Solved: Adtrgt and Mirar

tdarron · 04-Mar-2009, 01:17 PM #1

I have been experiencing some trouble as of late with adtrgt and mirar programs, I have been exhibiting the normal symptoms of Internet Explorer popping up and crashing (I use firefox). I also have not been able to complete windows updates for some time (this was prior to the adtrgt and mirar). And, since I have very little money to do anything but feed myself and pay rent, I have not been able to resubscribe for Pc-cillin. I would send my computer in, but like I said, my cash reserves are dry. Also, Internet Explorer hasnt been able to function for some time (prior to adtrgt and mirar). Lately my computer has been incredibly slow and I have processor spikes that last for about 30 seconds (something ties up my processors, also my page-file usage is abnormally high, its been in the 1.2-1.4 Gb range where if I remember right its usually 600Mb to 700Mb)

Quick Specs
Windows XP
2GB Ram
2 nVidia 8800GTS in SLI
2.4Ghz quad core, Intel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:55 AM, on 3/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Thomas Darron\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {034aafdd-d335-4328-8dd3-ad99121380cf} - C:\WINDOWS\system32\piwogome.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: {05cd2ded-d06b-7eab-0314-cdc081fbf267} - {762fbf18-0cdc-4130-bae7-b60dded2dc50} - C:\WINDOWS\system32\ewxqao.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [wetehidoze] Rundll32.exe "C:\WINDOWS\system32\nijoroze.dll",s
O4 - HKLM\..\Run: [9c7863af] rundll32.exe "C:\WINDOWS\system32\pasusowi.dll",b
O4 - HKLM\..\Run: [CPM9f4b5033] Rundll32.exe "c:\windows\system32\sujibiwi.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [wetehidoze] Rundll32.exe "C:\WINDOWS\system32\nijoroze.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wetehidoze] Rundll32.exe "C:\WINDOWS\system32\nijoroze.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA3AE21-F5E2-4465-8031-FE6A669451F8}: NameServer = 68.105.28.11,68.105.29.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA3AE21-F5E2-4465-8031-FE6A669451F8}: NameServer = 68.105.28.11,68.105.29.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AA3AE21-F5E2-4465-8031-FE6A669451F8}: NameServer = 68.105.28.11,68.105.29.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\vusunifo.dll ewxqao.dll c:\windows\system32\sujibiwi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 12949 bytes

tdarron · 04-Mar-2009, 03:25 PM #2

I forgot to mention that the errors are usually consistent when I use search engines or when I scan my computer.

tdarron · 04-Mar-2009, 06:55 PM #3

I hate to bump but it is becoming quite a hassle.

tdarron · 05-Mar-2009, 03:25 PM #4

I assume being on the 4th page means that either you all are swamped or my problem is that bad. I am guessing a mix of both.

tdarron · 06-Mar-2009, 03:01 AM #5

I cleaned a good 50-60Gb off my computer of stuff I never use, seeing if that may help. I doubt it did, but here is an updated log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:27 AM, on 3/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\eauninstall.exe
C:\Documents and Settings\Thomas Darron\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {034aafdd-d335-4328-8dd3-ad99121380cf} - C:\WINDOWS\system32\piwogome.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {c50e52ce-4988-0339-2d84-12e6f8be5338} - {8335eb8f-6e21-48d2-9330-8894ec25e05c} - C:\WINDOWS\system32\dwxflg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [wetehidoze] Rundll32.exe "C:\WINDOWS\system32\nijoroze.dll",s
O4 - HKLM\..\Run: [9c7863af] rundll32.exe "C:\WINDOWS\system32\wufasugu.dll",b
O4 - HKLM\..\Run: [CPM9f4b5033] Rundll32.exe "c:\windows\system32\yarewipe.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [wetehidoze] Rundll32.exe "C:\WINDOWS\system32\nijoroze.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wetehidoze] Rundll32.exe "C:\WINDOWS\system32\nijoroze.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA3AE21-F5E2-4465-8031-FE6A669451F8}: NameServer = 68.105.28.11,68.105.29.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA3AE21-F5E2-4465-8031-FE6A669451F8}: NameServer = 68.105.28.11,68.105.29.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AA3AE21-F5E2-4465-8031-FE6A669451F8}: NameServer = 68.105.28.11,68.105.29.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\vusunifo.dll dwxflg.dll c:\windows\system32\yarewipe.dll c:\windows\system32\wikufalu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yarewipe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yarewipe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 12450 bytes

tdarron · 07-Mar-2009, 09:21 PM #6

Hurm, not sure if registrydefender falls under the adtrgt category, but I have started to get popups from them as well.

tdarron · 07-Mar-2009, 11:44 PM #7

I will be on for a good 4-6 more hours, so if anyone would like to help, now would be wonderful as I am active now.

Kenny94 · 07-Mar-2009, 11:54 PM #8

Hi tdarron and Welcome to TSG!

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Next

Please download Malwarebytes Anti-Malware and save it to your desktop. alternate link 1 alternate link 2

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply with a new hijackthis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

tdarron · 12:16 AM

Quote:

Originally Posted by Kenny94

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

I have ATF open at the moment and for the life of me I cannot find a select all button or checkbox. Or do you mean go down the list and check them all?

Edit: Nevermind, I just selected them all.

tdarron · 08-Mar-2009, 12:01 AM **#10**

Oh, and thank you much for helping me out. I appreciate it much.

Kenny94 · 08-Mar-2009, 12:05 AM **#11**

Quote:

Originally Posted by tdarron

Oh, and thank you much for helping me out. I appreciate it much.

No problem. I be back on Sunday to look at your MBAM log. Your machine has a lot of infections and lets see what Malwarebytes cleans up and go from there...

tdarron · 08-Mar-2009, 12:34 AM **#12**

Here is my MBAM log. I think it said I had something on the order of 90-100 infected files, mainly vundo. It said I had to restart and it would clear out more files on reboot, so I rebooted, but right before it rebooted, MBAM had an error and needed to close, so I will run the scan again to make sure it deleted those things.

Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 2

3/7/2009 11:21:50 PM
mbam-log-2009-03-07 (23-21-49).txt

Scan type: Quick Scan
Objects scanned: 78559
Time elapsed: 11 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 8
Registry Keys Infected: 15
Registry Values Infected: 5
Registry Data Items Infected: 6
Folders Infected: 6
Files Infected: 53

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\raganapo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yipofoko.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vusunifo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\payeritu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nijoroze.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\piwogome.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\binuhejo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pimvog.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{af6afdbd-0106-4ab6-837a-98163bee773d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af6afdbd-0106-4ab6-837a-98163bee773d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{034aafdd-d335-4328-8dd3-ad99121380cf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{034aafdd-d335-4328-8dd3-ad99121380cf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{034a afdd-d335-4328-8dd3-ad99121380cf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af6a fdbd-0106-4ab6-837a-98163bee773d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c 9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c 9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c7863af (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wetehidoze (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9f4b503 3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vusunifo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vusunifo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vusunifo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\payeritu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\payeritu.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\pimvog.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\berikeki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikekireb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuhazepi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipezahuf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gumeyesu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\useyemug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kubemibo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obimebuk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nolomipu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upimolon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pasusowi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwosusap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pawovuda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aduvowap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\raganapo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opanagar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rilepoje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejopelir.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wewaroli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilorawew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wufasugu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugusafuw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yipofoko.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\okofopiy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nijoroze.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\payeritu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\piwogome.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vusunifo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\binuhejo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hsfd83jfdg.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinNB55.dll (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACbqjlbbow.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACewhwivxd.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACiqwgiadg.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACuxfujrwq.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACqpkplhyu.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas Darron\Local Settings\Temp\UAC277b.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas Darron\Local Settings\Temp\UAC29dc.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas Darron\Local Settings\Temp\UAC9c0f.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas Darron\Local Settings\Temp\winlognn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas Darron\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas Darron\Local Settings\Temp\mfsdatt.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas Darron\Local Settings\Temp\mir12g.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas Darron\Local Settings\Temp\3947322148.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090212223334968.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\kernel32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niwofuzu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACnsfteptk.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACqdklkvdg.log (Trojan.Agent) -> Quarantined and deleted successfully.

tdarron · 01:07 AM

Scanning again now I have 8 already, so I would assume thats the 8 memory modules infected, so it looks like I will need to reboot again.

Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 2

3/7/2009 11:47:21 PM
mbam-log-2009-03-07 (23-47-21).txt

Scan type: Quick Scan
Objects scanned: 78132
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\zehejevo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9f4b503 3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zehejevo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zehejevo.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\zehejevo.dll (Trojan.Vundo.H) -> Delete on reboot.

tdarron · 08-Mar-2009, 01:08 AM **#14**

And here is my new MBAM log showing that everything that was detected is now gone. So I am ready for when you get back.

Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 2

3/8/2009 12:04:56 AM
mbam-log-2009-03-08 (00-04-56).txt

Scan type: Quick Scan
Objects scanned: 78072
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kenny94 · 05:59 AM

I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

So, we can remove your old anti-virus program and we'll install a free one next.

In your next reply, please include these log(s):

* HijackThis Uninstall List
* HijackThis log (new)

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard mouse network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!