Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware run32.dll and i might have others

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 23rd, 2009, 2:04 pm

Hi jas24,

Apologies for the delay.

Please delete Combofix.exe from your desktop then download the latest version from here and save it to your Desktop.


CFScript

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad (Start > Run... > type notepad and press enter)
    Copy the text in the code box below and paste it into notepad.

    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?f=11&t=47939&start=0
    
    Collect::
    c:\windows\system32\torayiya.dll
    c:\windows\system32\gemewoda.dll
    c:\windows\system32\yusutuno.exe
    c:\windows\system32\watusero.dll
    c:\windows\system32\samisede.dll
    c:\windows\system32\hepoyaba.dll
    c:\windows\system32\zehakebo.exe
    c:\windows\system32\drivers\2892o0P7.sys
    c:\windows\system32\drivers\jiccljefwd.sys
    c:\windows\system32\dolivowa.dll
    c:\windows\system32\fedozuta.dll
    c:\windows\system32\golorojo.dll
    c:\windows\system32\regizogu.dll
    c:\windows\system32\wusosogo.exe
    c:\windows\system32\jogopamo.dll
    
    
    Folder::
    c:\documents and settings\benny\Application Data\uTorrent
    c:\documents and settings\jas\Local Settings\Application Data\opjabe
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "tumujarepa"=-
    "yaduhihof"=-
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\2892o0P7.sys]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10382:TCP"=-
    "10382:UDP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{145CCE74-320A-43DF-AE18-878504DCAF8C}]
    "NameServer"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9D2B88F7-1287-446D-B936-69056593F881}]
    "NameServer"="65.32.5.111,65.32.5.112"
    
    Driver::
    2892o0P7
    wnamjovtnb
    

  4. Save this as CFScript.txt in the same location as ComboFix.exe (should be your Desktop)

    Image
  5. Temporarily disable your anti-virus software.
    NOTE: To disable AVG Internet Security
    • Locate this Image icon in the system tray and double-click it to open AVG User Interface
    • Click Components in the top menu bar and select Firewall
    • Under Firewall Settings, select (tick) Firewall disabled
    • Click Save changes and confirm by clicking Yes
    • Click Components in the top menu bar and select Identity Protection
    • Under Identity Protection Settings, uncheck Identity Protection is Active
    • Click Save changes
    • Click Components in the top menu bar and select Resident Shield
    • Under Resident Shield Settings, uncheck Resident Shield Active
    • Click Save changes
    • Close AVG Internet Security Window
  6. Refering to the picture above, drag CFScript.txt and drop it into ComboFix.exe
  7. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. See NOTE below.

**NOTE**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • When the "Submit Files for further analysis" box pops up, ensure you are connected to the internet and click OK on the message box.


Update and Scan with MalwareBytes'

  • Start MalwareBytes' Anti-Malware (MBAM)
  • Click the Update tab, then click Check for Updates button
  • Allow MBAM to check for and download updates, then click OK
  • Click the Scanner tab and select (tick) Perform quick scan
  • Click Scan to start then scan.
  • When it finishes, click OK in the window that pops up and then click Show Results in the main window
  • Ensure that all items are checked and click Remove Selected.
  • When the removal is complete, a logfile will open. Please copy and paste the entire contents of the logfile in your next reply. See NOTE below
  • If necessary, the logfile can also be accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it.
NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware.


After tools have run and any necessary reboots have occurred, open AVG User Interface and undo changes referring to the above instructions for disabling if needed.
  • Under Firewall Settings, select (tick) Firewall enabled then click Save changes
  • Under Identity Protection Settings, check Identity Protection is Active then click Save changes
  • Under Resident Shield Settings, check Resident Shield Active then click Save changes


Please reply with the contents of the ComboFix log (C:\ComboFix.txt), the MalwareBytes' log and info on how the computer is behaving. :)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)
Advertisement
Register to Remove

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 24th, 2009, 1:17 pm

Hello ShinyBeast!
Everything seems to working fine, I can access Gmail and my google link are working again.
On combofix the Submit Files for further analysis never popped up, just to let you know.
that's about the only thing i notice that didn't happen from your instructions. I got to finally download Malwarebytes and updated successfully.

Here are the logs:

ComboFix 09-12-23.06 - jas 12/24/2009 10:52:19.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.168 [GMT -5:00]
Running from: c:\documents and settings\jas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jas\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

file zipped: c:\windows\system32\dolivowa.dll
file zipped: c:\windows\system32\drivers\2892o0P7.sys
file zipped: c:\windows\system32\fedozuta.dll
file zipped: c:\windows\system32\gemewoda.dll
file zipped: c:\windows\system32\golorojo.dll
file zipped: c:\windows\system32\hepoyaba.dll
file zipped: c:\windows\system32\regizogu.dll
file zipped: c:\windows\system32\samisede.dll
file zipped: c:\windows\system32\torayiya.dll
file zipped: c:\windows\system32\watusero.dll
file zipped: c:\windows\system32\yusutuno.exe
file zipped: c:\windows\system32\zehakebo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\benny\Application Data\uTorrent
c:\documents and settings\benny\Application Data\uTorrent\AVG Antivirus 8 0 + serial (EXPIRES YEAR 2018) (CLEAN) [blaze69].torrent
c:\documents and settings\benny\Application Data\uTorrent\dht.dat
c:\documents and settings\benny\Application Data\uTorrent\dht.dat.old
c:\documents and settings\benny\Application Data\uTorrent\resume.dat
c:\documents and settings\benny\Application Data\uTorrent\resume.dat.old
c:\documents and settings\benny\Application Data\uTorrent\rss.dat
c:\documents and settings\benny\Application Data\uTorrent\rss.dat.old
c:\documents and settings\benny\Application Data\uTorrent\settings.dat
c:\documents and settings\benny\Application Data\uTorrent\settings.dat.old
c:\documents and settings\benny\Application Data\uTorrent\SUPERAntiSpyware Professional 4.0.0.1154.torrent
c:\documents and settings\jas\Local Settings\Application Data\opjabe
c:\windows\system32\dolivowa.dll
c:\windows\system32\drivers\2892o0P7.sys
c:\windows\system32\fedozuta.dll
c:\windows\system32\gemewoda.dll
c:\windows\system32\golorojo.dll
c:\windows\system32\hepoyaba.dll
c:\windows\system32\regizogu.dll
c:\windows\system32\samisede.dll
c:\windows\system32\torayiya.dll
c:\windows\system32\watusero.dll
c:\windows\system32\yusutuno.exe
c:\windows\system32\zehakebo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_2892O0P7
-------\Legacy_WNAMJOVTNB
-------\Service_2892o0P7
-------\Service_wnamjovtnb


((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-20 17:55 . 2009-12-20 17:55 -------- d-----w- c:\program files\VSO
2009-12-12 12:46 . 2009-12-12 12:46 -------- d-----w- c:\documents and settings\benny\Application Data\Template
2009-12-09 17:48 . 2009-12-20 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 17:09 . 2009-12-09 17:09 -------- d-----w- c:\program files\Trend Micro
2009-12-08 20:03 . 2009-12-08 21:20 -------- d-----w- C:\$AVG
2009-12-08 20:02 . 2009-12-08 20:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-08 20:02 . 2009-12-24 11:26 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-08 20:02 . 2009-12-08 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-08 20:01 . 2009-12-08 20:01 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-08 20:01 . 2009-12-08 20:01 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-08 20:01 . 2009-12-08 20:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-08 20:01 . 2009-12-08 20:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-08 20:01 . 2009-12-08 20:01 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-08 20:00 . 2009-12-08 20:00 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-08 20:00 . 2009-12-08 20:00 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-08 20:00 . 2009-12-08 20:00 -------- d-----w- c:\program files\AVG
2009-12-08 20:00 . 2009-12-08 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-08 18:15 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-08 00:15 . 2009-12-08 00:15 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2009-12-04 23:34 . 2009-12-04 23:34 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\Threat Expert
2009-12-03 02:48 . 2009-12-03 02:48 -------- d-----w- c:\documents and settings\benny\Application Data\Lavasoft
2009-12-02 23:40 . 2009-12-03 01:47 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-02 23:40 . 2009-12-03 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-02 23:38 . 2009-12-02 23:38 -------- d-----w- c:\documents and settings\benny\Local Settings\Application Data\Downloaded Installations
2009-12-02 21:06 . 2009-12-02 21:06 -------- d-----w- c:\documents and settings\benny\Application Data\Malwarebytes
2009-12-02 20:50 . 2009-12-02 21:02 -------- d-----w- c:\documents and settings\benny\Local Settings\Application Data\Adobe
2009-12-02 20:30 . 2009-12-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 18:27 . 2009-12-04 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-12-02 05:04 . 2009-12-02 05:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-12-02 02:53 . 2009-12-02 02:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-02 02:35 . 2009-12-02 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-12-02 02:33 . 2009-12-02 02:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-02 00:51 . 2009-12-02 00:51 69472 ----a-w- c:\documents and settings\benny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 22:42 . 2009-12-01 22:42 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\esentsttools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 15:19 . 2008-01-26 17:56 -------- d-----w- c:\program files\PeerGuardian2
2009-12-23 23:51 . 2009-01-30 00:06 -------- d-----w- c:\documents and settings\jas\Application Data\Vso
2009-12-23 22:09 . 2007-05-12 08:19 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-23 21:24 . 2007-05-11 19:07 6748 ----a-w- c:\documents and settings\jas\Application Data\wklnhst.dat
2009-12-22 13:43 . 2009-12-22 13:45 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-21 00:57 . 2009-01-07 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\documents and settings\jas\Application Data\pcouffin.sys
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\documents and settings\jas\Application Data\pcouffin.sys
2009-12-18 15:01 . 2008-01-23 04:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-12 12:45 . 2009-12-12 12:45 0 ----a-w- c:\documents and settings\benny\Application Data\wklnhst.dat
2009-12-11 19:43 . 2009-12-23 16:17 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-12-11 19:43 . 2009-12-22 13:45 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-11 19:36 . 2009-12-22 13:44 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-11 19:36 . 2009-12-22 13:44 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-08 20:01 . 2009-12-22 13:44 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-08 01:27 . 2007-05-07 21:36 -------- d-----w- c:\program files\Java
2009-12-08 01:16 . 2007-05-04 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-03 02:47 . 2007-05-17 02:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-02 18:26 . 2007-07-27 20:57 -------- d-----w- c:\program files\PCPitstop
2009-11-03 18:43 . 2009-11-03 18:43 -------- d-----w- c:\program files\Invoke Solutions
2009-11-03 01:42 . 2009-10-03 11:40 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2004-08-04 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 13:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 13:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 13:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 17:13 . 2009-12-08 20:20 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-10-13 10:30 . 2004-08-04 13:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 13:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 13:00 79872 ----a-w- c:\windows\system32\raschap.dll
2007-08-20 20:09 . 2007-08-09 06:21 88 -csh--r- c:\windows\system32\9CCEB17CDB.sys
2007-08-20 20:09 . 2007-08-09 06:21 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-08 1294336]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-08 20:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-10-11 23:17 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\esentsttools]
2009-12-01 17:43 81920 ----a-w- c:\documents and settings\jas\Local Settings\Application Data\esentsttools\esentsttools.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 20:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-05-04 17:59 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 23:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 23:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2007-11-09 21:16 688128 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 00:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-15 10:50 729178 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2005-07-28 15:32 94208 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 21:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"gusvc"=2 (0x2)
"Fax"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgtray.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [12/8/2009 3:01 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/8/2009 3:01 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/8/2009 3:01 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/8/2009 3:01 PM 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/8/2009 3:01 PM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/8/2009 3:01 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/8/2009 3:01 PM 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/8/2009 3:01 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/8/2009 3:00 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/8/2009 3:01 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/8/2009 3:01 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/8/2009 3:01 PM 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 PM 231424]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/8/2009 3:00 PM 30104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/8/2009 1:26 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/8/2009 1:26 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/8/2009 1:26 PM 23680]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/2/2009 1:26 PM 77312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://twitter.com/home
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {9D2B88F7-1287-446D-B936-69056593F881} = 65.32.5.111,65.32.5.112
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dll
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/ ... MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 11:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?3?3?8??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2009-12-24 11:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-24 16:17

Pre-Run: 40,922,836,992 bytes free
Post-Run: 40,883,228,672 bytes free

- - End Of File - - 73EF4A5C5D826B13ECB386380CCAB9B8





Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/24/2009 11:53:56 AM
mbam-log-2009-12-24 (11-53-56).txt

Scan type: Quick Scan
Objects scanned: 121872
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\jas\Local Settings\Application Data\esentsttools (Adware.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\jas\Local Settings\Application Data\esentsttools\esentsttools.dll (Adware.Agent) -> Quarantined and deleted successfully.



Thank you!
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 27th, 2009, 1:22 pm

Hi jas24,

Glad to hear things are running better.

We should do an online scan to check for any leftovers as your computer was heavily infected.


ESET Online Scanner

Note: You will need to disable your Anti-Virus.
To disable AVG Internet Security
  • Locate this Image icon in the system tray and double-click it to open AVG User Interface
  • Click Components in the top menu bar and select Resident Shield
  • Under Resident Shield Settings, uncheck Resident Shield Active
  • Click Save changes
  • Close AVG Internet Security Window

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Scan with CKScanner

Click here to download CKScanner
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Combofix Quarantined Files

Please open Explorer and navigate to C:\Qoobox and find the file ComboFix-quarantined-files.txt.
Open that file and copy and paste the contents of it in your next reply.

Please include the contents of ComboFix-quarantined-files.txt, the contents of CKFiles.txt and the ESET log in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 28th, 2009, 1:33 pm

2009-12-24 15:59:10 . 2009-12-24 15:59:10 5,978 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wnamjovtnb.reg.dat
2009-12-24 15:59:10 . 2009-12-24 15:59:10 2,428 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_2892o0P7.reg.dat
2009-12-24 15:59:10 . 2009-12-24 15:59:10 1,358 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WNAMJOVTNB.reg.dat
2009-12-24 15:59:10 . 2009-12-24 15:59:10 1,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_2892O0P7.reg.dat
2009-12-24 15:52:13 . 2009-12-24 15:52:14 261,778 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2009-12-24_10.51.53.zip
2009-12-21 20:11:41 . 2009-12-21 20:11:41 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-setavupew-{88f8d6e8-8e5a-4113-898b-3df0434895f2}.reg.dat
2009-12-21 20:11:40 . 2009-12-21 20:11:40 332 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-sehapojip-{f23a521e-9c3a-4a26-b3c5-2f30161c8d18}.reg.dat
2009-12-21 20:11:38 . 2009-12-21 20:11:38 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{88f8d6e8-8e5a-4113-898b-3df0434895f2}.reg.dat
2009-12-21 20:11:37 . 2009-12-21 20:11:37 157 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{0e057f42-b55c-40e0-8bef-713e1841f663}.reg.dat
2009-12-21 20:11:37 . 2009-12-21 20:11:37 333 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{f23a521e-9c3a-4a26-b3c5-2f30161c8d18}.reg.dat
2009-12-21 20:11:15 . 2009-12-21 20:11:15 351 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{a82f8954-7714-4f1a-a3c9-f297a5fd72a9}.reg.dat
2009-12-21 19:38:49 . 2009-12-21 19:38:49 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\41.exe.vir
2009-12-21 19:38:24 . 2009-12-21 19:38:48 1,403,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\AVR10.exe.vir
2009-12-21 19:38:22 . 2009-12-21 19:38:24 18,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper86.dll.vir
2009-12-21 19:38:04 . 2009-09-21 19:37:42 31,232 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon86.exe.vir
2009-12-21 19:38:04 . 2009-12-21 19:38:04 290 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\orpbbrei.job.vir
2009-12-21 19:38:04 . 2009-09-21 19:37:42 31,232 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate86.exe.vir
2009-12-20 17:56:13 . 2009-12-20 17:56:13 87,608 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\jas\Application Data\inst.exe.vir
2009-12-20 03:23:07 . 2009-12-21 19:37:57 290 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\lmlimiqp.job.vir
2009-12-19 15:24:54 . 2009-12-19 15:24:54 5,875 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mohoyodi.exe.vir
2009-12-19 15:24:48 . 2009-12-19 15:24:48 5,902 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\togemobo.dll.vir
2009-12-19 15:24:48 . 2009-12-19 15:24:48 5,902 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\torayiya.dll.vir
2009-12-19 15:24:48 . 2009-12-19 15:24:48 5,902 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gemewoda.dll.vir
2009-12-19 03:05:59 . 2009-12-21 19:37:57 290 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\rjvmsyav.job.vir
2009-12-18 15:05:56 . 2009-12-18 15:05:56 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hubozupi.dll.vir
2009-12-18 15:05:50 . 2009-12-18 15:05:50 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\batiweja.dll.vir
2009-12-18 15:05:50 . 2009-12-18 15:05:50 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zosusewa.dll.vir
2009-12-18 15:05:50 . 2009-12-18 15:05:50 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vobuturi.dll.vir
2009-12-16 18:23:02 . 2009-12-16 18:23:02 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lelutayo.dll.vir
2009-12-16 18:22:46 . 2009-12-16 18:22:46 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kemepiga.dll.vir
2009-12-16 18:22:45 . 2009-12-16 18:22:46 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gaduvoma.dll.vir
2009-12-16 06:23:20 . 2009-12-16 06:23:20 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\miyowepa.dll.vir
2009-12-16 06:23:11 . 2009-12-16 06:23:11 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\towusozo.dll.vir
2009-12-16 06:23:07 . 2009-12-16 06:23:07 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dirasawu.dll.vir
2009-12-16 06:23:04 . 2009-12-16 06:23:05 181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bodozanu.dll.vir
2009-12-15 04:28:36 . 2009-12-21 19:37:57 290 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\qchujcpc.job.vir
2009-12-14 16:23:47 . 2009-12-21 19:37:57 290 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\apftdukx.job.vir
2009-12-13 17:50:37 . 2009-12-21 19:37:57 290 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\txvcxyfd.job.vir
2009-12-12 11:41:51 . 2009-12-12 11:41:51 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vagazodi.dll.vir
2009-12-12 11:41:40 . 2009-12-12 11:41:40 3 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nanemefu.dll.vir
2009-12-12 11:41:40 . 2009-12-12 11:41:40 3 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zovujiwu.dll.vir
2009-12-11 20:40:12 . 2009-12-11 20:40:12 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nuyuviju.dll.vir
2009-12-11 20:40:12 . 2009-12-11 20:40:12 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kuwalobe.dll.vir
2009-12-11 20:34:03 . 2009-12-11 20:34:03 5,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yusutuno.exe.vir
2009-12-11 20:34:01 . 2009-12-11 20:34:01 5,875 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tijevilu.exe.vir
2009-12-10 23:09:53 . 2009-12-21 19:37:57 290 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\cxipuost.job.vir
2009-12-09 16:46:34 . 2009-12-21 19:37:57 290 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\iggzvall.job.vir
2009-12-09 04:17:41 . 2009-12-09 04:17:41 5,902 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\watusero.dll.vir
2009-12-09 04:17:39 . 2009-12-09 04:17:39 5,902 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\samisede.dll.vir
2009-12-09 04:17:38 . 2009-12-09 04:17:38 5,902 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\barihuye.dll.vir
2009-12-09 04:17:24 . 2009-12-09 04:17:24 5,875 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gabuwime.exe.vir
2009-12-09 04:17:24 . 2009-12-09 04:17:24 5,902 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hepoyaba.dll.vir
2009-12-09 04:17:24 . 2009-12-09 04:17:24 5,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zehakebo.exe.vir
2009-12-08 18:33:41 . 2009-12-08 18:33:41 468 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-AVI Codec Pack.reg.dat
2009-12-08 18:33:25 . 2009-12-08 18:33:25 612 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-yaduhihof.reg.dat
2009-12-08 18:33:24 . 2009-12-08 18:33:24 636 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat
2009-12-08 18:33:15 . 2009-12-08 18:33:15 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-nisohulum-{06a2aed1-2397-456b-9ea6-eb3b3d2c1b3e}.reg.dat
2009-12-08 18:33:14 . 2009-12-08 18:33:14 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-jomemowav-{a1ca5fee-4c6e-4f41-bb52-4a24ae94183d}.reg.dat
2009-12-08 18:33:14 . 2009-12-08 18:33:14 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-fotuzatob-{4dcc3337-0d3b-4f95-b487-80b14e6ef9dd}.reg.dat
2009-12-08 18:33:14 . 2009-12-08 18:33:14 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-zesivukip-{042dc51a-5957-47e5-91af-5d1bbe01f870}.reg.dat
2009-12-08 18:33:12 . 2009-12-08 18:33:12 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{06a2aed1-2397-456b-9ea6-eb3b3d2c1b3e}.reg.dat
2009-12-08 18:33:11 . 2009-12-08 18:33:11 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{a1ca5fee-4c6e-4f41-bb52-4a24ae94183d}.reg.dat
2009-12-08 18:33:11 . 2009-12-08 18:33:11 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{4dcc3337-0d3b-4f95-b487-80b14e6ef9dd}.reg.dat
2009-12-08 18:33:11 . 2009-12-08 18:33:11 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{042dc51a-5957-47e5-91af-5d1bbe01f870}.reg.dat
2009-12-08 18:33:00 . 2009-12-08 18:33:00 128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-tumujarepa.reg.dat
2009-12-08 18:33:00 . 2009-12-08 18:33:00 150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-yaduhihof.reg.dat
2009-12-08 18:32:59 . 2009-12-08 18:32:59 203 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Malwarebytes Anti-Malware (reboot).reg.dat
2009-12-08 18:32:53 . 2009-12-08 18:32:54 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2009-12-08 18:32:52 . 2009-12-08 18:32:52 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2009-12-08 18:23:19 . 2009-12-19 15:38:02 4,738 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2009-12-08 18:23:19 . 2009-12-19 15:38:01 5,656 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2009-12-08 18:13:50 . 2009-12-08 18:13:50 114 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lowsec\_user_.ds.zip
2009-12-08 18:13:49 . 2009-12-08 18:13:49 155,097 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lowsec\_local_.ds.zip
2009-12-08 18:12:11 . 2009-12-24 15:58:56 13,236 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-12-08 17:49:50 . 2009-12-24 15:49:58 824 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-12-08 16:18:08 . 2009-12-08 16:18:08 296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\rxladbzf.job.vir
2009-12-08 02:52:54 . 2009-12-08 17:36:24 2,854 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir
2009-12-08 02:01:14 . 2009-12-08 02:01:14 92,672 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mekohige.dll.vir
2009-12-08 02:00:51 . 2009-12-08 02:00:51 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dewukobe.dll.vir
2009-12-05 16:11:46 . 2009-12-05 16:11:46 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\maligoha.dll.vir
2009-12-05 04:55:04 . 2009-12-07 22:36:09 194 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\srcr.dat.vir
2009-12-04 23:08:08 . 2009-12-08 16:15:47 296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\dggsjhxm.job.vir
2009-12-03 01:52:47 . 2009-12-03 01:52:28 3,019 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\SUPERAntiSpyware Professional 4.0.0.1154.torrent.vir
2009-12-02 18:26:34 . 2009-12-03 01:58:58 919 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\dht.dat.old.vir
2009-12-02 18:26:34 . 2009-12-03 02:32:35 3,962 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\dht.dat.vir
2009-12-02 18:26:34 . 2009-12-03 01:58:57 99 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\rss.dat.old.vir
2009-12-02 18:26:34 . 2009-12-03 02:32:35 99 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\rss.dat.vir
2009-12-02 18:26:34 . 2009-12-03 01:58:57 1,598 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\settings.dat.old.vir
2009-12-02 18:26:34 . 2009-12-03 02:32:35 1,598 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\settings.dat.vir
2009-12-02 18:18:04 . 2009-12-03 02:32:32 2,473 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\resume.dat.old.vir
2009-12-02 18:18:04 . 2009-12-03 02:32:35 2,457 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\resume.dat.vir
2009-12-02 18:17:33 . 2009-12-02 18:16:23 19,469 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\benny\Application Data\uTorrent\AVG Antivirus 8 0 + serial (EXPIRES YEAR 2018) (CLEAN) [blaze69].torrent.vir
2009-12-02 18:09:45 . 2009-12-08 16:15:47 296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\kpjcnwbc.job.vir
2009-12-02 00:22:10 . 2009-12-07 18:00:00 630 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\h8srtcfg.dat.vir
2009-12-01 22:45:54 . 2009-12-01 22:45:54 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTsiyvgvdirs.dll.vir
2009-12-01 22:44:46 . 2009-12-01 22:45:18 1,167,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTiwilnntpql.dll.vir
2009-12-01 22:44:08 . 2009-12-01 22:44:10 40,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTxnuarmilbj.dll.vir
2009-12-01 22:43:46 . 2009-12-05 15:53:56 194 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTdvykicomen.dat.vir
2009-12-01 22:43:35 . 2009-12-01 22:43:35 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTkagolwaftw.dll.vir
2009-12-01 22:42:23 . 2009-12-08 01:34:22 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lowsec\user.ds.vir
2009-12-01 22:42:23 . 2009-12-08 16:20:35 154,958 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lowsec\local.ds.vir
2009-12-01 22:42:18 . 2009-12-08 00:21:32 80,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\2892o0P7.sys.vir
2009-09-21 19:37:50 . 2009-09-21 19:37:50 92,672 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jogopamo.dll.vir
2009-09-21 19:37:46 . 2009-09-21 19:37:46 61,952 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\golorojo.dll.vir
2009-09-21 19:37:44 . 2009-09-21 19:37:44 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\leheziti.dll.vir
2009-09-21 19:37:42 . 2009-09-21 19:37:42 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tuwihavo.dll.vir
2009-09-20 03:23:00 . 2009-09-20 03:23:00 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dolivowa.dll.vir
2009-09-20 03:22:55 . 2009-09-20 03:22:55 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fedozuta.dll.vir
2009-09-19 03:06:07 . 2009-09-19 03:06:07 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\regizogu.dll.vir
2009-09-19 03:06:01 . 2009-09-19 03:06:01 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\goradoja.dll.vir
2009-09-18 15:05:37 . 2009-09-18 15:05:37 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dadirova.dll.vir
2009-09-18 15:05:37 . 2009-09-18 15:05:37 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\veketaha.dll.vir
2009-09-18 15:05:34 . 2009-09-18 15:05:34 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\buvujano.dll.vir
2009-09-18 15:05:34 . 2009-09-18 15:05:34 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nelesoye.dll.vir
2009-09-16 18:22:28 . 2009-09-16 18:22:28 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vokeloso.dll.vir
2009-09-16 18:22:22 . 2009-09-16 18:22:22 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kogekebe.dll.vir
2009-09-16 18:22:22 . 2009-09-16 18:22:22 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\norozuse.dll.vir
2009-09-16 06:22:18 . 2009-09-16 06:22:18 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jineniwi.dll.vir
2009-09-16 06:22:16 . 2009-09-16 06:22:16 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\guguvevo.dll.vir
2009-09-16 06:22:09 . 2009-09-16 06:22:09 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tateputu.dll.vir
2009-09-16 06:22:09 . 2009-09-16 06:22:09 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wuviforo.dll.vir
2009-09-08 16:18:04 . 2009-09-08 16:18:04 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nebiteda.dll.vir
2009-09-08 16:18:03 . 2009-09-08 16:18:03 93,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gehotimi.dll.vir
2009-09-08 16:18:03 . 2009-09-08 16:18:03 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\meridewa.dll.vir
2009-09-08 02:07:29 . 2009-09-08 02:07:29 29,696 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wokawewo.dll.vir
2009-09-08 02:07:24 . 2009-09-08 02:07:24 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\futajido.dll.vir
2009-09-06 16:11:48 . 2009-09-06 16:11:48 93,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hegubagu.dll.vir
2009-09-06 16:11:47 . 2009-09-06 16:11:47 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bupuyafo.dll.vir
2009-09-06 16:11:47 . 2009-09-06 16:11:47 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vipukeyu.dll.vir
2009-09-06 04:11:20 . 2009-09-06 04:11:20 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bitonuta.dll.vir
2009-09-06 04:11:18 . 2009-09-06 04:11:18 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\butileve.dll.vir
2009-09-05 16:11:24 . 2009-09-05 16:11:24 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zuyahoba.dll.vir
2009-09-05 15:14:04 . 2009-09-05 15:14:04 26,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hoyuvuki.dll.vir
2009-09-05 15:14:00 . 2009-09-05 15:14:00 93,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vojedayu.dll.vir
2009-09-05 15:13:58 . 2009-09-05 15:13:58 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\valalafo.dll.vir
2009-09-04 23:08:08 . 2009-09-04 23:08:08 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hinilezo.dll.vir
2009-09-04 23:08:07 . 2009-09-04 23:08:07 90,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lavevumu.dll.vir
2009-09-03 20:13:38 . 2009-09-03 20:13:38 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pohuzowo.dll.vir
2009-09-03 20:13:38 . 2009-09-03 20:13:38 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\magagovi.dll.vir
2009-09-03 20:13:36 . 2009-09-03 20:13:36 92,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rulufutu.dll.vir
2009-09-02 18:10:21 . 2009-09-02 18:10:21 53,760 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\begimepo.dll.vir
2009-09-02 18:10:21 . 2009-09-02 18:10:21 53,760 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\guzuyavu.dll.vir
2009-09-02 18:10:21 . 2009-09-02 18:10:21 53,760 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vagivoho.dll.vir
2009-09-02 18:09:46 . 2009-09-02 18:09:46 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\namiviko.dll.vir
2009-09-02 18:09:43 . 2009-09-02 18:09:43 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pehuraba.dll.vir
2009-09-02 01:49:25 . 2009-09-02 01:49:25 1,909 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\puvutabo.exe.vir
2009-09-02 01:49:25 . 2009-09-02 01:49:25 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pipidesa.dll.vir
2007-07-12 08:05:27 . 2007-07-12 08:05:27 0 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Services.vir
2007-06-12 20:16:08 . 2007-06-12 20:16:08 562 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\jas\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk.vir
2007-06-12 20:16:07 . 2007-06-12 20:16:07 757 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\jas\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk.vir
2007-06-12 20:16:06 . 2007-06-12 20:16:06 71,582 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack\uninstall.exe.vir
2007-05-05 20:13:34 . 2009-03-23 12:40:17 183,280 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir
2004-08-04 13:00:00 . 2009-02-09 12:10:48 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
2003-08-19 07:20:16 . 2003-08-19 07:20:16 16,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack\AC3\dialog_patch.exe.vir
2003-08-19 07:20:04 . 2003-08-19 07:20:04 180,224 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack\AC3\ac3filter.ax.vir
1999-06-23 23:47:36 . 1999-06-23 23:47:36 19,968 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe.vir
1999-05-28 14:13:34 . 1999-05-28 14:13:34 301,568 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack\LAYER-3\L3CODECP.ACM.vir





CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\sony\sound forge audio studio 9.0\keygen.exe
scanner sequence 3.AP.11
----- EOF -----




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=917ad93339957644b4d0801fcdfcb79d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-28 05:18:17
# local_time=2009-12-28 12:18:17 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 718273 718273 0 0
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64046
# found=15
# cleaned=0
# scan_time=5867
C:\Qoobox\Quarantine\C\WINDOWS\system32\AVR10.exe.vir a variant of Win32/Kryptik.BLS trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\bitonuta.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\bupuyafo.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.AED virus 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dewukobe.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gehotimi.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\hegubagu.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\hinilezo.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\maligoha.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mekohige.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nebiteda.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vojedayu.dll.vir a variant of Win32/Kryptik.BKV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper86.dll.vir Win32/TrojanDownloader.FakeAlert.AQQ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon86.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate86.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 29th, 2009, 2:29 pm

Hi jas24,


Please visit this site
In the Link to topic where this file was requested: field, copy and paste the link below
Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=47939&start=0

Then click Browse... and copy/paste the filepath below into the File name: field in the File Upload window.
Code: Select all
C:\Qoobox\Quarantine\[4]-Submit_2009-12-24_10.51.53.zip


Then click Send File


Pirated Software

c:\program files\sony\sound forge audio studio 9.0\keygen.exe


This is the third crack/keygen we've seen on your computer. You and the other user of this machine need to be aware that this is most likely how your computer became infected. I hope this will convince you to abandon trying to steal software and stop using peer to peer programs. There is a free option for most basic software these days. I urge you to research and try the free options and if not, legitimately purchase software you want. You must uninstall and delete Sound Forge Audio Studio 9.0 before we can continue. You will find this forum's rules here: Malware Removal Forum Guidelines and Rules. Here is quote from it:

Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.


If you want to continue please perform the removal and deletion of the program mentioned above and post back that you have done so.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 30th, 2009, 6:17 pm

Yes, i saw that and i have removed and deleted it. I have also submitted that file to bleeping computer.
Thank you.
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 30th, 2009, 10:46 pm

Hi jas24,

Thanks for uploading the file.


Adobe Reader

Adobe Reader is out of date. Older versions have security vulnerabilities and you should update it.

I suggest you download and install the newest version from http://get.adobe.com/reader/.
After installing the newest version, uninstall any older version through Add or Remove Programs.


Please post a new HijackThis log in your next reply and let me know how the computer is running.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby shinybeast » January 2nd, 2010, 11:27 pm

Hello jas24,

It has been 3 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
Please let me know how things are going otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » January 4th, 2010, 2:29 pm

Hi, so sorry for the delay. I've been out of town for the holiday.

When i log on to my name, it loads very slow.
I updated Adobe to 9.2, and here is the hijackthis log..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:06 PM, on 1/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://twitter.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} (Invoke Solutions MILiveParticipantPadHelper Control) - http://rms2.invokesolutions.com/events/ ... MILive.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = linksys
O17 - HKLM\Software\..\Telephony: DomainName = linksys
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2B88F7-1287-446D-B936-69056593F881}: NameServer = 65.32.5.111,65.32.5.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = linksys
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = linksys
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = linksys
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11005 bytes


Thanks again for taking the time to help me.
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » January 5th, 2010, 4:11 pm

Hi jas24,

Thanks again for taking the time to help me.


You're very welcome. :)


Your computer seems to be malware free. Has the slow startup persisted? The severity of the infection may have produced side effects that slow down the computer. As I mentioned before, a reformat and reinstall of Windows would be the better option.


Disable Service

You have a couple of services that are unnecessary.

  • Click Start, click Run..., type services.msc and press enter.
  • In the list of services locate the following services in the name column

    Google Software Updater
    NMIndexingService

  • For each service, right-click the service name and click Properties
  • In the service properties window locate Startup
  • In the drop-down menu next to Startup, select disabled and click OK.
  • Once both services are disabled, close Services window.


HijackThis

Start HijackThis and select Do a system scan only
Place a check next to the lines listed below and Close all windows except for HijackThis
Click Fix checked:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Close HijackThis.


Check out the What to do if your Computer's running slowly topic and perform the recommendations and see if that helps.


Reboot the computer after doing the above and report back if this helps or not.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » January 7th, 2010, 6:59 pm

Everything seems to be working normal.. You have helped alot and i appreciate your efforts, all is well.
Should i just delete the files on my desktop like combofix, OLT, Gmer, Ckscanner...

After being frustrated, I'm pretty happy now :cheers:
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » January 7th, 2010, 9:36 pm

Hi jas24,

I'm very happy to hear that the computer is back to normal. :)

As far as cleaning up...


Uninstall ComboFix

Click Start, click Run..., copy the below bolded text and paste it in the Open: box and click OK.

ComboFix /Uninstall

ComboFix will uninstall and clean up after itself.


OTL Cleanup

Please run OTL which should still be on your desktop
In the upper right click CleanUp
This will delete OTL and will clean up after it.


Delete CKScanner and GMER files from your desktop.


Implementing the following suggestions will greatly reduce your chances of malware problems in the future.

Update Windows

It is important to keep Windows and Microsoft programs updated to close vulnerabilities as they are discovered.

I suggest that you occasionally visit Microsoft Update and install all important updates. Please visit Microsoft Update as soon as possible as described below.

Close all windows and temporarily disable your anti-virus (usually through a tray icon)

Use Internet Explorer to visit this site: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US

Once the page loads follow instructions to install all critical updates. You may need to repeat this process until fully updated.


Keep installed programs up to date

Anti-virus
Most important is keeping your anti-virus software up to date. An out of date anti-virus is not much better than no anti-virus. If your anti-virus is not set to update automatically (preferred), it is imperative that you occasionally update it manually. You usually can accomplish this through a tray icon.

Update Other Vulnerable Software
Malware writers are increasingly targeting vulnerabilities in commonly used applications. There are several online sites which will scan your computer for outdated software. I've listed two below. I recommend occasionally visiting and scanning your computer to detect vulnerable software that should be updated.
F-Secure Health Check - requires Internet Explorer
Secunia Online Software Inspector


Best Practices for Email and Downloaded Files.

  • Do not read emails from unknown sources.
  • Make it a habit to never open email attachments from anyone, including people you know, unless you absolutely have to. If you need to open an attachment, scan it with your anti-virus before you open it.
  • Do not use Peer to Peer software to "share" media and software. You will get more than you expected and the "bonus" will not be something you want and will bring you back seeking help.
  • Do not use keygens or hacked software. First, it is stealing. Second, it is almost always infected with something. If you cannot afford to buy something, there is likely a free alternative that will be a good substitute. Search around and seek out advice from a trusted forum. Most will be glad to tell you of their favorite free program that performs the job you want done.


Additional Protection Programs

The programs listed below are excellent for improving your computer's security.

WinPatrol by Bill Pytlovany - "WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes." Information on it's many features can be found here

MVPS Hosts file - A replacement HOSTS file that redirects known malicious and ad serving sites to the localhost, thus preventing connection to them.
Note: MVPS Hosts file can sometimes slow down the computer so read the information on the site to mitigate this effect.

I encourage you to check out Tony Klein's article "How did I get infected in the first place?"
and miekiemoes' article "How to prevent Malware:"

If you have any questions about these suggestions, I would be happy to answer them.

Regards,
shinybeast

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby NonSuch » January 10th, 2010, 7:22 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware