Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages V   1 2 >  
Closed TopicStart new topic
> PC anti-spyware 2010, bravia.exe, help
Tecle
post Aug 14 2009, 07:09 AM
Post #1


New Member
*

Group: Members
Posts: 10
Joined: 14-August 09
Member No.: 364,312
I have ran Malwarebytes anti-malware in both normal and safe mode, I have run smitfraudfix in Safe mode. I keep getting the red circle with white x in the bottom corner of my toolbar and pc anit-spyware 2010. between malaware bytes and smitfraudfix I think I have been able to get rid of the x twice, but as soon as the computer boots up it reboots and everything is back.

here is my DDS.txt:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Stephanie Brookover at 7:50:24.90 on Fri 08/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1836 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost
C:\WINDOWS\System32\svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Stephanie Brookover\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\stephanie brookover\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CTSVolFE] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [braviax]
StartupFolder: c:\documents and settings\stephanie brookover\start menu\programs\startup\ikowin32.exe
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stepha~1\applic~1\mozilla\firefox\profiles\3bfsaotd.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\stephanie brookover\application data\mozilla\firefox\profiles\3bfsaotd.default\extensions\moveplayer@movenetwork
s.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\stephanie brookover\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 gupdate1c9ecdee64070cc;Google Update Service (gupdate1c9ecdee64070cc);c:\program files\google\update\GoogleUpdate.exe [2009-6-14 133104]
S3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-8-13 29208]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-8-13 29208]

=============== Created Last 30 ================

2009-08-14 07:34 19,024 a------- c:\windows\gubekog.db
2009-08-14 07:34 18,667 a------- c:\docume~1\alluse~1\applic~1\lumug.vbs
2009-08-14 07:34 18,041 a------- c:\docume~1\alluse~1\applic~1\egexi.bat
2009-08-14 07:34 17,966 a------- c:\docume~1\stepha~1\applic~1\igelezaxih.scr
2009-08-14 07:34 17,074 a------- c:\program files\common files\awoceb.dll
2009-08-14 07:34 16,772 a------- c:\windows\esibywe.sys
2009-08-14 07:34 16,506 a------- c:\program files\common files\huracurehu.sys
2009-08-14 07:34 15,568 a------- c:\program files\common files\ebogufeqo.sys
2009-08-14 07:34 14,155 a------- c:\windows\mapumaqudy.inf
2009-08-14 07:34 12,976 a------- c:\docume~1\stepha~1\applic~1\fibe.bat
2009-08-14 07:34 12,727 a------- c:\program files\common files\bopic.dll
2009-08-14 07:34 12,446 a------- c:\docume~1\alluse~1\applic~1\ozidy.sys
2009-08-14 07:34 12,161 a------- c:\windows\uwejobyxo.com
2009-08-14 07:34 11,768 a------- c:\windows\system32\wurero.pif
2009-08-14 07:27 <DIR> --d----- C:\PC_Antispyware2010
2009-08-14 07:20 27,004 a------- c:\windows\system32\msword98.exe
2009-08-14 07:20 27,004 a------- c:\documents and settings\stephanie brookover\msword98.exe
2009-08-14 07:19 16,588 a------- c:\windows\system32\ejizymidug.bin
2009-08-14 07:19 16,411 a------- c:\windows\system32\carose.dl
2009-08-14 07:19 16,130 a------- c:\windows\alak.com
2009-08-14 07:19 14,778 a------- c:\windows\exidi.pif
2009-08-14 07:19 13,892 a------- c:\windows\system32\yqapimapo.bat
2009-08-14 07:19 12,926 a------- c:\windows\exij.lib
2009-08-14 07:19 12,247 a------- c:\docume~1\alluse~1\applic~1\ivigekipu.pif
2009-08-14 07:19 11,910 a------- c:\docume~1\alluse~1\applic~1\oxywuqanav.dat
2009-08-14 07:19 11,731 a------- c:\windows\system32\fudax.dll
2009-08-14 07:19 11,102 a------- c:\windows\system32\hapum.bat
2009-08-14 07:19 10,498 a------- c:\program files\common files\wywulyj.bat
2009-08-14 07:19 12,826 a------- c:\windows\ebug.vbs
2009-08-14 07:19 11,023 a------- c:\windows\system32\ypat.com
2009-08-14 07:19 347,691 a------- c:\windows\system32\_scui.cpl
2009-08-14 07:19 <DIR> --d----- c:\program files\PC_Antispyware2010
2009-08-14 07:13 29,184 a------- c:\windows\system32\dllcache\figaro.sys
2009-08-14 07:04 11,264 a------- c:\windows\system32\braviax.exe
2009-08-14 07:02 11,264 a------- c:\windows\braviax.exe
2009-08-14 07:02 6,144 a------- c:\windows\system32\cru629.dat
2009-08-14 07:02 6,144 a------- c:\windows\cru629.dat
2009-08-14 06:57 29,184 a------- c:\windows\system32\drivers\beep.sys
2009-08-13 21:47 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-08-13 21:47 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-08-13 21:47 <DIR> --d----- c:\program files\AVG
2009-08-13 21:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-13 20:51 11,264 a------- c:\windows\system32\braviax.ex_
2009-08-13 20:48 <DIR> --d----- c:\docume~1\stepha~1\applic~1\AVG8
2009-08-13 20:29 19,468 a------- c:\docume~1\stepha~1\applic~1\sakaryfiq.dll
2009-08-13 20:29 19,095 a------- c:\windows\rawyvo.scr
2009-08-13 20:29 18,814 a------- c:\windows\ibajupe.vbs
2009-08-13 20:29 17,591 a------- c:\windows\system32\folodedyt.bat
2009-08-13 20:29 16,607 a------- c:\windows\nicodad.dl
2009-08-13 20:29 15,531 a------- c:\program files\common files\upibo.sys
2009-08-13 20:29 14,384 a------- c:\docume~1\alluse~1\applic~1\ijyp.reg
2009-08-13 20:29 13,956 a------- c:\windows\ozapiw.ban
2009-08-13 20:29 13,890 a------- c:\windows\system32\enus.dat
2009-08-13 20:29 12,375 a------- c:\program files\common files\ogoz.pif
2009-08-13 20:29 12,294 a------- c:\windows\awef.bin
2009-08-13 20:29 12,244 a------- c:\windows\system32\cehyzubepo.reg
2009-08-13 20:29 11,805 a------- c:\docume~1\alluse~1\applic~1\nihimajyk.reg
2009-08-13 20:29 11,551 a------- c:\windows\lebe.ban
2009-08-13 20:29 11,133 a------- c:\windows\cidi.dat
2009-08-13 20:29 11,104 a------- c:\docume~1\stepha~1\applic~1\fevys.scr
2009-08-13 20:29 10,260 a------- c:\docume~1\stepha~1\applic~1\yxihyziqeg.pif
2009-08-13 20:25 18,748 a------- c:\windows\ogejar.dl
2009-08-13 20:25 15,988 a------- c:\windows\ezybolew.ban
2009-08-13 20:25 15,668 a------- c:\windows\sukeqorawy.lib
2009-08-13 20:25 15,545 a------- c:\windows\vodypepa.sys
2009-08-13 20:25 14,100 a------- c:\program files\common files\uwisilil.scr
2009-08-13 20:25 13,339 a------- c:\windows\wedege.vbs
2009-08-13 20:25 12,946 a------- c:\windows\system32\jaregi._sy
2009-08-13 20:25 12,288 a------- c:\windows\system32\ewed.reg
2009-08-13 20:25 11,438 a------- c:\program files\common files\rozimyr.com
2009-08-13 20:25 10,641 a------- c:\windows\isij.reg
2009-08-13 20:10 29,184 a------- c:\windows\system32\dllcache\beep.sys
2009-08-13 19:38 191,131 a------- c:\windows\system32\wisdstr.exe
2009-08-13 08:42 19,983 a------- c:\windows\upaler._dl
2009-08-13 08:42 19,435 a------- c:\windows\xifemuw.ban
2009-08-13 08:42 19,192 a------- c:\windows\digoqyb.lib
2009-08-13 08:42 18,285 a------- c:\program files\common files\gosucyveqo.vbs
2009-08-13 08:42 15,715 a------- c:\windows\focycary.dl
2009-08-13 08:42 14,288 a------- c:\docume~1\alluse~1\applic~1\ivodeko.vbs
2009-08-13 08:42 13,390 a------- c:\windows\ysexuze.ban
2009-08-13 08:42 11,288 a------- c:\program files\common files\hyjiveje.dat
2009-08-13 08:42 11,221 a------- c:\windows\system32\bafexa.pif
2009-08-13 08:42 10,830 a------- c:\windows\system32\takucuxepu.inf
2009-08-13 08:42 10,751 a------- c:\windows\jomidig.com
2009-08-13 08:42 10,036 a------- c:\windows\ruqicyv._dl
2009-08-13 08:35 104,064 a------- c:\windows\system32\drivers\ccce7d46.sys
2009-08-13 08:34 47,744 a------- c:\windows\system32\drivers\f1683ce2.sys
2009-08-13 07:30 18,139 a------- c:\windows\system32\davifofu.reg
2009-08-13 07:30 15,008 a------- c:\windows\bulymyd.lib
2009-08-13 07:30 14,556 a------- c:\windows\system32\mubyhuho._sy
2009-08-13 07:30 13,326 a------- c:\program files\common files\popex.bin
2009-08-13 07:30 13,267 a------- c:\windows\uviv.bin
2009-08-13 07:30 12,193 a------- c:\windows\gyficykydu.exe
2009-08-13 07:30 11,804 a------- c:\program files\common files\wyzyzylodu.dat
2009-08-13 07:30 10,955 a------- c:\windows\tybuta.vbs
2009-08-13 07:30 10,088 a------- c:\docume~1\alluse~1\applic~1\gucemusaq.reg
2009-08-13 03:00 1,374 a------- c:\windows\imsins.BAK
2009-08-12 23:00 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 22:00 19,580 a------- c:\windows\system32\pycywo.reg
2009-08-12 22:00 18,337 a------- c:\windows\jogus.inf
2009-08-12 22:00 17,437 a------- c:\windows\tahofupuf.ban
2009-08-12 22:00 14,340 a------- c:\windows\akebyfyno.lib
2009-08-12 22:00 13,588 a------- c:\windows\system32\igaxag.sys
2009-08-12 22:00 13,404 a------- c:\windows\ogyqidany._sy
2009-08-12 22:00 12,893 a------- c:\windows\system32\qajyjukuz.bin
2009-08-12 22:00 11,763 a------- c:\program files\common files\ujibuwo.pif
2009-08-12 22:00 11,413 a------- c:\windows\nuguq.bat
2009-08-12 22:00 10,372 a------- c:\windows\system32\ubidemexi.scr
2009-08-12 21:52 0 a------- c:\windows\system32\drivers\OLD11.tmp
2009-08-12 21:52 47,744 a------- c:\windows\system32\drivers\63e5ef01.sys
2009-08-12 21:36 18,288 a------- c:\windows\yjil.bat
2009-08-12 21:36 18,197 a------- c:\windows\system32\vedyqyduk.dl
2009-08-12 21:36 17,934 a------- c:\program files\common files\ahiku.dat
2009-08-12 21:36 17,466 a------- c:\program files\common files\jofa.vbs
2009-08-12 21:36 16,585 a------- c:\docume~1\alluse~1\applic~1\duqygazu.bat
2009-08-12 21:36 16,406 a------- c:\windows\orotemimis.reg
2009-08-12 21:36 14,923 a------- c:\program files\common files\jigoceja.pif
2009-08-12 21:36 14,366 a------- c:\windows\fari.scr
2009-08-12 21:36 14,245 a------- c:\windows\system32\memyriku.db
2009-08-12 21:36 13,186 a------- c:\windows\ajyd._dl
2009-08-12 21:36 12,622 a------- c:\windows\eluso.exe
2009-08-12 21:36 12,123 a------- c:\windows\system32\ahama.ban
2009-08-12 21:36 11,120 a------- c:\program files\common files\zewiboho.pif
2009-08-12 21:36 10,834 a------- c:\docume~1\alluse~1\applic~1\oxuzyxuha.com
2009-08-12 21:36 10,352 a------- c:\windows\system32\ysatadyh._dl
2009-08-12 20:48 <DIR> --d----- c:\program files\Enigma Software Group
2009-08-12 17:30 19,028 a------- c:\windows\system32\evamumidot.inf
2009-08-12 17:30 17,445 a------- c:\windows\ibeqetumix.lib
2009-08-12 17:30 16,006 a------- c:\docume~1\stepha~1\applic~1\pukyborow.dll
2009-08-12 17:30 15,793 a------- c:\windows\ymuv.dat
2009-08-12 17:30 14,398 a------- c:\windows\system32\ucege.bin
2009-08-12 17:30 10,568 a------- c:\windows\udox.db
2009-08-12 17:30 10,498 a------- c:\windows\fytoribob.inf
2009-08-12 10:27 <DIR> --d----- c:\docume~1\stepha~1\applic~1\Malwarebytes
2009-08-12 10:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 10:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-12 10:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-12 10:05 <DIR> --d----- C:\Lop SD
2009-08-12 09:35 2,296 a------- c:\windows\system32\tmp.reg
2009-08-12 09:15 <DIR> --d----- c:\program files\Trend Micro
2009-08-12 07:51 619,584 a------- c:\windows\system32\dllcache\ntfs.sys
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-21 06:49 <DIR> --d----- c:\program files\CamelCasino
2009-07-17 15:01 58,880 a------- c:\windows\system32\SET33.tmp
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll

==================== Find3M ====================

2009-08-14 07:19 12,072 a------- c:\program files\common files\ujydek.dl
2009-08-14 07:19 10,702 a------- c:\program files\common files\tozace.inf
2009-08-13 20:29 16,167 a------- c:\program files\common files\ujavuresu.ban
2009-08-13 20:29 14,568 a------- c:\program files\common files\upabi._dl
2009-08-13 20:29 12,155 a------- c:\program files\common files\orijibu._sy
2009-08-13 08:42 16,769 a------- c:\program files\common files\vumep.lib
2009-08-13 07:30 10,772 a------- c:\program files\common files\laguzibi._dl
2009-08-12 22:00 10,148 a------- c:\program files\common files\urowubud.dl
2009-08-12 17:30 14,235 a------- c:\program files\common files\garaqida.ban
2009-08-12 17:30 10,744 a------- c:\program files\common files\tenyla.lib
2009-08-12 08:24 156,388 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-08-12 07:51 619,584 a------- c:\windows\system32\drivers\ntfs.sys
2009-08-06 23:16 27,878 a------- c:\docume~1\stepha~1\applic~1\wklnhst.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2006-08-17 21:59 63,624 ac------ c:\docume~1\stepha~1\applic~1\GDIPFONTCACHEV1.DAT
2007-06-24 22:36 8 ---shr-- c:\windows\system32\83F464E93C.sys
2006-09-09 15:59 88 ---shr-- c:\windows\system32\B90F8A6C06.sys
2008-12-17 07:22 14,084 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-17 04:08 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121720081218\index.dat

============= FINISH: 7:50:37.96 ===============

ps girlfriends computer, my computer is right next to it, so i can read and do what u ask at the same time.

Merged posts. ~ OB

This post has been edited by Orange Blossom: Aug 14 2009, 12:56 PM
Attached File(s)
Attached File  Attach.zip ( 4.16k ) Number of downloads: 9
 
Go to the top of the page
 
+Quote Post
schrauber
post Aug 25 2009, 01:21 AM
Post #2


Mr.Mechanic
******

Group: HJT Team
Posts: 7,601
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


--------------------
regards,
schrauber




If I've not posted back within 24 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
Orange Blossom
post Sep 3 2009, 01:23 PM
Post #3


OBleepin Investigator
******

Group: Moderator
Posts: 19,717
Joined: 14-July 06
From: Bloomington, IN
Member No.: 76,150
Topic reopened.

@ Tecle,

Please follow the instructions in the previous post.

Orange Blossom fruits_cherry.gif


--------------------
Orange Blossom

An ounce of prevention is worth a pound of cure

ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
Go to the top of the page
 
+Quote Post
Tecle
post Sep 3 2009, 08:16 PM
Post #4


New Member
*

Group: Members
Posts: 10
Joined: 14-August 09
Member No.: 364,312
Attach.txt:

==== Installed Programs ======================

32 bit Windows Card Reader Driver
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
CamelCasino
CCleaner (remove only)
Combined Community Codec Pack 2008-01-24
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DivX
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mixer
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
Sound Blaster Audigy ADVANCED MB Demo
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

9/3/2009 9:12:27 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
9/3/2009 9:12:27 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
9/3/2009 9:11:17 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

==== End Of File ===========================


and my dds.txt:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Stephanie Brookover at 21:12:33.17 on Thu 09/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1924 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
svchost
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Documents and Settings\Stephanie Brookover\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\stephanie brookover\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CTSVolFE] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [braviax] braviax.exe
dRun: [braviax]
StartupFolder: c:\documents and settings\stephanie brookover\start menu\programs\startup\ikowin32.exe
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli msnfxwmc.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 gupdate1c9ecdee64070cc;Google Update Service (gupdate1c9ecdee64070cc);c:\program files\google\update\GoogleUpdate.exe [2009-6-14 133104]
S3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-8-13 29208]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-8-13 29208]

=============== Created Last 30 ================

2009-08-14 07:34 19,024 a------- c:\windows\gubekog.db
2009-08-14 07:34 18,667 a------- c:\docume~1\alluse~1\applic~1\lumug.vbs
2009-08-14 07:34 18,041 a------- c:\docume~1\alluse~1\applic~1\egexi.bat
2009-08-14 07:34 17,966 a------- c:\docume~1\stepha~1\applic~1\igelezaxih.scr
2009-08-14 07:34 17,074 a------- c:\program files\common files\awoceb.dll
2009-08-14 07:34 16,772 a------- c:\windows\esibywe.sys
2009-08-14 07:34 16,506 a------- c:\program files\common files\huracurehu.sys
2009-08-14 07:34 15,568 a------- c:\program files\common files\ebogufeqo.sys
2009-08-14 07:34 14,155 a------- c:\windows\mapumaqudy.inf
2009-08-14 07:34 12,976 a------- c:\docume~1\stepha~1\applic~1\fibe.bat
2009-08-14 07:34 12,727 a------- c:\program files\common files\bopic.dll
2009-08-14 07:34 12,446 a------- c:\docume~1\alluse~1\applic~1\ozidy.sys
2009-08-14 07:34 12,161 a------- c:\windows\uwejobyxo.com
2009-08-14 07:34 11,768 a------- c:\windows\system32\wurero.pif
2009-08-14 07:27 <DIR> --d----- C:\PC_Antispyware2010
2009-08-14 07:20 27,004 a------- c:\windows\system32\msword98.exe
2009-08-14 07:20 27,004 a------- c:\documents and settings\stephanie brookover\msword98.exe
2009-08-14 07:19 16,588 a------- c:\windows\system32\ejizymidug.bin
2009-08-14 07:19 16,411 a------- c:\windows\system32\carose.dl
2009-08-14 07:19 16,130 a------- c:\windows\alak.com
2009-08-14 07:19 14,778 a------- c:\windows\exidi.pif
2009-08-14 07:19 13,892 a------- c:\windows\system32\yqapimapo.bat
2009-08-14 07:19 12,926 a------- c:\windows\exij.lib
2009-08-14 07:19 12,247 a------- c:\docume~1\alluse~1\applic~1\ivigekipu.pif
2009-08-14 07:19 11,910 a------- c:\docume~1\alluse~1\applic~1\oxywuqanav.dat
2009-08-14 07:19 11,731 a------- c:\windows\system32\fudax.dll
2009-08-14 07:19 11,102 a------- c:\windows\system32\hapum.bat
2009-08-14 07:19 10,498 a------- c:\program files\common files\wywulyj.bat
2009-08-14 07:19 12,826 a------- c:\windows\ebug.vbs
2009-08-14 07:19 11,023 a------- c:\windows\system32\ypat.com
2009-08-14 07:19 347,691 a------- c:\windows\system32\_scui.cpl
2009-08-14 07:19 <DIR> --d----- c:\program files\PC_Antispyware2010
2009-08-14 07:04 11,264 a------- c:\windows\system32\braviax.exe
2009-08-14 07:02 11,264 a------- c:\windows\braviax.exe
2009-08-14 07:02 6,144 a------- c:\windows\system32\cru629.dat
2009-08-14 07:02 6,144 a------- c:\windows\cru629.dat
2009-08-14 06:57 29,184 a------- c:\windows\system32\drivers\beep.sys
2009-08-13 21:47 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-08-13 21:47 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-08-13 21:47 <DIR> --d----- c:\program files\AVG
2009-08-13 21:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-13 20:51 11,264 a------- c:\windows\system32\braviax.ex_
2009-08-13 20:48 <DIR> --d----- c:\docume~1\stepha~1\applic~1\AVG8
2009-08-13 20:29 19,468 a------- c:\docume~1\stepha~1\applic~1\sakaryfiq.dll
2009-08-13 20:29 19,095 a------- c:\windows\rawyvo.scr
2009-08-13 20:29 18,814 a------- c:\windows\ibajupe.vbs
2009-08-13 20:29 17,591 a------- c:\windows\system32\folodedyt.bat
2009-08-13 20:29 16,607 a------- c:\windows\nicodad.dl
2009-08-13 20:29 15,531 a------- c:\program files\common files\upibo.sys
2009-08-13 20:29 14,384 a------- c:\docume~1\alluse~1\applic~1\ijyp.reg
2009-08-13 20:29 13,956 a------- c:\windows\ozapiw.ban
2009-08-13 20:29 13,890 a------- c:\windows\system32\enus.dat
2009-08-13 20:29 12,375 a------- c:\program files\common files\ogoz.pif
2009-08-13 20:29 12,294 a------- c:\windows\awef.bin
2009-08-13 20:29 12,244 a------- c:\windows\system32\cehyzubepo.reg
2009-08-13 20:29 11,805 a------- c:\docume~1\alluse~1\applic~1\nihimajyk.reg
2009-08-13 20:29 11,551 a------- c:\windows\lebe.ban
2009-08-13 20:29 11,133 a------- c:\windows\cidi.dat
2009-08-13 20:29 11,104 a------- c:\docume~1\stepha~1\applic~1\fevys.scr
2009-08-13 20:29 10,260 a------- c:\docume~1\stepha~1\applic~1\yxihyziqeg.pif
2009-08-13 20:25 18,748 a------- c:\windows\ogejar.dl
2009-08-13 20:25 15,988 a------- c:\windows\ezybolew.ban
2009-08-13 20:25 15,668 a------- c:\windows\sukeqorawy.lib
2009-08-13 20:25 15,545 a------- c:\windows\vodypepa.sys
2009-08-13 20:25 14,100 a------- c:\program files\common files\uwisilil.scr
2009-08-13 20:25 13,339 a------- c:\windows\wedege.vbs
2009-08-13 20:25 12,946 a------- c:\windows\system32\jaregi._sy
2009-08-13 20:25 12,288 a------- c:\windows\system32\ewed.reg
2009-08-13 20:25 11,438 a------- c:\program files\common files\rozimyr.com
2009-08-13 20:25 10,641 a------- c:\windows\isij.reg
2009-08-13 20:10 29,184 a------- c:\windows\system32\dllcache\beep.sys
2009-08-13 19:38 191,131 a------- c:\windows\system32\wisdstr.exe
2009-08-13 08:42 19,983 a------- c:\windows\upaler._dl
2009-08-13 08:42 19,435 a------- c:\windows\xifemuw.ban
2009-08-13 08:42 19,192 a------- c:\windows\digoqyb.lib
2009-08-13 08:42 18,285 a------- c:\program files\common files\gosucyveqo.vbs
2009-08-13 08:42 15,715 a------- c:\windows\focycary.dl
2009-08-13 08:42 14,288 a------- c:\docume~1\alluse~1\applic~1\ivodeko.vbs
2009-08-13 08:42 13,390 a------- c:\windows\ysexuze.ban
2009-08-13 08:42 11,288 a------- c:\program files\common files\hyjiveje.dat
2009-08-13 08:42 11,221 a------- c:\windows\system32\bafexa.pif
2009-08-13 08:42 10,830 a------- c:\windows\system32\takucuxepu.inf
2009-08-13 08:42 10,751 a------- c:\windows\jomidig.com
2009-08-13 08:42 10,036 a------- c:\windows\ruqicyv._dl
2009-08-13 08:35 104,064 a------- c:\windows\system32\drivers\ccce7d46.sys
2009-08-13 08:34 47,744 a------- c:\windows\system32\drivers\f1683ce2.sys
2009-08-13 07:30 18,139 a------- c:\windows\system32\davifofu.reg
2009-08-13 07:30 15,008 a------- c:\windows\bulymyd.lib
2009-08-13 07:30 14,556 a------- c:\windows\system32\mubyhuho._sy
2009-08-13 07:30 13,326 a------- c:\program files\common files\popex.bin
2009-08-13 07:30 13,267 a------- c:\windows\uviv.bin
2009-08-13 07:30 12,193 a------- c:\windows\gyficykydu.exe
2009-08-13 07:30 11,804 a------- c:\program files\common files\wyzyzylodu.dat
2009-08-13 07:30 10,955 a------- c:\windows\tybuta.vbs
2009-08-13 07:30 10,088 a------- c:\docume~1\alluse~1\applic~1\gucemusaq.reg
2009-08-13 03:00 1,374 a------- c:\windows\imsins.BAK
2009-08-12 23:00 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 22:00 19,580 a------- c:\windows\system32\pycywo.reg
2009-08-12 22:00 18,337 a------- c:\windows\jogus.inf
2009-08-12 22:00 17,437 a------- c:\windows\tahofupuf.ban
2009-08-12 22:00 14,340 a------- c:\windows\akebyfyno.lib
2009-08-12 22:00 13,588 a------- c:\windows\system32\igaxag.sys
2009-08-12 22:00 13,404 a------- c:\windows\ogyqidany._sy
2009-08-12 22:00 12,893 a------- c:\windows\system32\qajyjukuz.bin
2009-08-12 22:00 11,763 a------- c:\program files\common files\ujibuwo.pif
2009-08-12 22:00 11,413 a------- c:\windows\nuguq.bat
2009-08-12 22:00 10,372 a------- c:\windows\system32\ubidemexi.scr
2009-08-12 21:52 0 a------- c:\windows\system32\drivers\OLD11.tmp
2009-08-12 21:52 47,744 a------- c:\windows\system32\drivers\63e5ef01.sys
2009-08-12 21:36 18,288 a------- c:\windows\yjil.bat
2009-08-12 21:36 18,197 a------- c:\windows\system32\vedyqyduk.dl
2009-08-12 21:36 17,934 a------- c:\program files\common files\ahiku.dat
2009-08-12 21:36 17,466 a------- c:\program files\common files\jofa.vbs
2009-08-12 21:36 16,585 a------- c:\docume~1\alluse~1\applic~1\duqygazu.bat
2009-08-12 21:36 16,406 a------- c:\windows\orotemimis.reg
2009-08-12 21:36 14,923 a------- c:\program files\common files\jigoceja.pif
2009-08-12 21:36 14,366 a------- c:\windows\fari.scr
2009-08-12 21:36 14,245 a------- c:\windows\system32\memyriku.db
2009-08-12 21:36 13,186 a------- c:\windows\ajyd._dl
2009-08-12 21:36 12,622 a------- c:\windows\eluso.exe
2009-08-12 21:36 12,123 a------- c:\windows\system32\ahama.ban
2009-08-12 21:36 11,120 a------- c:\program files\common files\zewiboho.pif
2009-08-12 21:36 10,834 a------- c:\docume~1\alluse~1\applic~1\oxuzyxuha.com
2009-08-12 21:36 10,352 a------- c:\windows\system32\ysatadyh._dl
2009-08-12 20:48 <DIR> --d----- c:\program files\Enigma Software Group
2009-08-12 17:30 19,028 a------- c:\windows\system32\evamumidot.inf
2009-08-12 17:30 17,445 a------- c:\windows\ibeqetumix.lib
2009-08-12 17:30 16,006 a------- c:\docume~1\stepha~1\applic~1\pukyborow.dll
2009-08-12 17:30 15,793 a------- c:\windows\ymuv.dat
2009-08-12 17:30 14,398 a------- c:\windows\system32\ucege.bin
2009-08-12 17:30 10,568 a------- c:\windows\udox.db
2009-08-12 17:30 10,498 a------- c:\windows\fytoribob.inf
2009-08-12 10:27 <DIR> --d----- c:\docume~1\stepha~1\applic~1\Malwarebytes
2009-08-12 10:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 10:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-12 10:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-12 10:05 <DIR> --d----- C:\Lop SD
2009-08-12 09:35 2,296 a------- c:\windows\system32\tmp.reg
2009-08-12 09:15 <DIR> --d----- c:\program files\Trend Micro
2009-08-12 07:51 619,584 a------- c:\windows\system32\dllcache\ntfs.sys
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-14 07:19 12,072 a------- c:\program files\common files\ujydek.dl
2009-08-14 07:19 10,702 a------- c:\program files\common files\tozace.inf
2009-08-13 20:29 16,167 a------- c:\program files\common files\ujavuresu.ban
2009-08-13 20:29 14,568 a------- c:\program files\common files\upabi._dl
2009-08-13 20:29 12,155 a------- c:\program files\common files\orijibu._sy
2009-08-13 08:42 16,769 a------- c:\program files\common files\vumep.lib
2009-08-13 07:30 10,772 a------- c:\program files\common files\laguzibi._dl
2009-08-12 22:00 10,148 a------- c:\program files\common files\urowubud.dl
2009-08-12 17:30 14,235 a------- c:\program files\common files\garaqida.ban
2009-08-12 17:30 10,744 a------- c:\program files\common files\tenyla.lib
2009-08-12 08:24 156,388 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-08-12 07:51 619,584 a------- c:\windows\system32\drivers\ntfs.sys
2009-08-06 23:16 27,878 a------- c:\docume~1\stepha~1\applic~1\wklnhst.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\SET33.tmp
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2006-08-17 21:59 63,624 ac------ c:\docume~1\stepha~1\applic~1\GDIPFONTCACHEV1.DAT
2007-06-24 22:36 8 ---shr-- c:\windows\system32\83F464E93C.sys
2006-09-09 15:59 88 ---shr-- c:\windows\system32\B90F8A6C06.sys
2008-12-17 07:22 14,084 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-17 04:08 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121720081218\index.dat

============= FINISH: 21:12:44.54 ===============
Go to the top of the page
 
+Quote Post
farbar
post Sep 9 2009, 11:57 AM
Post #5


Bleeping Curious
******

Group: HJT Team
Posts: 8,646
Joined: 8-December 07
From: The Netherlands
Member No.: 175,240
Hi Tecle,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Download RootRepeal.exe from one of these download locations and save it to your desktop:
http://download.bleepingcomputer.com/rootr.../RootRepeal.exe
http://ad13.geekstogo.com/RootRepeal.exe
http://rootrepeal.psikotick.com/RootRepeal.exe
  • Open on your desktop.
  • Click the tab.
  • Click the button.
  • Check all seven boxes:
  • Click Ok.
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


--------------------

This is a voluntary free service. However, if you would like to donate click here
Go to the top of the page
 
+Quote Post
Tecle
post Sep 10 2009, 06:14 AM
Post #6


New Member
*

Group: Members
Posts: 10
Joined: 14-August 09
Member No.: 364,312
No problem on the delay, thanx for your time and help. here is the rootrepeal :







ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/10 07:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ccce7d46.sys
Image Path: C:\WINDOWS\System32\drivers\ccce7d46.sys
Address: 0xA5964000 Size: 104064 File Visible: No Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA0D8E000 Size: 872448 File Visible: No Signed: -
Status: -

Name: f1683ce2.sys
Image Path: C:\WINDOWS\System32\drivers\f1683ce2.sys
Address: 0xA6BC9000 Size: 47744 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7834000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\ccce7d46.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\f1683ce2.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\stephanie brookover\local settings\temp\perflib_perfdata_770.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Processes
-------------------
Path: C:\WINDOWS\system32\braviax.exe
PID: 1336 Status: Hidden from the Windows API!

SSDT
-------------------
#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\System32\drivers\ccce7d46.sys" at address 0xa59764fd

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\drivers\ccce7d46.sys" at address 0xa5974505

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\drivers\ccce7d46.sys" at address 0xa59745c5

#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0xa6f921a0

Stealth Objects
-------------------
Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 1032) Address: 0x01000000 Size: 20480

Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 1232) Address: 0x01000000 Size: 20480

Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 1668) Address: 0x01000000 Size: 20480

Hidden Services
-------------------
Service Name: ccce7d46
Image Path: C:\WINDOWS\System32\drivers\ccce7d46.sys

Service Name: f1683ce2
Image Path: C:\WINDOWS\System32\drivers\f1683ce2.sys

==EOF==
Go to the top of the page
 
+Quote Post
farbar
post Sep 10 2009, 07:12 AM
Post #7


Bleeping Curious
******

Group: HJT Team
Posts: 8,646
Joined: 8-December 07
From: The Netherlands
Member No.: 175,240
This time we want to run ComboFix. This is a major step. Please be precise and make sure rename before saving and save it on your desktop and let it download install the Recovery Console.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


--------------------

This is a voluntary free service. However, if you would like to donate click here
Go to the top of the page
 
+Quote Post
Tecle
post Sep 11 2009, 06:15 AM
Post #8


New Member
*

Group: Members
Posts: 10
Joined: 14-August 09
Member No.: 364,312
combo fix log:


ComboFix 09-09-10.03 - Stephanie Brookover 09/11/2009 7:03.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1851 [GMT -4:00]
Running from: c:\documents and settings\Stephanie Brookover\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\10390004
c:\documents and settings\All Users\Application Data\10390004\10390004
c:\documents and settings\All Users\Application Data\10390004\10390004.exe
c:\documents and settings\All Users\Application Data\10390004\pc10390004ins
c:\documents and settings\All Users\Application Data\duqygazu.bat
c:\documents and settings\All Users\Application Data\duxymiroj.lib
c:\documents and settings\All Users\Application Data\egexi.bat
c:\documents and settings\All Users\Application Data\enyxiz._sy
c:\documents and settings\All Users\Application Data\gucemusaq.reg
c:\documents and settings\All Users\Application Data\ijyp.reg
c:\documents and settings\All Users\Application Data\iqyxiviv.inf
c:\documents and settings\All Users\Application Data\ivigekipu.pif
c:\documents and settings\All Users\Application Data\ivodeko.vbs
c:\documents and settings\All Users\Application Data\koxyha.scr
c:\documents and settings\All Users\Application Data\lumug.vbs
c:\documents and settings\All Users\Application Data\nihimajyk.reg
c:\documents and settings\All Users\Application Data\onehysofyq._dl
c:\documents and settings\All Users\Application Data\oxuzyxuha.com
c:\documents and settings\All Users\Application Data\ozidy.sys
c:\documents and settings\All Users\Application Data\powafame.ban
c:\documents and settings\All Users\Application Data\pukoh.lib
c:\documents and settings\All Users\Application Data\qoho.inf
c:\documents and settings\All Users\Application Data\segot.dl
c:\documents and settings\All Users\Application Data\woba._sy
c:\documents and settings\All Users\Application Data\ynol.lib
c:\documents and settings\All Users\Documents\akukirek.ban
c:\documents and settings\All Users\Documents\cozowixe.exe
c:\documents and settings\All Users\Documents\cyce.bat
c:\documents and settings\All Users\Documents\egibyd.dll
c:\documents and settings\All Users\Documents\gowywugyf._dl
c:\documents and settings\All Users\Documents\iqimyqo.inf
c:\documents and settings\All Users\Documents\irigojyjip.dl
c:\documents and settings\All Users\Documents\oziwigami.exe
c:\documents and settings\All Users\Documents\sigiqalexi.com
c:\documents and settings\All Users\Documents\siqep.bat
c:\documents and settings\All Users\Documents\urybyjaxu.bin
c:\documents and settings\All Users\Documents\yxobu.dl
c:\documents and settings\LocalService\Application Data\apomuby.bin
c:\documents and settings\LocalService\Application Data\bacelydy.reg
c:\documents and settings\LocalService\Application Data\ibadabe.dl
c:\documents and settings\LocalService\Application Data\ipomumapoj.dll
c:\documents and settings\LocalService\Application Data\iwedepigoj.pif
c:\documents and settings\LocalService\Application Data\jacewizy.sys
c:\documents and settings\LocalService\Application Data\lipuv.ban
c:\documents and settings\LocalService\Application Data\odadu.reg
c:\documents and settings\LocalService\Application Data\otaqutu.vbs
c:\documents and settings\LocalService\Application Data\ozaperu._sy
c:\documents and settings\LocalService\Application Data\qumo.bin
c:\documents and settings\LocalService\Application Data\rulo.com
c:\documents and settings\LocalService\Application Data\verojowobi.bat
c:\documents and settings\LocalService\Application Data\vulyfytu.scr
c:\documents and settings\LocalService\Application Data\xivodamoli.pif
c:\documents and settings\LocalService\Application Data\xucezafyz.reg
c:\documents and settings\LocalService\Cookies\avujux.scr
c:\documents and settings\LocalService\Cookies\awoxif.scr
c:\documents and settings\LocalService\Cookies\eqym.dl
c:\documents and settings\LocalService\Cookies\evilaf.scr
c:\documents and settings\LocalService\Cookies\gysajo.vbs
c:\documents and settings\LocalService\Cookies\opyvynu.ban
c:\documents and settings\LocalService\Cookies\qafazala.inf
c:\documents and settings\LocalService\Cookies\sifoset.dl
c:\documents and settings\LocalService\Cookies\ufivej.dat
c:\documents and settings\LocalService\Cookies\ulyfed.dll
c:\documents and settings\LocalService\Cookies\zexugaji.pif
c:\documents and settings\LocalService\Cookies\zubyn.inf
c:\documents and settings\LocalService\Cookies\zyjap.sys
c:\documents and settings\LocalService\Local Settings\Application Data\bocuz.com
c:\documents and settings\LocalService\Local Settings\Application Data\bopylif.bin
c:\documents and settings\LocalService\Local Settings\Application Data\cuxico.dl
c:\documents and settings\LocalService\Local Settings\Application Data\gybikyvuq.exe
c:\documents and settings\LocalService\Local Settings\Application Data\jygipuhi.bat
c:\documents and settings\LocalService\Local Settings\Application Data\mofimupehi.dl
c:\documents and settings\LocalService\Local Settings\Application Data\myhewib.sys
c:\documents and settings\LocalService\Local Settings\Application Data\ovafog.bat
c:\documents and settings\LocalService\Local Settings\Application Data\ucapab._dl
c:\documents and settings\LocalService\Local Settings\Application Data\uhuwuxa.scr
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\adefuhogab._sy
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\aqovyxeluk.reg
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\epivusy.db
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\laxobysuca._dl
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\luxi.com
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\oqimofaxe.pif
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\puzidyfora.scr
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\qozakire.inf
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\syfojolif.db
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\toreda.sys
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\unaq.bin
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\zewibifosa.inf
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\zifujuhyna.reg
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Stephanie Brookover\Application Data\fevys.scr
c:\documents and settings\Stephanie Brookover\Application Data\fibe.bat
c:\documents and settings\Stephanie Brookover\Application Data\igelezaxih.scr
c:\documents and settings\Stephanie Brookover\Application Data\jidob.lib
c:\documents and settings\Stephanie Brookover\Application Data\kefupa.inf
c:\documents and settings\Stephanie Brookover\Application Data\pukyborow.dll
c:\documents and settings\Stephanie Brookover\Application Data\sakaryfiq.dll
c:\documents and settings\Stephanie Brookover\Application Data\wiaserva.log
c:\documents and settings\Stephanie Brookover\Application Data\ytomeviqo._dl
c:\documents and settings\Stephanie Brookover\Application Data\yxihyziqeg.pif
c:\documents and settings\Stephanie Brookover\Cookies\dycyr.bin
c:\documents and settings\Stephanie Brookover\Cookies\igoceba.scr
c:\documents and settings\Stephanie Brookover\Cookies\lejawyh.com
c:\documents and settings\Stephanie Brookover\Cookies\zaqosi.scr
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\dumiq.ban
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\efevujikam.scr
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\evitikuna.reg
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\hodusoji.inf
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\itimoqixo.pif
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\ozicyjaxat.vbs
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\wopojocog.scr
c:\documents and settings\Stephanie Brookover\Local Settings\Temporary Internet Files\akehywi.inf
c:\documents and settings\Stephanie Brookover\Local Settings\Temporary Internet Files\dexan.dat
c:\documents and settings\Stephanie Brookover\Local Settings\Temporary Internet Files\joryfukeb.lib
c:\documents and settings\Stephanie Brookover\Local Settings\Temporary Internet Files\ynukiny.lib
c:\documents and settings\Stephanie Brookover\msword98.exe
c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\ikowin32.exe
c:\program files\Common Files\awoceb.dll
c:\program files\Common Files\bopic.dll
c:\program files\Common Files\ebogufeqo.sys
c:\program files\Common Files\garaqida.ban
c:\program files\Common Files\gosucyveqo.vbs
c:\program files\Common Files\huracurehu.sys
c:\program files\Common Files\jigoceja.pif
c:\program files\Common Files\jofa.vbs
c:\program files\Common Files\laguzibi._dl
c:\program files\Common Files\ogoz.pif
c:\program files\Common Files\popex.bin
c:\program files\Common Files\rozimyr.com
c:\program files\Common Files\tozace.inf
c:\program files\Common Files\ujavuresu.ban
c:\program files\Common Files\ujibuwo.pif
c:\program files\Common Files\ujydek.dl
c:\program files\Common Files\upabi._dl
c:\program files\Common Files\upibo.sys
c:\program files\Common Files\urowubud.dl
c:\program files\Common Files\uwisilil.scr
c:\program files\Common Files\wywulyj.bat
c:\program files\Common Files\zewiboho.pif
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\windows\ajyd._dl
c:\windows\awef.bin
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\ebug.vbs
c:\windows\eluso.exe
c:\windows\esibywe.sys
c:\windows\exidi.pif
c:\windows\ezybolew.ban
c:\windows\fari.scr
c:\windows\focycary.dl
c:\windows\fytoribob.inf
c:\windows\gyficykydu.exe
c:\windows\ibajupe.vbs
c:\windows\isij.reg
c:\windows\jogus.inf
c:\windows\lebe.ban
c:\windows\mapumaqudy.inf
c:\windows\nicodad.dl
c:\windows\nuguq.bat
c:\windows\ogejar.dl
c:\windows\orotemimis.reg
c:\windows\ozapiw.ban
c:\windows\rawyvo.scr
c:\windows\ruqicyv._dl
c:\windows\ShellNew
c:\windows\ShellNew\WINWORD8.DOC
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ahama.ban
c:\windows\system32\bafexa.pif
c:\windows\system32\bcmwl5.inf
c:\windows\system32\braviax.exe
c:\windows\system32\carose.dl
c:\windows\system32\cehyzubepo.reg
c:\windows\system32\cru629.dat
c:\windows\system32\davifofu.reg
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\drivers\ccce7d46.sys
c:\windows\system32\drivers\f1683ce2.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ejizymidug.bin
c:\windows\system32\evamumidot.inf
c:\windows\system32\ewed.reg
c:\windows\system32\folodedyt.bat
c:\windows\system32\fudax.dll
c:\windows\system32\hapum.bat
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\igaxag.sys
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\pycywo.reg
c:\windows\system32\qajyjukuz.bin
c:\windows\system32\SrchSTS.exe
c:\windows\system32\takucuxepu.inf
c:\windows\system32\tmp.reg
c:\windows\system32\ubidemexi.scr
c:\windows\system32\ucege.bin
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vedyqyduk.dl
c:\windows\system32\wisdstr.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\wurero.pif
c:\windows\system32\yqapimapo.bat
c:\windows\system32\ysatadyh._dl
c:\windows\tahofupuf.ban
c:\windows\tybuta.vbs
c:\windows\upaler._dl
c:\windows\uviv.bin
c:\windows\vodypepa.sys
c:\windows\wedege.vbs
c:\windows\xifemuw.ban
c:\windows\yjil.bat
c:\windows\ysexuze.ban

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\windows\system32\beep.sys

Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\agp440.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_ccce7d46
-------\Service_f1683ce2


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-04 01:14 . 2009-09-04 01:14 -------- d-----w- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}
2009-08-14 11:34 . 2009-08-14 11:34 12161 ----a-w- c:\windows\uwejobyxo.com
2009-08-14 11:27 . 2009-08-14 11:27 -------- d-----w- C:\PC_Antispyware2010
2009-08-14 11:20 . 2009-08-14 11:20 27004 ----a-w- c:\windows\system32\msword98.exe
2009-08-14 11:19 . 2009-08-14 11:19 16130 ----a-w- c:\windows\alak.com
2009-08-14 11:19 . 2009-08-14 11:19 11023 ----a-w- c:\windows\system32\ypat.com
2009-08-14 10:57 . 2004-08-04 09:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-14 01:47 . 2009-08-14 01:47 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-14 01:47 . 2009-08-14 01:47 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-14 01:47 . 2009-08-14 01:47 -------- d-----w- c:\program files\AVG
2009-08-14 01:47 . 2009-08-14 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-14 00:48 . 2009-08-14 00:48 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\AVG8
2009-08-14 00:29 . 2009-08-14 00:29 13890 ----a-w- c:\windows\system32\enus.dat
2009-08-14 00:29 . 2009-08-14 00:29 11133 ----a-w- c:\windows\cidi.dat
2009-08-14 00:10 . 2009-09-11 11:02 27648 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-13 12:42 . 2009-08-13 12:42 11288 ----a-w- c:\program files\Common Files\hyjiveje.dat
2009-08-13 12:42 . 2009-08-13 12:42 10751 ----a-w- c:\windows\jomidig.com
2009-08-13 11:30 . 2009-08-13 11:30 11804 ----a-w- c:\program files\Common Files\wyzyzylodu.dat
2009-08-13 01:52 . 2009-08-13 07:07 47744 ----a-w- c:\windows\system32\drivers\63e5ef01.sys
2009-08-13 01:36 . 2009-08-13 01:36 17934 ----a-w- c:\program files\Common Files\ahiku.dat
2009-08-13 01:36 . 2009-08-13 01:36 10627 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\vimitijan.dat
2009-08-13 00:48 . 2009-08-13 00:58 -------- d-----w- c:\program files\Enigma Software Group
2009-08-13 00:25 . 2009-08-13 00:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 21:30 . 2009-08-12 21:30 15793 ----a-w- c:\windows\ymuv.dat
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\Malwarebytes
2009-08-12 14:27 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-12 14:27 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 14:05 . 2009-08-12 14:07 -------- d-----w- C:\Lop SD
2009-08-12 13:15 . 2009-08-12 13:15 -------- d-----w- c:\program files\Trend Micro
2009-08-12 12:27 . 2009-08-12 12:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-12 11:51 . 2009-08-12 11:51 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 11:49 . 2006-07-27 02:08 68288 ----a-w- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 11:19 . 2009-08-14 11:19 11910 ----a-w- c:\documents and settings\All Users\Application Data\oxywuqanav.dat
2009-08-14 01:46 . 2009-05-14 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-08-14 00:29 . 2009-08-14 00:29 12155 ----a-w- c:\program files\Common Files\orijibu._sy
2009-08-13 12:42 . 2009-08-13 12:42 16769 ----a-w- c:\program files\Common Files\vumep.lib
2009-08-13 01:52 . 2009-08-13 01:52 0 ----a-w- c:\windows\system32\drivers\OLD11.tmp
2009-08-13 01:15 . 2009-05-14 08:58 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\GetRightToGo
2009-08-12 21:30 . 2009-08-12 21:30 10744 ----a-w- c:\program files\Common Files\tenyla.lib
2009-08-12 14:11 . 2006-07-20 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-12 14:11 . 2006-07-20 22:55 -------- d-----w- c:\program files\Java
2009-08-12 11:51 . 2004-08-10 16:51 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-07 03:16 . 2006-07-25 23:23 27878 ----a-w- c:\documents and settings\Stephanie Brookover\Application Data\wklnhst.dat
2009-08-05 09:01 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-21 11:20 . 2009-07-21 10:49 -------- d-----w- c:\program files\CamelCasino
2009-07-17 19:01 . 2009-07-17 19:01 58880 ----a-w- c:\windows\system32\SET33.tmp
2009-07-14 03:43 . 2004-08-10 16:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2007-06-25 02:36 . 2007-06-25 02:36 8 --sh--r- c:\windows\system32\83F464E93C.sys
2006-09-09 19:59 . 2006-07-26 21:26 88 --sh--r- c:\windows\system32\B90F8A6C06.sys
2008-12-17 11:22 . 2007-06-25 02:36 14084 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2009-08-12 11:51 . 4DFB45D14330ACE7FD32EE8DBCF50C97 . 619584 . . [------] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-12 11:51 . 4DFB45D14330ACE7FD32EE8DBCF50C97 . 619584 . . [------] . . c:\windows\system32\drivers\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"Google Update"="c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 98304]
"CTSVolFE"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"Rbekupiyec"="c:\windows\ariguheyekitenim.dll" [2008-04-14 173568]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli msnfxwmc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk
backup=c:\windows\pss\Belkin Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^ikowin32.exe]
path=c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\ikowin32.exe
backup=c:\windows\pss\ikowin32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^Shareaza Turbo Accelerator.lnk]
path=c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\Shareaza Turbo Accelerator.lnk
backup=c:\windows\pss\Shareaza Turbo Accelerator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:51 PM 14336]
S2 gupdate1c9ecdee64070cc;Google Update Service (gupdate1c9ecdee64070cc);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2009 6:57 AM 133104]
S3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/13/2009 9:47 PM 29208]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/13/2009 9:47 PM 29208]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 10:57]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 10:57]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 10:57]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2871299663-1425001378-2023338215-1006Core.job
- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 10:48]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2871299663-1425001378-2023338215-1006UA.job
- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 10:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Stephanie Brookover\Application Data\Mozilla\Firefox\Profiles\3bfsaotd.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Stephanie Brookover\Application Data\Mozilla\Firefox\Profiles\3bfsaotd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: XUL Cache: {6BC2A287-0778-4E4D-AC74-99208ED6DC13} - c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-10390004 - c:\documents and settings\All Users\Application Data\10390004\10390004.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 07:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\msnfxwmc.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\msnfxwmc.dll
c:\windows\ariguheyekitenim.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\bcmwltry.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-11 7:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 11:12

Pre-Run: 31,193,124,864 bytes free
Post-Run: 31,334,719,488 bytes free

447 --- E O F --- 2009-08-13 07:02
Go to the top of the page
 
+Quote Post
farbar
post Sep 11 2009, 06:33 AM
Post #9


Bleeping Curious
******

Group: HJT Team
Posts: 8,646
Joined: 8-December 07
From: The Netherlands
Member No.: 175,240
QUOTE
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Looks the recovery console is not installed. Combofix removed a lot but the system is not clean yet.

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools



  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.





  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.


--------------------

This is a voluntary free service. However, if you would like to donate click here
Go to the top of the page
 
+Quote Post
Tecle
post Sep 11 2009, 07:22 AM
Post #10


New Member
*

Group: Members
Posts: 10
Joined: 14-August 09
Member No.: 364,312
combo fix it report 2, also now antivirus pro 2010 is now running in the task bar:


ComboFix 09-09-10.03 - Stephanie Brookover 09/11/2009 8:10.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1827 [GMT -4:00]
Running from: c:\documents and settings\Stephanie Brookover\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Stephanie Brookover\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hoqefedaf.com
c:\documents and settings\All Users\Application Data\ijixa.lib
c:\documents and settings\All Users\Application Data\myqyvylula.pif
c:\documents and settings\All Users\Application Data\vega.exe
c:\documents and settings\All Users\Application Data\ypocew.inf
c:\documents and settings\All Users\Documents\anaxulin.dll
c:\documents and settings\All Users\Documents\utodu.dl
c:\documents and settings\LocalService\Application Data\bujosunety.inf
c:\documents and settings\LocalService\Application Data\itutehyp._dl
c:\documents and settings\LocalService\Application Data\uralo.ban
c:\documents and settings\LocalService\Application Data\vyraco.dll
c:\documents and settings\LocalService\Application Data\xicegypup._sy
c:\documents and settings\LocalService\Cookies\timyf._dl
c:\documents and settings\LocalService\Local Settings\Application Data\corovuf.com
c:\documents and settings\LocalService\Local Settings\Application Data\iwugito.sys
c:\documents and settings\LocalService\Local Settings\Application Data\qivewaf.bin
c:\documents and settings\LocalService\Local Settings\Application Data\rexahywa.scr
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\gykenefo._dl
c:\windows\gubo.vbs
c:\windows\hovaqijodi.dll
c:\windows\locutyji.sys
c:\windows\repoxyn.dl
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\wisdstr.exe
c:\windows\xilezo.exe

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\beep.sys

Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\AGP440.sys

.
((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 12:07 . 2009-09-11 12:07 16166 ----a-w- c:\program files\Common Files\zucepe.dat
2009-09-11 12:07 . 2009-09-11 12:07 -------- d-----w- C:\AntivirusPro_2010
2009-09-11 12:07 . 2009-09-11 12:09 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-04 01:14 . 2009-09-04 01:14 -------- d-----w- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}
2009-08-14 11:34 . 2009-08-14 11:34 12161 ----a-w- c:\windows\uwejobyxo.com
2009-08-14 11:27 . 2009-08-14 11:27 -------- d-----w- C:\PC_Antispyware2010
2009-08-14 11:20 . 2009-08-14 11:20 27004 ----a-w- c:\windows\system32\msword98.exe
2009-08-14 11:19 . 2009-08-14 11:19 16130 ----a-w- c:\windows\alak.com
2009-08-14 11:19 . 2009-08-14 11:19 11023 ----a-w- c:\windows\system32\ypat.com
2009-08-14 10:57 . 2004-08-04 09:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-14 01:47 . 2009-08-14 01:47 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-14 01:47 . 2009-08-14 01:47 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-14 01:47 . 2009-08-14 01:47 -------- d-----w- c:\program files\AVG
2009-08-14 01:47 . 2009-08-14 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-14 00:48 . 2009-08-14 00:48 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\AVG8
2009-08-14 00:29 . 2009-08-14 00:29 13890 ----a-w- c:\windows\system32\enus.dat
2009-08-14 00:29 . 2009-08-14 00:29 11133 ----a-w- c:\windows\cidi.dat
2009-08-14 00:10 . 2009-09-11 11:15 27648 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-13 12:42 . 2009-08-13 12:42 11288 ----a-w- c:\program files\Common Files\hyjiveje.dat
2009-08-13 12:42 . 2009-08-13 12:42 10751 ----a-w- c:\windows\jomidig.com
2009-08-13 11:30 . 2009-08-13 11:30 11804 ----a-w- c:\program files\Common Files\wyzyzylodu.dat
2009-08-13 01:52 . 2009-08-13 07:07 47744 ----a-w- c:\windows\system32\drivers\63e5ef01.sys
2009-08-13 01:36 . 2009-08-13 01:36 17934 ----a-w- c:\program files\Common Files\ahiku.dat
2009-08-13 01:36 . 2009-08-13 01:36 10627 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\vimitijan.dat
2009-08-13 00:48 . 2009-08-13 00:58 -------- d-----w- c:\program files\Enigma Software Group
2009-08-13 00:25 . 2009-08-13 00:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 21:30 . 2009-08-12 21:30 15793 ----a-w- c:\windows\ymuv.dat
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\Malwarebytes
2009-08-12 14:27 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-12 14:27 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 14:05 . 2009-08-12 14:07 -------- d-----w- C:\Lop SD
2009-08-12 13:15 . 2009-08-12 13:15 -------- d-----w- c:\program files\Trend Micro
2009-08-12 12:27 . 2009-08-12 12:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 11:49 . 2006-07-27 02:08 68288 ----a-w- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 11:19 . 2009-08-14 11:19 11910 ----a-w- c:\documents and settings\All Users\Application Data\oxywuqanav.dat
2009-08-14 01:46 . 2009-05-14 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-08-14 00:29 . 2009-08-14 00:29 12155 ----a-w- c:\program files\Common Files\orijibu._sy
2009-08-13 12:42 . 2009-08-13 12:42 16769 ----a-w- c:\program files\Common Files\vumep.lib
2009-08-13 01:52 . 2009-08-13 01:52 0 ----a-w- c:\windows\system32\drivers\OLD11.tmp
2009-08-13 01:15 . 2009-05-14 08:58 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\GetRightToGo
2009-08-12 21:30 . 2009-08-12 21:30 10744 ----a-w- c:\program files\Common Files\tenyla.lib
2009-08-12 14:11 . 2006-07-20 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-12 14:11 . 2006-07-20 22:55 -------- d-----w- c:\program files\Java
2009-08-07 03:16 . 2006-07-25 23:23 27878 ----a-w- c:\documents and settings\Stephanie Brookover\Application Data\wklnhst.dat
2009-08-05 09:01 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-21 11:20 . 2009-07-21 10:49 -------- d-----w- c:\program files\CamelCasino
2009-07-17 19:01 . 2009-07-17 19:01 58880 ----a-w- c:\windows\system32\SET33.tmp
2009-07-14 03:43 . 2004-08-10 16:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 16:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2007-06-25 02:36 . 2007-06-25 02:36 8 --sh--r- c:\windows\system32\83F464E93C.sys
2006-09-09 19:59 . 2006-07-26 21:26 88 --sh--r- c:\windows\system32\B90F8A6C06.sys
2008-12-17 11:22 . 2007-06-25 02:36 14084 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-11_11.10.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-11 12:07 . 2009-09-11 12:07 16384 c:\windows\temp\Perflib_Perfdata_dd4.dat
+ 2004-08-10 16:51 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"Google Update"="c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 98304]
"CTSVolFE"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"Rbekupiyec"="c:\windows\ariguheyekitenim.dll" [2008-04-14 173568]
"Antivirus Pro 2010"="c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe" [2009-09-11 595456]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli msnfxwmc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk
backup=c:\windows\pss\Belkin Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^ikowin32.exe]
path=c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\ikowin32.exe
backup=c:\windows\pss\ikowin32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^Shareaza Turbo Accelerator.lnk]
path=c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\Shareaza Turbo Accelerator.lnk
backup=c:\windows\pss\Shareaza Turbo Accelerator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:51 PM 14336]
S2 gupdate1c9ecdee64070cc;Google Update Service (gupdate1c9ecdee64070cc);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2009 6:57 AM 133104]
S3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/13/2009 9:47 PM 29208]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/13/2009 9:47 PM 29208]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 10:57]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 10:57]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 10:57]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2871299663-1425001378-2023338215-1006Core.job
- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 10:48]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2871299663-1425001378-2023338215-1006UA.job
- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 10:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Stephanie Brookover\Application Data\Mozilla\Firefox\Profiles\3bfsaotd.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Stephanie Brookover\Application Data\Mozilla\Firefox\Profiles\3bfsaotd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: XUL Cache: {6BC2A287-0778-4E4D-AC74-99208ED6DC13} - c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 08:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\windows\msnfxwmc.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\msnfxwmc.dll
c:\windows\ariguheyekitenim.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-11 8:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 12:20
ComboFix2.txt 2009-09-11 11:12

Pre-Run: 32,130,322,432 bytes free
Post-Run: 32,084,369,408 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

245 --- E O F --- 2009-09-11 12:18
Go to the top of the page
 
+Quote Post
farbar
post Sep 11 2009, 07:59 AM
Post #11


Bleeping Curious
******

Group: HJT Team
Posts: 8,646
Joined: 8-December 07
From: The Netherlands
Member No.: 175,240
Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  1. Empty all p2p (like LimeWire) active download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  2. Open notepad and copy/paste the text in the code box below into it:

    CODE
    http://www.bleepingcomputer.com/forums/topic249507.html
    Collect::
    c:\program files\Common Files\zucepe.dat
    c:\windows\uwejobyxo.com
    c:\windows\system32\msword98.exe
    c:\windows\alak.com
    c:\windows\system32\ypat.com
    c:\windows\system32\enus.dat
    c:\windows\cidi.dat
    c:\program files\Common Files\hyjiveje.dat
    c:\windows\jomidig.com
    c:\program files\Common Files\wyzyzylodu.dat
    c:\windows\system32\drivers\63e5ef01.sys
    c:\program files\Common Files\ahiku.dat
    c:\documents and settings\LocalService\Local Settings\Application Data\vimitijan.dat
    c:\windows\ymuv.dat
    c:\documents and settings\All Users\Application Data\oxywuqanav.dat
    c:\program files\Common Files\orijibu._sy
    c:\program files\Common Files\vumep.lib
    c:\program files\Common Files\tenyla.lib
    c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\ikowin32.exe
    c:\windows\msnfxwmc.dll
    c:\windows\ariguheyekitenim.dll
    File::
    c:\windows\pss\ikowin32.exeStartup
    Folder::
    C:\AntivirusPro_2010
    c:\program files\AntivirusPro_2010
    C:\PC_Antispyware2010
    c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}
    Firefox::
    FF - HiddenExtension: XUL Cache: {6BC2A287-0778-4E4D-AC74-99208ED6DC13} - c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus Pro 2010"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6C,69,00,00
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"=-
    [-HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^ikowin32.exe]


    Save this as CFScript.txt





    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Please copy and paste that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.

