Virus???

View previous topic View next topic Go down

Virus???

Post by mahler2nd on 1st November 2009, 12:01 am

My computer is running very slow all of the sudden. Any help you could lend would be greatly appreiciated.

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 1st November 2009, 2:28 am

Please download: [You must be registered and logged in to see this link.] to your Desktop.
  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    It will also create a shortcut on your Desktop.
  • Accept the license agreement.
  • Click Do a System Scan and Save a Logfile.
  • Please post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 4th November 2009, 1:26 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:19 PM, on 11/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE" -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)" -"http://mplayer12.slingo.com/shockscreen2.asp?shost=mplayer12.slingo.com&sport=15010&susername=desiree623&spassword=benjamin01&roomname=Georgia&gameid=25"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9997 bytes

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 4th November 2009, 3:42 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 6th November 2009, 2:48 am

Malwarebytes' Anti-Malware 1.41
Database version: 3100
Windows 5.1.2600 Service Pack 2

11/5/2009 9:47:24 PM
mbam-log-2009-11-05 (21-47-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 295574
Time elapsed: 3 hour(s), 23 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 6th November 2009, 2:57 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 15th November 2009, 2:11 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0de53496f64b79409f55ba95242445d0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-15 07:25:59
# local_time=2009-11-15 02:25:59 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 6298396 6298396 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=189966
# found=6
# cleaned=6
# scan_time=12548
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Local Settings\Temp\~tmpa.exe a variant of Win32/Kryptik.AEA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Local Settings\Temp\~tmpb.exe a variant of Win32/Kryptik.VP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Local Settings\Temp\~tmpc.exe a variant of Win32/Kryptik.VP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\My Backup -- 23-01-09 1915\Documents and Settings\Owner.YOUR-DFA7560333\Local Settings\Temp\~tmpf.exe a variant of Win32/Kryptik.VP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\My Backup -- 23-01-09 1915\Program Files\Gamevance\gvun.exe probably a variant of Win32/Adware.Gamevance.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\My Backup -- 23-01-09 1915\Program Files\ShoppingReport\Uninst.exe probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
DLL:pipe not connected. attempts=120

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 15th November 2009, 7:49 pm

Please right click on the following folder and select "Scan with Malwarebytes' Anti-Malware"

C:\My Backup

==

Then, please post the log that it creates.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 15th November 2009, 9:37 pm

I tried to do this, but it wouldn't open the folder. I tried to open MBAM from my start menu and the icon is there but doesn't look the same as it did the last time I ran the program. It still wouldn't open. I went to download it again and when it gets to the end where I click finish, it puts up the following message...

Unable to execute:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2
The system cannot find the file specified.

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 15th November 2009, 10:00 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 16th November 2009, 2:01 am

ComboFix 09-11-16.03 - Owner 11/15/2009 20:08..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.398 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-741067002F\desktop\commy.exe
Command switches used :: /stepdel
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner.YOUR-741067002F\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-283697866-3930305772-803075698-500
C:\LOG1B.tmp
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\recycler\S-1-5-21-283697866-3930305772-803075698-500\desktop.ini
c:\recycler\S-1-5-21-283697866-3930305772-803075698-500\INFO2
c:\windows\kb913800.exe
c:\windows\msa.exe
c:\windows\system32\dagewoyo.dll
c:\windows\system32\dimepevo.dll
c:\windows\system32\mudupani.dll
c:\windows\system32\nozemezu.dll
c:\windows\Tasks\viewsyqv.job
D:\Autorun.inf

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-16 00:53 . 2009-11-16 01:03 -------- d-----w- C:\commy
2009-11-14 17:00 . 2009-11-14 17:00 -------- d-----w- c:\program files\ESET
2009-11-13 23:23 . 2009-11-15 22:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-04 03:24 . 2009-11-04 03:25 -------- d-----w- c:\program files\iPod
2009-11-04 03:23 . 2009-11-04 03:25 -------- d-----w- c:\program files\iTunes
2009-10-26 19:05 . 2009-10-26 19:06 -------- d-----w- c:\program files\InterActual

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 23:02 . 2009-01-25 23:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-15 21:28 . 2009-08-30 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 13:11 . 2006-06-19 04:25 63608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-12 08:04 . 2009-01-29 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-04 03:23 . 2009-01-24 15:25 -------- d-----w- c:\program files\Common Files\Apple
2009-10-28 07:05 . 2009-01-24 02:56 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 01:09 . 2009-05-01 21:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-15 01:09 . 2009-10-15 01:09 152576 ----a-w- c:\documents and settings\Owner.YOUR-741067002F\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-09 14:40 . 2009-01-24 02:41 -------- d-----w- c:\program files\Google
2009-09-26 23:12 . 2009-09-26 23:12 -------- d-----w- c:\program files\TryMedia
2009-09-26 23:11 . 2009-01-24 02:50 -------- d-----w- c:\program files\WildTangent
2009-09-25 05:49 . 2006-06-17 09:23 668672 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:48 . 2009-01-28 03:34 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-20 21:50 . 2009-09-20 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-09-20 21:48 . 2009-09-20 21:44 -------- d-----w- c:\program files\Kodak
2009-09-20 21:47 . 2009-09-20 21:47 -------- d-----w- c:\program files\Common Files\Kodak
2009-09-20 21:44 . 2009-09-20 21:44 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
2009-09-20 21:44 . 2009-09-20 21:44 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe
2009-09-20 21:43 . 2009-09-20 21:43 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_20b60871\EasyShrx.Dll
2009-09-20 21:42 . 2009-09-20 21:42 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
2009-09-11 14:03 . 2006-06-17 09:23 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-08-30 16:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-08-30 16:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2006-06-17 09:23 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 23:42 . 2009-04-01 02:28 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-04-01 02:28 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2006-06-17 09:24 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-05-03 22:39 . 2009-05-03 22:31 170203312 ----a-w- c:\program files\VideoSpin_2_0_Setup.exe
2009-08-14 09:24 . 2009-08-14 09:24 51200 --sha-w- c:\windows\system32\dutorenu.dll
2009-08-14 09:22 . 2009-08-14 09:22 51200 --sha-w- c:\windows\system32\lolefami.dll
2009-08-15 09:23 . 2009-08-15 09:23 61440 --sha-w- c:\windows\system32\wunuveye.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d241fb5d-87d2-4ef4-b785-1fc254913b9a}]
2009-08-14 09:24 51200 --sha-w- c:\windows\system32\dutorenu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 22:04 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-24 169984]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2006-04-04 16120832]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-15 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

c:\documents and settings\Owner.YOUR-741067002F\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2009-1-23 2168360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\WildTangent\\Polar Bowler\\polar.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BigFix\\bigfix.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/12/2008 4:02 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/23/2009 10:39 PM 1086840]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-15 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-16 23:58]

2009-11-14 c:\windows\Tasks\wrSpySweeper_LA3D45A8808F742C38728359F7AA13868.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-01-24 22:11]

2009-11-14 c:\windows\Tasks\wrSpySweeper_LA3D45A8808F742C38728359F7AA13868.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-01-24 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Minisoft - c:\windows\msa.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-teruminen - c:\windows\system32\dimepevo.dll
HKLM-Run-yisilujavi - dagewoyo.dll
SharedTaskScheduler-{c8d7196b-e1b5-4c8c-b331-4c3bee0d8896} - c:\windows\system32\dimepevo.dll
SSODL-tebibewiy-{c8d7196b-e1b5-4c8c-b331-4c3bee0d8896} - c:\windows\system32\dimepevo.dll
AddRemove-HijackThis - c:\documents and settings\Owner.YOUR-741067002F\My Documents\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-15 20:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2852)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dlcccoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2009-11-15 20:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 01:52

Pre-Run: 80,571,772,928 bytes free
Post-Run: 81,746,477,056 bytes free

- - End Of File - - C0221EE9D18042D16599740B1F322C1A

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 16th November 2009, 2:52 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 16th November 2009, 11:50 am

The same message came up:

Unable to execute:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2
The system cannot find the file specified.

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 16th November 2009, 7:12 pm

Please uninstall that one via Control Panel > Add or Remove Programs.

Then, reinstall it via: [You must be registered and logged in to see this link.].


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 17th November 2009, 4:48 am

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe
    cngaudit.dll
    beep.sys
    wscntfy.exe
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 17th November 2009, 11:57 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:04 on 17/11/2009 by Owner (Administrator - Elevation successful)

No Context: Code:

========== filefind ==========

Searching for "scecli.dll"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [17:08 24/10/2008] [19:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [07:22 03/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\scecli.dll --a--- 181248 bytes [09:23 17/06/2006] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 180224 bytes [01:51 16/11/2009] [19:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll --a--- 181248 bytes [08:30 25/01/2009] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll ------ 180224 bytes [09:23 17/06/2006] [19:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [17:09 24/10/2008] [19:00 10/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [07:21 03/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [09:23 17/06/2006] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll -----c 407040 bytes [07:00 23/08/2009] [19:00 10/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 408064 bytes [01:51 16/11/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll --a--- 407040 bytes [08:29 25/01/2009] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\dllcache\netlogon.dll -----c 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\system32\netlogon.dll ------ 408064 bytes [09:23 17/06/2006] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772

Searching for "eventlog.dll"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [17:09 24/10/2008] [19:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [07:19 03/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [09:23 17/06/2006] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 55808 bytes [01:51 16/11/2009] [19:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll --a--- 56320 bytes [08:28 25/01/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll ------ 55808 bytes [09:23 17/06/2006] [19:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78

Searching for "winlogon.exe"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 502272 bytes [17:08 24/10/2008] [19:00 10/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\winlogon.exe ------ 507904 bytes [07:23 03/09/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\winlogon.exe --a--- 507904 bytes [09:23 17/06/2006] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\ERDNT\cache\winlogon.exe --a--- 502272 bytes [01:51 16/11/2009] [19:00 10/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe --a--- 507904 bytes [08:30 25/01/2009] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe ------ 502272 bytes [09:23 17/06/2006] [19:00 10/08/2004] 01C3346C241652F43AED8E2149881BFE

Searching for "comres.dll"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 792064 bytes [17:10 24/10/2008] [19:00 10/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [07:19 03/09/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\comres.dll --a--- 792064 bytes [09:23 17/06/2006] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comres.dll --a--- 792064 bytes [08:28 25/01/2009] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [09:23 17/06/2006] [19:00 10/08/2004] 6728270CB7DBB776ED086F5AC4C82310

Searching for "crypt32.dll"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 597504 bytes [17:10 24/10/2008] [19:00 10/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 599040 bytes [07:19 03/09/2008] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\crypt32.dll --a--- 599040 bytes [09:23 17/06/2006] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\crypt32.dll --a--- 599040 bytes [08:28 25/01/2009] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\system32\crypt32.dll --a--- 597504 bytes [09:23 17/06/2006] [19:00 10/08/2004] EFC958396A7A7EF7E6D4A52B97512E18

Searching for "gpedit.dll"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\gpedit.dll -----c 566784 bytes [17:10 24/10/2008] [19:00 10/08/2004] C4EE648B2474D84CF081C3FE0DC578DA
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\gpedit.dll ------ 566784 bytes [07:19 03/09/2008] [00:09 14/04/2008] 65F8DA8424AD27A365F61CCC8621FED2
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\gpedit.dll --a--- 566784 bytes [09:23 17/06/2006] [00:09 14/04/2008] 65F8DA8424AD27A365F61CCC8621FED2
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\gpedit.dll --a--- 566784 bytes [08:28 25/01/2009] [00:09 14/04/2008] 65F8DA8424AD27A365F61CCC8621FED2
C:\WINDOWS\system32\gpedit.dll --a--- 566784 bytes [09:23 17/06/2006] [19:00 10/08/2004] C4EE648B2474D84CF081C3FE0DC578DA

Searching for "rundll32.exe"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33280 bytes [17:08 24/10/2008] [19:00 10/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33280 bytes [07:22 03/09/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [09:23 17/06/2006] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rundll32.exe --a--- 33280 bytes [08:30 25/01/2009] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [09:23 17/06/2006] [19:00 10/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF

Searching for "sfc.dll"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [17:08 24/10/2008] [19:00 10/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\sfc.dll ------ 5120 bytes [07:22 03/09/2008] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\sfc.dll --a--- 5120 bytes [09:23 17/06/2006] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\ERDNT\cache\sfc.dll --a--- 5120 bytes [01:51 16/11/2009] [19:00 10/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfc.dll --a--- 5120 bytes [08:30 25/01/2009] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\sfc.dll ------ 5120 bytes [09:23 17/06/2006] [19:00 10/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E

Searching for "svchost.exe"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [17:08 24/10/2008] [19:00 10/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [07:23 03/09/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\svchost.exe --a--- 14336 bytes [09:23 17/06/2006] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\ERDNT\cache\svchost.exe --a--- 14336 bytes [01:51 16/11/2009] [19:00 10/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe --a--- 14336 bytes [08:30 25/01/2009] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\svchost.exe ------ 14336 bytes [09:23 17/06/2006] [19:00 10/08/2004] 8F078AE4ED187AAABC0A305146DE6716

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\drivers\beep.sys --a--- 4224 bytes [09:23 17/06/2006] [19:00 10/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\ERDNT\cache\beep.sys --a--- 4224 bytes [01:51 16/11/2009] [19:00 10/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys ------ 4224 bytes [09:23 17/06/2006] [19:00 10/08/2004] DA1F27D85E0D1525F6621372E7B685E9

Searching for "wscntfy.exe"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\wscntfy.exe -----c 13824 bytes [17:11 24/10/2008] [19:00 10/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\wscntfy.exe ------ 13824 bytes [07:23 03/09/2008] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\wscntfy.exe --a--- 13824 bytes [09:23 17/06/2006] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\ERDNT\cache\wscntfy.exe --a--- 13824 bytes [01:51 16/11/2009] [19:00 10/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wscntfy.exe --a--- 13824 bytes [08:30 25/01/2009] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\system32\wscntfy.exe ------ 13824 bytes [09:23 17/06/2006] [19:00 10/08/2004] 49911DD39E023BB6C45E4E436CFBD297

Searching for "atapi.sys"
C:\My Backup -- 23-01-09 1915\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [17:08 24/10/2008] [12:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\My Backup -- 23-01-09 1915\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [07:19 03/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\My Backup -- 23-01-09 1915\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [05:59 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [01:51 16/11/2009] [12:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys --a--- 96512 bytes [08:27 25/01/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [05:59 04/08/2004] [12:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 18th November 2009, 1:25 am

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Please close all other applications running on your system.
  • Please double click GetSystemInfo.exe to open it.
  • Click the Settings button.
  • Set it to Maximum
  • IMPORTANT! Then please click Customize - choose Driver / Ports tab and
  • Uncheck Scan Ports.
  • Click Create Report to run it.
  • It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 18th November 2009, 2:06 am

[You must be registered and logged in to see this link.]

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 18th November 2009, 4:28 am

These three files need deleted in Safe Mode.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\kadidika.dll
C:\WINDOWS\system32\dutorenu.dll
C:\WINDOWS\system32\nonolugu.dll


==

Then, please reboot back to Normal Mode and do the following:

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\wininet.dll


  • Click on the submit button. Make sure it re-scans. I do not want past results, the file must be scanned again.

  • Please post the results (URL) in your next reply.

  • Do the same for the following files as well:
    C:\WINDOWS\system32\urlmon.dll
    C:\Program Files\Google\Google Desktop Search\gzlib.dll


==

Please make sure all the URLs to the results are included in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 18th November 2009, 12:14 pm

I couldn't find these files.

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 19th November 2009, 6:41 am

Please download the [You must be registered and logged in to see this link.].

  • Save it to your Desktop.
  • Please double-click OTM.exe to run it.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying



    C:\WINDOWS\system32\kadidika.dll
    C:\WINDOWS\system32\dutorenu.dll
    C:\WINDOWS\system32\nonolugu.dll


  • Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==

Please download the Kaspersky AVP Tool from [You must be registered and logged in to see this link.].
  • Save it to your desktop.
  • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 19th November 2009, 11:01 pm

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.1.2.0 log created on 11192009_175928

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by susan2002 on 20th November 2009, 2:47 am

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. ~DragonMaster Jay

susan2002
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-11-17
OS OS : lt
Points Points : 25841
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 20th November 2009, 7:07 am

DragonMaster Jay wrote:
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.

Were you able to get the log? If so, please post it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 21st November 2009, 12:58 am

detected: Trojan program Packed.Win32.Krap.ag File: C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir
detected: Trojan program Trojan.Win32.Monder.cvau File: C:\Qoobox\Quarantine\C\WINDOWS\system32\dagewoyo.dll.vir
detected: Trojan program Trojan.Win32.Monder.cvau File: C:\Qoobox\Quarantine\C\WINDOWS\system32\mudupani.dll.vir
detected: Trojan program Trojan.Win32.Monder.cvau File: C:\WINDOWS\system32\dutorenu.dll.tmp
detected: Trojan program Trojan.Win32.Monder.cvau File: C:\WINDOWS\system32\kadidika.dll
detected: Trojan program Trojan.Win32.Monder.cvau File: C:\WINDOWS\system32\lolefami.dll
detected: Trojan program Trojan.Win32.Monder.cvau File: C:\WINDOWS\system32\wiludubu.dll
detected: Trojan program Trojan.Win32.Monder.cvau File: C:\WINDOWS\system32\wunuveye.dll

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 21st November 2009, 2:28 am

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus???

Post by mahler2nd on 24th November 2009, 9:05 pm

Tuesday, November 24, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 24, 2009 02:13:10
Records in database: 3282492


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
F:\
G:\
H:\
I:\
N:\

Scan statistics
Objects scanned 176146
Threats found 1
Infected objects found 4
Suspicious objects found 0
Scan duration 05:21:24

File name Threat Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\dagewoyo.dll.vir Infected: Trojan.Win32.Monder.cvau 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\mudupani.dll.vir Infected: Trojan.Win32.Monder.cvau 1

C:\WINDOWS\system32\lolefami.dll Infected: Trojan.Win32.Monder.cvau 1

C:\WINDOWS\system32\wunuveye.dll Infected: Trojan.Win32.Monder.cvau 1

Selected area has been scanned.

mahler2nd
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-05-28
OS OS : xp
Points Points : 27757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus???

Post by Dr Jay on 24th November 2009, 9:18 pm

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum