Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

More Recurring Trojan Problems


  • This topic is locked This topic is locked
36 replies to this topic

#1 elmongo2

elmongo2

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:07 PM

Posted 22 August 2008 - 07:58 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:57 PM, on 8/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\lxddcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{02AEB1E3-5B03-413D-A1BF-DE65D470FE85}
O4 - HKCU\..\Run: [Yodm3D] C:\Users\El Mongo\Desktop\Yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10286 bytes
People do dumb things. And I'm not talking about paying too much for car insurance either.

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:07 PM

Posted 02 September 2008 - 01:48 PM

Hello elmongo2 :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.


I ask that you refrain from running tools other than those we will ask you to while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


Please perform the following:



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall

Edited by thewall, 02 September 2008 - 01:50 PM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:07 PM

Posted 02 September 2008 - 03:22 PM

Good afternoon. Glad to hear from you. I am unable to run the Kaspersky on my computer because this stupid trojan has made it so that I can't access some websites, this site being one of them. I can pretty much only talk to you from my laptop and download tools and transfer them to my infected computer. Pretty much all I can do right now is run a new Hijack This! report and then send it back to you.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:07 PM

Posted 02 September 2008 - 03:52 PM

OK, we are going to have to find a way to get some of the needed programs onto the infected computer. Do you have a Pen/Flash drive that you can download the programs onto from your laptop and then load them into the other one?

Edited by thewall, 02 September 2008 - 03:52 PM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:07 PM

Posted 02 September 2008 - 03:53 PM

Yeah that's no problem. If you want here's the scan from Hijack This that I just did on my infected computer....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:19 PM, on 9/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxddcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: gksraemq - {EE82AEF2-FE50-42DE-A78D-31775D5C2279} - C:\Windows\gksraemq.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{02AEB1E3-5B03-413D-A1BF-DE65D470FE85}
O4 - HKCU\..\Run: [Yodm3D] C:\Users\El Mongo\Desktop\Yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7968 bytes
People do dumb things. And I'm not talking about paying too much for car insurance either.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:07 PM

Posted 03 September 2008 - 08:43 AM

OK thanks :thumbsup: , post the others as soon as you can and I will look at them.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:07 PM

Posted 03 September 2008 - 12:55 PM

In case you need some info on transferring files via a Flashdrive here is a link with instructions on it. This can be performed after downloading the program we need onto the laptop or another clean computer you may be using.

How to Use a USB Flashdrive
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#8 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:07 PM

Posted 03 September 2008 - 04:23 PM

Like I said, I cannot use that online scanner because whatever's infecting my computer wont let me pull up that website. Is there any other anti-virus scanner you want me to use instead???

I'll post the RSIT log shortly.

Edited by elmongo2, 03 September 2008 - 04:27 PM.

People do dumb things. And I'm not talking about paying too much for car insurance either.

#9 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:07 PM

Posted 03 September 2008 - 04:44 PM

info.txt logfile of random's system information tool 2008-09-03 16:38:07

Uninstall list

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
3D Sea Aquarium-->"C:\Program Files\3D Sea Aquarium\unins000.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
BitPim 1.0.5-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07-->"C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Forté Agent-->C:\PROGRA~1\Agent\UNWISE.EXE C:\PROGRA~1\Agent\INSTALL.LOG "Uninstall Forté Agent"
Free Registry Defrag-->"C:\Program Files\Registry Clean Expert\unins000.exe"
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Hells Kitchen-->"C:\Program Files\Hells Kitchen\ReflexiveArcade\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LGDownload-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F91819EA-B57E-11D4-8BA4-00105A75EEEB}\Setup.exe" -l0x9 -uninst
LimeWire 4.17.7-->"C:\Program Files\LimeWire\uninstall.exe"
LIVE gaming on Windows Runtime Version 1.0.6027-->MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Money 2007 Home & Business-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer-->C:\Users\El Mongo\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
nLite 1.4.5-->"C:\Program Files\nLite\unins000.exe"
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PowerDVD Copy 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
San Andreas Mod Installer-->"C:\Windows\San Andreas Mod Installer\uninstall.exe" "/U:C:\Program Files\San Andreas Mod Installer\Uninstall\uninstall.xml"
Ship Simulator 2006 Collectors Edition-->"C:\Program Files\Vstep\ShipSim2006\uninstall.exe"
SimCity™ Societies-->MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.0-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Orange Box-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EF7918F-6283-48D4-8648-9FE84BE9FB41}\setup.exe" -l0x9 -removeonly
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff-->C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff-->C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
Total Video Converter 3.10-->"C:\Program Files\Total Video Converter\unins000.exe"
TweakVI-->"C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files\TweakVI\Uninstall\uninstall.xml"
VDMSound-->C:\Program Files\VDMSound\uninst.exe
Vista x86 OneClick Activator-->MsiExec.exe /I{2876AEE2-A9C9-4585-A46A-44CF451C960E}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Window Washer-->C:\Windows\Unwash6.exe
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World in Conflict-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
Zoo Empire-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B46E96E-6E42-407B-B61A-86594AD376BC}\setup.exe" -l0x9 -uninst

Security center information

AV: BitDefender Antivirus
FW: BitDefender Firewall
AS: BitDefender Antispyware (disabled)
AS: Spyware Doctor (disabled)
AS: Windows Defender (disabled) (outdated)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\VDMSound
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"VDMSPath"=C:\Program Files\VDMSound

-----------------EOF-----------------

Logfile of random's system information tool (written by random/random)
Run by El Mongo at 2008-09-03 16:36:31
Microsoft® Windows Vista™ Ultimate
System drive C: has 227 GB (48%) free of 477 GB
Total RAM: 2303 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:59 PM, on 9/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxddcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
c:\program files\norton pc checkup\pc_checkup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDwbgw.exe
C:\Users\El Mongo\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\El Mongo.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: gksraemq - {EE82AEF2-FE50-42DE-A78D-31775D5C2279} - C:\Windows\gksraemq.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{02AEB1E3-5B03-413D-A1BF-DE65D470FE85}
O4 - HKCU\..\Run: [Yodm3D] C:\Users\El Mongo\Desktop\Yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8154 bytes

Scheduled tasks folder

C:\Windows\tasks\At1.job
C:\Windows\tasks\User_Feed_Synchronization-{02AEB1E3-5B03-413D-A1BF-DE65D470FE85}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE82AEF2-FE50-42DE-A78D-31775D5C2279} - gksraemq - C:\Windows\gksraemq.dll []
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-12 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-12 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-12 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"LXDDCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll []
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-08-14 716800]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"RunSpySweeperScheduleAtStartup"=C:\Windows\system32\msfeedssync.exe [2006-11-02 12288]
"Yodm3D"=C:\Users\El Mongo\Desktop\Yodm3D\Yodm3D.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-02-12 312240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-02-05 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXDDCATS]
rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-02-12 291760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe [2007-08-09 1261384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2007-01-16 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-19 233888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - L:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - M:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02fbed92-21f6-11dd-9edc-0016171b32cd}]
shell\AutoRun\command - J:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72252d4f-13ed-11dd-a437-0016171b32cd}]
shell\AutoRun\command - F:\LaunchU3.exe -a


File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-03 16:36:31 ----D---- C:\rsit
2008-09-01 18:41:04 ----A---- C:\cleanup.txt
2008-09-01 17:42:41 ----D---- C:\Users\El Mongo\AppData\Roaming\BitDefender
2008-09-01 17:42:38 ----D---- C:\Binaries
2008-09-01 17:40:52 ----D---- C:\ProgramData\BitDefender
2008-09-01 14:00:03 ----A---- C:\Windows\wininit.ini
2008-09-01 11:31:18 ----SHD---- C:\Windows\ftpcache
2008-09-01 09:46:15 ----A---- C:\Windows\vanwxemgqep.dll
2008-09-01 09:46:15 ----A---- C:\Windows\sxmaokgf.exe
2008-09-01 09:46:15 ----A---- C:\Windows\egov.exe
2008-09-01 09:46:08 ----D---- C:\Program Files\MSA
2008-09-01 09:46:04 ----D---- C:\Program Files\PCHealthCenter
2008-08-30 14:17:27 ----A---- C:\Windows\system32\curl.exe
2008-08-30 13:55:33 ----D---- C:\Program Files\Netflix
2008-08-30 10:15:06 ----D---- C:\Users\El Mongo\AppData\Roaming\GetRightToGo
2008-08-30 10:15:06 ----D---- C:\Downloads
2008-08-22 18:31:20 ----D---- C:\Windows\Minidump
2008-08-22 17:21:50 ----D---- C:\Windows\system32\logs
2008-08-22 17:20:46 ----D---- C:\Program Files\Common Files\MSSoap
2008-08-22 17:19:31 ----D---- C:\Program Files\BitDefender
2008-08-22 17:15:09 ----D---- C:\Program Files\Common Files\BitDefender
2008-08-22 16:43:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-08-22 16:43:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-21 18:11:23 ----D---- C:\Windows\BDOSCAN8
2008-08-20 15:15:52 ----A---- C:\Windows\system32\wups2.dll
2008-08-20 15:15:52 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-20 15:15:51 ----A---- C:\Windows\system32\wucltux.dll
2008-08-20 15:15:51 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-20 15:13:33 ----A---- C:\Windows\system32\wups.dll
2008-08-20 15:13:33 ----A---- C:\Windows\system32\wudriver.dll
2008-08-20 15:13:33 ----A---- C:\Windows\system32\wuapi.dll
2008-08-20 15:12:10 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-20 15:12:10 ----A---- C:\Windows\system32\wuapp.exe
2008-08-18 16:30:14 ----A---- C:\Windows\system32\DEBUG_LOG.txt
2008-08-16 01:08:26 ----D---- C:\Program Files\Norton PC Checkup
2008-08-15 22:01:48 ----D---- C:\Windows\system32\Adobe
2008-08-14 06:44:35 ----A---- C:\Windows\system32\tzres.dll
2008-08-13 06:48:31 ----A---- C:\Windows\system32\polstore.dll
2008-08-13 06:48:31 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-13 06:48:31 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-13 06:48:30 ----A---- C:\Windows\system32\winipsec.dll
2008-08-13 06:48:22 ----A---- C:\Windows\system32\es.dll
2008-08-13 06:48:04 ----A---- C:\Windows\system32\mshtml.dll
2008-08-13 06:48:02 ----A---- C:\Windows\system32\ieframe.dll
2008-08-13 06:48:01 ----A---- C:\Windows\system32\urlmon.dll
2008-08-13 06:48:00 ----A---- C:\Windows\system32\wininet.dll
2008-08-13 06:47:59 ----A---- C:\Windows\system32\mshtmled.dll
2008-08-13 06:47:58 ----A---- C:\Windows\system32\mstime.dll
2008-08-13 06:47:58 ----A---- C:\Windows\system32\ieui.dll
2008-08-13 06:47:58 ----A---- C:\Windows\system32\iesetup.dll
2008-08-13 06:47:58 ----A---- C:\Windows\system32\iernonce.dll
2008-08-13 06:47:58 ----A---- C:\Windows\system32\ieapfltr.dll
2008-08-13 06:47:58 ----A---- C:\Windows\system32\ie4uinit.exe
2008-08-13 06:47:58 ----A---- C:\Windows\system32\dxtrans.dll
2008-08-13 06:47:58 ----A---- C:\Windows\system32\advpack.dll
2008-08-13 06:47:57 ----A---- C:\Windows\system32\pngfilt.dll
2008-08-13 06:47:57 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-13 06:47:57 ----A---- C:\Windows\system32\ieUnatt.exe
2008-08-13 06:47:57 ----A---- C:\Windows\system32\icardie.dll
2008-08-13 06:47:57 ----A---- C:\Windows\system32\dxtmsft.dll
2008-08-13 06:46:42 ----A---- C:\Windows\system32\INETRES.dll
2008-08-13 06:46:42 ----A---- C:\Windows\system32\inetcomm.dll
2008-07-27 20:41:15 ----D---- C:\Program Files\Common Files\Nullsoft
2008-07-26 13:05:00 ----D---- C:\Windows\$regcmp$
2008-07-25 21:31:49 ----D---- C:\Program Files\Sigma Production Inc
2008-07-24 16:05:51 ----A---- C:\Windows\system32\javaws.exe
2008-07-24 16:05:50 ----A---- C:\Windows\system32\javaw.exe
2008-07-24 16:05:50 ----A---- C:\Windows\system32\java.exe
2008-07-24 14:06:45 ----D---- C:\Windows\system32\aspi
2008-07-24 14:06:44 ----D---- C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo
2008-07-16 15:52:49 ----A---- C:\Windows\system32\VB6KO.DLL
2008-07-16 15:52:48 ----A---- C:\Windows\system32\ROBOEX32.DLL
2008-07-16 15:52:43 ----D---- C:\LG Electronics
2008-07-16 15:52:43 ----A---- C:\Windows\system32\LGComm.dll
2008-07-16 15:52:43 ----A---- C:\Windows\system32\EFSComm.dll
2008-07-13 09:59:00 ----D---- C:\Program Files\Hells Kitchen
2008-07-13 09:58:34 ----D---- C:\Program Files\ReflexiveArcade
2008-07-11 15:27:38 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-11 15:27:33 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-11 15:27:04 ----A---- C:\Windows\system32\NlsData000c.dll
2008-07-11 15:27:04 ----A---- C:\Windows\system32\NlsData0009.dll
2008-07-11 15:27:04 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-11 15:27:03 ----A---- C:\Windows\system32\NlsData000a.dll
2008-07-11 15:27:00 ----A---- C:\Windows\system32\NlsData000d.dll
2008-07-11 15:26:59 ----A---- C:\Windows\system32\NlsData0027.dll
2008-07-11 15:26:57 ----A---- C:\Windows\system32\NlsData0001.dll
2008-07-11 15:26:56 ----A---- C:\Windows\system32\NlsData0011.dll
2008-07-11 15:26:54 ----A---- C:\Windows\system32\NlsData003e.dll
2008-07-11 15:26:54 ----A---- C:\Windows\system32\NlsData002a.dll
2008-07-11 15:26:54 ----A---- C:\Windows\system32\NlsData0022.dll
2008-07-11 15:26:54 ----A---- C:\Windows\system32\NlsData0021.dll
2008-07-11 15:26:54 ----A---- C:\Windows\system32\NlsData0018.dll
2008-07-11 15:26:54 ----A---- C:\Windows\system32\NlsData000f.dll
2008-07-11 15:26:54 ----A---- C:\Windows\system32\NlsData0007.dll
2008-07-11 15:26:54 ----A---- C:\Windows\system32\NlsData0002.dll
2008-07-11 15:26:53 ----A---- C:\Windows\system32\NlsData0024.dll
2008-07-11 15:26:53 ----A---- C:\Windows\system32\NlsData001a.dll
2008-07-11 15:26:52 ----A---- C:\Windows\system32\NlsData0019.dll
2008-07-11 15:26:52 ----A---- C:\Windows\system32\NlsData0010.dll
2008-07-11 15:26:51 ----A---- C:\Windows\system32\NlsData0816.dll
2008-07-11 15:26:51 ----A---- C:\Windows\system32\NlsData001d.dll
2008-07-11 15:26:50 ----A---- C:\Windows\system32\NlsData0049.dll
2008-07-11 15:26:50 ----A---- C:\Windows\system32\NlsData0039.dll
2008-07-11 15:26:50 ----A---- C:\Windows\system32\NlsData0013.dll
2008-07-11 15:26:49 ----A---- C:\Windows\system32\NlsData0020.dll
2008-07-11 15:26:48 ----A---- C:\Windows\system32\NlsData0416.dll
2008-07-11 15:26:47 ----A---- C:\Windows\system32\NlsData0414.dll
2008-07-11 15:26:46 ----A---- C:\Windows\system32\NlsData0047.dll
2008-07-11 15:26:45 ----A---- C:\Windows\system32\NlsData081a.dll
2008-07-11 15:26:45 ----A---- C:\Windows\system32\NlsData004c.dll
2008-07-11 15:26:45 ----A---- C:\Windows\system32\NlsData004a.dll
2008-07-11 15:26:44 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-07-11 15:26:44 ----A---- C:\Windows\system32\NlsData001b.dll
2008-07-11 15:26:44 ----A---- C:\Windows\system32\NlsData0000.dll
2008-07-11 15:26:43 ----A---- C:\Windows\system32\NlsData004e.dll
2008-07-11 15:26:43 ----A---- C:\Windows\system32\NlsData004b.dll
2008-07-11 15:26:43 ----A---- C:\Windows\system32\NlsData0046.dll
2008-07-11 15:26:43 ----A---- C:\Windows\system32\NlsData0045.dll
2008-07-11 15:26:42 ----A---- C:\Windows\system32\NlsData0026.dll
2008-07-11 15:26:42 ----A---- C:\Windows\system32\NlsData0003.dll
2008-07-11 15:26:06 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-07-11 15:26:05 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-07-11 15:26:04 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-07-11 15:26:03 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-07-11 15:26:03 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-07-11 15:26:02 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-07-11 15:26:02 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-07-11 15:25:59 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-07-11 15:25:58 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-07-11 15:25:57 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-07-11 15:25:56 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-07-11 15:25:52 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-07-11 15:25:51 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-07-11 15:25:51 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-07-11 15:25:50 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-07-11 15:25:47 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-07-11 15:25:47 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-07-11 15:25:46 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-07-11 15:25:45 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-07-11 15:25:45 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-07-11 15:25:41 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-07-11 15:25:38 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-07-11 15:25:37 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-07-11 15:25:36 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-07-11 15:25:36 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-07-11 15:25:35 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-07-11 15:25:35 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-07-11 15:25:35 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-07-11 15:25:34 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-07-11 15:25:34 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-07-11 15:25:34 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-07-11 15:25:34 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-07-11 15:25:34 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-07-11 15:25:34 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-07-11 15:25:34 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-07-11 15:25:34 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-07-11 15:25:33 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-07-11 15:25:33 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-07-10 12:33:59 ----D---- C:\Users\El Mongo\AppData\Roaming\Ludia
2008-07-10 12:33:59 ----D---- C:\ProgramData\Ludia
2008-07-10 12:33:50 ----D---- C:\ProgramData\Trymedia
2008-07-10 12:33:26 ----D---- C:\Program Files\Trymedia
2008-07-10 12:30:15 ----D---- C:\Users\El Mongo\AppData\Roaming\Move Networks
2008-07-09 18:09:03 ----A---- C:\Results.txt
2008-07-09 13:52:53 ----D---- C:\Users\El Mongo\AppData\Roaming\Mozilla
2008-07-09 13:52:20 ----D---- C:\Program Files\Mozilla Firefox
2008-07-08 21:40:58 ----A---- C:\Windows\system32\shell32.dll
2008-07-08 21:40:13 ----A---- C:\Windows\system32\wshrm.dll
2008-07-08 21:40:09 ----A---- C:\Windows\system32\quartz.dll
2008-07-08 21:26:17 ----A---- C:\ComboFix.txt
2008-07-08 21:13:31 ----D---- C:\Windows\TEMP
2008-07-08 21:08:27 ----D---- C:\Windows\erdnt
2008-07-08 21:07:37 ----D---- C:\QooBox
2008-07-08 21:07:34 ----A---- C:\Windows\zip.exe
2008-07-08 21:07:34 ----A---- C:\Windows\VFind.exe
2008-07-08 21:07:34 ----A---- C:\Windows\swxcacls.exe
2008-07-08 21:07:34 ----A---- C:\Windows\swsc.exe
2008-07-08 21:07:34 ----A---- C:\Windows\swreg.exe
2008-07-08 21:07:34 ----A---- C:\Windows\sed.exe
2008-07-08 21:07:34 ----A---- C:\Windows\Nircmd.exe
2008-07-08 21:07:34 ----A---- C:\Windows\grep.exe
2008-07-08 21:07:34 ----A---- C:\Windows\fdsv.exe
2008-07-08 20:43:41 ----D---- C:\_OTMoveIt
2008-07-08 06:19:41 ----D---- C:\Deckard
2008-07-07 21:34:56 ----A---- C:\Windows\system32\575d1322-.txt
2008-07-05 13:28:59 ----D---- C:\Program Files\EA GAMES
2008-06-28 12:23:55 ----D---- C:\Program Files\Registry Clean Expert
2008-06-27 18:00:51 ----D---- C:\Program Files\Vstep
2008-06-26 09:27:31 ----D---- C:\Program Files\Keyfinder Advanced 2007 (Trial Version)
2008-06-23 15:47:04 ----D---- C:\Program Files\VDMSound
2008-06-22 21:29:10 ----HD---- C:\Windows\PIF
2008-06-22 20:26:53 ----D---- C:\Program Files\Microsoft Virtual PC
2008-06-21 16:01:10 ----A---- C:\Windows\ARCADE2.INI
2008-06-19 11:11:50 ----D---- C:\Program Files\CCleaner
2008-06-15 10:27:58 ----D---- C:\VundoFix Backups
2008-06-15 10:27:58 ----A---- C:\VundoFix.txt
2008-06-13 17:06:00 ----D---- C:\Windows\system32\URTTEMP
2008-06-13 17:03:29 ----D---- C:\Windows\San Andreas Mod Installer
2008-06-13 17:03:28 ----D---- C:\Program Files\San Andreas Mod Installer
2008-06-13 09:07:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 12:37:38 ----D---- C:\Users\El Mongo\AppData\Roaming\Webroot
2008-06-07 17:30:23 ----D---- C:\MyWorks
2008-06-07 17:29:29 ----N---- C:\Windows\system32\msxml3a.dll
2008-06-04 13:00:11 ----A---- C:\Windows\gen_pictureboxid3lib.dll

List of drivers

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-09-01 133184]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-06-18 320000]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 232816]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IKFileSec;File Security Driver; C:\Windows\system32\system32\drivers\ikfilesec.sys []
R3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2007-12-10 66952]
R3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2007-12-10 81288]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-12 7623968]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S3 awyzf8qb;awyzf8qb; C:\Windows\system32\drivers\awyzf8qb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2006-03-30 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2006-03-30 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2006-03-30 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2006-03-30 73696]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2007-07-10 36736]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WnsDrvr;WnsDrvr; C:\Windows\system32\drivers\WnsDrvr.sys [2008-07-16 25952]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 wrssweep;Webroots Volume Access Driver; \??\C:\Program Files\Webroot\Washer\wrssweep.sys [2007-08-09 21832]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-08-13 393216]
R2 lxdd_device;lxdd_device; C:\Windows\system32\lxddcoms.exe [2007-02-12 537520]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-05-24 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2005-08-07 167936]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-09-01 1527808]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 388936]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-09-25 574808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-03-04 948616]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]

-----------------EOF-----------------
People do dumb things. And I'm not talking about paying too much for car insurance either.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:07 PM

Posted 03 September 2008 - 05:09 PM

My apologies, I should have said just the RSIT log for right now. Let me study it and I'll get back just as soon as possible.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:07 PM

Posted 03 September 2008 - 05:23 PM

I see you have Malwarebytes on your computer. Have you ran it lately and if you have and can still access it I would like to see the log it produced.



To retrieve the MBAM scan log information, launch MBAB.
• Click the Logs Tab at the top.
mbam-log-7-18-2008(09-52-04).txt should show in the list. <- your dates will be different from this exampe
• Click on the log name to highlight it.
• Go to the bottom and click on Open.
• The log should automatically open in notepad as a text file.
• Go to Edit and choose Select all.
• Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
• Come back to this thread, click Add Reply, then right-click and choose Paste.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#12 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:07 PM

Posted 03 September 2008 - 05:33 PM

Malwarebytes' Anti-Malware 1.17
Database version: 852

7:01:20 PM 9/1/2008
mbam-log-9-1-2008 (19-01-20).txt

Scan type: Quick Scan
Objects scanned: 39263
Time elapsed: 31 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\winlo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\El Mongo\AppData\Local\Temp\ac8zt2\egov.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#13 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:07 PM

Posted 03 September 2008 - 08:38 PM

I am going to post the following to be on the safe side. From everything I could find out this program Yodm3D is connected to some kind of Torrent stream. If it is then I need to make you aware of the information below. If it is not then of course it is of no consequence and you can just ignore it.


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Yodm3D ). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology.








The version of Malwarebytes you have is outdated. I would like for you to delete it and then download and transfer the newest version over to the infected computer and run it.


Please download Malwarebytes_Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




After completion please post the MBAM log as well as a new log from RSIT.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#14 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:07 PM

Posted 03 September 2008 - 08:51 PM

I just got a message from Bit Defender saying a virus has been blocked called "Packer.Malware.Lighty.C" after rebooting to uninstall the old anti-malware program.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#15 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:12:07 PM

Posted 03 September 2008 - 09:00 PM

While I was scanning Bit Defender flashed another message saying other viruses were blocked......

Trojan.Generic.66......

Trojan.Generic.66......

Adware.FakeAntiV......
People do dumb things. And I'm not talking about paying too much for car insurance either.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users