Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: PLEASE HELP. RUNDLL32.exe Application ERROR

  1. #1
    Junior Member Ripart's Avatar
    Join Date
    Jun 2008
    Posts
    11

    Default PLEASE HELP. RUNDLL32.exe Application ERROR

    Hi, I'm new here.

    I was wandering if anyone could help me?
    everytime I log on, I type in my password for my user, then I get an rundll32.exe - application error saying,

    "The application failed to initialize properly (0xc0000005). Click on OK to terminate the application."

    After this, it shows my wallpaper and nothing else, sometimes everything loads after a while, but usually nothing does so I have to start something from task manager before everything else loads.

    I have AVG anti-virus 7.5 and have run and removed all the infections found but it keeps coming up.

    Could Someone please help me out seeing as this is real irrataing and I would really appreciate any help given.
    Thanks.

  2. #2
    Junior Member Ripart's Avatar
    Join Date
    Jun 2008
    Posts
    11

    Default

    sorry for double posting,

    but i forgot to mention that, i can't use add/remove programs, display properties and other basic system things like that, same error message keeps popping and i have to click it twice before it disappears.

    any help appreciated, Thank you.

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi Ripart

    I think you missed BEFORE you POST (READ this Procedure BEFORE Requesting Assistance) sticky


    Download and install TrendMicro HijackThis
    * Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
    Do a system scan only

    * Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
    * Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #4
    Junior Member Ripart's Avatar
    Join Date
    Jun 2008
    Posts
    11

    Default

    Here is the log file from Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:00:14 PM, on 6/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\DOCUME~1\Karlo\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Documents and Settings\Karlo\Desktop\Anti-Virus\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pctools.com/en/free-antiv...tm_campaign=av
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BMd33ca1aa] Rundll32.exe "C:\WINDOWS\system32\dywaiuqu.dll",s
    O4 - HKLM\..\Run: [d00f9236] rundll32.exe "C:\WINDOWS\system32\vsvqjbnp.dll",b
    O4 - HKLM\..\Run: [SexyDesktopDefender] c:\Program Files\Desktop Wallpaper Manager\Popup Defender.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Karlo\Desktop\Desktop\Yodm3D\Yodm3D.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Karlo\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\JiWire\BOT Mapping\Skype4COM.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0012232.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

    --
    End of file - 6782 bytes

    Any Help appreciated.

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.


    ___

    1. Download combofix from any of these links and save it to Desktop:
    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

    If you have problems with Combofix usage, see here
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Junior Member Ripart's Avatar
    Join Date
    Jun 2008
    Posts
    11

    Default

    These are the logs after running combofix and hjt:

    ComboFix 08-06-20.4 - Karlo 2008-06-23 22:06:56.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223 [GMT 9.5:30]
    Running from: C:\Documents and Settings\Karlo\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Karlo\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Karlo\Application Data\.#
    C:\WINDOWS\BMd33ca1aa.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aadpklut.dll
    C:\WINDOWS\system32\aynuedoe.ini
    C:\WINDOWS\system32\baxfbxgc.ini
    C:\WINDOWS\system32\bcgjgkka.dll
    C:\WINDOWS\system32\bghbnhmj.dll
    C:\WINDOWS\system32\biooxqdq.dll
    C:\WINDOWS\system32\bpsyacif.dll
    C:\WINDOWS\system32\bxnqlxra.dll
    C:\WINDOWS\system32\cawesatf.dll
    C:\WINDOWS\system32\cbadd.ini
    C:\WINDOWS\system32\cbadd.ini2
    C:\WINDOWS\system32\ccydrcpg.dll
    C:\WINDOWS\system32\chpdbjoe.dll
    C:\WINDOWS\system32\ckaibmpy.dll
    C:\WINDOWS\system32\cqranerd.dll
    C:\WINDOWS\system32\cwgmbdqw.dll
    C:\WINDOWS\system32\cwjabcxs.dll
    C:\WINDOWS\system32\dpgjmkpn.dll
    C:\WINDOWS\system32\dwcataff.ini
    C:\WINDOWS\system32\eblevtbq.dll
    C:\WINDOWS\system32\eblkfbnn.dll
    C:\WINDOWS\system32\edskyeia.dll
    C:\WINDOWS\system32\eiyokpou.dll
    C:\WINDOWS\system32\eoriudlf.dll
    C:\WINDOWS\system32\eqriyeja.dll
    C:\WINDOWS\system32\eswnwryo.dll
    C:\WINDOWS\system32\eudfxdan.dll
    C:\WINDOWS\system32\fahyfrfr.ini
    C:\WINDOWS\system32\fbaqktin.dll
    C:\WINDOWS\system32\felgomdp.dll
    C:\WINDOWS\system32\ffrwqgmy.dll
    C:\WINDOWS\system32\fgfbgcbn.dll
    C:\WINDOWS\system32\fiqpiqur.dll
    C:\WINDOWS\system32\fmyvvilf.dll
    C:\WINDOWS\system32\fwbwnqyu.dll
    C:\WINDOWS\system32\fwpdvjpy.dll
    C:\WINDOWS\system32\fyfsbfjb.dll
    C:\WINDOWS\system32\gbaycfek.dll
    C:\WINDOWS\system32\gcdfdoff.dll
    C:\WINDOWS\system32\gedgiqbe.dll
    C:\WINDOWS\system32\getnpdtq.dll
    C:\WINDOWS\system32\gfptrnsj.dll
    C:\WINDOWS\system32\ginqbttp.dll
    C:\WINDOWS\system32\gpwdplpr.dll
    C:\WINDOWS\system32\guainojg.dll
    C:\WINDOWS\system32\gwrkflcn.dll
    C:\WINDOWS\system32\gydevftm.dll
    C:\WINDOWS\system32\hbpdcpwl.dll
    C:\WINDOWS\system32\hbxruiym.dll
    C:\WINDOWS\system32\hciipshl.dll
    C:\WINDOWS\system32\heplkieg.dll
    C:\WINDOWS\system32\hercjjpi.dll
    C:\WINDOWS\system32\hgvadbje.dll
    C:\WINDOWS\system32\hqrvtoqs.ini
    C:\WINDOWS\system32\htbtgmdc.dll
    C:\WINDOWS\system32\ihykhwmf.ini
    C:\WINDOWS\system32\iqijcert.dll
    C:\WINDOWS\system32\istvqlaf.dll
    C:\WINDOWS\system32\jaxkgkpo.ini
    C:\WINDOWS\system32\jbjvsktu.dll
    C:\WINDOWS\system32\jiqbtmpt.dll
    C:\WINDOWS\system32\jkjxdbyq.dll
    C:\WINDOWS\system32\jlbpwoml.dll
    C:\WINDOWS\system32\jlxbyxwe.dll
    C:\WINDOWS\system32\jlxlxugj.dll
    C:\WINDOWS\system32\jmgopjbw.dll
    C:\WINDOWS\system32\jopjqvyg.dll
    C:\WINDOWS\system32\jphskopt.dll
    C:\WINDOWS\system32\jqagdiar.dll
    C:\WINDOWS\system32\jxguadnt.dll
    C:\WINDOWS\system32\kedeeoau.dll
    C:\WINDOWS\system32\kpxxylva.dll
    C:\WINDOWS\system32\krbnbsqt.dll
    C:\WINDOWS\system32\ksjxceqy.dll
    C:\WINDOWS\system32\lcbossmf.dll
    C:\WINDOWS\system32\lcptexwq.dll
    C:\WINDOWS\system32\lhbieumn.dll
    C:\WINDOWS\system32\ljrqiknv.dll
    C:\WINDOWS\system32\lmlbcwov.dll
    C:\WINDOWS\system32\lucqabcy.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mhecjqqy.dll
    C:\WINDOWS\system32\mmxxxvhp.dll
    C:\WINDOWS\system32\morhqxoh.dll
    C:\WINDOWS\system32\nckbrtex.dll
    C:\WINDOWS\system32\ncxqxnew.dll
    C:\WINDOWS\system32\nfdweqdx.dll
    C:\WINDOWS\system32\nhsyisxr.dll
    C:\WINDOWS\system32\nmxfaysl.dll
    C:\WINDOWS\system32\nqajxkwt.dll
    C:\WINDOWS\system32\nrfetgvf.dll
    C:\WINDOWS\system32\nteqhunh.dll
    C:\WINDOWS\system32\nymjvttk.ini
    C:\WINDOWS\system32\okbegwqk.dll
    C:\WINDOWS\system32\oksmmdgl.dll
    C:\WINDOWS\system32\oxmuwwvf.dll
    C:\WINDOWS\system32\oynqowhp.ini
    C:\WINDOWS\system32\pelpkmbg.dll
    C:\WINDOWS\system32\piwvkiyl.dll
    C:\WINDOWS\system32\pmnljIYp.dll
    C:\WINDOWS\system32\pnedqbpy.dll
    C:\WINDOWS\system32\preiouon.dll
    C:\WINDOWS\system32\prfeveum.dll
    C:\WINDOWS\system32\prmfpaan.dll
    C:\WINDOWS\system32\psixvtpt.dll
    C:\WINDOWS\system32\psncamml.dll
    C:\WINDOWS\system32\pweibcsm.dll
    C:\WINDOWS\system32\pYIjlnmp.ini
    C:\WINDOWS\system32\pYIjlnmp.ini2
    C:\WINDOWS\system32\qatgtwwi.dll
    C:\WINDOWS\system32\qdbtwiud.dll
    C:\WINDOWS\system32\qdvsryav.dll
    C:\WINDOWS\system32\qpeumcfd.dll
    C:\WINDOWS\system32\qptaflhr.dll
    C:\WINDOWS\system32\qrjudrat.ini
    C:\WINDOWS\system32\qtmrcqhd.dll
    C:\WINDOWS\system32\qtstv.ini
    C:\WINDOWS\system32\qtstv.ini2
    C:\WINDOWS\system32\quxxmjwd.dll
    C:\WINDOWS\system32\rkjashex.dll
    C:\WINDOWS\system32\rmhjiqwu.dll
    C:\WINDOWS\system32\rqcujywv.dll
    C:\WINDOWS\system32\rrtjovoa.dll
    C:\WINDOWS\system32\seyhtbbg.dll
    C:\WINDOWS\system32\shelciyl.dll
    C:\WINDOWS\system32\shixqiuc.dll
    C:\WINDOWS\system32\skxhtmcx.dll
    C:\WINDOWS\system32\slbturfv.dll
    C:\WINDOWS\system32\smnfssge.dll
    C:\WINDOWS\system32\soqffeli.ini
    C:\WINDOWS\system32\spqfxdbs.dll
    C:\WINDOWS\system32\ssyjjdbn.dll
    C:\WINDOWS\system32\tbstumjy.dll
    C:\WINDOWS\system32\tjxmrkmh.dll
    C:\WINDOWS\system32\tqntsiof.dll
    C:\WINDOWS\system32\trtsprmf.dll
    C:\WINDOWS\system32\ttwlljdr.dll
    C:\WINDOWS\system32\ufdtsxis.dll
    C:\WINDOWS\system32\ugggonqc.dll
    C:\WINDOWS\system32\ulmwogjj.dll
    C:\WINDOWS\system32\umdfwaat.dll
    C:\WINDOWS\system32\usnnpnrc.dll
    C:\WINDOWS\system32\uwmndgwa.dll
    C:\WINDOWS\system32\uxiqbbek.dll
    C:\WINDOWS\system32\vbgpkpur.dll
    C:\WINDOWS\system32\vhlnunji.dll
    C:\WINDOWS\system32\vibgpqxo.ini
    C:\WINDOWS\system32\vjkwpphh.dll
    C:\WINDOWS\system32\vnaedspw.dll
    C:\WINDOWS\system32\voighrsr.dll
    C:\WINDOWS\system32\wagpddhe.dll
    C:\WINDOWS\system32\wflovanx.dll
    C:\WINDOWS\system32\wlsembdo.dll
    C:\WINDOWS\system32\wvnvlbtk.dll
    C:\WINDOWS\system32\wydwphkm.ini
    C:\WINDOWS\system32\xaryldic.dll
    C:\WINDOWS\system32\xfkbpxke.dll
    C:\WINDOWS\system32\xkwaskjr.dll
    C:\WINDOWS\system32\xkxarsyf.dll
    C:\WINDOWS\system32\xsswgvbi.dll
    C:\WINDOWS\system32\xviaqgiw.dll
    C:\WINDOWS\system32\ybcvrcmc.dll
    C:\WINDOWS\system32\yckqackd.dll
    C:\WINDOWS\system32\yenoyfaa.dll
    C:\WINDOWS\system32\yohtekaa.ini
    C:\WINDOWS\system32\ysvndebj.dll
    C:\WINDOWS\system32\yvoduicq.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
    .

    2008-06-22 21:53 . 2008-06-22 21:53 0 --a------ C:\osVer00
    2008-06-22 21:19 . 2008-06-22 21:19 51,200 --a------ C:\WINDOWS\system32\__c00B8A10.dat
    2008-06-22 20:06 . 2008-06-22 20:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-22 20:06 . 2008-06-22 20:06 <DIR> d-------- C:\Documents and Settings\Karlo\Application Data\Malwarebytes
    2008-06-22 20:06 . 2008-06-22 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-22 20:06 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-22 20:06 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-22 13:51 . 2008-06-22 20:53 51,200 --------- C:\WINDOWS\system32\__c0012232.dat
    2008-06-21 15:08 . 2008-06-21 15:08 <DIR> d-------- C:\Program Files\Desktop Wallpaper Manager
    2008-06-21 15:06 . 2008-06-21 15:06 <DIR> d-------- C:\temp\Sysfiles
    2008-06-21 15:06 . 2008-06-21 15:06 <DIR> d-------- C:\temp\Setup
    2008-06-21 15:06 . 2008-06-22 21:33 <DIR> d-------- C:\temp\Samples
    2008-06-21 15:06 . 2008-06-21 15:06 <DIR> d-------- C:\temp\Program
    2008-06-21 15:06 . 2008-06-21 15:06 <DIR> d-------- C:\temp
    2008-06-21 12:03 . 2008-06-21 12:03 90,624 --a------ C:\WINDOWS\system32\ppgtpbpo.dll
    2008-06-18 20:49 . 2008-06-19 18:37 <DIR> d-------- C:\WINDOWS\system32\Harry Potter Screen Saver dir
    2008-06-18 20:49 . 2008-06-18 20:49 201,728 --a------ C:\WINDOWS\system32\Harry Potter Screen Saver.scr
    2008-06-11 17:13 . 2008-06-19 23:17 <DIR> d-------- C:\Documents and Settings\Karlo\Application Data\U3
    2008-06-02 16:53 . 2008-06-02 16:53 <DIR> d-------- C:\Program Files\IonCube
    2008-05-31 23:28 . 2008-05-31 23:28 <DIR> d-------- C:\Documents and Settings\Visitor\Application Data\Grisoft
    2008-05-31 23:28 . 2008-05-31 23:28 <DIR> d-------- C:\Documents and Settings\Visitor\Application Data\AIMPro
    2008-05-31 23:28 . 2008-05-31 23:28 <DIR> d-------- C:\Documents and Settings\Visitor\Application Data\acccore
    2008-05-31 23:26 . 2008-05-31 23:26 <DIR> d-------- C:\Documents and Settings\Visitor
    2008-05-30 21:50 . 2005-02-27 18:36 696,473 --a------ C:\WINDOWS\MacSaver v1.0.scr
    2008-05-24 19:54 . 2008-05-24 20:02 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2008-05-23 20:01 . 2008-05-27 22:10 <DIR> d-------- C:\Program Files\Sony
    2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Documents and Settings\Karlo\Application Data\Publish Providers
    2008-05-23 19:30 . 2008-05-23 19:30 <DIR> d-------- C:\Documents and Settings\Karlo\Application Data\Sony
    2008-05-23 19:23 . 2008-05-23 19:23 <DIR> d-------- C:\Program Files\Sony Setup

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-23 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-06-22 12:05 --------- d-----w C:\Program Files\Bonjour
    2008-06-18 12:52 --------- d-----w C:\Program Files\Replay Converter
    2008-06-13 08:27 --------- d-----w C:\Documents and Settings\Karlo\Application Data\LimeWire
    2008-06-02 10:56 --------- d-----w C:\Documents and Settings\Karlo\Application Data\Skype
    2008-06-02 09:29 --------- d-----w C:\Documents and Settings\Karlo\Application Data\skypePM
    2008-05-27 12:40 --------- d-----w C:\Program Files\VstPlugins
    2008-05-27 12:38 --------- d-----w C:\Program Files\Image-Line
    2008-05-27 12:37 --------- d-----w C:\Program Files\Edirol
    2008-05-25 05:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-24 03:50 --------- d-----w C:\Program Files\Cheat Engine
    2008-05-22 08:10 --------- d-----w C:\Program Files\iTunes
    2008-05-22 08:10 --------- d-----w C:\Program Files\iPod
    2008-05-22 08:10 --------- d-----w C:\Documents and Settings\Karlo\Application Data\Apple Computer
    2008-05-22 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-22 08:07 --------- d-----w C:\Program Files\Common Files\Apple
    2008-05-19 10:58 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{F66F5828-6EF5-4CEE-93A1-CB534D874C67}
    2008-05-18 12:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-18 12:27 --------- d-----w C:\Program Files\LucasArts
    2008-05-18 12:25 --------- d-----w C:\Program Files\Electronic Arts
    2008-05-18 12:24 --------- d-----w C:\Program Files\EA GAMES
    2008-05-16 08:12 --------- d--h--r C:\Documents and Settings\Karlo\Application Data\SecuROM
    2008-05-12 09:26 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-05-12 09:24 --------- d-----w C:\Program Files\Ahead
    2008-05-10 05:33 --------- d-----w C:\Program Files\7-Zip
    2008-05-09 01:30 --------- d-----w C:\Program Files\Warcraft III
    2008-05-09 00:14 20 ----a-w C:\sccfg.sys
    2008-05-09 00:14 --------- d-----w C:\Program Files\Folder Lock
    2008-05-05 10:25 --------- d-----w C:\Program Files\Audacity
    2008-04-28 01:30 --------- d-----w C:\Documents and Settings\Guest\Application Data\AIMPro
    2008-04-28 01:30 --------- d-----w C:\Documents and Settings\Guest\Application Data\acccore
    2008-04-27 04:23 --------- d-----w C:\Program Files\Common Files\Nullsoft
    2008-04-27 04:23 --------- d-----w C:\Documents and Settings\Karlo\Application Data\AIM
    2008-04-27 04:23 --------- d-----w C:\Documents and Settings\Karlo\Application Data\acccore
    2008-04-25 11:43 --------- d-----w C:\Program Files\LimeWire
    2008-04-14 05:55 77,824 ----a-w C:\WINDOWS\SkycarUninstall.exe
    2008-03-24 05:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-03-07 09:13 19,894 ----a-w C:\Program Files\Common Files\jebaqohir.com
    2008-03-07 09:13 15,227 ----a-w C:\Program Files\Common Files\idabowoxod.dll
    2008-03-07 09:13 12,371 ----a-w C:\Program Files\Common Files\uwocykohov.exe
    2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1345E13-0244-4BB0-9A44-072B620D5D8C}]
    C:\WINDOWS\system32\vtstq.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
    "Yodm3D"="C:\Documents and Settings\Karlo\Desktop\Desktop\Yodm3D\Yodm3D.exe" [2007-06-26 19:26 2058752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 20:50 88204 C:\WINDOWS\AGRSMMSG.exe]
    "INPROCOMMWireless"="C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe" [ ]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-19 08:42 16248320 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-07-19 08:42 2879488 C:\WINDOWS\SkyTel.exe]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 08:41 53248]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 08:57 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 08:57 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 08:57 118784]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 18:55 6731312]
    "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 17:38 987187]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "SexyDesktopDefender"="c:\Program Files\Desktop Wallpaper Manager\Popup Defender.exe" [2006-03-20 16:32 135168]

    C:\Documents and Settings\Karlo\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-02-23 08:50:40 3450608]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\npdjkrqm]
    npdjkrqm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll 2005-12-06 20:16 176128 C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "msacm.divxa32"= divxa32.acm
    "VIDC.VP31"= vp31vfw.dll
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitLord2\\BitLord.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "C:\\Program Files\\Warcraft III\\War3.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
    "C:\\Documents and Settings\\Karlo\\Application Data\\GarageGames\\IAPlayer\\products\\7000\\install\\Zap.exe"=
    "C:\\Documents and Settings\\Karlo\\Application Data\\GarageGames\\IAPlayer\\products\\5000\\install\\ScrewjumperPC.exe"=
    "C:\\Documents and Settings\\Karlo\\My Documents\\Games\\Soldier of Fortune II\\SoF2MP-Test.exe"=
    "C:\\Program Files\\Safari\\Safari.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 1942 Multiplayer Demo\\BF1942Demo.exe"=

    R2 kqemu;kqemu driver;C:\WINDOWS\system32\drivers\kqemu.sys [2007-02-07 06:32]
    S3 dump_wmimmc;dump_wmimmc;C:\Program Files\OGPlanet\Albatross18\GameGuard\dump_wmimmc.sys []
    S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b36db22c-3787-11dd-9734-00197e4c5dd5}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-21 11:29:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-23 22:12:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\DOCUME~1\Karlo\LOCALS~1\temp\RtkBtMnt.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-23 22:18:35 - machine was rebooted [Karlo]
    ComboFix-quarantined-files.txt 2008-06-23 12:48:30

    Pre-Run: 27,627,700,224 bytes free
    Post-Run: 27,524,403,200 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    383 --- E O F --- 2008-05-17 01:36:22


    ________________________________And the Hjt Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:26:33 PM, on 6/23/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Desktop Wallpaper Manager\Popup Defender.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Karlo\Desktop\Desktop\Yodm3D\Yodm3D.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\DOCUME~1\Karlo\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Karlo\Desktop\Anti-Virus\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pctools.com/en/free-antiv...tm_campaign=av
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {F1345E13-0244-4BB0-9A44-072B620D5D8C} - C:\WINDOWS\system32\vtstq.dll (file missing)
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SexyDesktopDefender] c:\Program Files\Desktop Wallpaper Manager\Popup Defender.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Karlo\Desktop\Desktop\Yodm3D\Yodm3D.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Karlo\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\JiWire\BOT Mapping\Skype4COM.dll (file missing)
    O20 - Winlogon Notify: npdjkrqm - npdjkrqm.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

    --
    End of file - 6782 bytes

    NOTE: THE PROBLEM SEEMS TO HAVE BEEN FIXED!!!! BUT IF YOU THINK THERE IS MORE TO DO, I WOULD APPRECIATE IT!!

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    There's still things left to do. Before those could I see Malwarebytes' Anti-Malware report of your scan, please?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member Ripart's Avatar
    Join Date
    Jun 2008
    Posts
    11

    Default

    THIS IS THE LOG FROM BEFORE THE FIXES.....BEFORE COMBOFIX ETC.

    Malwarebytes' Anti-Malware 1.18
    Database version: 876

    8:54:05 PM 6/22/2008
    mbam-log-6-22-2008 (20-54-05).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 117213
    Time elapsed: 44 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 3
    Registry Keys Infected: 14
    Registry Values Infected: 2
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 122

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\pmnljIYp.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\__c0012232.dat (Trojan.Agent) -> Unloaded module successfully.
    C:\WINDOWS\system32\__c004D7C9.dat (Trojan.Agent) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{635d6c13-b5b4-4f64-9667-aca5ff8f0b56} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{635d6c13-b5b4-4f64-9667-aca5ff8f0b56} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d00f9236 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd33ca1aa (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnljiyp -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\__c0012232.dat -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnljiyp -> Delete on reboot.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\cmiwoijh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hjiowimc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\coscuhax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xahucsoc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dkcexhky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ykhxeckd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ewrclrpi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iprlcrwe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jvwjatpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nptajwvj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kmfgapjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pjpagfmk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\okufmnhu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uhnmfuko.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\olcgwfad.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dafwgclo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnljIYp.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\pYIjlnmp.ini (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\pYIjlnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sdbdyddy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yddydbds.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vpftbump.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmubtfpv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vsvqjbnp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pnbjqvsv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wfawbccg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gccbwafw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karlo\Local Settings\Temporary Internet Files\Content.IE5\SBF0ZOUK\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CCABDD49-BD12-4A56-B27B-D03C9C898EFC}\RP108\A0125799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CCABDD49-BD12-4A56-B27B-D03C9C898EFC}\RP109\A0126799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CCABDD49-BD12-4A56-B27B-D03C9C898EFC}\RP109\A0128799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CCABDD49-BD12-4A56-B27B-D03C9C898EFC}\RP112\A0135799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CCABDD49-BD12-4A56-B27B-D03C9C898EFC}\RP115\A0140799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CCABDD49-BD12-4A56-B27B-D03C9C898EFC}\RP86\A0097096.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CCABDD49-BD12-4A56-B27B-D03C9C898EFC}\RP86\A0097103.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fotklcbg.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fumbcgij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gqrgaqaj.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gtehjcqa.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gugnxpfq.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\heqjhhax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jnruyqam.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ldbwanom.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljyeldmy.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mdylrksk.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mvvkfeje.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nxtxohmx.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\objflwqp.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oiwtghvp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oqwjsnsx.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sggmrvvd.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vpioanwf.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winivstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xgjxmtsw.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ynfdgkis.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dywaiuqu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0012232.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\__c002264.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0023B0D.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002AD34.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002E2F0.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0030CC4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0033620.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00411.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0045F11.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0046DE7.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004887A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00494FD.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004AAD8.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004AC40.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004B792.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004D1A4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004D7C9.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\__c0057B01.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c006FC62.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c007D9FC.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c007F528.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00848D5.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c008501B.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0085C28.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c008B511.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0095CE2.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c009EC89.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00A44B0.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00A5AC6.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00A8B41.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00B311.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00BDDE5.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00C0596.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00C172D.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00C9CE0.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00CC235.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00CE41A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00D01.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00E746E.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00EA7B1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00F0999.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00FC05F.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMdEvSl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXNEVmN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkHXRii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byoivvei.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXNhfgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rqRKDuVp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnnOGwT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnonOHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnkIyaX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnljGAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqnMGyY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtuuSKC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGaaWpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iiffGyvU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifgHWnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJaayYq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJAsTjJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyxxvVl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyyxyVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yaymmiyq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fccDvVLF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfEVLBU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    ________________________________________________________

    I WILL POST A NEW LOG FILE FROM AFTER RUNNING COMBOFIX ETC. JUST INCASE YOU WANT THAT AS WELL, JUST HAVE TO WAIT FOR IT TO FINISH!!!
    THNAK YOU!!

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Ok. I'll wait for the new cf log & hjt log then
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Junior Member Ripart's Avatar
    Join Date
    Jun 2008
    Posts
    11

    Default

    LATEST LOG FROM MALWARE'S ANTI-MALWARE:

    Malwarebytes' Anti-Malware 1.18
    Database version: 876

    6:48:36 PM 6/24/2008
    mbam-log-6-24-2008 (18-48-36).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 114674
    Time elapsed: 34 minute(s), 40 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\__c0012232.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00B8A10.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •