2008-07-12 15:06:18 0 d-------- C:\Program Files (x86)\Common Files\Real
2008-07-12 15:06:17 0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Windows Mail
2008-07-12 15:06:08 0 d-------- C:\Program Files (x86)\Reference Assemblies
2008-06-21 15:15:35 0 d-------- C:\Program Files (x86)\Full Tilt Poker
2008-06-21 15:13:12 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1630)
2008-06-12 20:36:38 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-12 19:25:06 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-06-08 21:29:59 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-08 21:29:58 0 d-------- C:\Users\Areya\AppData\Roaming\skypePM
2008-06-05 14:55:22 0 d-------- C:\Program Files (x86)\TradeStation 8.3 (Build 1615)
2008-05-03 15:07:22 529 --a------ C:\Windows\eReg.dat


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-07-24 22:27:08 ------------

#13 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2008 - 10:30 PM

The 3 logs you requested are posted above. On a side note, Spybot found EnigmaSoftware/SpyHunter but it's not in my Add/Remove Programs list.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 July 2008 - 11:30 PM

On a side note, Spybot found EnigmaSoftware/SpyHunter but it's not in my Add/Remove Programs list.


That's a legit program.. do you install it in the first place?. Can you tell me what exactly your Spybot found? And its location?


Your log looks very good.. How is your computer now?.. Lets do one more scan just to see what's left in your pc..


Err.. You have done Kaspersky Online before right?.. So, please do it again and post its log here.. Also tell me about your computer behaviour.. :thumbsup:


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 atorabli

atorabli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2008 - 11:56 PM

I didn't install it, but the folders were essentially empty when Spybot caught it. I saw a few text files and a media file but no executables or anything of that sort. My computer is behaving very well now. Kaspersky was hanging and using 50% of my CPU at times, I'm not getting any pop ups, and my financial programs are closing properly now. The financial programs use different network access layers and I was having to shut each process down through task manager. None of that is happening now. I'll run a Kaspersky scan right now and post the results tonight. It looks like you did it, thanks a lot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users