Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
constant popups, few website problems, possible vundo constant popups, few website problems, possible vundo
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 05-09-2008, 10:26 AM   #1 (permalink)
Registered User
 
Join Date: May 2008
Posts: 5
OS: vista


constant popups, few website problems, possible vundo
hello.

im having similar problems to other posters. im running on vista. about a week ago i remember getting a popup from my norton antivirus saying something about trojan.vundo. since then ive been getting popups from IE, and some websites i cant browse, eg. searching on google. i could maybe say that my browsing has slowed down, but im not sure.

ive tried vundofix.exe, and it has identified one file, but when i attempt to remove it, it tells me to reboot. it is supposed to open after my pc reboots, but it doesnt. ive scanned using norton antivirus, spybot and ad-aware. i have gone through the 5 steps, and there might have been some improvement, but i dont know.

heres my DSS results. i have a the extra.txt attached, but it was from last night. i tried to get another but it would only give main.txt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:07 AM, on 10/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Kevin V\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINV~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8805 bytes

-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-09 21:11:41 0 d-------- C:\ie-spyad_zo
2008-05-09 21:03:30 118784 --a------ C:\Windows\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-09 21:03:30 0 d-------- C:\Program Files\SpywareBlaster
2008-05-09 19:43:41 0 d-------- C:\Program Files\Panda Security
2008-05-09 19:03:45 0 d-------- C:\VundoFix Backups
2008-05-09 18:59:29 0 d-------- C:\Program Files\Trend Micro
2008-05-06 23:37:48 262144 --a------ C:\ntuser.dat
2008-05-06 22:00:54 225280 --a------ C:\Windows\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-05-06 22:00:54 0 d-------- C:\Program Files\VstPlugins
2008-05-06 21:59:37 0 d-------- C:\Program Files\Outsim
2008-05-06 21:58:08 0 d-------- C:\Program Files\Image-Line
2008-05-01 01:52:00 0 d-------- C:\Program Files\TVAnts
2008-05-01 00:14:55 0 d-------- C:\Program Files\SopCast
2008-04-29 18:27:47 0 d-------- C:\Program Files\Hamachi
2008-04-28 22:32:51 1777664 --a------ C:\Windows\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-28 21:21:55 0 d-------- C:\Program Files\Webteh
2008-04-24 22:37:08 32 --a------ C:\Users\All Users\ezsid.dat
2008-04-24 22:30:24 0 d-------- C:\Program Files\Skype
2008-04-24 22:30:24 0 d-------- C:\Program Files\Common Files\Skype
2008-04-24 22:30:18 0 d-------- C:\Users\All Users\Skype
2008-04-18 22:07:48 0 d-------- C:\Windows\Downloaded Installations
2008-04-18 21:21:41 0 d-------- C:\Program Files\SingTelACT
2008-04-18 21:21:35 0 d-------- C:\Program Files\Common Files\Motive
2008-04-18 21:20:54 0 d-------- C:\Users\All Users\Motive
2008-04-13 23:46:41 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-04-11 23:04:43 0 d-------- C:\Program Files\PFConfig


-- Find3M Report ---------------------------------------------------------------

2008-05-10 00:29:36 67225 --a------ C:\Users\Kevin V\AppData\Roaming\nvModes.001
2008-05-10 00:29:35 0 d-------- C:\Program Files\Steam
2008-05-08 19:51:24 67225 --a------ C:\Users\Kevin V\AppData\Roaming\nvModes.dat
2008-05-08 17:49:19 0 d-------- C:\Users\Kevin V\AppData\Roaming\Xfire
2008-05-08 16:49:08 0 d-------- C:\Program Files\Common Files\Steam
2008-05-06 21:41:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 09:07:44 0 d-------- C:\Program Files\Xfire
2008-05-01 00:29:01 0 d-------- C:\Program Files\Microsoft Games
2008-05-01 00:28:47 0 d-------- C:\Users\Kevin V\AppData\Roaming\Microsoft Games
2008-04-29 20:19:28 0 d-------- C:\Users\Kevin V\AppData\Roaming\Hamachi
2008-04-28 21:27:34 0 d-------- C:\Users\Kevin V\AppData\Roaming\BSplayer
2008-04-28 21:21:57 0 d-------- C:\Users\Kevin V\AppData\Roaming\BSplayer Pro
2008-04-28 21:15:10 0 d-------- C:\Users\Kevin V\AppData\Roaming\Media Player Classic
2008-04-26 10:00:34 0 d-------- C:\Users\Kevin V\AppData\Roaming\Skype
2008-04-26 09:58:00 0 d-------- C:\Users\Kevin V\AppData\Roaming\skypePM
2008-04-24 22:30:24 0 d-------- C:\Program Files\Common Files
2008-04-24 16:58:44 0 d-------- C:\Users\Kevin V\AppData\Roaming\LimeWire
2008-04-18 22:04:25 0 d-------- C:\Users\Kevin V\AppData\Roaming\Motive
2008-04-05 22:07:09 0 d-------- C:\Users\Kevin V\AppData\Roaming\Ventrilo
2008-03-18 22:20:44 0 d-------- C:\Program Files\BitComet
2008-03-18 22:15:36 0 d-------- C:\Program Files\LimeWire
2008-03-18 17:30:42 0 d-------- C:\Users\Kevin V\AppData\Roaming\SystemRequirementsLab
2008-03-18 17:30:42 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-15 20:18:22 0 d-------- C:\Program Files\GoldWave
2008-03-15 16:10:36 0 d-------- C:\Program Files\AVIcodec
2008-03-15 14:46:20 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-15 13:50:45 0 d-------- C:\Program Files\VirtualDub
2008-03-13 10:12:45 0 d-------- C:\Program Files\Windows Mail
2008-03-11 16:19:28 0 d-------- C:\Users\Kevin V\AppData\Roaming\Adobe
2008-03-11 10:32:55 0 d-------- C:\Program Files\Norton Internet Security
2008-03-11 10:32:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-10 20:02:10 0 d-------- C:\Users\Kevin V\AppData\Roaming\Sports Interactive
2008-03-10 20:01:23 0 dr-h----- C:\Users\Kevin V\AppData\Roaming\SecuROM
2008-03-10 19:59:00 0 d--h----- C:\Program Files\Zero G Registry
2008-03-10 19:57:48 0 d-------- C:\Program Files\Sports Interactive
2008-03-10 18:26:42 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-03-10 18:13:26 0 d-------- C:\Program Files\Electronic Arts
2008-03-10 13:37:59 0 d-------- C:\Program Files\Ventrilo
2008-03-10 13:37:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 13:08:29 0 d-------- C:\Program Files\Java
2008-03-10 12:57:55 174 --ahs---- C:\Program Files\desktop.ini
2008-03-10 12:46:40 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-10 12:42:10 0 d-------- C:\Program Files\PowerISO
2008-03-10 12:40:32 0 d-------- C:\Program Files\Windows Calendar
2008-03-10 12:40:21 0 d-------- C:\Program Files\Windows Defender
2008-03-10 12:40:07 0 d-------- C:\Program Files\Windows Sidebar
2008-03-10 12:26:13 0 d-------- C:\Users\Kevin V\AppData\Roaming\DAEMON Tools
2008-03-10 12:03:23 0 d-------- C:\Program Files\XviD
2008-03-10 11:55:33 0 d-------- C:\Users\Kevin V\AppData\Roaming\DivX
2008-03-10 11:51:39 0 d-------- C:\Program Files\Windows Live
2008-03-10 11:51:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-10 11:46:24 0 d-------- C:\Program Files\DivX
2008-03-10 11:46:17 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-10 11:40:12 0 d-------- C:\Program Files\Common Files\Java
2008-03-10 11:36:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-10 11:33:16 0 d-------- C:\Users\Kevin V\AppData\Roaming\WinRAR
2008-03-10 11:27:35 0 d-------- C:\Program Files\Lavasoft
2008-03-10 11:22:46 0 d-------- C:\Users\Kevin V\AppData\Roaming\Macromedia
2008-03-10 11:20:59 0 --a------ C:\Windows\nsreg.dat
2008-03-10 11:20:56 0 d-------- C:\Users\Kevin V\AppData\Roaming\Mozilla
2008-03-10 11:07:43 0 d-------- C:\Program Files\Symantec
2008-03-10 03:37:25 0 d-------- C:\Program Files\Fingerprint Reader Suite
2008-03-10 03:36:00 0 d-------- C:\Program Files\Dell
2008-03-10 03:32:11 0 d-------- C:\Program Files\SigmaTel
2008-03-10 03:31:26 0 d-------- C:\Program Files\Marvell
2008-03-10 03:30:58 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-10 03:30:41 0 d-------- C:\Users\Kevin V\AppData\Roaming\TMP
2008-03-10 03:29:14 0 d-------- C:\Program Files\Intel
2008-03-10 03:19:15 0 d-------- C:\Users\Kevin V\AppData\Roaming\Intel
2008-03-10 03:12:21 0 d-------- C:\Users\Kevin V\AppData\Roaming\Identities
2008-03-04 12:33:18 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-02-21 10:05:44 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-21 10:04:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 10:04:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-21 10:04:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 10:04:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:04:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:04:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [24/07/2007 06:02 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07/09/2007 10:23 AM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [10/05/2007 01:01 AM]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [16/04/2007 10:50 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 12:59 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [04/10/2007 09:24 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [04/10/2007 09:24 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [04/10/2007 09:24 PM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [04/10/2007 09:24 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 05:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/03/2008 12:20 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 AM]
"Steam"="c:\program files\steam\steam.exe" [28/03/2008 09:14 AM]
"cmds"="C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:36 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/9/2007 4:27:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 16/04/2007 11:04 PM 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2aa276e5]
rundll32.exe "C:\Users\KEVINV~1\AppData\Local\Temp\hyueuwss.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\ljJYQHby.dll,#1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"cmds"=rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47aa591a-ee5c-11dc-be9e-001d09397728}]
AutoRun\command- F:\autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-10 01:10:34 ------------
Attached Files
File Type: txt main.txt (22.8 KB, 0 views)
joolies is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2008, 09:31 PM   #2 (permalink)
Registered User
 
Join Date: May 2008
Posts: 5
OS: vista


Re: constant popups, few website problems, possible vundo
bump.
joolies is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2008, 10:20 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 18,173
OS: WinXP and Win98se


Re: constant popups, few website problems, possible vundo
Hello joolies and welcome,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure how to do this, please see this link http://www.bleepingcomputer.com/forums/topic114351.html

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-13-2008, 03:03 AM   #4 (permalink)
Registered User
 
Join Date: May 2008
Posts: 5
OS: vista


Re: constant popups, few website problems, possible vundo
ok here it is.

ComboFix 08-05-12.1 - Kevin V 2008-05-13 17:49:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2076 [GMT 8:00]
Running from: C:\Users\Kevin V\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 09:38 --------- d-----w C:\Program Files\Steam
2008-05-12 14:47 262,144 ----a-w C:\ntuser.dat
2008-05-12 10:34 67,225 ----a-w C:\Users\Kevin V\AppData\Roaming\nvModes.dat
2008-05-12 10:10 --------- d---a-w C:\ProgramData\TEMP
2008-05-09 13:07 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-09 11:44 --------- d-----w C:\Program Files\Panda Security
2008-05-09 11:31 --------- d-----w C:\ProgramData\Symantec
2008-05-09 11:26 --------- d-----w C:\Program Files\Common Files\Motive
2008-05-09 10:59 --------- d-----w C:\Program Files\Trend Micro
2008-05-08 16:06 --------- d-----w C:\Program Files\Image-Line
2008-05-08 09:49 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Xfire
2008-05-08 08:49 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-07 10:24 --------- d-----w C:\Program Files\VstPlugins
2008-05-06 13:59 --------- d-----w C:\Program Files\Outsim
2008-05-06 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 13:41 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-04 01:07 --------- d-----w C:\ProgramData\Xfire
2008-05-04 01:07 --------- d-----w C:\Program Files\Xfire
2008-04-30 17:53 --------- d-----w C:\Program Files\TVAnts
2008-04-30 16:29 --------- d-----w C:\Program Files\Microsoft Games
2008-04-30 16:28 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Microsoft Games
2008-04-30 16:15 --------- d-----w C:\Program Files\SopCast
2008-04-30 00:58 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-04-29 12:19 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Hamachi
2008-04-29 10:28 --------- d-----w C:\Program Files\Hamachi
2008-04-29 10:27 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-04-28 13:27 --------- d-----w C:\Users\Kevin V\AppData\Roaming\BSplayer
2008-04-28 13:27 --------- d-----w C:\Program Files\Webteh
2008-04-28 13:21 --------- d-----w C:\Users\Kevin V\AppData\Roaming\BSplayer Pro
2008-04-28 13:15 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Media Player Classic
2008-04-26 02:00 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Skype
2008-04-26 01:58 --------- d-----w C:\Users\Kevin V\AppData\Roaming\skypePM
2008-04-24 14:37 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-24 14:37 32 ----a-w C:\ProgramData\ezsid.dat
2008-04-24 14:30 --------- d-----w C:\ProgramData\Skype
2008-04-24 14:30 --------- d-----w C:\Program Files\Skype
2008-04-24 14:30 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-24 08:58 --------- d-----w C:\Users\Kevin V\AppData\Roaming\LimeWire
2008-04-21 10:22 --------- d-----w C:\ProgramData\Motive
2008-04-18 14:04 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Motive
2008-04-18 13:21 --------- d-----w C:\Program Files\SingTelACT
2008-04-13 15:46 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-04-11 15:58 --------- d-----w C:\Program Files\PFConfig
2008-04-05 14:07 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Ventrilo
2008-04-02 14:17 --------- d-----w C:\ProgramData\WinZip
2008-03-18 14:20 --------- d-----w C:\Program Files\BitComet
2008-03-18 14:15 --------- d-----w C:\Program Files\LimeWire
2008-03-18 10:36 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-18 09:30 --------- d-----w C:\Users\Kevin V\AppData\Roaming\SystemRequirementsLab
2008-03-18 09:30 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-15 12:18 --------- d-----w C:\Program Files\GoldWave
2008-03-15 08:10 --------- d-----w C:\Program Files\AVIcodec
2008-03-15 06:46 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-15 05:50 --------- d-----w C:\Program Files\VirtualDub
2008-03-13 02:12 --------- d-----w C:\Program Files\Windows Mail
2008-03-10 10:27 22,328 ----a-w C:\Users\Kevin V\AppData\Roaming\PnkBstrK.sys
2008-03-10 10:27 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-10 10:26 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-03-10 10:26 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-10 04:57 174 --sha-w C:\Program Files\desktop.ini
2008-03-10 04:35 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-10 04:35 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-10 04:35 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-10 04:35 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-10 04:35 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-10 04:35 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-10 04:35 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-10 04:35 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-10 04:35 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-10 04:34 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-10 04:34 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-10 04:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-10 04:30 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-10 04:29 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-10 04:28 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-10 04:28 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-10 04:28 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-10 04:28 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-10 04:28 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-10 04:28 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-10 04:28 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-10 04:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-10 04:28 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-10 04:28 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-10 04:26 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-10 04:26 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-10 04:26 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-10 04:26 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-10 04:26 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-10 04:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-10 04:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-10 04:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-10 04:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-10 04:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-10 04:23 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-03-10 04:23 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-03-10 04:23 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-03-10 04:23 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-03-10 04:23 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-03-10 04:23 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-10 12:20 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 09:14 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 20:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 18:02 174616]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 10:23 405504]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 01:01 36864]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 12:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 17:45 222208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2aa276e5]
C:\Users\KEVINV~1\AppData\Local\Temp\hyueuwss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\KEVINV~1\AppData\Local\Temp\ljJYQHby.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"cmds"=rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c
"BM29914579"=Rundll32.exe "C:\Users\KEVINV~1\AppData\Local\Temp\ssrmiogr.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4399A8B1-E284-4931-A46B-42DDC3251AD7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44C6ADA9-D8E5-4B43-AB7C-5FBAEAE0A74A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B584ADBB-900A-49EA-A966-3B35FC4D37A9}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{F85E551C-AF35-40EC-8E74-6CCBC2D2A49A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{FD28876A-EBDE-4916-B05E-E569F210A1A4}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{44AEDD18-5FCB-420F-81B5-9FBD1C9A13FF}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{97E78873-AB0F-46B9-AC00-9C1A518CEB5D}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{DBEF6AA3-C720-429D-BE2C-7F01E9785F9D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{02B76D10-931A-4193-A90B-17EFD0D48A4B}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C8F45911-B126-43E6-B1C1-4CED55854C83}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{01AAD0EF-87F5-4356-8FFE-51C320A9B3F9}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{2C545E59-CA75-4D98-8263-76997A16DA78}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3878FD1D-B4A2-45E2-AC3D-56A64562A64F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D44969EE-FCC1-4CCC-A65C-3E90349081CA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0F10ED1E-875C-4AA9-8DC9-4E1CD7F568FA}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{E73E25C6-BDE6-4B9F-88FD-B67D994E1D29}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-14 02:51]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 13:25]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 18:45]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-04-16 22:44]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-02-05 14:21]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-02-05 14:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-07 17:11]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47aa591a-ee5c-11dc-be9e-001d09397728}]
\shell\AutoRun\command - F:\autorun.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 12:00:08 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Kevin V.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 17:55:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\stacsv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-13 17:58:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 09:58:23

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

258 --- E O F --- 2008-05-11 15:13:22





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:23 PM, on 13/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\Kevin V.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8162 bytes
Last edited by joolies : 05-13-2008 at 03:14 AM.
joolies is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-13-2008, 07:44 AM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 18,173
OS: WinXP and Win98se


Re: constant popups, few website problems, possible vundo
Quote:
ive tried vundofix.exe, and it has identified one file, but when i attempt to remove it, it tells me to reboot. it is supposed to open after my pc reboots, but it doesnt.
I'm not seeing anything active in these logs, joolies. What file did VundoFix identify?

Open notepad and copy/paste the entire text in the code box below: (don't forget to copy and paste REGEDIT4)

Code:
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2aa276e5]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs!
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-13-2008, 01:02 PM   #6 (permalink)
Registered User
 
Join Date: May 2008
Posts: 5
OS: vista


Re: constant popups, few website problems, possible vundo
it identified a file before, but i ran it again and now it doesnt detect.

it appears my symptoms are all gone. i can browse any web page, and im no longer getting popups. i dont know how or why..... but ill just make sure im rid of them.

heres the online scan report.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 14, 2008 3:57:02 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 770423
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 87029
Number of viruses found: 3
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:02:43

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080510005615\backup\Users\KEVINV~1\AppData\Local\Temp\ifwjbggg.dll Infected: Trojan.Win32.Monder.de skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile15.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile16.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile17.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile18.sqm Object is locked skipped
C:\Deckard\System Scanner\20080510005615\backup\Windows\temp\fwtsqmfile19.sqm Object is locked skipped
C:\Dell\R167855.EXE Object is locked skipped
C:\Dell\R99254.EXE Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Image-Line\FL Studio 8\fruityloops.studio.producer.edition.xxl.v8.0.0.exe/data0000.cab/is202031.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Program Files\Image-Line\FL Studio 8\fruityloops.studio.producer.edition.xxl.v8.0.0.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Program Files\Image-Line\FL Studio 8\fruityloops.studio.producer.edition.xxl.v8.0.0.exe Rsrc-Package: infected - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\UsrClass.dat{4b9573b1-ee89-11dc-8f55-001d09397728}.TM.blf Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\UsrClass.dat{4b9573b1-ee89-11dc-8f55-001d09397728}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows\UsrClass.dat{4b9573b1-ee89-11dc-8f55-001d09397728}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Kevin V\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Kevin V\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Kevin V\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Kevin V\Downloads\Downloaded Apps\daemon4121-lite.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\Users\Kevin V\Downloads\Downloaded Apps\daemon4121-lite.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\Users\Kevin V\Downloads\Downloaded Apps\daemon4121-lite.exe NSIS: infected - 2 skipped
C:\Users\Kevin V\NTUSER.DAT Object is locked skipped
C:\Users\Kevin V\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Kevin V\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Kevin V\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Kevin V\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Kevin V\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{7110924C-A6A5-42FC-8B13-C08F5C41E6F2}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.