Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Hey, typical computer problem here.

This is a discussion on Hey, typical computer problem here. within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. First off, thanks in advance for helping me out! :) I'm here because my computer has been giving me random


 
 
Thread Tools Search this Thread
Old 03-02-2009, 02:25 AM   #1
Guest
 
Join Date: Mar 2009
Posts: 3
OS:



First off, thanks in advance for helping me out! :) I'm here because my computer has been giving me random pop-up ads, sometimes even if no browser is open. In addition my computer is running slow. (I know there's a sticky section on that, which I'll read right after I post this!) Webpages are loading slowly, Firefox will randomly stop responding, etc. I had BitComet on my computer but uninstalled the program before doing this. I did, however, move all the things I downloaded to another folder. (Mainly MP3's, but some also have text files, cd covers, as well as .bc! files, which means the program didn't complete downloading the file.)
Also, I'm in the process of backing up my files, but I'm wondering, should I save it to the D: drive already on my computer? Isn't that what it's meant for? I also have an external hard drive, but isn't there a chance some files are contaminated?

I've got everything on the checklist. I've attached the Attach.zip folder.
By the way, just thought I should mention that after I ran gmer.exe and closed the program, I get a pop-up telling me that gmer.exe may not have downloaded properly. I deleted the first one I downloaded, ran it again, and it said the same thing. The results of the scan were the same each time.

And here is the log from DDS.txt


DDS (Ver_09-02-01.01) - NTFSx86
Run by Gino at 3:56:10.92 on Mon 03/02/2009
Internet Explorer: 7.0.6000.16809 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.85 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Users\Gino\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbkcoms.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxddcoms.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM\aim.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Gino\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.us.acer.yahoo.com
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*https://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*https://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LSA Shellu] c:\users\gino\lsass.exe
uRun: [dozebetizi] Rundll32.exe "c:\programdata\beyugazo\beyugazo.dll",s
uRun: [CPMf7ba301a] Rundll32.exe "c:\programdata\zijojere\zijojere.dll",a
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [Acer Tour]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\users\gino\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\gino\appdata\roaming\mozilla\firefox\profiles\w430uhqx.default\
FF - prefs.js: browser.startup.homepage - mail.yahoo.com
FF - component: c:\users\gino\appdata\roaming\mozilla\firefox\profiles\w430uhqx.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\users\gino\appdata\roaming\mozilla\firefox\profiles\w430uhqx.default\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

============= SERVICES / DRIVERS ===============

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-8-6 13560]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-03-02 03:22 <DIR> --d----- c:\programdata\bupabobi
2009-03-02 03:22 <DIR> --d----- c:\progra~2\bupabobi
2009-03-01 20:16 128 a------- c:\users\gino\iexplorer.exe
2009-02-28 19:19 <DIR> --d----- c:\programdata\zijojere
2009-02-28 19:19 <DIR> --d----- c:\progra~2\zijojere
2009-02-28 19:14 <DIR> --d----- c:\programdata\mavozebu
2009-02-28 19:14 <DIR> --d----- c:\programdata\gehiraso
2009-02-28 19:14 <DIR> --d----- c:\programdata\beyugazo
2009-02-28 19:14 <DIR> --d----- c:\progra~2\mavozebu
2009-02-28 19:14 <DIR> --d----- c:\progra~2\gehiraso
2009-02-28 19:14 <DIR> --d----- c:\progra~2\beyugazo
2009-02-23 02:47 <DIR> --d----- c:\program files\Steinberg
2009-02-15 23:43 428,032 a------- c:\windows\system32\EncDec.dll
2009-02-15 23:43 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-15 23:43 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-02-15 23:43 292,352 a------- c:\windows\system32\psisdecd.dll
2009-02-15 23:43 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-02-15 23:43 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-15 23:43 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-02-15 23:43 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-02-09 05:03 <DIR> --d----- c:\program files\Audacity
2009-02-09 04:43 28,672 a------- c:\users\gino\ieframes.dll
2009-02-08 16:24 52,224 ---sh--- c:\users\gino\lsass.exe
2009-01-31 20:37 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-01-29 02:24 6,062 a------- c:\users\gino\appdata\roaming\wklnhst.dat
2009-01-14 23:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-14 23:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-14 23:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-14 23:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-12-20 06:21 56 a---h--- c:\programdata\ezsidmv.dat
2008-12-20 06:21 56 a---h--- c:\progra~2\ezsidmv.dat
2008-12-18 17:09 174 a--sh--- c:\program files\desktop.ini
2008-12-04 10:38 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-04 10:38 51,200 a------- c:\windows\inf\infpub.dat
2008-12-04 10:38 86,016 a------- c:\windows\inf\infstor.dat
2008-09-28 22:35 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:57:15.63 ===============
Attached Files
File Type: zip Attach.zip (3.1 KB, 15 views)
daginobino is offline  
Sponsored Links
Advertisement
 
Old 03-03-2009, 05:28 AM   #2
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Please visit this webpage for download links, and instructions for running combofix:

https://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Old 03-03-2009, 03:31 PM   #3
Guest
 
Join Date: Mar 2009
Posts: 3
OS:



ComboFix 09-03-02.03 - Gino 2009-03-03 17:21:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.296 [GMT -5:00]
Running from: c:\users\Gino\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Gino\lsass.exe
c:\windows\system32\x64
c:\windows\Tasks\wkibdroi.job

.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-03 12:01 . 2009-03-03 12:07 <DIR> d-------- c:\users\All Users\yivozizi
2009-03-03 12:01 . 2009-03-03 12:07 <DIR> d-------- c:\programdata\yivozizi
2009-03-02 23:26 . 2009-03-02 23:26 <DIR> d-------- c:\users\All Users\ridogeku
2009-03-02 23:26 . 2009-03-02 23:30 <DIR> d-------- c:\users\All Users\raseloka
2009-03-02 23:26 . 2009-03-02 23:26 <DIR> d-------- c:\users\All Users\patohono
2009-03-02 23:26 . 2009-03-02 23:26 <DIR> d-------- c:\users\All Users\darekove
2009-03-02 23:26 . 2009-03-02 23:26 <DIR> d-------- c:\programdata\ridogeku
2009-03-02 23:26 . 2009-03-02 23:30 <DIR> d-------- c:\programdata\raseloka
2009-03-02 23:26 . 2009-03-02 23:26 <DIR> d-------- c:\programdata\patohono
2009-03-02 23:26 . 2009-03-02 23:26 <DIR> d-------- c:\programdata\darekove
2009-03-02 03:59 . 2009-03-02 04:19 250 --a------ c:\windows\gmer.ini
2009-03-02 03:22 . 2009-03-02 03:22 <DIR> d-------- c:\users\All Users\bupabobi
2009-03-02 03:22 . 2009-03-02 03:22 <DIR> d-------- c:\programdata\bupabobi
2009-02-28 19:19 . 2009-03-02 17:46 <DIR> d-------- c:\users\All Users\zijojere
2009-02-28 19:19 . 2009-03-02 17:46 <DIR> d-------- c:\programdata\zijojere
2009-02-28 19:14 . 2009-02-28 19:14 <DIR> d-------- c:\users\All Users\mavozebu
2009-02-28 19:14 . 2009-02-28 19:14 <DIR> d-------- c:\users\All Users\gehiraso
2009-02-28 19:14 . 2009-03-02 17:46 <DIR> d-------- c:\users\All Users\beyugazo
2009-02-28 19:14 . 2009-02-28 19:14 <DIR> d-------- c:\programdata\mavozebu
2009-02-28 19:14 . 2009-02-28 19:14 <DIR> d-------- c:\programdata\gehiraso
2009-02-28 19:14 . 2009-03-02 17:46 <DIR> d-------- c:\programdata\beyugazo
2009-02-23 02:47 . 2009-02-23 02:48 <DIR> d-------- c:\program files\Steinberg
2009-02-15 23:43 . 2008-12-04 23:29 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-02-15 23:43 . 2008-12-04 23:29 428,032 --a------ c:\windows\System32\EncDec.dll
2009-02-15 23:43 . 2008-12-04 23:29 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 23:43 . 2008-12-04 23:29 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 23:43 . 2008-12-04 23:29 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 23:43 . 2008-12-04 23:29 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-15 23:43 . 2008-12-04 23:29 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-02-15 23:43 . 2008-12-04 23:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-02-09 05:03 . 2009-02-09 05:03 <DIR> d-------- c:\program files\Audacity
2009-02-09 04:43 . 2009-02-09 04:43 28,672 --a------ c:\users\Gino\ieframes.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 08:53 --------- d-----w c:\program files\BitComet
2009-02-12 02:42 --------- d-----w c:\program files\Windows Mail
2009-02-01 01:36 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-01 01:36 --------- d-----w c:\program files\Java
2009-01-29 07:24 6,062 ----a-w c:\users\Gino\AppData\Roaming\wklnhst.dat
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-20 11:21 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-12-20 11:21 56 ---ha-w c:\programdata\ezsidmv.dat
2008-12-18 22:09 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-28 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"dozebetizi"="c:\programdata\patohono\patohono.dll" [ 47616]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-23 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 857648]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-28 707080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-04 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-04 138008]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\users\Gino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-06 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 17:49 151552 c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 14:35 67112 c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6047A0BC-CEF4-4B05-98F6-057F730DC678}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D8EC5F5-E963-4F20-9241-250702DA83A5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{83597560-5BBB-4C7F-8A45-AECC026FA21A}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{3821FF1D-10EB-4D65-95D8-9529B20B1868}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{7CF68F0B-6091-425B-98C2-93B3980D2017}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{8C23332C-F8E2-41B5-9F8A-4D567C921B62}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{B6983636-26F2-4B95-A24F-9563C6C8B3D5}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{C031BE91-5B0F-42C6-A7C5-EF2D50A24930}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{CFDAC590-211F-4A60-80E2-A55AC011C362}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{F506A637-3F63-410C-B823-177DD20AEB4D}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{87667E18-BAE1-4E59-BCD7-708CEDA2E981}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9F68B69E-DF8C-4D73-898D-6CD44420ADF8}"= UDP:c:\program files\Common Files\AOL\1222660918\ee\aolsoftware.exe:AOL Services
"{1CA1DF13-2466-4075-B6B5-CCE5B13042E1}"= TCP:c:\program files\Common Files\AOL\1222660918\ee\aolsoftware.exe:AOL Services
"{D2BC0593-2819-4221-BFB6-0D984831618E}"= UDP:c:\program files\Common Files\AOL\1222660918\ee\aim6.exe:AIM
"{6D2C367C-00A9-4B0F-BCCA-875B57C43CC6}"= TCP:c:\program files\Common Files\AOL\1222660918\ee\aim6.exe:AIM
"{7AF86DD4-845F-4027-8503-EA35A05C760E}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6DA91F56-610B-4D96-B69B-F28873553F34}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B55E90C2-1418-4EFE-9F64-CF13C3A4C3C3}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{25374D40-6DA2-4809-A9A6-5597D6F9CE1B}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{4C7EF93A-DE27-44F4-AAE5-B17370CB5466}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{F25E85DD-D733-440E-9E96-8DF0358A78F2}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"{57608496-FC72-4197-98C1-8C84448F36EE}"= UDP:c:\windows\System32\dlbkcoms.exe:AIO Printer A920 Server
"{E1CE1792-A683-491E-AC58-34665AEAED92}"= TCP:c:\windows\System32\dlbkcoms.exe:AIO Printer A920 Server
"TCP Query User{99170CDE-5A6C-4337-B9A1-8135C1EE5526}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{5745F54C-80B7-4778-B431-8BB11512228D}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{2F4AFF02-8C87-41F1-9E47-5F7CB359A714}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{F30DE9E5-E643-4C5B-AC96-F46AC317AF73}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"{DCDE8569-622F-4097-9C0B-CFF0BBA0F930}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FDBD7813-0897-44C9-BDF1-D54126E7BB36}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{5A788FA7-D385-4A27-93B4-A6AF329DD457}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{74B8D68D-F161-4563-8380-EE00E8DD549C}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{64888B1B-6650-4FE3-8A3B-DCFA5A7C7981}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{18CD09DF-C385-4D9E-B0DC-F4C2E8F891D0}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{7E00820F-9C5B-4CC6-9D92-CDB24BF3A350}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{6C8CC1A3-759C-447B-B1E1-261F741B3549}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{F78E89CA-4406-447D-ACBC-3A1AF3150A37}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{38F87C6A-7FB3-429F-A17D-035FFA374A11}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{813B5EBA-9083-4A09-A28E-93C14948ADC2}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{6B5B97E4-6E19-45ED-B478-E3E52DF4D450}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{1BD8206B-8C4C-4D49-AE2A-9B3A2FC798C8}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{1AA7278A-7395-48F3-BC47-84DEDD8EC2A9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{66D3DBE9-40E8-41FA-99EF-F107C7C09800}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"{15C50A5C-6C72-48A3-9445-129785C835D3}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"TCP Query User{910C7900-A9FE-49B8-A3F5-BC622C08EC78}c:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:c:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Application
"UDP Query User{143E2B1A-4ADD-40C9-A6CA-09D6834822EE}c:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:c:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Application
"{FBED409E-61A0-4816-B042-A791BA7D0C64}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{20792559-2C49-4753-A113-5E457A44D8C5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F00A4428-37AB-45DF-BCB0-22A349ABC8D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{69BF27A0-5115-4E39-AE47-45949EEAEB20}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{9377D5E0-A49C-41D3-982C-6ED8C542842D}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-08-06 19:46:16 13560]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [2007-05-25 99248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-22 180736]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0d0e01c-013b-11de-8944-9a9b2d5c52d4}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LSA Shellu - c:\users\Gino\lsass.exe
HKCU-Run-CPMf7ba301a - c:\programdata\yivozizi\yivozizi.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gino\AppData\Roaming\Mozilla\Firefox\Profiles\w430uhqx.default\
FF - prefs.js: browser.startup.homepage - mail.yahoo.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Gino\AppData\Roaming\Mozilla\Firefox\Profiles\w430uhqx.default\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-03-03 17:23:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-03 17:25:57
ComboFix-quarantined-files.txt 2009-03-03 22:25:54

Pre-Run: 1,201,549,312 bytes free
Post-Run: 1,162,657,792 bytes free

210 --- E O F --- 2009-03-02 21:46:37
daginobino is offline  
Sponsored Links
Advertisement
 
Old 03-03-2009, 03:59 PM   #4
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Hello again daginobino

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

========

Click Start> Control Panel>Programs>Program and Features and uninstall the following programs:

Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: https://www.clickz.com/news/article.php/3561546

Additional Information Here

==========

Open notepad and copy/paste the text in the quotebox below into it:

Code:
Folder::
c:\users\All Users\yivozizi
c:\programdata\yivozizi
c:\users\All Users\ridogeku
c:\users\All Users\raseloka
c:\users\All Users\patohono
c:\users\All Users\darekove
c:\programdata\ridogeku
c:\programdata\raseloka
c:\programdata\patohono
c:\programdata\darekove
c:\users\All Users\bupabobi
c:\programdata\bupabobi
c:\users\All Users\zijojere
c:\programdata\zijojere
c:\users\All Users\mavozebu
c:\users\All Users\gehiraso
c:\users\All Users\beyugazo
c:\programdata\mavozebu
c:\programdata\gehiraso
c:\programdata\beyugazo
c:\program files\BitComet

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{99170CDE-5A6C-4337-B9A1-8135C1EE5526}c:\\program files\\bitcomet\\bitcomet.exe"=-
"UDP Query User{5745F54C-80B7-4778-B431-8BB11512228D}c:\\program files\\bitcomet\\bitcomet.exe"= -
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0d0e01c-013b-11de-8944-9a9b2d5c52d4}]

File::
F:\Start.exe
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

=========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report


How is the system running now.
__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Old 03-03-2009, 09:24 PM   #5
Guest
 
Join Date: Mar 2009
Posts: 3
OS:



The system's running fine. I'm not getting anymore random pop-up ads! Here are the logs.

ComboFix 09-03-02.03 - Gino 2009-03-03 20:18:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.169 [GMT -5:00]
Running from: c:\users\Gino\Desktop\ComboFix.exe
Command switches used :: c:\users\Gino\Desktop\CFscript.txt
* Created a new restore point

FILE ::
F:\Start.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitComet
c:\programdata\beyugazo
c:\programdata\bupabobi
c:\programdata\bupabobi\bupabobi.exe
c:\programdata\darekove
c:\programdata\darekove\darekove.dll
c:\programdata\gehiraso
c:\programdata\gehiraso\gehiraso.dll
c:\programdata\mavozebu
c:\programdata\mavozebu\mavozebu.dll
c:\programdata\patohono
c:\programdata\patohono\patohono.dll
c:\programdata\raseloka
c:\programdata\ridogeku
c:\programdata\ridogeku\ridogeku.dll
c:\programdata\yivozizi
c:\programdata\zijojere
c:\users\All Users\bupabobi\bupabobi.exe
c:\users\All Users\darekove\darekove.dll
c:\users\All Users\gehiraso\gehiraso.dll
c:\users\All Users\mavozebu\mavozebu.dll
c:\users\All Users\patohono\patohono.dll
c:\users\All Users\ridogeku\ridogeku.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-02 03:59 . 2009-03-02 04:19 250 --a------ c:\windows\gmer.ini
2009-02-23 02:47 . 2009-02-23 02:48 <DIR> d-------- c:\program files\Steinberg
2009-02-15 23:43 . 2008-12-04 23:29 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-02-15 23:43 . 2008-12-04 23:29 428,032 --a------ c:\windows\System32\EncDec.dll
2009-02-15 23:43 . 2008-12-04 23:29 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 23:43 . 2008-12-04 23:29 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 23:43 . 2008-12-04 23:29 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 23:43 . 2008-12-04 23:29 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-15 23:43 . 2008-12-04 23:29 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-02-15 23:43 . 2008-12-04 23:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-02-09 05:03 . 2009-02-09 05:03 <DIR> d-------- c:\program files\Audacity
2009-02-09 04:43 . 2009-02-09 04:43 28,672 --a------ c:\users\Gino\ieframes.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 02:42 --------- d-----w c:\program files\Windows Mail
2009-02-01 01:36 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-01 01:36 --------- d-----w c:\program files\Java
2009-01-29 07:24 6,062 ----a-w c:\users\Gino\AppData\Roaming\wklnhst.dat
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-20 11:21 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-12-20 11:21 56 ---ha-w c:\programdata\ezsidmv.dat
2008-12-18 22:09 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( [email protected]_17.24.42.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-03 17:09:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-04 01:23:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-03 22:24:00 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-04 01:23:33 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-28 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-23 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 857648]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-28 707080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-04 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-04 138008]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\users\Gino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-06 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 17:49 151552 c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 14:35 67112 c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6047A0BC-CEF4-4B05-98F6-057F730DC678}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D8EC5F5-E963-4F20-9241-250702DA83A5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{83597560-5BBB-4C7F-8A45-AECC026FA21A}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{3821FF1D-10EB-4D65-95D8-9529B20B1868}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{7CF68F0B-6091-425B-98C2-93B3980D2017}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{8C23332C-F8E2-41B5-9F8A-4D567C921B62}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{B6983636-26F2-4B95-A24F-9563C6C8B3D5}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{C031BE91-5B0F-42C6-A7C5-EF2D50A24930}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{CFDAC590-211F-4A60-80E2-A55AC011C362}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{F506A637-3F63-410C-B823-177DD20AEB4D}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{87667E18-BAE1-4E59-BCD7-708CEDA2E981}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9F68B69E-DF8C-4D73-898D-6CD44420ADF8}"= UDP:c:\program files\Common Files\AOL\1222660918\ee\aolsoftware.exe:AOL Services
"{1CA1DF13-2466-4075-B6B5-CCE5B13042E1}"= TCP:c:\program files\Common Files\AOL\1222660918\ee\aolsoftware.exe:AOL Services
"{D2BC0593-2819-4221-BFB6-0D984831618E}"= UDP:c:\program files\Common Files\AOL\1222660918\ee\aim6.exe:AIM
"{6D2C367C-00A9-4B0F-BCCA-875B57C43CC6}"= TCP:c:\program files\Common Files\AOL\1222660918\ee\aim6.exe:AIM
"{7AF86DD4-845F-4027-8503-EA35A05C760E}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6DA91F56-610B-4D96-B69B-F28873553F34}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B55E90C2-1418-4EFE-9F64-CF13C3A4C3C3}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{25374D40-6DA2-4809-A9A6-5597D6F9CE1B}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{4C7EF93A-DE27-44F4-AAE5-B17370CB5466}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{F25E85DD-D733-440E-9E96-8DF0358A78F2}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"{57608496-FC72-4197-98C1-8C84448F36EE}"= UDP:c:\windows\System32\dlbkcoms.exe:AIO Printer A920 Server
"{E1CE1792-A683-491E-AC58-34665AEAED92}"= TCP:c:\windows\System32\dlbkcoms.exe:AIO Printer A920 Server
"TCP Query User{2F4AFF02-8C87-41F1-9E47-5F7CB359A714}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{F30DE9E5-E643-4C5B-AC96-F46AC317AF73}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"{DCDE8569-622F-4097-9C0B-CFF0BBA0F930}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FDBD7813-0897-44C9-BDF1-D54126E7BB36}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{5A788FA7-D385-4A27-93B4-A6AF329DD457}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{74B8D68D-F161-4563-8380-EE00E8DD549C}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{64888B1B-6650-4FE3-8A3B-DCFA5A7C7981}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{18CD09DF-C385-4D9E-B0DC-F4C2E8F891D0}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{7E00820F-9C5B-4CC6-9D92-CDB24BF3A350}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{6C8CC1A3-759C-447B-B1E1-261F741B3549}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{F78E89CA-4406-447D-ACBC-3A1AF3150A37}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{38F87C6A-7FB3-429F-A17D-035FFA374A11}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{813B5EBA-9083-4A09-A28E-93C14948ADC2}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{6B5B97E4-6E19-45ED-B478-E3E52DF4D450}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{1BD8206B-8C4C-4D49-AE2A-9B3A2FC798C8}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{1AA7278A-7395-48F3-BC47-84DEDD8EC2A9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{66D3DBE9-40E8-41FA-99EF-F107C7C09800}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"{15C50A5C-6C72-48A3-9445-129785C835D3}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"TCP Query User{910C7900-A9FE-49B8-A3F5-BC622C08EC78}c:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:c:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Application
"UDP Query User{143E2B1A-4ADD-40C9-A6CA-09D6834822EE}c:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:c:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Application
"{FBED409E-61A0-4816-B042-A791BA7D0C64}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{20792559-2C49-4753-A113-5E457A44D8C5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F00A4428-37AB-45DF-BCB0-22A349ABC8D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{69BF27A0-5115-4E39-AE47-45949EEAEB20}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{9377D5E0-A49C-41D3-982C-6ED8C542842D}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-08-06 19:46:16 13560]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [2007-05-25 99248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-22 180736]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-dozebetizi - c:\programdata\patohono\patohono.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gino\AppData\Roaming\Mozilla\Firefox\Profiles\w430uhqx.default\
FF - prefs.js: browser.startup.homepage - mail.yahoo.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Gino\AppData\Roaming\Mozilla\Firefox\Profiles\w430uhqx.default\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-03-03 20:23:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5572)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dlbkcoms.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxddcoms.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\System32\igfxsrvc.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\windows\ehome\ehmsas.exe
c:\users\Gino\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-03-03 20:28:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 01:28:04
ComboFix2.txt 2009-03-03 22:25:58

Pre-Run: 1,183,195,136 bytes free
Post-Run: 1,051,566,080 bytes free

253 --- E O F --- 2009-03-02 21:46:37




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 3, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 04, 2009 0245
Records in database: 1867016
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 96039
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:17:51


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Users\Gino\lsass.exe.vir Infected: Backdoor.Win32.VB.ehs 1

The selected area was scanned.
daginobino is offline  
Old 03-04-2009, 05:10 AM   #6
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Hello again

Why is there no protection installed on this machine, it can take as little as eight seconds to become infected.

I see no evidence of an AntiVirus program on your system. This must be resolved. Go Here and download/install and run a scan, post the log from that scan in your reply.

You can choose an antivirus of your own if you wish.

======

You don't seem to have a firewall program installed. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

Run DDS again and post the DDS.txt in your reply along with the Avira scan report.
__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Old 03-09-2009, 12:27 PM   #7
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/f50/...lp-305963.html
__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:44 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts