As I know, it is a Kas. behavioral detection from Proactive Defense (simply means KIS does not know what application is causing the detection).
But Fungus don't worry, We'll resolve this with some other tool.
Please, Open NEW Topic in SCF "PC Help Center": http://scforum.info/index.php?action=forum and provide us next info. ASAP:
1. All possible details related to yours problems / infection.
2. Run BitDefender Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html
3. Download & run HijackThis: http://scforum.info/index.php/topic,785.0.html
4. Provide us logs from HijackThis & BitDefender Online Scan
I'll wait your reply (with logs).
Regards,
S.
Samker as you recommended me to use Bitdefender online scan and HijackThis.
I show you logs generated by Bitdefender and HighjackThis.
BitDefender LogsBitDefender QuickScan Beta 32-bit v0.9.9.9
------------------------------------------
Scan date: Thu Mar 18 03:23:21 2010
Machine ID: DC1E65AA
No infection found.
---------------------
Processes
---------
<unsigned> AntiPoisoner.exe 592 C:\cap\AntiPoisoner.exe
<verified> DAEMON Tools Lite 600 C:\Program Files\DAEMON Tools Lite\DTLite.exe
<verified> Firefox 6084 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> GrooveMonitor Utility 416 F:\Program\Microsoft Office\Office12\GrooveMonitor.exe
<verified> Kaspersky Anti-Virus 1232 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
<verified> Kaspersky Anti-Virus 4020 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
<verified> Microsoft® Windows® Operating System 1576 C:\Windows\Explorer.EXE
<verified> Microsoft® Windows® Operating System 1540 C:\Windows\system32\Dwm.exe
<verified> Microsoft® Windows® Operating System 1636 C:\Windows\system32\taskhost.exe
<verified> Microsoft® Windows® Operating System 6104 C:\Windows\system32\wuauclt.exe
<verified> Realtek HD Audio Manager 340 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
<verified> Vypress Chat 2396 F:\Program\Vypress\VyChat.exe
<verified> Windows Live Messenger 1720 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> µTorrent 1444 C:\Program Files\uTorrent\uTorrent.exe
Network activity
----------------
Process uTorrent.exe (1444) connected on port 2491 - 85.216.219.178
Process uTorrent.exe (1444) connected on port 2984 - 41.196.139.234
Process uTorrent.exe (1444) connected on port 10741 - 94.98.100.174
Process uTorrent.exe (1444) connected on port 16226 - 41.238.36.163
Process uTorrent.exe (1444) connected on port 38978 - 70.25.36.141
Process uTorrent.exe (1444) connected on port 53249 - 119.153.178.148
Process uTorrent.exe (1444) connected on port 55214 - 196.210.33.193
Process uTorrent.exe (1444) connected on port 64712 - 60.48.61.45
Process uTorrent.exe (1444) connected on port 65241 - 116.71.170.163
Process uTorrent.exe (1444) connected on port 3921 - 41.230.1.253
Process uTorrent.exe (1444) connected on port 49823 - 41.251.117.115
Process uTorrent.exe (1444) connected on port 33328 - 84.52.141.66
Process uTorrent.exe (1444) connected on port 29344 - 188.51.92.14
Process uTorrent.exe (1444) connected on port 58333 - 92.96.38.168
Process uTorrent.exe (1444) connected on port 40687 - 81.192.211.175
Process uTorrent.exe (1444) connected on port 62862 - 123.2.151.132
Process uTorrent.exe (1444) connected on port 59835 - 94.141.194.230
Process uTorrent.exe (1444) connected on port 10748 - 117.102.43.126
Process uTorrent.exe (1444) connected on port 33482 - 213.91.243.23
Process uTorrent.exe (1444) connected on port 2450 - 119.155.5.104
Process uTorrent.exe (1444) connected on port 29405 - 94.99.80.214
Process uTorrent.exe (1444) connected on port 34363 - 178.41.4.3
Process uTorrent.exe (1444) connected on port 3413 - 91.144.12.11
Process uTorrent.exe (1444) connected on port 56612 - 81.111.165.76
Process uTorrent.exe (1444) connected on port 52380 - 95.155.64.217
Process uTorrent.exe (1444) connected on port 46410 - 78.98.236.86
Process uTorrent.exe (1444) connected on port 32037 - 78.144.207.151
Process uTorrent.exe (1444) connected on port 46806 - 80.227.206.95
Process uTorrent.exe (1444) connected on port 22956 - 115.133.216.155
Process uTorrent.exe (1444) connected on port 61771 - 118.42.98.155
Process uTorrent.exe (1444) listens on ports: 45157
Process VyChat.exe (2396) listens on ports: 8167
Autoruns and critical files
---------------------------
<verified> Adobe Acrobat F:\Program\Adobe Reader\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\DTLite.exe
<verified> GrooveMonitor Utility F:\Program\Microsoft Office\Office12\GrooveMonitor.exe
<verified> GrooveShellExtensions Module F:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
<verified> Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
<verified> Kaspersky Anti-Virus c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll
<verified> Kaspersky Anti-Virus C:\Windows\system32\klogon.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> µTorrent C:\Program Files\uTorrent\uTorrent.exe
Browser plugins
---------------
<verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> BitDefender QuickScan C:\Users\fungus\AppData\Roaming\Mozilla\Firefox\Profiles/5x7imrtd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\fungus\AppData\Roaming\Mozilla\Firefox\Profiles/5x7imrtd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<verified> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
<verified> GrooveShellExtensions Module F:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
<verified> Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
<verified> Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
Missing files
-------------
File not found: c:\windows\system32\dreamscene.dll
referenced in: HKCR\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InprocServer32\(default)
Scan
----
<unsigned> MD5: 72a911916a542299b0352f18b98c0348 C:\cap\AntiPoisoner.exe
<unsigned> MD5: fcc244da361936e8186a2cf24df7d7e7 C:\Program Files\DAEMON Tools Lite\mfc80u.dll
<unsigned> MD5: 462e2f4886a0b389d4fda12a15f8219a C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 52d4d6ec27a57313ab9f90e242c3cfa4 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: a87b04299a14747bbcbe8cb4147612c2 C:\Program Files\Mozilla Firefox\softokn3.dll
No file uploaded.
Scan finished - communication took 5 sec
Total traffic - 0.00 MB sent, 0.12 KB recvd
Scanned 761 files and modules - 17 seconds
HijackThis Logs.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:06 AM, on 17/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
F:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\cap\AntiPoisoner.exe
F:\Program\Vypress\VyChat.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AntiPoisoner.lnk = C:\cap\AntiPoisoner.exe
O4 - Global Startup: Vypress Chat StartUp.lnk = ?
O8 - Extra context menu item: &Download with &DAP - F:\Program\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program\DAP Premium\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Program\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - F:\xampp\apache\bin\apache.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mysql - Unknown owner - F:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 6030 bytes
When my pc was being scanned by HijackThis. an error comes up.
and this the error image.
I hope someone has a solution for this problem.