ekcliv.dll and owjubj.dll

View previous topic View next topic Go down

Solved ekcliv.dll and owjubj.dll

Post by charvie on Sat Jan 17, 2009 11:22 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:45 PM, on 1/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Avie\Local Settings\Temporary Internet Files\Content.IE5\M1BD6FY6\hijackgpthis[1].exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6f994cb9-9180-4c54-801d-0130835d4b77} - C:\WINDOWS\system32\sasisudi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {b33cc1d4-520a-994a-10e4-1eb8677a81f7} - {7f18a776-8be1-4e01-a499-a0254d1cc33b} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [08370433] rundll32.exe "C:\WINDOWS\system32\wasubezu.dll",b
O4 - HKLM\..\Run: [CPM0b0437af] Rundll32.exe "c:\windows\system32\loyejosu.dll",a
O4 - HKLM\..\Run: [lonatapifa] Rundll32.exe "C:\WINDOWS\system32\sebodawe.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" -noui
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [L08AXLRD_1505921] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [TransBar] C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [lonatapifa] Rundll32.exe "C:\WINDOWS\system32\sebodawe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lonatapifa] Rundll32.exe "C:\WINDOWS\system32\sebodawe.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Premier Health Partners PHP VPN Client.lnk = C:\Program Files\Premier Health Partners\PHP VPN Client\vpngui.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\WINDOWS\system32\goveyudi.dll owjubj.dll fnynos.dll ekcliv.dll c:\windows\system32\loyejosu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\loyejosu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\loyejosu.dll
O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Premier Health Partners\PHP VPN Client\cvpnd.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11235 bytes

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Sat Jan 17, 2009 11:24 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {6f994cb9-9180-4c54-801d-0130835d4b77} - C:\WINDOWS\system32\sasisudi.dll (file missing)
    O2 - BHO: {b33cc1d4-520a-994a-10e4-1eb8677a81f7} - {7f18a776-8be1-4e01-a499-a0254d1cc33b} - (no file)
    O4 - HKLM\..\Run: [08370433] rundll32.exe "C:\WINDOWS\system32\wasubezu.dll",b
    O4 - HKLM\..\Run: [CPM0b0437af] Rundll32.exe "c:\windows\system32\loyejosu.dll",a
    O4 - HKLM\..\Run: [lonatapifa] Rundll32.exe "C:\WINDOWS\system32\sebodawe.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [lonatapifa] Rundll32.exe "C:\WINDOWS\system32\sebodawe.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [lonatapifa] Rundll32.exe "C:\WINDOWS\system32\sebodawe.dll",s (User 'NETWORK SERVICE')
    O20 - AppInit_DLLs: C:\WINDOWS\system32\goveyudi.dll owjubj.dll fnynos.dll ekcliv.dll c:\windows\system32\loyejosu.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\loyejosu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\loyejosu.dll
    O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Sun Jan 18, 2009 9:13 am

Hey! Sir! thanx a lot for helping me. The trojan is gone bwahahaha! ^^
I was really scare of it T_T good thing my internet still worked an i was able to sign in here. Geekpolice is the best forum there is!!!...definitely!
thanx a lot!

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Sun Jan 18, 2009 3:28 pm

I dunno, we can take a full look around to make sure it's gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Mon Jan 19, 2009 5:38 am

how do we do that?....so it's possible that it's still lurking somewhere on my pc? Let me think




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Mon Jan 19, 2009 2:12 pm

If you look at the MBAM log, you'll see that it's probably found like 50 files of all Vundo, that's because Vundo makes MANY copies of itself, so if all of them aren't delete, then it will regenerate the infection.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Mon Jan 19, 2009 2:56 pm

DDS (Ver_09-01-07.01) - NTFSx86
Run by Avie at 9:52:14.85 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.233 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Avie\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar =
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant =
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DesktopX] "c:\progra~1\stardock\object~1\desktopx\DesktopX Builder.exe" -noui
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [L08AXLRD_1505921] "c:\program files\microsoft student\microsoft student with encarta premium 2008 dvd\EDICT.EXE" -m
uRun: [TransBar] c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe /s
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\multip~1.lnk - c:\program files\multiply\autouploader\multiply autouploader\Multiply AutoUploader.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\transbar.lnk - c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\y'zsha~1.lnk - c:\windows\bricopacks\vista inspirat 2\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\premie~1.lnk - c:\program files\premier health partners\php vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\goveyudi.dll

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Mon Jan 19, 2009 2:56 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\avie\applic~1\mozilla\firefox\profiles\9q3x8dwv.default\
FF - plugin: c:\program files\google\google updater\2.4.1425.4532\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll

============= SERVICES / DRIVERS ===============

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-17 38496]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-11-2 41456]
R4 HopperP;WiFi Hopper;c:\windows\system32\drivers\hopperp.sys [2006-3-14 21376]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-1-18 102463]
R4 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2003-9-29 237657]
R4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-9-29 69706]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-1-22 189792]
S4 Abel;Abel;c:\program files\cain\abel.exe --> c:\program files\cain\Abel.exe [?]
S4 gupdate1c95c4184f44380;Google Update Service (gupdate1c95c4184f44380);c:\program files\google\update\GoogleUpdate.exe [2008-12-12 119280]

=============== Created Last 30 ================

2009-01-17 18:36 --d----- c:\docume~1\avie\applic~1\Malwarebytes
2009-01-17 18:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-17 18:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 18:36 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 18:36 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-16 20:12 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-16 20:12 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-16 19:30 7,680 ac-sh--- c:\windows\system32\dllcache\Thumbs.db
2009-01-16 19:28 10,752 a--sh--- c:\windows\system32\Thumbs.db
2009-01-16 08:01 1,411,060 ---sh--- c:\windows\system32\uzebusaw.ini
2009-01-16 07:38 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-16 07:38 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-16 07:38 --d----- c:\program files\iPod
2009-01-16 07:37 --d----- c:\program files\iTunes
2009-01-16 07:37 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 07:37 --d----- c:\program files\Bonjour
2009-01-15 20:00 1,405,485 ---sh--- c:\windows\system32\iyakepud.ini
2009-01-15 08:00 1,400,822 ---sh--- c:\windows\system32\ulivejit.ini
2009-01-15 01:24 --d----- c:\windows\RegisteredPackages
2009-01-15 01:05 --d----- c:\docume~1\avie\applic~1\Windows Search
2009-01-14 18:57 1,396,418 ---sh--- c:\windows\system32\igiwubef.ini
2009-01-14 08:10 --d----- c:\program files\MSECache
2009-01-14 06:56 1,415,937 ---sh--- c:\windows\system32\urovimaz.ini
2009-01-13 18:56 1,396,418 ---sh--- c:\windows\system32\unotavus.ini
2009-01-12 21:08 1,314,125 ---sh--- c:\windows\system32\udapoway.ini
2009-01-12 10:05 --d----- c:\docume~1\avie\applic~1\Windows Desktop Search
2009-01-12 10:04 --d----- c:\program files\Windows Desktop Search
2009-01-12 10:03 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-01-12 10:03 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-01-12 10:03 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-01-12 09:52 1,301,852 ---sh--- c:\windows\system32\uzuzedat.ini
2009-01-11 21:51 1,301,852 ---sh--- c:\windows\system32\avadefir.ini
2009-01-11 09:51 1,301,852 ---sh--- c:\windows\system32\upagasos.ini
2009-01-10 20:38 1,301,870 ---sh--- c:\windows\system32\emujatev.ini
2009-01-10 00:54 1,294,245 ---sh--- c:\windows\system32\orituvak.ini
2009-01-09 07:14 1,287,097 ---sh--- c:\windows\system32\ovapupok.ini
2009-01-08 09:19 1,284,318 ---sh--- c:\windows\system32\ihiyeyem.ini
2009-01-07 21:20 1,281,308 ---sh--- c:\windows\system32\uyatevos.ini
2009-01-07 11:49 --d----- c:\docume~1\avie\applic~1\Any Video Converter
2009-01-07 11:46 --d----- C:\CFdownloads
2009-01-07 11:25 719,872 a------- c:\windows\system32\devil.dll
2009-01-07 11:25 318,976 a------- c:\windows\system32\avisynth.dll
2009-01-07 11:25 502,784 a------- c:\windows\x2.64.exe
2009-01-07 11:25 240,128 a------- c:\windows\system32\x.264.exe
2009-01-07 11:25 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-01-07 11:25 70,656 a------- c:\windows\system32\i420vfw.dll
2009-01-07 11:25 66,560 a------- c:\windows\MOTA113.exe
2009-01-07 11:25 27,648 a------- c:\windows\system32\AVSredirect.dll
2009-01-07 11:25 217,073 a------- c:\windows\meta4.exe
2009-01-07 11:25 --d----- c:\program files\AviSynth 2.5
2009-01-07 11:24 186,880 ---shr-- c:\windows\system32\RLOgg.ax
2009-01-07 11:24 92,672 ---shr-- c:\windows\system32\RLVorbisDec.ax
2009-01-07 11:24 67,584 ---shr-- c:\windows\system32\RLTheoraDec.ax
2009-01-07 11:24 51,712 ---shr-- c:\windows\system32\RLSpeexDec.ax
2009-01-07 11:24 179,200 ---shr-- c:\windows\system32\DiracSplitter.ax
2009-01-07 11:24 81,920 ---shr-- c:\windows\system32\aac_parser.ax
2009-01-07 10:42 --d----- c:\program files\Total Video Converter
2009-01-07 05:25 1,281,326 ---sh--- c:\windows\system32\ugowabah.ini
2009-01-07 04:39 --d----- c:\program files\uTorrent
2009-01-07 04:38 --d----- c:\docume~1\avie\applic~1\uTorrent
2009-01-06 11:50 1,281,308 ---sh--- c:\windows\system32\opajegud.ini
2009-01-05 23:49 1,266,245 ---sh--- c:\windows\system32\esikekip.ini
2009-01-04 23:49 1,266,209 ---sh--- c:\windows\system32\utetepuh.ini
2009-01-04 11:49 1,266,209 ---sh--- c:\windows\system32\ihuwipip.ini
2009-01-04 00:33 1,266,209 ---sh--- c:\windows\system32\abehisam.ini
2009-01-03 11:45 1,266,209 ---sh--- c:\windows\system32\ogikohew.ini
2009-01-02 23:45 1,266,209 ---sh--- c:\windows\system32\olesaduh.ini
2009-01-02 11:44 1,266,209 ---sh--- c:\windows\system32\igategok.ini
2009-01-01 22:44 1,266,209 ---sh--- c:\windows\system32\evalojef.ini
2009-01-01 01:21 1,266,209 ---sh--- c:\windows\system32\ejiheyul.ini
2008-12-31 11:33 1,266,209 ---sh--- c:\windows\system32\ubabarob.ini
2008-12-30 23:32 1,266,209 ---sh--- c:\windows\system32\eraperut.ini
2008-12-30 22:33 1,674,278 ---sh--- c:\windows\system32\abiwakem.ini
2008-12-29 01:26 1,674,278 ---sh--- c:\windows\system32\ifigawat.ini
2008-12-28 02:05 1,673,089 ---sh--- c:\windows\system32\uzebisif.ini
2008-12-27 13:36 1,673,089 ---sh--- c:\windows\system32\ewikuwom.ini
2008-12-26 22:17 1,664,182 ---sh--- c:\windows\system32\ilekedih.ini
2008-12-26 10:17 1,582,201 ---sh--- c:\windows\system32\ujefipis.ini
2008-12-25 22:22 1,582,201 ---sh--- c:\windows\system32\ebohoyid.ini
2008-12-20 19:13 --d----- c:\program files\Windows Media Connect 2
2008-12-20 19:12 --d----- C:\c48f72fcae7bad1afe70cedc71
2008-12-20 19:10 --d----- C:\e7cf3611f85e6aeb347fd3dd989031ad
2008-12-20 18:40 --d----- c:\windows\system32\scripting
2008-12-20 18:40 --d----- c:\windows\l2schemas
2008-12-20 18:40 --d----- c:\windows\system32\en
2008-12-20 18:40 --d----- c:\windows\system32\bits
2008-12-20 18:32 --d----- c:\windows\ServicePackFiles

==================== Find3M ====================

2009-01-11 09:51 103,106 a--sh--- c:\windows\system32\papevili.dll
2008-12-20 18:46 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-09-14 06:04 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-09-14 06:04 88 ---shr-- c:\docume~1\alluse~1\applic~1\D01097A1C9.sys
2006-03-14 15:31 21,376 a------- c:\windows\inf\hopperp.sys
2001-08-17 23:59 28,160 a------- c:\program files\UnFREEz.exe
0000-00-00 00:00 62,464 a--sh--- c:\windows\system32\deporare.dll

============= FINISH: 9:54:16.59 ===============




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Mon Jan 19, 2009 4:17 pm

Hello.
I'm confused now, is this the same machine as the other topic?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Wed Jan 21, 2009 6:11 am

Oh! sorry....yeah this is the same machine....




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Wed Jan 21, 2009 2:57 pm

Okay, quite a lot of vundo leftovers.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\igiwubef.ini
    c:\windows\system32\urovimaz.ini
    c:\windows\system32\unotavus.ini
    c:\windows\system32\udapoway.ini
    c:\windows\system32\iyakepud.ini
    c:\windows\system32\ulivejit.ini
    c:\windows\system32\uzuzedat.ini
    c:\windows\system32\avadefir.ini
    c:\windows\system32\upagasos.ini
    c:\windows\system32\emujatev.ini
    c:\windows\system32\orituvak.ini
    c:\windows\system32\ovapupok.ini
    C:\windows\system32\ihiyeyem.ini
    c:\windows\system32\uyatevos.ini
    c:\windows\system32\opajegud.ini
    c:\windows\system32\esikekip.ini
    c:\windows\system32\utetepuh.ini
    c:\windows\system32\ihuwipip.ini
    c:\windows\system32\abehisam.ini
    c:\windows\system32\ogikohew.ini
    c:\windows\system32\olesaduh.ini
    c:\windows\system32\igategok.ini
    c:\windows\system32\evalojef.ini
    c:\windows\system32\ejiheyul.ini
    c:\windows\system32\ubabarob.ini
    c:\windows\system32\eraperut.ini
    c:\windows\system32\abiwakem.ini
    c:\windows\system32\ifigawat.ini
    c:\windows\system32\uzebisif.ini
    c:\windows\system32\ewikuwom.ini
    c:\windows\system32\ilekedih.ini
    c:\windows\system32\ujefipis.ini
    c:\windows\system32\ebohoyid.ini

    :commands
    [purity]
    [emptytemp]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Thu Jan 22, 2009 4:10 am

i cant copy it after i've pressed the move it button.

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Thu Jan 22, 2009 2:21 pm

Okay, the log is saved here
C:\_OTMoveIt\time-and-date.log

Post the log please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Thu Jan 22, 2009 10:54 pm

wa?!...Sir, I wa so scared of the vundo, that I just used the malwarebytes that you made me download once. And it get rid of the vundo. I don't know if it was all of them so I've use the DDS again. So i'll post the DDS file here. I hope you don't mind if this topic get so long.




DDS (Ver_09-01-07.01) - NTFSx86
Run by Avie at 2:18:31.39 on Fri 01/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.467 [GMT 3.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\mod\Explorer.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Avie\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar =
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar =

[You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant =
mURLSearchHooks: H - No File
mWinlogon: Shell=mod\Explorer.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DesktopX] "c:\progra~1\stardock\object~1\desktopx\DesktopX Builder.exe" -noui
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [L08AXLRD_1505921] "c:\program files\microsoft student\microsoft student with encarta premium

2008 dvd\EDICT.EXE" -m
uRun: [TransBar] c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe /s
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe"

/StartedFromRunKey
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\multip~1.lnk - c:\program

files\multiply\autouploader\multiply autouploader\Multiply AutoUploader.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista

inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\transbar.lnk - c:\windows\bricopacks\vista

inspirat 2\transbar\TransBar.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista

inspirat 2\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\y'zsha~1.lnk - c:\windows\bricopacks\vista

inspirat 2\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common

files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program

files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\premie~1.lnk - c:\program

files\premier health partners\php vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program

files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program

files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} -

c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program

files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\goveyudi.dll




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Thu Jan 22, 2009 10:54 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\avie\applic~1\mozilla\firefox\profiles\9q3x8dwv.default\
FF - plugin: c:\program files\google\google updater\2.4.1425.4532\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll

============= SERVICES / DRIVERS ===============

R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program

files\cyberlink\powerdvd\000.fcl [2007-11-3 41456]
R4 HopperP;WiFi Hopper;c:\windows\system32\drivers\hopperp.sys [2006-3-15 21376]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common

framework\FrameworkService.exe [2008-1-18 102463]
R4 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe

[2003-9-29 237657]
R4 McTaskManager;Network Associates Task Manager;c:\program files\network

associates\virusscan\VsTskMgr.exe [2003-9-29 69706]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-1-23 189792]
S4 Abel;Abel;c:\program files\cain\abel.exe --> c:\program files\cain\Abel.exe [?]
S4 gupdate1c95c4184f44380;Google Update Service (gupdate1c95c4184f44380);c:\program

files\google\update\GoogleUpdate.exe [2008-12-12 119280]

=============== Created Last 30 ================

2009-01-22 07:33 --d----- C:\_OTMoveIt
2009-01-22 05:05 167,696 a------- c:\windows\system32\amovie.ocx
2009-01-22 05:05 115,920 a------- c:\windows\system32\Msinet.ocx
2009-01-22 05:05 244,024 a------- c:\windows\system32\Msflxgrd.ocx
2009-01-22 05:05 --d----- c:\program files\Chikka
2009-01-21 10:48 --d----- c:\windows\mod
2009-01-20 08:04 --d----- c:\program files\ZhyperMU
2009-01-18 03:06 --d----- c:\docume~1\avie\applic~1\Malwarebytes
2009-01-18 03:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-18 03:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 03:06 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 03:06 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-17 04:42 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-17 04:42 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-17 04:00 7,680 ac-sh--- c:\windows\system32\dllcache\Thumbs.db
2009-01-17 03:58 10,752 a--sh--- c:\windows\system32\Thumbs.db
2009-01-16 16:08 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-16 16:08 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-16 16:08 --d----- c:\program files\iPod
2009-01-16 16:07 --d----- c:\program files\iTunes
2009-01-16 16:07 --d-----

c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 16:07 --d----- c:\program files\Bonjour
2009-01-15 09:54 --d----- c:\windows\RegisteredPackages
2009-01-15 09:35 --d----- c:\docume~1\avie\applic~1\Windows Search
2009-01-14 16:40 --d----- c:\program files\MSECache
2009-01-12 18:35 --d----- c:\docume~1\avie\applic~1\Windows Desktop Search
2009-01-12 18:34 --d----- c:\program files\Windows Desktop Search
2009-01-12 18:33 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-01-12 18:33 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-01-12 18:33 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-01-07 20:19 --d----- c:\docume~1\avie\applic~1\Any Video Converter
2009-01-07 20:16 --d----- C:\CFdownloads
2009-01-07 19:55 719,872 a------- c:\windows\system32\devil.dll
2009-01-07 19:55 318,976 a------- c:\windows\system32\avisynth.dll
2009-01-07 19:55 502,784 a------- c:\windows\x2.64.exe
2009-01-07 19:55 240,128 a------- c:\windows\system32\x.264.exe
2009-01-07 19:55 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-01-07 19:55 70,656 a------- c:\windows\system32\i420vfw.dll
2009-01-07 19:55 66,560 a------- c:\windows\MOTA113.exe
2009-01-07 19:55 27,648 a------- c:\windows\system32\AVSredirect.dll
2009-01-07 19:55 217,073 a------- c:\windows\meta4.exe
2009-01-07 19:55 --d----- c:\program files\AviSynth 2.5
2009-01-07 19:54 186,880 ---shr-- c:\windows\system32\RLOgg.ax
2009-01-07 19:54 92,672 ---shr-- c:\windows\system32\RLVorbisDec.ax
2009-01-07 19:54 67,584 ---shr-- c:\windows\system32\RLTheoraDec.ax
2009-01-07 19:54 51,712 ---shr-- c:\windows\system32\RLSpeexDec.ax
2009-01-07 19:54 179,200 ---shr-- c:\windows\system32\DiracSplitter.ax
2009-01-07 19:54 81,920 ---shr-- c:\windows\system32\aac_parser.ax
2009-01-07 19:12 --d----- c:\program files\Total Video Converter
2009-01-07 13:09 --d----- c:\program files\uTorrent
2009-01-07 13:08 --d----- c:\docume~1\avie\applic~1\uTorrent

==================== Find3M ====================

2009-01-11 18:21 103,106 a--sh--- c:\windows\system32\papevili.dll
2008-12-21 03:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 14:27 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-09-14 14:34 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-09-14 14:34 88 ---shr-- c:\docume~1\alluse~1\applic~1\D01097A1C9.sys
2006-03-15 00:01 21,376 a------- c:\windows\inf\hopperp.sys
2001-08-18 08:29 28,160 a------- c:\program files\UnFREEz.exe
1601-01-01 03:42 62,464 a--sh--- c:\windows\system32\deporare.dll

============= FINISH: 2:19:35.37 ===============




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Thu Jan 22, 2009 10:57 pm

Looks good, just do these two things then I'll flag the all clear.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


Delete this folder in bold:
C:\_OTMoveIt

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Thu Jan 22, 2009 11:10 pm

well....how do i check if they're all gone sir?should i use malwarebytes to scan my pc?




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Thu Jan 22, 2009 11:29 pm

Yep.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Thu Jan 22, 2009 11:37 pm

oh ok...malwarbytes didn't detect any, that means theres nothing lurking in my pc? Indifferent or Blank


Last edited by charvie on Thu Jan 22, 2009 11:40 pm; edited 1 time in total




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Thu Jan 22, 2009 11:40 pm

Keep in mind:

DDS only shows files created within the last MONTH, if the malware was created before a month today, then I wouldn't of seen it, and MBAM will get it for us.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Thu Jan 22, 2009 11:42 pm

malwarebytes didn't detect any.... Cheesy Grin (sparkly Thank You! this means, theres no more of vundo right? Indifferent or Blank




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Thu Jan 22, 2009 11:55 pm

What's with the unsure look face? LMBO or ROFL
Not detecting anything is good, the vundo is gone, and aslong as we can get you secure and you stay safe, it's not coming back.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Fri Jan 23, 2009 12:13 am

which one of this should i remove?

[You must be registered and logged in to see this link.]




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Fri Jan 23, 2009 12:16 am

Unless you programme in Java language, all 3 need uninstalling.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Fri Jan 23, 2009 12:24 am

wa!...i program in java...so i don't need to uninstall those 3 then?

Sir, the download for the "1232669283451-integrated.jnlp" failed....what shoul i do?

Waaaa....it's too late. run javara and i think the other 2 was removed....what to do now sir? Let me think


Last edited by charvie on Fri Jan 23, 2009 12:27 am; edited 1 time in total

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Fri Jan 23, 2009 12:25 am

Okay, keep SE Development kit, and uninstall the other two, because the development kit needs another installer for the latest updates.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Fri Jan 23, 2009 12:29 am

Sir, the download for the "1232669283451-integrated.jnlp" failed....what shoul i do?




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Fri Jan 23, 2009 12:32 am

Well the two old versions are gone, now we need tp update the development kit.
Select the second installer on the Java website that says "Java SE Development Kit (JDK) 6 Update 11"
Download that installer and run it, it will install the latest development kit.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Fri Jan 23, 2009 3:15 pm

done it!..yey!..thank you for reminding me of that unupdated software. Doesn't it update by itself? I don't really update softwares often, cause i forget about them. So i was expecting that since i already have an internet connection, they'll just update on their own. Oh well, maybe not all.

Thanx Sir Belahzur for helping me with this Thank You! I really hope this virus won't come back anymore.




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Belahzur on Fri Jan 23, 2009 5:06 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by charvie on Sun Jan 25, 2009 4:23 pm

installed them all already!.....i'll run kerio later




THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

charvie
Leader
Leader

Posts Posts : 484
Joined Joined : 2008-04-13
Gender Gender : Female
OS OS : Windows XP
Points Points : 32162
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: ekcliv.dll and owjubj.dll

Post by Doctor Inferno on Sat May 09, 2009 9:54 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum