Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo infection [RESOLVED]

Started by Manora , Jul 02 2008 05:54 AM

  • This topic is locked This topic is locked

#1
Manora
Posted 02 July 2008 - 05:54 AM

Manora

    New Member

  • Member
  • Pip
  • 6 posts
I ran Ad-Aware, MBAM, VirtumundoBegone, Avast, and SUPER Antispyware. I had 1 Vundo infection that Avast could detect, and said it deleted. 56 problems in Ad-Aware, and lot of others that the programs said they deleted. My Avast won't allow the panda scan to run on my computer, and my automatic updater for windows won't work. VundoFix said it didn't find anything. Also after running VirtumundoBegone and restarting my computer, I got an error message that says "Error loading C:\WINDOWS\system32\ejrmrlrr.dll %1 is not a valid Win32 application."

I had to register under another ID here in geekstogo because my computer wouldn't allow me to post under my old ID of Selinay. I'm posting everything I can think of here. Let me know if you need anything else.

Thank you in advance for any help you can give me.


Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:16 AM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: {269a5c6a-ed76-842a-aae4-14e4f7d09d6c} - {c6d90d7f-4e41-4eaa-a248-67dea6c5a962} - C:\WINDOWS\system32\xnwfxj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.co...eb.1.0.0.13.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/...rs.1.0.0.39.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab53984.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/...tg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/...ersion=1,0,0,10
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...inematycoon.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave...sh.1.0.0.47.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13258 bytes


mbam-log:

Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 5.1.2600 Service Pack 2

6:06:29 AM 7/2/2008
mbam-log-7-2-2008 (06-06-29).txt

Scan type: Quick Scan
Objects scanned: 54090
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dinfnids.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\geBrqomn.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73fb9f95-b886-4a6c-9642-402433e2e315} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{73fb9f95-b886-4a6c-9642-402433e2e315} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0d2727d9-e6d1-4549-be55-5d38e678c1bd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{20159057-f0d9-4520-8d0e-b117b49fb5d9} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{45a31505-d656-46c8-9719-ea5a4ff3c5f7} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7d203125 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7e1302b9 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrqomn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrqomn -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\DeskAlerts (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\geBrqomn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nmoqrBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmoqrBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dinfnids.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sdinfnid.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\cancel_button.gif (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\history.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\hs_delete.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\hs_search.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\icons.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\mbclose.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\mblogo.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\newversion.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\notify.wav (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\options.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\save_button.gif (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\title_back.gif (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\Cache\e832b941f059b5e8b09f048e1f35996c.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejrmrlrr.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.


VBG log:


[07/02/2008, 5:45:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Owner\Desktop\VirtumundoBeGone.exe" )
[07/02/2008, 5:45:18] - Detected System Information:
[07/02/2008, 5:45:18] - Windows Version: 5.1.2600, Service Pack 2
[07/02/2008, 5:45:18] - Current Username: Compaq_Owner (Admin)
[07/02/2008, 5:45:18] - Windows is in NORMAL mode.
[07/02/2008, 5:45:18] - Searching for Browser Helper Objects:
[07/02/2008, 5:45:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/02/2008, 5:45:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/02/2008, 5:45:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/02/2008, 5:45:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/02/2008, 5:45:18] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/02/2008, 5:45:18] - BHO 4: {68950839-2675-49E2-B6A5-442E0B0D1BA4} ()
[07/02/2008, 5:45:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:18] - Checking for HKLM\...\Winlogon\Notify\mlJCVNgg
[07/02/2008, 5:45:18] - Found: HKLM\...\Winlogon\Notify\mlJCVNgg - This is probably Virtumundo.
[07/02/2008, 5:45:18] - Assigning {68950839-2675-49E2-B6A5-442E0B0D1BA4} MSEvents Object
[07/02/2008, 5:45:18] - BHO list has been changed! Starting over...
[07/02/2008, 5:45:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/02/2008, 5:45:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/02/2008, 5:45:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/02/2008, 5:45:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/02/2008, 5:45:18] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/02/2008, 5:45:18] - BHO 4: {68950839-2675-49E2-B6A5-442E0B0D1BA4} (MSEvents Object)
[07/02/2008, 5:45:18] - ALERT: Found MSEvents Object!
[07/02/2008, 5:45:18] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/02/2008, 5:45:18] - BHO 6: {99D82E72-A0E5-47E1-B167-4439AED37885} ()
[07/02/2008, 5:45:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:18] - Checking for HKLM\...\Winlogon\Notify\geBrqomn
[07/02/2008, 5:45:19] - Key not found: HKLM\...\Winlogon\Notify\geBrqomn, continuing.
[07/02/2008, 5:45:19] - BHO 7: {A7327C09-B521-4EDB-8509-7D2660C9EC98} (Viewpoint Toolbar BHO)
[07/02/2008, 5:45:19] - BHO 8: {c6d90d7f-4e41-4eaa-a248-67dea6c5a962} ()
[07/02/2008, 5:45:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:19] - Checking for HKLM\...\Winlogon\Notify\xnwfxj
[07/02/2008, 5:45:19] - Key not found: HKLM\...\Winlogon\Notify\xnwfxj, continuing.
[07/02/2008, 5:45:19] - Finished Searching Browser Helper Objects
[07/02/2008, 5:45:19] - *** Detected MSEvents Object
[07/02/2008, 5:45:19] - Trying to remove MSEvents Object...
[07/02/2008, 5:45:20] - Terminating Process: IEXPLORE.EXE
[07/02/2008, 5:45:20] - Terminating Process: RUNDLL32.EXE
[07/02/2008, 5:45:21] - Disabling Automatic Shell Restart
[07/02/2008, 5:45:21] - Terminating Process: EXPLORER.EXE
[07/02/2008, 5:45:23] - Suspending the NT Session Manager System Service
[07/02/2008, 5:45:24] - Terminating Windows NT Logon/Logoff Manager
[07/02/2008, 5:45:24] - Re-enabling Automatic Shell Restart
[07/02/2008, 5:45:25] - File to disable: C:\WINDOWS\system32\mlJCVNgg.dll
[07/02/2008, 5:45:26] - Removing HKLM\...\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}
[07/02/2008, 5:45:27] - Removing HKCR\CLSID\{68950839-2675-49E2-B6A5-442E0B0D1BA4}
[07/02/2008, 5:45:28] - Adding Kill Bit for ActiveX for GUID: {68950839-2675-49E2-B6A5-442E0B0D1BA4}
[07/02/2008, 5:45:29] - Deleting ATLEvents/MSEvents Registry entries
[07/02/2008, 5:45:29] - Removing HKLM\...\Winlogon\Notify\mlJCVNgg
[07/02/2008, 5:45:29] - Searching for Browser Helper Objects:
[07/02/2008, 5:45:29] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/02/2008, 5:45:29] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/02/2008, 5:45:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/02/2008, 5:45:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/02/2008, 5:45:29] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/02/2008, 5:45:29] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/02/2008, 5:45:29] - BHO 5: {99D82E72-A0E5-47E1-B167-4439AED37885} ()
[07/02/2008, 5:45:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:29] - Checking for HKLM\...\Winlogon\Notify\geBrqomn
[07/02/2008, 5:45:29] - Key not found: HKLM\...\Winlogon\Notify\geBrqomn, continuing.
[07/02/2008, 5:45:29] - BHO 6: {A7327C09-B521-4EDB-8509-7D2660C9EC98} (Viewpoint Toolbar BHO)
[07/02/2008, 5:45:29] - BHO 7: {c6d90d7f-4e41-4eaa-a248-67dea6c5a962} ()
[07/02/2008, 5:45:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:29] - Checking for HKLM\...\Winlogon\Notify\xnwfxj
[07/02/2008, 5:45:29] - Key not found: HKLM\...\Winlogon\Notify\xnwfxj, continuing.
[07/02/2008, 5:45:29] - Finished Searching Browser Helper Objects
[07/02/2008, 5:45:29] - Finishing up...
[07/02/2008, 5:45:29] - A restart is needed.
[07/02/2008, 5:45:39] - Attempting to Restart via STOP error (Blue Screen!)


SUPER AntiSpywar scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2008 at 10:06 PM

Application Version : 4.15.1000

Core Rules Database Version : 3495
Trace Rules Database Version: 1486

Scan type : Complete Scan
Total Scan Time : 02:15:26

Memory items scanned : 468
Memory threats detected : 2
Registry items scanned : 6322
Registry threats detected : 8
File items scanned : 226522
File threats detected : 46

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\GEBRQOMN.DLL
C:\WINDOWS\SYSTEM32\GEBRQOMN.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\XNWFXJ.DLL
C:\WINDOWS\SYSTEM32\XNWFXJ.DLL

Trojan.Vundo-Variant/Small-GEN
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6091F32F-CCEE-4A01-B7B8-7CE45847739A}
HKCR\CLSID\{6091F32F-CCEE-4A01-B7B8-7CE45847739A}
HKCR\CLSID\{6091F32F-CCEE-4A01-B7B8-7CE45847739A}\InprocServer32
HKCR\CLSID\{6091F32F-CCEE-4A01-B7B8-7CE45847739A}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@insightexpressai[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@gadget[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@239548[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adinterax[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@software-traffic[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partner2profit[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1878722106-523578485-4215618433-1009\Software\Microsoft\rdfa
  • 0

Advertisements

#2
Essexboy
Posted 06 July 2008 - 05:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay - could I have a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Manora
Posted 06 July 2008 - 05:53 AM

Manora

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Essexboy, and thank you for replying. I ran the DSS, but it only opened one notepad, main.txt.



Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-06 06:41:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:48 AM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: {269a5c6a-ed76-842a-aae4-14e4f7d09d6c} - {c6d90d7f-4e41-4eaa-a248-67dea6c5a962} - C:\WINDOWS\system32\xnwfxj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.co...eb.1.0.0.13.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/...rs.1.0.0.39.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab53984.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/...tg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/...ersion=1,0,0,10
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...inematycoon.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave...sh.1.0.0.47.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13220 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-02 06:25:21 0 d-------- C:\Program Files\Panda Security
2008-07-02 06:09:09 660941 --ahs---- C:\WINDOWS\system32\nmoqrBeg.ini2
2008-07-02 05:56:49 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-07-02 05:56:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 05:56:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 05:56:08 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-02 02:18:37 0 d-------- C:\Program Files\SpywareGuard
2008-07-01 23:54:36 0 d-------- C:\VundoFix Backups
2008-07-01 08:16:30 86528 -----n--- C:\WINDOWS\system32\dinfnids.dll
2008-07-01 08:16:03 94720 -----n--- C:\WINDOWS\system32\ejrmrlrr.dll
2008-06-23 22:33:00 0 d-------- C:\Program Files\Dobhran.com - Balloon Trip
2008-06-18 20:53:58 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\RealWorld
2008-06-18 20:53:27 0 d-------- C:\Program Files\RealWorld Cursor Editor
2008-06-10 23:09:05 0 d-------- C:\MSI5a65a.tmp


-- Find3M Report ---------------------------------------------------------------

2008-07-02 05:56:08 0 d-------- C:\Program Files\Common Files
2008-07-02 02:23:50 0 d-------- C:\Program Files\LimeWire
2008-06-20 08:58:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 18:11:11 0 d-------- C:\Program Files\Google
2008-06-10 01:34:28 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-04 03:53:06 0 d-------- C:\Program Files\Serif
2008-05-31 21:40:00 0 d-------- C:\Program Files\Common Files\Vivi10
2008-05-31 21:39:57 0 d-------- C:\Program Files\ViviCam 10 and 20
2008-05-31 18:29:36 0 d-------- C:\Program Files\XPC Tools
2008-05-16 12:38:51 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-05-16 12:38:44 0 d-------- C:\Program Files\CHARTER
2008-05-16 05:26:25 0 d-------- C:\Program Files\Virtual Earth 3D
2008-05-12 16:24:22 0 dr-h----- C:\Documents and Settings\Compaq_Owner\Application Data\SecuROM
2008-05-12 16:16:26 0 d-------- C:\Program Files\EA GAMES
2008-05-12 16:13:10 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-05-11 15:48:05 0 d-------- C:\Program Files\Windows NT
2008-05-11 15:47:45 0 d-------- C:\Program Files\Movie Maker
2008-05-11 15:47:30 0 d-------- C:\Program Files\Messenger
2008-05-11 14:14:20 0 d-------- C:\Program Files\Games Of The Month
2008-04-13 19:12:36 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6d90d7f-4e41-4eaa-a248-67dea6c5a962}]
C:\WINDOWS\system32\xnwfxj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 05:34 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 01:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [01/03/2005 12:41 PM]
"Tweak UI"="TWEAKUI.CPL" [03/17/2006 01:44 AM C:\WINDOWS\system32\TWEAKUI.CPL]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 04:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/21/2006 09:54 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/22/2007 05:35 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/10/2008 01:34 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"@"="" []
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000
"NoSMMyPictures"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 02:14 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/04/2008 05:21 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - PAVBOOT



-- End of Deckard's System Scanner: finished at 2008-07-06 06:42:23 ------------
  • 0

#4
Essexboy
Posted 06 July 2008 - 06:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets proceed

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: {269a5c6a-ed76-842a-aae4-14e4f7d09d6c} - {c6d90d7f-4e41-4eaa-a248-67dea6c5a962} - C:\WINDOWS\system32\xnwfxj.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\nmoqrBeg.ini2
C:\WINDOWS\system32\dinfnids.dll
C:\WINDOWS\system32\ejrmrlrr.dll
C:\MSI5a65a.tmp
C:\WINDOWS\system32\xnwfxj.dll
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
Manora
Posted 06 July 2008 - 07:48 AM

Manora

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I did the first two, but the last one, OTScanit, when I tried to run that one I got an error message. "Error running process libraries! The specified module could not be found."

Here are the OTMoveIt2 results:

C:\WINDOWS\system32\nmoqrBeg.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\dinfnids.dll
C:\WINDOWS\system32\dinfnids.dll NOT unregistered.
C:\WINDOWS\system32\dinfnids.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ejrmrlrr.dll
C:\WINDOWS\system32\ejrmrlrr.dll NOT unregistered.
C:\WINDOWS\system32\ejrmrlrr.dll moved successfully.
C:\MSI5a65a.tmp moved successfully.
File/Folder C:\WINDOWS\system32\xnwfxj.dll not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_083004
  • 0

#6
Essexboy
Posted 06 July 2008 - 09:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:) OK could you now run MBAM then to see what remains

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#7
Manora
Posted 06 July 2008 - 03:53 PM

Manora

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay, did that. Here are the results.


Malwarebytes' Anti-Malware 1.19
Database version: 920
Windows 5.1.2600 Service Pack 2

4:47:42 PM 7/6/2008
mbam-log-7-6-2008 (16-47-42).txt

Scan type: Quick Scan
Objects scanned: 52565
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Essexboy
Posted 07 July 2008 - 12:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#9
Manora
Posted 07 July 2008 - 03:31 PM

Manora

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you so much, Essexboy, you've been a great help. My computer is running smooth again.

Take care,

Manora :)
  • 0

#10
Essexboy
Posted 07 July 2008 - 03:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP