20 replies to this topic

[houstonrockets]

Hi everyone,

I have a big problem. My Internet Explorer keeps popping up, directing me to http://url.adtrgt.com. Currently I have 64 windows open to that site, and I know its a result of Virtumonde virus. As of right now I've used SpyBot, AdAware, SpyDoctor, FixVundo, VundoFix, nothing has been able to get of this. I'm running a HiJack This fix and will be posting the log as soon as its done.

I also have another problem. I have Windows Vista 64 bit.. and running ComboFix it says that its incompatible with my system. What can I do!

Thank you very much for your help on this guys..

Edit: sorry accidentally double posted

Here's my Log from HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:15 PM, on 4/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Roger Jin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
E:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
E:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: (no name) - {effadca7-b00f-4ecb-a348-ba7a6c66cb97} - C:\Windows\SysWow64\hutijezu.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [filuvitifu] Rundll32.exe "C:\Windows\SysWow64\hutijezu.dll",s
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [CPM27ee8cac] Rundll32.exe "c:\windows\system32\gijoyeri.dll",a
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "E:\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Roger Jin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\Windows\system32\vujigami.dll c:\windows\system32\gijoyeri.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\gijoyeri.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\gijoyeri.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9bd0ea9db67b8) (gupdate1c9bd0ea9db67b8) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Windows Live OneCare Health Monitor (OcHealthMon) - Unknown owner - C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 18938 bytes

Edited by LDTate, 19 April 2009 - 04:21 PM.

[houstonrockets]

bump

[houstonrockets]

Bump again, why is this thread being completely ignored?

[CatByte]

Because you keep bumping your topic...helpers look for threads with 0 replies.

Please do the following:

As a Vista user I will require that all the programs I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programs may fail to do their job properly


To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All Users
• Check the Radio button for Rootkit check YES
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EventViewer Errors/Warnings (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[houstonrockets]

Thank you very much for your response CatByte, attached is the uploaded log. Please let me know if you need anything else.

http://www.mediafire...04e75f6e8ebb871

[CatByte]

Hi,

Please do the following:


Start OTScanIt2.
Copy/Paste the information inside the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {effadca7-b00f-4ecb-a348-ba7a6c66cb97} [HKLM] -> %SystemRoot%\SysWow64\hutijezu.dll [Reg Error: Value error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3082237054-12996388-1631165481-1000\] > -> HKEY_USERS\S-1-5-21-3082237054-12996388-1631165481-1000\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "CPM27ee8cac" -> %SystemRoot%\system32\wavoyolu.DLL [Rundll32.exe "c:\windows\system32\wavoyolu.dll",a]
YY -> "filuvitifu" -> %SystemRoot%\SysWow64\hutijezu.DLL [Rundll32.exe "C:\Windows\SysWow64\hutijezu.dll",s]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\Windows\system32\vujigami.dll -> %SystemRoot%\system32\vujigami.dll
YY -> c:\windows\system32\wavoyolu.dll -> %SystemRoot%\system32\wavoyolu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\SysWow64\wavoyolu.dll [SSODL]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\SysWow64\wavoyolu.dll [STS]
[Files/Folders - Created Within 30 Days]
NY -> wavoyolu.dll -> %SystemRoot%\System32\wavoyolu.dll
NY -> litilifu.dll -> %SystemRoot%\System32\litilifu.dll
NY -> sunotadi.dll -> %SystemRoot%\System32\sunotadi.dll
NY -> gijoyeri.dll -> %SystemRoot%\System32\gijoyeri.dll
NY -> jujutoji.dll -> %SystemRoot%\System32\jujutoji.dll
NY -> lunigiso.dll -> %SystemRoot%\System32\lunigiso.dll
NY -> jumidani.dll -> %SystemRoot%\System32\jumidani.dll
NY -> denezudu.dll -> %SystemRoot%\System32\denezudu.dll
NY -> jamamafo.dll -> %SystemRoot%\System32\jamamafo.dll
NY -> tasijapo.dll -> %SystemRoot%\System32\tasijapo.dll
NY -> mawiravi.dll -> %SystemRoot%\System32\mawiravi.dll
NY -> yutevaro.dll -> %SystemRoot%\System32\yutevaro.dll
NY -> tumisana.dll -> %SystemRoot%\System32\tumisana.dll
NY -> vujigami.dll -> %SystemRoot%\System32\vujigami.dll
NY -> vebeliso.dll -> %SystemRoot%\System32\vebeliso.dll
NY -> hutijezu.dll -> %SystemRoot%\System32\hutijezu.dll
NY -> tezepugi.dll -> %SystemRoot%\System32\tezepugi.dll
[Files/Folders - Modified Within 30 Days]
NY -> litahajo -> %SystemRoot%\System32\litahajo
NY -> wavoyolu.dll -> %SystemRoot%\System32\wavoyolu.dll
NY -> litilifu.dll -> %SystemRoot%\System32\litilifu.dll
NY -> kanolalo.exe -> %SystemRoot%\System32\kanolalo.exe
NY -> AWMBQT.exe -> %UserProfile%\AppData\Local\Temp\AWMBQT.exe
NY -> sunotadi.dll -> %SystemRoot%\System32\sunotadi.dll
NY -> gijoyeri.dll -> %SystemRoot%\System32\gijoyeri.dll
NY -> figebasi.exe -> %SystemRoot%\System32\figebasi.exe
NY -> jujutoji.dll -> %SystemRoot%\System32\jujutoji.dll
NY -> viyiyini.exe -> %SystemRoot%\System32\viyiyini.exe
NY -> jumidani.dll -> %SystemRoot%\System32\jumidani.dll
NY -> nitesani.exe -> %SystemRoot%\System32\nitesani.exe
NY -> denezudu.dll -> %SystemRoot%\System32\denezudu.dll
NY -> jamamafo.dll -> %SystemRoot%\System32\jamamafo.dll
NY -> nemirapu.exe -> %SystemRoot%\System32\nemirapu.exe
NY -> tasijapo.dll -> %SystemRoot%\System32\tasijapo.dll
NY -> mawiravi.dll -> %SystemRoot%\System32\mawiravi.dll
NY -> yutevaro.dll -> %SystemRoot%\System32\yutevaro.dll
NY -> tumisana.dll -> %SystemRoot%\System32\tumisana.dll
NY -> fovidogo.dll_old -> %SystemRoot%\System32\fovidogo.dll_old
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

[houstonrockets]

Thanks man, here's the updated log: http://www.mediafire...04e75f6e8ebb871

No active process named Explorer.EXE was found!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{effadca7-b00f-4ecb-a348-ba7a6c66cb97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{effadca7-b00f-4ecb-a348-ba7a6c66cb97}\ deleted successfully.
DllUnregisterServer procedure not found in C:\Windows\SysWow64\hutijezu.dll
C:\Windows\SysWow64\hutijezu.dll NOT unregistered.
C:\Windows\SysWow64\hutijezu.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
DllUnregisterServer procedure not found in C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll NOT unregistered.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3082237054-12996388-1631165481-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPM27ee8cac not found.
LoadLibrary failed for C:\Windows\system32\wavoyolu.DLL
C:\Windows\system32\wavoyolu.DLL NOT unregistered.
C:\Windows\system32\wavoyolu.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\filuvitifu deleted successfully.
File C:\Windows\SysWow64\hutijezu.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\system32\vujigami.dll deleted successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\vujigami.dll
C:\Windows\system32\vujigami.dll NOT unregistered.
C:\Windows\system32\vujigami.dll moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\wavoyolu.dll scheduled to be deleted on reboot.
File C:\Windows\system32\wavoyolu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
File C:\Windows\SysWow64\wavoyolu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
File C:\Windows\SysWow64\wavoyolu.dll not found.
[Files/Folders - Created Within 30 Days]
File C:\Windows\System32\wavoyolu.dll not found!
LoadLibrary failed for C:\Windows\System32\litilifu.dll
C:\Windows\System32\litilifu.dll NOT unregistered.
C:\Windows\System32\litilifu.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\sunotadi.dll
C:\Windows\System32\sunotadi.dll NOT unregistered.
C:\Windows\System32\sunotadi.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\gijoyeri.dll
C:\Windows\System32\gijoyeri.dll NOT unregistered.
C:\Windows\System32\gijoyeri.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\jujutoji.dll
C:\Windows\System32\jujutoji.dll NOT unregistered.
C:\Windows\System32\jujutoji.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\lunigiso.dll
C:\Windows\System32\lunigiso.dll NOT unregistered.
C:\Windows\System32\lunigiso.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\jumidani.dll
C:\Windows\System32\jumidani.dll NOT unregistered.
C:\Windows\System32\jumidani.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\denezudu.dll
C:\Windows\System32\denezudu.dll NOT unregistered.
C:\Windows\System32\denezudu.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\jamamafo.dll
C:\Windows\System32\jamamafo.dll NOT unregistered.
C:\Windows\System32\jamamafo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\tasijapo.dll
C:\Windows\System32\tasijapo.dll NOT unregistered.
C:\Windows\System32\tasijapo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\mawiravi.dll
C:\Windows\System32\mawiravi.dll NOT unregistered.
C:\Windows\System32\mawiravi.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\yutevaro.dll
C:\Windows\System32\yutevaro.dll NOT unregistered.
C:\Windows\System32\yutevaro.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\tumisana.dll
C:\Windows\System32\tumisana.dll NOT unregistered.
C:\Windows\System32\tumisana.dll moved successfully.
File C:\Windows\System32\vujigami.dll not found!
DllUnregisterServer procedure not found in C:\Windows\System32\vebeliso.dll
C:\Windows\System32\vebeliso.dll NOT unregistered.
C:\Windows\System32\vebeliso.dll moved successfully.
File C:\Windows\System32\hutijezu.dll not found!
DllUnregisterServer procedure not found in C:\Windows\System32\tezepugi.dll
C:\Windows\System32\tezepugi.dll NOT unregistered.
C:\Windows\System32\tezepugi.dll moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\Windows\System32\litahajo moved successfully.
File C:\Windows\System32\wavoyolu.dll not found!
File C:\Windows\System32\litilifu.dll not found!
C:\Windows\System32\kanolalo.exe moved successfully.
C:\Users\Roger Jin\AppData\Local\Temp\AWMBQT.exe moved successfully.
File C:\Windows\System32\sunotadi.dll not found!
File C:\Windows\System32\gijoyeri.dll not found!
C:\Windows\System32\figebasi.exe moved successfully.
File C:\Windows\System32\jujutoji.dll not found!
C:\Windows\System32\viyiyini.exe moved successfully.
File C:\Windows\System32\jumidani.dll not found!
C:\Windows\System32\nitesani.exe moved successfully.
File C:\Windows\System32\denezudu.dll not found!
File C:\Windows\System32\jamamafo.dll not found!
C:\Windows\System32\nemirapu.exe moved successfully.
File C:\Windows\System32\tasijapo.dll not found!
File C:\Windows\System32\mawiravi.dll not found!
File C:\Windows\System32\yutevaro.dll not found!
File C:\Windows\System32\tumisana.dll not found!
C:\Windows\System32\fovidogo.dll_old moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.14.0 fix logfile created on 04202009_213856

Files moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\wavoyolu.dll scheduled to be deleted on reboot.

[CatByte]

Hi,

Please do the following:

Please download Malwarebytes' Anti-Malware

• Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[houstonrockets]

It detected five infected files. Here is the log :http://www.mediafire.com/?sharekey=773e524d8627afe341446e35a78dc463e04e75f6e8ebb871 Malwarebytes' Anti-Malware 1.36 Database version: 2017 Windows 6.0.6001 Service Pack 1 4/20/2009 10:27:37 PM mbam-log-2009-04-20 (22-27-37).txt Scan type: Quick Scan Objects scanned: 66206 Time elapsed: 5 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

[CatByte]

Hi

Please do the following:

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Open the Kaspersky WebScanner
  page.
• Click on the button on the main page.
• The program will launch and fill in the Information section on the left.
• Read the "Requirements and Limitations" then press the button.
• The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
• Once the files have been downloaded, click on the ...button.
  In the scan settings make sure the following are selected:
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases
    By default the above items should already be checked.
  • Click the button, if you made any changes.
• Now under the Scan section on the left:
  
  Select My Computer
  
• The program will now start and scan your system. This will run for a while, be patient and let it finish.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

[houstonrockets]

Hey CatBye sorry I haven't done the above yet. Been too busy in the past two days, but will do it tonight.

[CatByte]

no probs

[houstonrockets]

Hey Catbye, Sorry for the late followup. Here's the log: Files scanned 138487 Threat name 2 Infected objects 6 Suspicious objects 0 Duration of the scan 02:36:18 C:\_OTScanIt\MovedFiles\04202009_213856\C_Windows\system32\tasijapo.dll Infected: Trojan.Win32.Monder.bzdz 1 C:\_OTScanIt\MovedFiles\04202009_213856\C_Windows\system32\tezepugi.dll Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\_OTScanIt\MovedFiles\04202009_213856\C_Windows\system32\tumisana.dll Infected: Trojan.Win32.Monder.bzdz 1 C:\_OTScanIt\MovedFiles\04202009_213856\C_Windows\system32\vebeliso.dll Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\_OTScanIt\MovedFiles\04202009_213856\C_Windows\system32\vujigami.dll Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\_OTScanIt\MovedFiles\04202009_213856\C_Windows\SysWow64\hutijezu.dll Infected: Trojan-Downloader.Win32.Agent.bqxc 1 Look forward to hearing from you soon, thanks.

[CatByte]

Hi Please run the Malwarebytes Antimalware program again to make sure it comes up clean this time - post the resulting log Also post a fresh HJT log and advise if you have any other issues with your machine.

[houstonrockets]

Will do, I haven't had any problems in a while should I be concerned that Kaspersky turned up some infections?