Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remnants Of Vundomonde In Computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mach Man X

Mach Man X

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 24 July 2008 - 10:19 PM

I used to have the Vundomonde adware/spyware on this computer and it prevented my computer from using the search feature of yahoo or google, regardless of browser used. I could go to the webpage, but I couldn't use the search feature. I couldn't even use the search feature built-in the browser. But after I used Vundofix and VirtumondoBeGone, the spyware is no longer on my system. After a few days, the search functionality has returned to my computer. Now, I'm having occasional inappropriate popups showing up from time to time. My antivirus does block some of them, but it cannot stop them all. This computer is used by my whole family, hence why I need this problem removed ;)

I am running Windows XP Pro, with latest NOD32 antivirus and Spybot Search and Destroy. Java 6 Version 5. AMD Athlon X2 3800+

Here's my Main Log:-

Deckard's System Scanner v20071014.68
Run by YaMaHa on 2008-07-24 21:54:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.52 GiB (less than 15%) free.


-- HijackThis (run as YaMaHa.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:41 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\YaMaHa\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\YaMaHa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=asst&.../www.yahoo.com/ (obfuscated)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {05C53678-9022-49F2-A8FF-167786A015F1} - C:\WINDOWS\system32\ddcAqRkl.dll (file missing)
O2 - BHO: (no name) - {0F83240C-F0FC-4655-84B4-5B05C13EFC70} - C:\WINDOWS\system32\khfEUkHy.dll (file missing)
O2 - BHO: (no name) - {166BCB27-FCFD-4588-9BDB-44FC6A02EF35} - (no file)
O2 - BHO: {39f25407-1932-a098-52b4-4dccfc2ceae1} - {1eaec2cf-ccd4-4b25-890a-239170452f93} - C:\WINDOWS\system32\cleern.dll
O2 - BHO: (no name) - {2E5FD13D-111B-4616-B91A-4EC79021C1B7} - C:\WINDOWS\system32\pmnkKbyx.dll (file missing)
O2 - BHO: (no name) - {39DF07EE-8B63-474B-8494-D84913418418} - C:\WINDOWS\system32\pmnkLDSl.dll (file missing)
O2 - BHO: (no name) - {3F2FFDC3-D76A-46BE-A32A-3D27258226AA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {691DE4D5-97E2-4DE9-86C4-D20D83A00CF5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {774CC14F-A3C0-461F-9FF1-D76208CD6C8D} - (no file)
O2 - BHO: (no name) - {8c340b2c-96af-4c18-b3c7-d0a87a1a9559} - (no file)
O2 - BHO: (no name) - {B6BAE053-B82B-4933-A9E3-14F5C80A664d} - C:\WINDOWS\system32\yijvmqgs.dll (file missing)
O2 - BHO: (no name) - {B92F83FB-D608-401E-AC79-924B5F8D70DD} - C:\WINDOWS\system32\awtqnkhe.dll (file missing)
O2 - BHO: (no name) - {DE1C39DF-F9A0-4547-A0EE-87F2E60BA0A8} - (no file)
O2 - BHO: (no name) - {DE812079-C60A-44B5-8E6E-B6D0B561291E} - C:\WINDOWS\system32\ljJASlJb.dll (file missing)
O2 - BHO: (no name) - {E30AACB8-E152-4257-8180-7C2DDE545A31} - C:\WINDOWS\system32\mlJCUNHb.dll (file missing)
O2 - BHO: (no name) - {FC888858-F70E-40A5-A57C-FB37CDBBAEBc} - C:\WINDOWS\system32\yijvmqgs.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [84f7c4cf] rundll32.exe "C:\WINDOWS\system32\pepoewuw.dll",b
O4 - HKLM\..\Run: [BM87c4f753] Rundll32.exe "C:\WINDOWS\system32\vmaciqht.dll",s
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - Winlogon Notify: ssqPhIBr - C:\WINDOWS\
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6961 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 21:36:10 0 dr-h----- C:\Documents and Settings\YaMaHa\Recent
2008-07-24 21:33:20 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-24 20:53:42 0 d-------- C:\Program Files\Kaplan
2008-07-24 20:40:35 30608 --a------ C:\WINDOWS\system\WNDTOOLS.DLL <Not Verified; DBS GmbH, Bremen-Germany; TX Text Control>
2008-07-24 20:40:35 935632 --a------ C:\WINDOWS\system\VB40016.DLL <Not Verified; Microsoft Corporation; Visual Basic 4.0>
2008-07-24 20:40:35 177824 --a------ C:\WINDOWS\system\TYPELIB.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-07-24 20:40:35 53360 --a------ C:\WINDOWS\system\TXTOOLS.DLL <Not Verified; DBS GmbH; TX Text Control>
2008-07-24 20:40:35 44208 --a------ C:\WINDOWS\system\TX_RTF.DLL <Not Verified; DBS GmbH; TX Text-Control>
2008-07-24 20:40:35 321104 --a------ C:\WINDOWS\system\TX.DLL <Not Verified; DBS GmbH, Bremen-Germany; TX Text Control>
2008-07-24 20:40:35 157696 --a------ C:\WINDOWS\system\STORAGE.DLL
2008-07-24 20:40:35 12976 --a------ C:\WINDOWS\system\SCP.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-07-24 20:40:35 240944 --a------ C:\WINDOWS\system\RICHED.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-07-24 20:40:35 7216 --a------ C:\WINDOWS\system\REGSVR.EXE <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-07-24 20:40:35 51712 --a------ C:\WINDOWS\system\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.02 for Windows>
2008-07-24 20:40:35 152976 --a------ C:\WINDOWS\system\OLE2NLS.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-07-24 20:40:35 164960 --a------ C:\WINDOWS\system\OLE2DISP.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-07-24 20:40:35 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-07-24 20:40:35 28113 --a------ C:\WINDOWS\system\OLE2.REG
2008-07-24 20:40:35 304640 --a------ C:\WINDOWS\system\OLE2.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-07-24 20:40:35 536048 --a------ C:\WINDOWS\system\OC25.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-07-24 20:40:35 50144 --a------ C:\WINDOWS\system\IC.DLL <Not Verified; DBS GmbH; TX Text-Control>
2008-07-24 20:40:35 223280 --a------ C:\WINDOWS\system\EXTEST16.DLL <Not Verified; ; EXTEST16>
2008-07-24 20:40:35 27632 --a------ C:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-07-24 20:40:35 26768 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-07-24 20:40:35 109056 --a------ C:\WINDOWS\system\COMPOBJ.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-07-24 20:40:35 7216 --a------ C:\WINDOWS\REGSVR.EXE <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-07-24 20:39:16 0 d-------- C:\Program Files\delexm
2008-07-24 20:38:20 244736 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-07-24 20:38:18 0 d-------- C:\Documents and Settings\YaMaHa\WINDOWS
2008-07-24 20:31:04 0 d-------- C:\Program Files\Comprehensive Review for NCLEX-RN, 2e
2008-07-24 20:29:45 0 d-------- C:\Program Files\Comprehensive Review 3e
2008-07-23 22:03:46 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-23 22:03:38 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-23 22:03:38 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-23 22:03:38 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-23 22:03:38 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 22:03:38 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-23 22:03:31 683520 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-23 22:03:30 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-23 22:03:29 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-23 13:07:31 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-23 13:06:18 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-23 13:06:18 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-23 12:14:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-16 16:17:24 850018 --ahs---- C:\WINDOWS\system32\yHkUEfhk.ini2
2008-07-16 15:41:08 77824 --a------ C:\WINDOWS\system32\pepoewuw.dll
2008-07-16 15:39:01 102400 --a------ C:\WINDOWS\system32\cleern.dll
2008-07-16 15:39:00 102400 --a------ C:\WINDOWS\system32\xslobmsm.dll
2008-07-14 23:53:20 0 d-------- C:\Program Files\Trend Micro
2008-07-14 22:03:25 0 d-------- C:\WINDOWS\system32\Lang
2008-07-14 22:03:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-14 22:02:57 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-07-14 22:02:52 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-14 22:02:52 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-14 22:02:52 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-07-14 22:02:52 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-14 22:02:52 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-14 22:02:52 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-14 21:30:25 102400 --a------ C:\WINDOWS\system32\ahkwfe.dll
2008-07-14 21:30:23 102400 --a------ C:\WINDOWS\system32\vespwhky.dll
2008-07-14 21:27:23 77312 --a------ C:\WINDOWS\system32\jblwjrcu.dll
2008-07-14 10:30:35 102400 --a------ C:\WINDOWS\system32\udmhns.dll
2008-07-14 10:30:34 102400 --a------ C:\WINDOWS\system32\kphgjstp.dll
2008-07-14 10:28:53 711431 --ahs---- C:\WINDOWS\system32\bHNUCJlm.ini2
2008-07-14 10:10:05 102400 --a------ C:\WINDOWS\system32\ossywr.dll
2008-07-14 10:10:04 102400 --a------ C:\WINDOWS\system32\nsxypnol.dll
2008-07-14 10:09:35 77312 -----n--- C:\WINDOWS\system32\aoxbkyhr.dll
2008-07-14 10:09:27 91136 --a------ C:\WINDOWS\system32\svrlrrld.dll
2008-07-13 07:58:55 103424 --a------ C:\WINDOWS\system32\omszag.dll
2008-07-13 07:58:54 103424 --a------ C:\WINDOWS\system32\mdppvqvf.dll
2008-07-13 07:55:54 78848 --a------ C:\WINDOWS\system32\sqpxyggi.dll
2008-07-13 07:52:54 91648 --a------ C:\WINDOWS\system32\ogpydixm.dll
2008-07-12 17:52:31 103424 --a------ C:\WINDOWS\system32\vyqbgtin.dll
2008-07-12 17:46:31 78848 --a------ C:\WINDOWS\system32\ediduuwx.dll
2008-07-12 17:31:31 724047 --ahs---- C:\WINDOWS\system32\bJlSAJjl.ini2
2008-07-12 14:44:32 0 d-------- C:\Program Files\Incomplete
2008-07-12 12:56:51 103424 --a------ C:\WINDOWS\system32\rtfomb.dll
2008-07-12 12:56:50 103424 --a------ C:\WINDOWS\system32\lscdvrdo.dll
2008-07-12 12:50:50 711017 --ahs---- C:\WINDOWS\system32\ehknqtwa.ini2
2008-07-12 06:10:01 103424 --a------ C:\WINDOWS\system32\boyzcv.dll
2008-07-12 06:07:00 78848 --a------ C:\WINDOWS\system32\mkclnqty.dll
2008-07-12 06:04:00 723757 --ahs---- C:\WINDOWS\system32\lSDLknmp.ini2
2008-07-11 23:21:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 23:10:27 103424 --a------ C:\WINDOWS\system32\wwjvxo.dll
2008-07-11 23:10:26 103424 --a------ C:\WINDOWS\system32\ticmjmaw.dll
2008-07-11 21:39:56 335 --a------ C:\WINDOWS\mozregistry.dat
2008-07-11 11:03:32 78336 --a------ C:\WINDOWS\system32\qgmoewti.dll
2008-07-11 11:02:47 721119 --ahs---- C:\WINDOWS\system32\lkRqAcdd.ini2
2008-07-11 00:15:58 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-08 13:48:19 0 d-------- C:\Conan -The Dark Axe
2008-07-01 19:55:15 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\Yahoo!
2008-07-01 19:55:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-01 11:38:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-01 11:37:42 0 d-------- C:\Program Files\Yahoo!
2008-06-29 10:35:04 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-06-29 10:35:00 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-06-29 10:34:45 0 d--h----- C:\Program Files\CanonBJ


-- Find3M Report ---------------------------------------------------------------

2008-07-24 20:49:33 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-07-24 20:29:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-23 12:13:22 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\Azureus
2008-07-22 12:37:31 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\LimeWire
2008-07-22 12:36:47 0 d-------- C:\Program Files\LimeWire
2008-07-19 08:36:47 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\Real
2008-07-14 20:45:57 0 d-------- C:\Program Files\Common Files
2008-07-02 10:42:00 0 d-------- C:\Program Files\Azureus
2008-06-23 13:54:20 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\Adobe
2008-06-23 13:48:59 0 d-------- C:\Program Files\Ubisoft
2008-06-20 22:54:10 0 d-------- C:\Program Files\SightSpeed
2008-06-12 00:30:52 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\Media Player Classic
2008-06-11 23:31:31 0 d-------- C:\Program Files\Serious Sam 2
2008-06-09 10:19:16 0 d-------- C:\Program Files\Google
2008-06-08 21:20:16 0 d-------- C:\Program Files\Microsoft Games
2008-06-08 21:07:10 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\DAEMON Tools Pro
2008-06-08 20:29:44 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-08 20:29:36 0 d-------- C:\Program Files\Microsoft Works
2008-06-08 20:29:04 0 d-------- C:\Program Files\Microsoft.NET
2008-06-08 20:18:05 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\Macromedia
2008-06-08 19:55:12 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\CyberLink
2008-06-08 19:53:26 0 d-------- C:\Program Files\CyberLink
2008-06-08 19:45:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-08 19:45:00 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\Mozilla
2008-06-08 19:44:05 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-08 19:44:05 0 d-------- C:\Program Files\Ahead
2008-06-08 19:43:36 0 d-------- C:\Program Files\PhotoFiltre
2008-06-08 19:43:11 0 d-------- C:\Program Files\Foxit Software
2008-06-08 19:42:46 0 d-------- C:\Program Files\Java
2008-06-08 19:42:35 0 d-------- C:\Program Files\Common Files\Java
2008-06-08 19:42:21 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\Sun
2008-06-08 19:42:11 0 d-------- C:\Program Files\QuickTime Alternative
2008-06-08 19:42:00 0 d-------- C:\Program Files\Real Alternative
2008-06-08 19:38:21 0 d-------- C:\Program Files\Ares
2008-06-08 19:33:42 0 d-------- C:\Program Files\Realtek
2008-06-08 19:33:40 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-08 19:29:35 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-08 19:19:52 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\WinRAR
2008-06-08 18:50:13 0 d-------- C:\Program Files\AMD
2008-06-08 18:46:54 0 d-------- C:\Documents and Settings\YaMaHa\Application Data\InstallShield
2008-06-08 15:14:15 0 -rahs---- C:\MSDOS.SYS
2008-06-08 15:14:15 0 -rahs---- C:\IO.SYS
2008-06-08 15:14:15 0 --a------ C:\CONFIG.SYS
2008-06-08 15:14:15 0 --a------ C:\AUTOEXEC.BAT
2008-06-08 15:13:17 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-08 15:12:43 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-08 15:12:37 0 d-------- C:\Program Files\Movie Maker
2008-06-08 15:12:18 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-08 15:11:42 0 d-------- C:\Program Files\Desktop
2008-06-08 15:11:28 0 d-------- C:\Program Files\Windows NT
2008-06-08 14:50:06 1580544 --a------ C:\WINDOWS\system32\sfcfiles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-08 14:47:52 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-08 14:47:17 36864 --a------ C:\WINDOWS\system32\qfecheck.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-08 14:47:17 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-08 14:47:16 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>
2008-06-08 10:08:22 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-08 10:08:08 62 --ahs---- C:\Documents and Settings\YaMaHa\Application Data\desktop.ini
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8784 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-24 21:56:40 ------------



Here's my Extra Log:-

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1023.48 MiB / 497.07 MiB
Pagefile Memory (total/avail): 2461.46 MiB / 2008.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.64 MiB

C: is Fixed (NTFS) - 39.16 GiB total, 5.52 GiB free.
D: is Fixed (NTFS) - 258.92 GiB total, 106.63 GiB free.
E: is CDROM (No Media)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.16 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 258.92 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Ubisoft\\Chessmaster Grandmaster Edition\\game.exe"="C:\\Program Files\\Ubisoft\\Chessmaster Grandmaster Edition\\game.exe:*:Enabled:Chessmaster: Grandmaster Edition"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\YaMaHa\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NFORCE4--JET
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\YaMaHa
LOGONSERVER=\\NFORCE4--JET
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\YaMaHa\LOCALS~1\Temp
TMP=C:\DOCUME~1\YaMaHa\LOCALS~1\Temp
USERDOMAIN=NFORCE4--JET
USERNAME=YaMaHa
USERPROFILE=C:\Documents and Settings\YaMaHa
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

YaMaHa (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5510 / Error
Event Submitted/Written: 07/24/2008 09:32:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type5492 / Error
Event Submitted/Written: 07/24/2008 09:01:48 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type5386 / Error
Event Submitted/Written: 07/23/2008 00:01:54 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type5368 / Warning
Event Submitted/Written: 07/23/2008 08:51:50 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type5085 / Error
Event Submitted/Written: 07/19/2008 10:36:19 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.101 for the Network Card with network address 0016E6D8E4E5 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2008-07-24 21:56:40 ------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 25 July 2008 - 03:18 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.





NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.




Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 06 August 2008 - 08:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users