  3. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


This post has been edited by farbar: Sep 11 2009, 08:07 AM


--------------------

This is a voluntary free service. However, if you would like to donate click here
Go to the top of the page
 
+Quote Post
Tecle
post Sep 11 2009, 10:57 AM
Post #12


New Member
*

Group: Members
Posts: 10
Joined: 14-August 09
Member No.: 364,312
malawarebytes mbam log:

Malwarebytes' Anti-Malware 1.41
Database version: 2780
Windows 5.1.2600 Service Pack 3

9/11/2009 11:53:31 AM
mbam-log-2009-09-11 (11-53-31).txt

Scan type: Quick Scan
Objects scanned: 101480
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\braviax.ex_ (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
Go to the top of the page
 
+Quote Post
farbar
post Sep 11 2009, 11:05 AM
Post #13


Bleeping Curious
******

Group: HJT Team
Posts: 8,646
Joined: 8-December 07
From: The Netherlands
Member No.: 175,240
Please post the Combofix log too.


--------------------

This is a voluntary free service. However, if you would like to donate click here
Go to the top of the page
 
+Quote Post
farbar
post Sep 11 2009, 11:09 AM
Post #14


Bleeping Curious
******

Group: HJT Team
Posts: 8,646
Joined: 8-December 07
From: The Netherlands
Member No.: 175,240
The log is here:

Please go to start -> Run. Copy and paste the bold line in the run-box and click OK:

C:\ComboFix.txt

If a text file opens up, copy and paste the content to your reply.


--------------------

This is a voluntary free service. However, if you would like to donate click here
Go to the top of the page
 
+Quote Post
Tecle
post Sep 11 2009, 01:04 PM
Post #15


New Member
*

Group: Members
Posts: 10
Joined: 14-August 09
Member No.: 364,312
Sorry:

ComboFix 09-09-10.03 - Stephanie Brookover 09/11/2009 9:50.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1815 [GMT -4:00]
Running from: c:\documents and settings\Stephanie Brookover\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Stephanie Brookover\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\pss\ikowin32.exeStartup"

file zipped: c:\documents and settings\All Users\Application Data\oxywuqanav.dat
file zipped: c:\documents and settings\LocalService\Local Settings\Application Data\vimitijan.dat
file zipped: c:\program files\Common Files\ahiku.dat
file zipped: c:\program files\Common Files\hyjiveje.dat
file zipped: c:\program files\Common Files\orijibu._sy
file zipped: c:\program files\Common Files\tenyla.lib
file zipped: c:\program files\Common Files\vumep.lib
file zipped: c:\program files\Common Files\wyzyzylodu.dat
file zipped: c:\program files\Common Files\zucepe.dat
file zipped: c:\windows\alak.com
file zipped: c:\windows\ariguheyekitenim.dll
file zipped: c:\windows\cidi.dat
file zipped: c:\windows\jomidig.com
file zipped: c:\windows\msnfxwmc.dll
file zipped: c:\windows\system32\drivers\63e5ef01.sys
file zipped: c:\windows\system32\enus.dat
file zipped: c:\windows\system32\msword98.exe
file zipped: c:\windows\system32\ypat.com
file zipped: c:\windows\uwejobyxo.com
file zipped: c:\windows\ymuv.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\AntivirusPro_2010
c:\antiviruspro_2010\AntivirusPro_2010.lnk
c:\antiviruspro_2010\Uninstall.lnk
c:\documents and settings\All Users\Application Data\oxywuqanav.dat
c:\documents and settings\LocalService\Local Settings\Application Data\vimitijan.dat
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}\chrome.manifest
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}\chrome\content\_cfg.js
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}\chrome\content\overlay.xul
c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\{6BC2A287-0778-4E4D-AC74-99208ED6DC13}\install.rdf
C:\PC_Antispyware2010
c:\pc_antispyware2010\PC_Antispyware2010.lnk
c:\pc_antispyware2010\Uninstall.lnk
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\ahiku.dat
c:\program files\Common Files\hyjiveje.dat
c:\program files\Common Files\orijibu._sy
c:\program files\Common Files\tenyla.lib
c:\program files\Common Files\vumep.lib
c:\program files\Common Files\wyzyzylodu.dat
c:\program files\Common Files\zucepe.dat
c:\windows\alak.com
c:\windows\ariguheyekitenim.dll
c:\windows\cidi.dat
c:\windows\jomidig.com
c:\windows\msnfxwmc.dll
c:\windows\pss\ikowin32.exeStartup
c:\windows\system32\drivers\63e5ef01.sys
c:\windows\system32\enus.dat
c:\windows\system32\msword98.exe
c:\windows\system32\ypat.com
c:\windows\uwejobyxo.com
c:\windows\ymuv.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-08-14 10:57 . 2004-08-04 09:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-08-14 01:47 . 2009-08-14 01:47 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-14 01:47 . 2009-08-14 01:47 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-14 01:47 . 2009-08-14 01:47 -------- d-----w- c:\program files\AVG
2009-08-14 01:47 . 2009-08-14 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-14 00:48 . 2009-08-14 00:48 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\AVG8
2009-08-14 00:10 . 2009-09-11 11:15 27648 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-13 00:48 . 2009-08-13 00:58 -------- d-----w- c:\program files\Enigma Software Group
2009-08-13 00:25 . 2009-08-13 00:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 11:49 . 2006-07-27 02:08 68288 ----a-w- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 01:46 . 2009-05-14 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-08-13 01:52 . 2009-08-13 01:52 0 ----a-w- c:\windows\system32\drivers\OLD11.tmp
2009-08-13 01:15 . 2009-05-14 08:58 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\GetRightToGo
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\documents and settings\Stephanie Brookover\Application Data\Malwarebytes
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 14:27 . 2009-08-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-12 14:11 . 2006-07-20 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-12 14:11 . 2006-07-20 22:55 -------- d-----w- c:\program files\Java
2009-08-12 13:15 . 2009-08-12 13:15 -------- d-----w- c:\program files\Trend Micro
2009-08-07 03:16 . 2006-07-25 23:23 27878 ----a-w- c:\documents and settings\Stephanie Brookover\Application Data\wklnhst.dat
2009-08-05 09:01 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2009-08-12 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-08-12 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 11:20 . 2009-07-21 10:49 -------- d-----w- c:\program files\CamelCasino
2009-07-17 19:01 . 2009-07-17 19:01 58880 ----a-w- c:\windows\system32\SET33.tmp
2009-07-14 03:43 . 2004-08-10 16:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 16:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2007-06-25 02:36 . 2007-06-25 02:36 8 --sh--r- c:\windows\system32\83F464E93C.sys
2006-09-09 19:59 . 2006-07-26 21:26 88 --sh--r- c:\windows\system32\B90F8A6C06.sys
2008-12-17 11:22 . 2007-06-25 02:36 14084 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-11_11.10.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-08-13 03:00 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\spcustom.dll
- 2009-08-13 03:00 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spmsg.dll
- 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp3gdr\atl.dll
+ 2009-09-11 12:18 . 2009-09-11 12:19 5908 c:\windows\SoftwareDistribution\EventCache\{D9CEB902-8E98-4EA0-A3A0-095BD5295E14}.bin
+ 2004-08-10 16:51 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys
- 2009-08-13 03:00 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\updspapi.dll
- 2009-08-13 03:00 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe
- 2009-08-13 03:00 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"Google Update"="c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 98304]
"CTSVolFE"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk
backup=c:\windows\pss\Belkin Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephanie Brookover^Start Menu^Programs^Startup^Shareaza Turbo Accelerator.lnk]
path=c:\documents and settings\Stephanie Brookover\Start Menu\Programs\Startup\Shareaza Turbo Accelerator.lnk
backup=c:\windows\pss\Shareaza Turbo Accelerator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:51 PM 14336]
S2 gupdate1c9ecdee64070cc;Google Update Service (gupdate1c9ecdee64070cc);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2009 6:57 AM 133104]
S3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/13/2009 9:47 PM 29208]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/13/2009 9:47 PM 29208]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 10:57]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 10:57]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 10:57]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2871299663-1425001378-2023338215-1006Core.job
- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 10:48]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2871299663-1425001378-2023338215-1006UA.job
- c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 10:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Stephanie Brookover\Application Data\Mozilla\Firefox\Profiles\3bfsaotd.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Stephanie Brookover\Application Data\Mozilla\Firefox\Profiles\3bfsaotd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Stephanie Brookover\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Rbekupiyec - c:\windows\ariguheyekitenim.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 11:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\bcmwltry.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-09-11 11:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 15:44
ComboFix2.txt 2009-09-11 12:20
ComboFix3.txt 2009-09-11 11:12

Pre-Run: 32,116,432,896 bytes free
Post-Run: 32,058,310,656 bytes free

241 --- E O F --- 2009-09-11 12:18
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

2 Pages V   1 2 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 9th February 2010 - 04:34 PM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2010 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2010  IPS, Inc.