Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Win32.Monder.gen fix


  • Please log in to reply
1 reply to this topic

#1 tuomi42

tuomi42

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 01 January 2009 - 11:47 PM

According to Kaspersky Online scanner, I have Trojan.Win32.Monder.gen on my machine. I need some help on trying to remove it. I've also tried some other removal tools. Spybot and Adaware are ineffective. I ran HiJackThis to try and delete the offending files, and discovered zadoleso.dll, jepiliwu.dll, sowemame.dll, piragobo.dll which cannot be removed. Housecall detected and removed a few other Trojans and malware, MAL_OTORUN1, TROJ_GAMETHI.BYO, CRYP_NSANTI-5.
Some other symptoms I have are I cannot view hidden files or folders as the selection to view them always reverts back to keeping the files hidden, and trying to access a drive in My Computer asking me what program to use to open the drive. Help would be greatly appreciated :thumbsup:

DDS (Version 1.1.0) - NTFSx86
Run by dmaggay at 23:21:45.82 on 2009-01-01
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1585 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Documents and Settings\dmaggay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f8ff36dc-7235-4233-8a5a-14596a214a16} - c:\windows\system32\piragobo.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CPM4ffa9aec] Rundll32.exe "c:\windows\system32\jepiliwu.dll",a
mRun: [dipuwovopa] Rundll32.exe "c:\windows\system32\zadoleso.dll",s
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jepiliwu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jepiliwu.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\sowemame.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dmaggay\applic~1\mozilla\firefox\profiles\clgwe7w8.default\
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R2 ASFIPmon;Broadcom ASF IP Monitor;"c:\program files\broadcom\asfipmon\AsfIpMon.exe" -service [2005-10-18 61440]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2008-12-10 280344]
S4 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]

=============== Created Last 30 ================

2009-01-01 23:18 <DIR> --d----- C:\ComboFix
2009-01-01 23:18 389,120 a------- c:\windows\system32\CF16540.exe
2009-01-01 22:41 <DIR> --d----- c:\windows\pss
2009-01-01 17:33 <DIR> --d----- c:\program files\Avira
2009-01-01 17:24 <DIR> --d----- C:\VundoFix Backups
2009-01-01 15:53 389,120 a------- c:\windows\system32\CF27692.exe
2009-01-01 15:16 161,792 a------- c:\windows\SWREG.exe
2009-01-01 15:16 98,816 a------- c:\windows\sed.exe
2009-01-01 15:16 389,120 a------- c:\windows\system32\CF20289.exe
2009-01-01 14:33 <DIR> --d----- c:\program files\Trend Micro
2009-01-01 12:33 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-01 12:32 <DIR> --d----- c:\documents and settings\dmaggay\.housecall6.6
2009-01-01 12:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-01 12:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-01 12:20 <DIR> --d----- c:\program files\Lavasoft
2009-01-01 12:09 1,262,093 ---sh--- c:\windows\system32\ofirukib.ini
2008-12-31 17:05 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-31 12:40 1,262,075 ---sh--- c:\windows\system32\odopegay.ini
2008-12-31 00:18 266,088 a------- c:\windows\system32\xactengine2_8.dll
2008-12-31 00:18 18,280 a------- c:\windows\system32\x3daudio1_2.dll
2008-12-31 00:18 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2008-12-31 00:18 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2008-12-31 00:18 443,752 a------- c:\windows\system32\d3dx10_34.dll
2008-12-30 23:48 <DIR> --d----- c:\program files\Firaxis Games
2008-12-30 23:48 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2008-12-30 23:47 <DIR> --d----- c:\docume~1\dmaggay\applic~1\DAEMON Tools Pro
2008-12-30 23:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2008-12-30 23:46 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-12-30 23:46 <DIR> --d----- c:\docume~1\dmaggay\applic~1\DAEMON Tools Lite
2008-12-30 23:39 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-30 11:17 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2008-12-30 11:17 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-30 11:17 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-30 11:17 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2008-12-30 11:17 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-30 11:17 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-24 09:47 <DIR> --d----- c:\program files\3M
2008-12-23 10:48 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-23 10:48 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-23 10:48 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-23 10:48 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-23 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-23 10:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-22 20:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-16 13:59 <DIR> --d----- C:\logs
2008-12-16 13:59 <DIR> --d----- c:\documents and settings\dmaggay\ChikkaDefault
2008-12-16 11:59 <DIR> --d----- c:\program files\Chikka Messenger
2008-12-15 12:04 0 a------- C:\LOG71.tmp
2008-12-15 10:36 217,185 a------- c:\windows\system32\GTDownDE_130.ocx
2008-12-15 10:36 <DIR> --d----- c:\program files\Dell Support
2008-12-15 10:34 4,952,064 a------- c:\windows\system32\stacgui.cpl
2008-12-15 10:34 405,504 a------- c:\windows\stsystra.exe
2008-12-15 10:34 146,944 a------- c:\windows\system32\st325602.dll
2008-12-15 10:34 <DIR> --d----- c:\program files\SigmaTel
2008-12-12 17:10 <DIR> --d----- c:\program files\common files\Software Update Utility
2008-12-12 17:10 <DIR> --d----- c:\program files\AIM Toolbar
2008-12-12 17:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2008-12-12 17:10 <DIR> --d----- c:\program files\AIM Search
2008-12-12 17:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-12-12 17:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-12-12 17:09 <DIR> --d----- c:\program files\common files\AOL
2008-12-12 17:09 <DIR> --d----- c:\program files\AIM6
2008-12-12 17:09 467 a---h--- C:\IPH.PH
2008-12-11 10:12 <DIR> --d----- c:\docume~1\dmaggay\applic~1\Windows Search
2008-12-10 16:10 0 a------- C:\LOG1F.tmp
2008-12-10 11:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2008-12-10 11:03 <DIR> --d----- c:\windows\Internet Logs
2008-12-10 10:47 8 a------- c:\windows\system32\success
2008-12-10 10:47 159,028 a------- c:\windows\system32\dneinobj.dll
2008-12-10 10:47 146,888 a------- c:\windows\system32\drivers\dne2000.sys
2008-12-10 10:47 305,739 a------- c:\windows\system32\drivers\CVPNDRVA.sys
2008-12-10 10:47 5,315 a------- c:\windows\system32\drivers\CVirtA.sys
2008-12-10 10:47 181,176 a------- c:\windows\system32\vpnapi.dll
2008-12-10 10:46 189,440 a------- c:\windows\system32\CSGina.dll
2008-12-10 10:46 <DIR> --d----- c:\program files\common files\Deterministic Networks
2008-12-10 10:46 <DIR> --d----- c:\program files\Cisco Systems
2008-12-10 10:30 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-12-10 09:55 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2008-12-10 09:55 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2008-12-10 09:55 28,160 a------- c:\windows\system32\irmon.dll
2008-12-10 09:55 8,192 a------- c:\windows\system32\wshirda.dll
2008-12-10 09:54 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2008-12-10 09:54 151,552 a------- c:\windows\system32\irftp.exe
2008-12-10 09:54 12 a------- c:\windows\bthservsdp.dat
2008-12-09 13:56 442,909,696 a------- C:\outlook_old.ost
2008-12-09 13:42 65,536 a------- c:\windows\rnevent.rel
2008-12-09 13:42 123 a------- c:\windows\WRQ.INI
2008-12-09 13:42 74,664 a------- c:\windows\system32\oemnsvwrqnfs.inf
2008-12-09 13:42 97,792 a------- c:\windows\system32\rnlprmon.dll
2008-12-09 13:42 78,848 a------- c:\windows\system32\inloader.dll
2008-12-09 13:42 14,160 a------- c:\windows\system32\hlinkprx.dll
2008-12-09 13:42 19,218 a------- c:\windows\system32\wrqibm.386
2008-12-09 13:42 34,474 a------- c:\windows\system32\wrqdft.vxd
2008-12-09 13:42 22,752 a------- c:\windows\system32\drivers\wrqdft.sys
2008-12-09 13:42 14,336 a------- c:\windows\system32\drivers\wrqdftvd.dll
2008-12-09 13:40 <DIR> --d----- c:\program files\Reflection
2008-12-09 13:39 <DIR> --d----- C:\Personal
2008-12-09 13:30 <DIR> --d----- C:\Cellular One
2008-12-09 08:37 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2008-12-09 08:37 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-09 08:37 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2008-12-09 08:37 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-08 16:48 <DIR> --d----- c:\program files\Nokia
2008-12-08 16:45 <DIR> --d----- C:\Tools
2008-12-08 16:25 <DIR> --d----- c:\docume~1\dmaggay\applic~1\ICAClient
2008-12-08 14:48 1,601,536 a------- c:\windows\system32\stlang.dll
2008-12-08 14:37 <DIR> --d----- c:\docume~1\dmaggay\applic~1\Intel
2008-12-08 14:36 3,632,384 a------- c:\windows\system32\drivers\NETw5x32.sys
2008-12-08 14:36 2,756,608 a------- c:\windows\system32\NETw5r32.dll
2008-12-08 14:36 663,552 a------- c:\windows\system32\NETw5c32.dll
2008-12-08 14:36 <DIR> --d----- c:\program files\common files\Intel
2008-12-08 14:28 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-08 14:03 <DIR> --d----- c:\program files\Citrix
2008-12-08 13:43 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-08 13:43 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-08 13:24 162 a------- c:\windows\ODBC.INI
2008-12-08 12:24 <DIR> --d----- C:\tempvisio
2008-12-08 11:19 <DIR> --d----- c:\program files\UPEK
2008-12-08 11:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UIB
2008-12-08 11:18 68,696 a------- c:\windows\system32\drivers\oz776.sys
2008-12-08 11:18 <DIR> --d----- c:\program files\O2Micro OZ776 SCR Driver
2008-12-08 10:57 <DIR> --d----- c:\program files\PCCheckupOnline
2008-12-06 22:27 <DIR> --d----- c:\program files\Yahoo!
2008-12-05 19:45 <DIR> --ds---- c:\documents and settings\dmaggay\UserData
2008-12-05 17:23 <DIR> --d----- C:\NOLS
2008-12-05 17:23 <DIR> --d----- C:\NED_Library
2008-12-05 17:23 <DIR> --d----- C:\Visual Basic Tutorial
2008-12-05 17:23 <DIR> --d----- C:\Multipend
2008-12-05 17:22 <DIR> a-d----- C:\Dictionary
2008-12-05 17:22 <DIR> --d----- C:\ndreports
2008-12-05 17:22 <DIR> --d----- C:\MapData
2008-12-05 17:22 <DIR> --d----- C:\MapInfo_Old
2008-12-05 17:22 <DIR> --d----- C:\command
2008-12-05 16:38 <DIR> --d----- c:\docume~1\dmaggay\applic~1\Windows Desktop Search
2008-12-05 16:37 <DIR> --d----- c:\windows\system32\GroupPolicy
2008-12-05 16:37 <DIR> --d----- c:\program files\Windows Desktop Search
2008-12-05 16:36 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2008-12-05 16:36 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2008-12-05 16:36 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2008-12-05 16:31 7,552 ac------ c:\windows\system32\dllcache\mskssrv.sys
2008-12-05 16:31 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys
2008-12-05 16:31 4,992 ac------ c:\windows\system32\dllcache\mspqm.sys
2008-12-05 16:31 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2008-12-05 16:31 5,376 ac------ c:\windows\system32\dllcache\mspclock.sys
2008-12-05 16:31 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2008-12-05 16:31 <DIR> --d----- c:\program files\CONEXANT
2008-12-05 16:30 <DIR> --d----- c:\program files\IDT
2008-12-05 16:30 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2008-12-05 16:30 129,536 ac------ c:\windows\system32\dllcache\ksproxy.ax
2008-12-05 16:30 60,160 ac------ c:\windows\system32\dllcache\drmk.sys
2008-12-05 16:30 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2008-12-05 16:30 146,048 a------- c:\windows\system32\drivers\portcls.sys
2008-12-05 16:30 129,536 a------- c:\windows\system32\ksproxy.ax
2008-12-05 16:30 60,160 a------- c:\windows\system32\drivers\drmk.sys
2008-12-05 16:30 4,096 a------- c:\windows\system32\ksuser.dll
2008-12-05 15:54 <DIR> --d----- c:\windows\system32\CatRoot_bak
2008-12-05 15:49 <DIR> --d----- c:\windows\system32\scripting
2008-12-05 15:49 <DIR> --d----- c:\windows\system32\en
2008-12-05 15:49 <DIR> --d----- c:\windows\l2schemas
2008-12-05 15:49 <DIR> --d----- c:\windows\system32\bits
2008-12-05 15:46 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-05 15:43 <DIR> --d----- c:\windows\network diagnostic
2008-12-05 15:42 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-12-05 15:41 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-12-05 15:41 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-12-05 15:41 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-12-05 15:40 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-12-05 15:40 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 15:40 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 15:40 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 15:40 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 15:40 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-12-05 15:40 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 15:40 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-12-05 15:40 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 15:39 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-12-05 15:39 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-12-05 15:32 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2008-12-05 15:24 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-05 15:24 26,488 a------- c:\windows\system32\spupdsvc.exe
2008-12-05 15:23 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-12-05 15:23 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-12-05 15:23 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-05 15:23 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-12-05 15:23 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-12-05 15:18 <DIR> --d----- c:\documents and settings\dmaggay
2008-12-05 15:05 <DIR> --d----- c:\windows\SHELLNEW
2008-12-05 15:00 <DIR> --d----- c:\program files\AVG
2008-12-05 14:54 <DIR> --d----- c:\windows\system32\appmgmt
2008-12-05 14:54 <DIR> --d----- c:\windows\SchCache
2008-12-05 14:51 5 a------- c:\windows\system32\drivers\DELL_LAT_D620.MRK
2008-12-05 14:51 5 a------- c:\windows\system32\drivers\1028_DELL_LAT_D620.MRK
2008-12-05 14:51 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-05 14:50 666 a------- c:\windows\speed.reg
2008-12-05 14:50 <DIR> --d----- c:\program files\Dell
2008-12-05 14:47 172,032 a------- c:\windows\system32\igfxres.dll
2008-12-05 14:43 <DIR> --d----- c:\program files\Broadcom
2008-12-05 14:21 <DIR> --ds---- c:\windows\system32\Microsoft
2008-12-05 14:18 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-05 14:15 47,066 ac------ c:\windows\system32\dllcache\ksc.nls
2008-12-05 14:14 180,770 ac------ c:\windows\system32\dllcache\c_20932.nls
2008-12-05 14:12 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-12-05 14:12 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-12-05 14:12 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-05 14:12 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-12-05 14:12 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-12-05 14:12 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-05 14:12 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-05 14:12 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-05 14:12 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-05 14:12 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-05 14:12 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-12-05 14:12 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-12-05 14:11 <DIR> --d----- c:\program files\common files\MSSoap
2008-12-05 14:09 <DIR> --d----- c:\program files\Online Services
2008-12-05 14:09 <DIR> --d----- c:\program files\Messenger
2008-12-05 14:09 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-12-05 14:08 <DIR> --d----- c:\program files\Windows NT
2008-12-05 08:57 <DIR> --d----- c:\program files\common files\ODBC
2008-12-05 08:57 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-12-05 08:57 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-01-01 12:08 95,878 a--sh--- c:\windows\system32\jepiliwu.dll
2008-12-31 12:40 98,128 a--sh--- c:\windows\system32\nadojizu.dll
2008-12-31 12:40 86,259 a--sh--- c:\windows\system32\yagepodo.dll
2008-12-05 15:52 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-05 14:09 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
0000-00-00 00:00 60,928 a--sh--- c:\windows\system32\sowemame.dll
0000-00-00 00:00 60,928 a--sh--- c:\windows\system32\zadoleso.dll

============= FINISH: 23:22:10.56 ===============


Kaspersky Scan Report:
Thursday, January 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, January 01, 2009 20:50:51
Records in database: 1544391
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
N:\
O:\
P:\
S:\
Scan statistics
Files scanned 79097
Threat name 1
Infected objects 71
Suspicious objects 0
Duration of the scan 02:05:51

File name Threat name Threats count
C:\WINDOWS\system32\sowemame.dll/C:\WINDOWS\system32\sowemame.dll Infected: Trojan.Win32.Monder.gen 44
C:\WINDOWS\system32\zadoleso.dll/C:\WINDOWS\system32\zadoleso.dll Infected: Trojan.Win32.Monder.gen 19
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090101-150714-947.dll Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090101-151303-280.dll Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090101-151344-518.dll Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090101-153907-238.dll Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090101-170621-513.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\sowemame.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\yagepodo.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\zadoleso.dll Infected: Trojan.Win32.Monder.gen 1
The selected area was scanned.

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:05 PM

Posted 03 January 2009 - 04:59 PM

Hello Tuomi42 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder

Edited by Thunder, 03 January 2009 - 05:07 PM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users