Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected/Possibly Infected With Various Malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 Kiva19

Kiva19

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 26 January 2009 - 04:56 PM

Hello!

I am posting because I have offered to clean up a computer for a coworker, and want to make sure I do a thorough job. So far, I have seen indications of at least 4 separate malware programs. The first was Antivirus 360, which I believe I deleted for the most part via manually removing the files and registry values. I have also seen VirusProtect 3.8 and 3.9, though I had no luck locating the files I was told to delete...so I am not sure if the infection is there or not. His computer already has "Verizon Internet Security" installed, and I used that for an initial scan to see what it found. I deleted what it found, though that was done in safe mode, before I deleted all the files manually for AV360. When I enable Verizon Internet Security, it pops up two warnings, which mention a file by the name of Trojan.Win32.Monderb.xgy, in the C:\WINDOWS\system32\ljJCvSiI.dll. I looked up that file, and saw it was connected with the "Vundo" virus...or something along those lines. His computer is not connected to the internet at the moment. I am using my laptop to access the net, and transferring files via a flash drive to his computer. I have scanned with DDS, and will provide the log. I also have HJT ready to run on his desktop, as well as ComboFix. Here is the DDS log:


DDS (Ver_09-01-19.01) - NTFSx86
Run by HP_Administrator at 16:34:39.23 on Mon 01/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1442 [GMT -5:00]

AV: Authentium Antivirus *On-access scanning enabled* (Outdated)
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)
FW: Verizon Internet Security Suite Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=k14J7Z1D6WZSkMag3_DO5w&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {ba8c85c0-3123-84cb-b1a4-921f52cc9f67}: {76f9cc25-f129-4a1b-bc48-32130c58c8ab} - c:\windows\system32\kitdje.dll
BHO: {7cab59b4-55a3-4737-9fd5-b93c6430bf78} - c:\windows\system32\huacpeqy.dll
BHO: {a63e645f-13bd-45ed-b15f-6e8c1bd57279} - c:\windows\system32\ljJCvSiI.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {8118}: {c6922a9b-aa89-497c-9827-3101bdc17937} - c:\windows\system32\jvtkew.dll
BHO: {daf17490-d212-4f8c-9a4a-40f85ccaf603} - c:\windows\system32\yayaApnM.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SeekmoOE] c:\program files\seekmo\bin\10.0.341.0\OEAddOn.exe
mRun: [SeekmoSA] "c:\program files\seekmo\bin\10.0.341.0\SeekmoSA.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Notify: ljJCvSiI - ljJCvSiI.dll
AppInit_DLLs: kitdje.dll
SEH: {a63e645f-13bd-45ed-b15f-6e8c1bd57279} - c:\windows\system32\ljJCvSiI.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayaApnM

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2008-12-28 112144]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-12-28 196368]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2008-10-24 96496]

=============== Created Last 30 ================

2009-01-23 10:41 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-01-23 10:41 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-01-23 10:40 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-01-14 12:00 129,024 a------- c:\windows\system32\kitdje.dll
2009-01-14 12:00 129,024 a------- c:\windows\system32\esqkopdy.dll
2009-01-12 22:59 129,024 a------- c:\windows\system32\lqhcih.dll
2009-01-12 22:59 129,024 a------- c:\windows\system32\fdperivv.dll
2009-01-12 22:54 1,266,872 ---sh--- c:\windows\system32\wjhhqrcq.ini
2009-01-12 22:54 72,704 a------- c:\windows\system32\qcrqhhjw.dll
2009-01-11 22:53 1,342,086 ---sh--- c:\windows\system32\qdqhtoic.ini
2009-01-11 22:53 72,704 a------- c:\windows\system32\ciothqdq.dll
2009-01-11 22:52 129,024 a------- c:\windows\system32\twahvj.dll
2009-01-11 22:52 129,024 a------- c:\windows\system32\rfmqigjc.dll
2009-01-10 00:41 129,024 a------- c:\windows\system32\vuwlnr.dll
2009-01-10 00:41 129,024 a------- c:\windows\system32\luixdhyu.dll
2009-01-08 00:02 129,024 a------- c:\windows\system32\ynaepz.dll
2009-01-08 00:02 129,024 a------- c:\windows\system32\oihaijvp.dll
2009-01-07 23:43 1,342,086 ---sh--- c:\windows\system32\mrhwyylg.ini
2009-01-04 00:12 1,307,356 ---sh--- c:\windows\system32\krcitjkk.ini
2009-01-01 23:44 1,307,356 ---sh--- c:\windows\system32\xqlrwxgt.ini
2009-01-01 23:44 72,704 a------- c:\windows\system32\tgxwrlqx.dll
2009-01-01 23:43 129,024 a------- c:\windows\system32\hvpedr.dll
2009-01-01 23:43 129,024 a------- c:\windows\system32\jdddawdf.dll
2009-01-01 00:32 0 a------- c:\windows\system32\mcrh.tmp
2008-12-31 10:28 1,307,356 ---sh--- c:\windows\system32\uhadesiw.ini
2008-12-31 10:28 72,704 a------- c:\windows\system32\wisedahu.dll
2008-12-31 10:26 129,024 a------- c:\windows\system32\lriekq.dll
2008-12-31 10:26 129,024 a------- c:\windows\system32\xcalqtyc.dll
2008-12-29 21:29 129,024 a------- c:\windows\system32\gxpuwa.dll
2008-12-29 21:29 129,024 a------- c:\windows\system32\huxcvnrm.dll
2008-12-28 15:35 1,811,744 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-28 15:35 5,408 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2008-12-28 15:35 2,252 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-28 15:35 1,508 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2008-12-28 15:19 112,144 a------- c:\windows\system32\drivers\kl1.sys
2008-12-28 15:18 <DIR> --d----- c:\program files\Raxco
2008-12-27 23:11 72,704 a------- c:\windows\system32\atitapcw.dll
2008-12-27 23:11 1,755,117 ---sh--- c:\windows\system32\wcpatita.ini
2008-12-27 23:11 129,024 a------- c:\windows\system32\umkosk.dll
2008-12-27 23:11 129,024 a------- c:\windows\system32\cjmtwkrh.dll

==================== Find3M ====================

2009-01-26 16:32 1,647,668 a--sh--- c:\windows\system32\MnpAayay.ini2
2008-12-25 23:39 129,024 a------- c:\windows\system32\yxweegbo.dll
2008-12-25 23:39 129,024 a------- c:\windows\system32\afdvrq.dll
2008-12-24 00:45 129,024 a------- c:\windows\system32\rgatkubp.dll
2008-12-24 00:45 129,024 a------- c:\windows\system32\guocdb.dll
2008-12-22 10:20 72,704 a------- c:\windows\system32\kiqgsfiw.dll
2008-12-22 10:16 129,024 a------- c:\windows\system32\wmvkcu.dll
2008-12-22 10:16 129,024 a------- c:\windows\system32\gnjvorrs.dll
2008-12-22 01:49 129,024 a------- c:\windows\system32\rdkhnjjh.dll
2008-12-22 01:49 129,024 a------- c:\windows\system32\haaeom.dll
2008-12-15 10:45 129,024 a------- c:\windows\system32\gegptmux.dll
2008-12-15 10:45 129,024 a------- c:\windows\system32\cjswfp.dll
2008-12-14 00:30 129,024 a------- c:\windows\system32\tikiitkc.dll
2008-12-14 00:30 129,024 a------- c:\windows\system32\kbgssw.dll
2008-12-12 00:32 129,024 a------- c:\windows\system32\fkvlii.dll
2008-12-12 00:32 129,024 a------- c:\windows\system32\ehdgqkkj.dll
2008-12-05 01:40 114,688 a------- c:\windows\system32\rlwwviqp.dll
2008-12-05 01:40 114,688 a------- c:\windows\system32\jvtkew.dll
2008-11-27 03:00 72,704 a------- c:\windows\system32\ujqcfoyh.dll
2008-11-27 02:38 129,024 a------- c:\windows\system32\ohfgla.dll
2008-11-27 02:38 129,024 a------- c:\windows\system32\fpayhrqw.dll
2008-11-27 02:36 318,464 a------- c:\windows\system32\yayaApnM.dll
2008-11-27 02:31 25,600 a------- c:\windows\system32\ljJCvSiI.dll
2007-11-05 21:00 0 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat

============= FINISH: 16:35:55.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:45 AM

Posted 27 January 2009 - 04:44 AM

Hi,

Your system is severly infected. I can see more malware present than anything else... :thumbup2:
Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
From the log I see:

AV: Authentium Antivirus *On-access scanning enabled* (Outdated)
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)
FW: Verizon Internet Security Suite Firewall *disabled*

What's the point in having a security Suite / Antivirus present if it's outdated and disabled.
Most probably the subscription already expired for ages.
So what I suggest here is to uninstall Verizon Internet Security and Authentium Antivirus and replace it with another Antivirus.
Reboot after uninstalling.
Then, after reboot....

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new DDS log (rescan with DDS afterwards).
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Edited by miekiemoes, 27 January 2009 - 04:45 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Kiva19

Kiva19
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 27 January 2009 - 06:21 PM

Thanks for the quick reply. As I said, it isn't really my system...I'm just trying to help someone out. I already anticipated having to format his hard drive, and asked if there was anything he wanted to save on it. Fortunately there isn't, so I can format if I need to. The only problem is that he doesn't have a Windows recovery disk, so he can reinstall the OS. I was planning on deleting the Verizon Internet Security and replacing it because I figured it was outdated as well (he said it came on the computer when he got it 2 years ago). It never gave me any indication it was out of date, etc. I don't even know what Authentium AV is. I don't see that installed on his computer.

Anyways, here is the log from the free virus program you suggested, along with the new DDS log (attached again as well).

Avira AntiVir Personal
Report file date: Tuesday, January 27, 2009 15:03

Scanning for 1038808 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-4DACD0EA75

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 22:57:13
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 11/16/2008 22:16:47
ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 11/17/2008 22:38:59
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 16:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 20:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 21:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 15:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/7/2008 21:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/7/2008 21:06:41
AEHELP.DLL : 8.1.1.3 119157 Bytes 11/7/2008 21:06:41
AEGEN.DLL : 8.1.1.0 319859 Bytes 11/7/2008 21:06:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 11/7/2008 21:06:41
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, January 27, 2009 15:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'DiscStreamHub.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'VerizonServicepoint.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'McciTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DiscGui.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'HPBootOp.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned
Scan process 'DISCUpdateMgr.exe' - '1' Module(s) have been scanned
Scan process 'DISCover.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'arpwrmsg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '74' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\24SZRKI4\click[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\24SZRKI4\freescan[1].htm
[DETECTION] Contains recognition pattern of the JS/Agent.1366 Java script virus
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\24SZRKI4\player[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49e069f5.qua'!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\DII9HBEW\freescan[1].htm
[DETECTION] Contains recognition pattern of the JS/Agent.1366 Java script virus
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GGS7LUL1\freescan[1].htm
[DETECTION] Contains recognition pattern of the JS/Agent.1366 Java script virus
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K923BWU8\freescan[1].htm
[DETECTION] Contains recognition pattern of the JS/Agent.1366 Java script virus
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K923BWU8\freescan[2].htm
[DETECTION] Contains recognition pattern of the JS/Agent.1366 Java script virus
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K923BWU8\freescan[3].htm
[DETECTION] Contains recognition pattern of the JS/Agent.1366 Java script virus
[NOTE] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: Tuesday, January 27, 2009 15:41
Used time: 38:32 Minute(s)

The scan has been done completely.

7437 Scanning directories
450750 Files were scanned
7 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
7 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
450740 Files not concerned
16251 Archives were scanned
6 Warnings
8 Notes

-------------------------------------------------------------------------------------------------------------------------------------------------

Here is the DDS log:


DDS (Ver_09-01-19.01) - NTFSx86
Run by HP_Administrator at 18:14:46.78 on Tue 01/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1496 [GMT -5:00]

AV: Authentium Antivirus *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=k14J7Z1D6WZSkMag3_DO5w&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {ba8c85c0-3123-84cb-b1a4-921f52cc9f67}: {76f9cc25-f129-4a1b-bc48-32130c58c8ab} - c:\windows\system32\kitdje.dll
BHO: {7cab59b4-55a3-4737-9fd5-b93c6430bf78} - c:\windows\system32\huacpeqy.dll
BHO: {9304962e-8433-472b-878f-045a39aab032} - c:\windows\system32\yayaApnM.dll
BHO: {a63e645f-13bd-45ed-b15f-6e8c1bd57279} - c:\windows\system32\ljJCvSiI.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {8118}: {c6922a9b-aa89-497c-9827-3101bdc17937} - c:\windows\system32\jvtkew.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SeekmoOE] c:\program files\seekmo\bin\10.0.341.0\OEAddOn.exe
mRun: [SeekmoSA] "c:\program files\seekmo\bin\10.0.341.0\SeekmoSA.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Notify: ljJCvSiI - ljJCvSiI.dll
AppInit_DLLs: kitdje.dll
SEH: {a63e645f-13bd-45ed-b15f-6e8c1bd57279} - c:\windows\system32\ljJCvSiI.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayaApnM

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-27 11840]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-27 52032]
R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-27 68865]
R4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-27 151297]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]

=============== Created Last 30 ================

2009-01-27 14:47 <DIR> --d----- c:\program files\Avira
2009-01-27 14:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-23 10:41 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-01-23 10:41 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-01-23 10:40 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-01-14 12:00 129,024 a------- c:\windows\system32\kitdje.dll
2009-01-14 12:00 129,024 a------- c:\windows\system32\esqkopdy.dll
2009-01-12 22:59 129,024 a------- c:\windows\system32\lqhcih.dll
2009-01-12 22:59 129,024 a------- c:\windows\system32\fdperivv.dll
2009-01-12 22:54 1,266,872 a--sh--- c:\windows\system32\wjhhqrcq.ini
2009-01-12 22:54 72,704 a------- c:\windows\system32\qcrqhhjw.dll
2009-01-11 22:53 1,342,086 a--sh--- c:\windows\system32\qdqhtoic.ini
2009-01-11 22:53 72,704 a------- c:\windows\system32\ciothqdq.dll
2009-01-11 22:52 129,024 a------- c:\windows\system32\twahvj.dll
2009-01-11 22:52 129,024 a------- c:\windows\system32\rfmqigjc.dll
2009-01-10 00:41 129,024 a------- c:\windows\system32\vuwlnr.dll
2009-01-10 00:41 129,024 a------- c:\windows\system32\luixdhyu.dll
2009-01-08 00:02 129,024 a------- c:\windows\system32\ynaepz.dll
2009-01-08 00:02 129,024 a------- c:\windows\system32\oihaijvp.dll
2009-01-07 23:43 1,342,086 a--sh--- c:\windows\system32\mrhwyylg.ini
2009-01-04 00:12 1,307,356 a--sh--- c:\windows\system32\krcitjkk.ini
2009-01-01 23:44 1,307,356 a--sh--- c:\windows\system32\xqlrwxgt.ini
2009-01-01 23:44 72,704 a------- c:\windows\system32\tgxwrlqx.dll
2009-01-01 23:43 129,024 a------- c:\windows\system32\hvpedr.dll
2009-01-01 23:43 129,024 a------- c:\windows\system32\jdddawdf.dll
2009-01-01 00:32 0 a------- c:\windows\system32\mcrh.tmp
2008-12-31 10:28 1,307,356 a--sh--- c:\windows\system32\uhadesiw.ini
2008-12-31 10:28 72,704 a------- c:\windows\system32\wisedahu.dll
2008-12-31 10:26 129,024 a------- c:\windows\system32\lriekq.dll
2008-12-31 10:26 129,024 a------- c:\windows\system32\xcalqtyc.dll
2008-12-29 21:29 129,024 a------- c:\windows\system32\gxpuwa.dll
2008-12-29 21:29 129,024 a------- c:\windows\system32\huxcvnrm.dll

==================== Find3M ====================

2009-01-27 18:14 1,650,163 a--sh--- c:\windows\system32\MnpAayay.ini2
2009-01-27 14:44 2,105,632 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-27 14:44 29,276 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-27 14:44 15,648 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-01-27 14:44 2,492 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2008-12-27 23:11 72,704 a------- c:\windows\system32\atitapcw.dll
2008-12-27 23:11 129,024 a------- c:\windows\system32\umkosk.dll
2008-12-27 23:11 129,024 a------- c:\windows\system32\cjmtwkrh.dll
2008-12-25 23:39 129,024 a------- c:\windows\system32\yxweegbo.dll
2008-12-25 23:39 129,024 a------- c:\windows\system32\afdvrq.dll
2008-12-24 00:45 129,024 a------- c:\windows\system32\rgatkubp.dll
2008-12-24 00:45 129,024 a------- c:\windows\system32\guocdb.dll
2008-12-22 10:20 72,704 a------- c:\windows\system32\kiqgsfiw.dll
2008-12-22 10:16 129,024 a------- c:\windows\system32\wmvkcu.dll
2008-12-22 10:16 129,024 a------- c:\windows\system32\gnjvorrs.dll
2008-12-22 01:49 129,024 a------- c:\windows\system32\rdkhnjjh.dll
2008-12-22 01:49 129,024 a------- c:\windows\system32\haaeom.dll
2008-12-15 10:45 129,024 a------- c:\windows\system32\gegptmux.dll
2008-12-15 10:45 129,024 a------- c:\windows\system32\cjswfp.dll
2008-12-14 00:30 129,024 a------- c:\windows\system32\tikiitkc.dll
2008-12-14 00:30 129,024 a------- c:\windows\system32\kbgssw.dll
2008-12-12 00:32 129,024 a------- c:\windows\system32\fkvlii.dll
2008-12-12 00:32 129,024 a------- c:\windows\system32\ehdgqkkj.dll
2008-12-05 01:40 114,688 a------- c:\windows\system32\rlwwviqp.dll
2008-12-05 01:40 114,688 a------- c:\windows\system32\jvtkew.dll
2008-11-27 03:00 72,704 a------- c:\windows\system32\ujqcfoyh.dll
2008-11-27 02:38 129,024 a------- c:\windows\system32\ohfgla.dll
2008-11-27 02:38 129,024 a------- c:\windows\system32\fpayhrqw.dll
2008-11-27 02:36 318,464 a------- c:\windows\system32\yayaApnM.dll
2007-11-05 21:00 0 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat

============= FINISH: 18:16:13.81 ===============

Attached Files



#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:45 AM

Posted 27 January 2009 - 06:27 PM

Hi,

Yes, a format and reinstall is always the best solution in such cases, then you can be sure that the computer will be clean again. In this case, since it's severly infected, a manual removal is no guarantee that everything will be OK again.

Anyway, since a format and reinstall is no option here, try next please...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Kiva19

Kiva19
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 29 January 2009 - 11:49 PM

Well, I tried to run ComboFix in both a normal boot up and in safe mode, and the program would not work. I double click the icon on the desktop, anti-virus is already disabled, and it doesn't do anything. The task manager shows it running under processes, but nothing every pops up etc. The same thing had happened with the malwarebytes program I tried to use before posting here.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:45 AM

Posted 30 January 2009 - 01:55 AM

Hi,

I have sent you a Private Message, so please check your PMs on top :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:45 AM

Posted 05 February 2009 - 06:57 AM

Still with us?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:45 AM

Posted 11 February 2009 - 07:18 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users