Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
8 replies to this topic

#1 Sartana

Sartana

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 20 December 2008 - 01:16 PM

Hello! IE and Firefox are both getting nasty pop-ups; any help would be appreciated. :] I've posted the DDS log you ask for in some posts, just in case you need it. I'll send the 'Attach' if you need it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:28 PM, on 12/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\DOCUME~1\Trevor\APPLIC~1\MCROSO~1.NET\fast.exe
C:\Documents and Settings\Trevor\Application Data\?ecurity\w?aclt.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\DOCUME~1\Trevor\LOCALS~1\Temp\_A00F3BC5A2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {09470e34-1919-4cec-91db-adbee439bf30} - C:\WINDOWS\system32\jofamoja.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_SB4.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wuwasarote] Rundll32.exe "C:\WINDOWS\system32\pidokobo.dll",s
O4 - HKLM\..\Run: [84b699eb] rundll32.exe "C:\WINDOWS\system32\rivenape.dll",b
O4 - HKLM\..\Run: [CPM8785aa77] Rundll32.exe "c:\windows\system32\zitovovi.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMModule6] "C:\Program Files\ISM\ISMModule6.exe"
O4 - HKCU\..\Run: [Nlet] "C:\DOCUME~1\Trevor\APPLIC~1\MCROSO~1.NET\fast.exe" -vt yazb
O4 - HKCU\..\Run: [Rsikn] "C:\Documents and Settings\Trevor\Application Data\?ecurity\w?aclt.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [A00F3BC5A2.exe] C:\DOCUME~1\Trevor\LOCALS~1\Temp\_A00F3BC5A2.exe
O4 - HKUS\S-1-5-19\..\Run: [wuwasarote] Rundll32.exe "C:\WINDOWS\system32\pidokobo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wuwasarote] Rundll32.exe "C:\WINDOWS\system32\pidokobo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000230.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000230.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152667849937
O20 - AppInit_DLLs: C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\system32\vubebiye.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll C:\WINDOWS\System32\icm3232.dll c:\windows\system32\zitovovi.dll,C:\WINDOWS\System32\icm3232.dll
O20 - Winlogon Notify: 84b69944509 - C:\WINDOWS\System32\icm3232.dll
O20 - Winlogon Notify: __c002854E - C:\WINDOWS\system32\__c002854E.dat
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zitovovi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zitovovi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10572 bytes






Here is the DDS Thingy.


DDS (Version 1.1.0) - NTFSx86
Run by Trevor at 15:26:13.67 on Sat 12/20/2008
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.261 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\DOCUME~1\Trevor\APPLIC~1\MCROSO~1.NET\fast.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\DOCUME~1\Trevor\LOCALS~1\Temp\_A00F3BC5A2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Trevor\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {09470e34-1919-4cec-91db-adbee439bf30} - c:\windows\system32\jofamoja.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - c:\program files\isp50\bin\BandObject.dll
BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6]
uRun: [ISMModule6] "c:\program files\ism\ISMModule6.exe"
uRun: [Nlet] "c:\docume~1\trevor\applic~1\mcroso~1.net\fast.exe" -vt yazb
uRun: [Rsikn] "c:\documents and settings\trevor\application data\?ecurity\w?aclt.exe"
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [A00F3BC5A2.exe] c:\docume~1\trevor\locals~1\temp\_A00F3BC5A2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Bart Station] c:\program files\isp50\hta\station.sbrt
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [VerizonServicepoint.exe] c:\program files\verizon\servicepoint\VerizonServicepoint.exe
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EPSON Stylus CX5000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibva.exe /fu "c:\windows\temp\E_SB4.tmp" /EF "HKLM"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [wuwasarote] Rundll32.exe "c:\windows\system32\pidokobo.dll",s
mRun: [84b699eb] rundll32.exe "c:\windows\system32\rivenape.dll",b
mRun: [CPM8785aa77] Rundll32.exe "c:\windows\system32\zitovovi.dll",a
dRun: [services32] c:\program files\common files\windows\mc-110-12-0000230.exe
StartupFolder: c:\docume~1\trevor\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\trevor\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\trevor\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Notify: 84b69944509 - c:\windows\system32\icm3232.dll
Notify: __c002854E - c:\windows\system32\__c002854E.dat
AppInit_DLLs: c:\windows\system32\icm3232.dll c:\windows\system32\vubebiye.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\icm3232.dll c:\windows\system32\zitovovi.dll,c:\windows\system32\icm3232.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zitovovi.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zitovovi.dll
SEH: {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\program files\ewido anti-spyware 4.0\shellexecutehook.dll
LSA: Notification Packages = scecli c:\windows\system32\vubebiye.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\trevor\applic~1\mozilla\firefox\profiles\igml1mra.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;\??\c:\program files\ewido anti-spyware 4.0\guard.sys [2006-6-16 3968]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-9-7 394872]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;c:\program files\ewido anti-spyware 4.0\guard.exe [2006-6-16 172032]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-1-10 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
S3 pfsvgae;pfsvgae;\??\c:\docume~1\trevor\locals~1\temp\pfsvgae.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []

=============== Created Last 30 ================

2008-12-20 14:14 1,603,449 ---sh--- c:\windows\system32\epanevir.ini
2008-12-20 02:22 94,720 a------- c:\windows\system32\__c006B1B9.exe
2008-12-19 16:11 1,603,449 ---sh--- c:\windows\system32\akutebil.ini
2008-12-19 02:21 94,720 a------- c:\windows\system32\__c0080E41.exe
2008-12-18 22:01 1,603,449 ---sh--- c:\windows\system32\obinihut.ini
2008-12-18 20:50 94,720 a------- c:\windows\system32\__c0029040.exe
2008-12-18 04:32 94,720 a------- c:\windows\system32\__c0068A4E.exe
2008-12-17 01:59 135,168 a------- c:\windows\system32\icm3232.dll
2008-12-17 01:59 94,720 a------- c:\windows\system32\__c00A4051.exe

==================== Find3M ====================

2008-12-20 14:14 25,088 a------- c:\windows\system32\__c002854E.dat
2008-12-20 14:14 97,405 a--sh--- c:\windows\system32\zitovovi.dll
2008-12-20 14:14 83,227 a--sh--- c:\windows\system32\rivenape.dll
2008-12-20 14:13 16,116 a------- c:\windows\system32\tablet.dat
2008-12-19 17:19 612 a------- C:\xcrashdump.dat
2008-12-19 16:11 97,002 a--sh--- c:\windows\system32\libupune.dll
2008-12-19 16:10 83,038 -------- c:\windows\system32\libetuka.dll
2008-12-18 22:01 94,797 a--sh--- c:\windows\system32\hobokuzu.dll
2008-12-18 20:54 61,440 a------- c:\windows\system32\~.exe
2008-11-08 13:56 31,232 a------- c:\windows\system32\__c0096925.dat
2008-10-25 22:38 18,481 a------- c:\windows\DIIUnin.dat
2008-10-25 22:30 21,840 a------t c:\windows\system32\SIntfNT.dll
2008-10-25 22:30 17,212 a------t c:\windows\system32\SIntf32.dll
2008-10-25 22:30 12,067 a------t c:\windows\system32\SIntf16.dll
2008-10-25 22:20 94,208 a------- c:\windows\DIIUnin.exe
2008-10-25 22:20 2,829 a------- c:\windows\DIIUnin.pif
2008-10-11 21:35 52,736 a------- c:\windows\ipuninst.exe
2007-11-29 01:33 176 ac------ c:\program files\INSTALL.LOG
2007-11-15 22:09 56 ---shr-- c:\windows\system32\54DDB00147.sys
2008-09-18 20:54 61,440 a--sh--- c:\windows\system32\jofamoja.dll
2007-11-15 22:09 1,056 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-18 20:54 61,440 a--sh--- c:\windows\system32\pidokobo.dll
2008-09-18 20:54 61,440 a--sh--- c:\windows\system32\vubebiye.dll

============= FINISH: 15:27:34.64 ===============

Thanks.

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:26 AM

Posted 21 December 2008 - 02:05 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Sartana

Sartana
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 21 December 2008 - 09:08 PM

ComboFix 08-12-21.03 - Trevor 2008-12-21 23:03:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.444 [GMT -8:00]
Running from: c:\documents and settings\Trevor\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Trevor\Application Data\020000004c8d1980509C.manifest
c:\documents and settings\Trevor\Application Data\020000004c8d1980509O.manifest
c:\documents and settings\Trevor\Application Data\020000004c8d1980509P.manifest
c:\documents and settings\Trevor\Application Data\020000004c8d1980509S.manifest
c:\documents and settings\Trevor\Application Data\ECURIT~1
c:\documents and settings\Trevor\Application Data\ECURIT~1\w?aclt.exe
c:\documents and settings\Trevor\Application Data\MCROSO~1.NET
c:\documents and settings\Trevor\Application Data\MCROSO~1.NET\fast.exe
c:\documents and settings\Trevor\Application Data\MCROSO~1.NET\M?crosoft.NET\
c:\documents and settings\Trevor\Start Menu\Programs\Internet Speed Monitor
c:\documents and settings\Trevor\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
c:\program files\INSTALL.LOG
c:\program files\outerinfo
c:\program files\outerinfo\OiUninstaller.exe
c:\windows\IE4 Error Log.txt
c:\windows\mainms.vpi
c:\windows\Manager.exe
c:\windows\megavid.cdt
c:\windows\muotr.so
c:\windows\rundll32.vbe
c:\windows\system32\__c002854E.dat
c:\windows\system32\__c0029040.exe
c:\windows\system32\__c0068A4E.exe
c:\windows\system32\__c006B1B9.exe
c:\windows\system32\__c006C46A.exe
c:\windows\system32\__c0080E41.exe
c:\windows\system32\__c0085CC9.exe
c:\windows\system32\__c0096925.dat
c:\windows\system32\__c00A4051.exe
c:\windows\system32\__c00E216F.dat
c:\windows\system32\4521e6v7.exe.a_a
c:\windows\system32\akutebil.ini
c:\windows\system32\epanevir.ini
c:\windows\system32\hljwugsf.bin
c:\windows\system32\obinihut.ini
c:\windows\system32\oziradab.ini
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\ujebojog.ini
c:\windows\system32\vubebiye.dll
C:\xcrashdump.dat

----- BITS: Possible infected sites -----

hxxp://80.93.48.89
.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-17 01:59 . 2008-12-17 01:59 135,168 --a------ c:\windows\system32\icm3232.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 07:09 --------- d-----w c:\documents and settings\Trevor\Application Data\OpenOffice.org2
2008-12-22 07:02 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-21 23:32 95,831 --sha-w c:\windows\system32\milokira.dll
2008-12-21 23:32 87,339 --sha-w c:\windows\system32\gojobeju.dll
2008-12-21 10:13 94,893 --sha-w c:\windows\system32\vufurajo.dll
2008-12-20 22:14 97,405 --sha-w c:\windows\system32\zitovovi.dll
2008-12-20 00:11 97,002 --sha-w c:\windows\system32\libupune.dll
2008-12-19 06:01 94,797 --sha-w c:\windows\system32\hobokuzu.dll
2008-12-19 04:54 3,082,240 ----a-w c:\windows\Internet Logs\xDB67.tmp
2008-12-11 11:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-29 05:09 --------- d-----w c:\program files\Diablo II
2008-11-15 00:57 --------- d-----w c:\documents and settings\Trevor\Application Data\Azureus
2008-10-26 06:30 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-10-26 06:30 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-10-26 06:30 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-10-26 06:20 94,208 ----a-w c:\windows\DIIUnin.exe
2008-10-26 06:20 2,829 ----a-w c:\windows\DIIUnin.pif
2008-10-20 18:40 2,297,856 ----a-w c:\windows\Internet Logs\xDB66.tmp
2008-10-12 05:35 52,736 ----a-w c:\windows\ipuninst.exe
2008-10-03 07:50 13,497,240 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-03 07:49 2,258,944 ----a-w c:\windows\Internet Logs\xDB65.tmp
2008-12-20 00:11 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 00:11 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 00:11 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 00:11 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 00:11 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-11-16 06:09 56 --sh--r c:\windows\system32\54DDB00147.sys
2008-09-19 04:54 61,440 --sha-w c:\windows\system32\jofamoja.dll
2007-11-16 06:09 1,056 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-19 04:54 61,440 --sha-w c:\windows\system32\pidokobo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09470e34-1919-4cec-91db-adbee439bf30}]
2008-09-18 20:54 61440 --ahs---- c:\windows\system32\jofamoja.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rsikn"="c:\documents and settings\Trevor\Application Data\?ecurity\w?aclt.exe" [?]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 68856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bart Station"="c:\program files\ISP50\hta\station.sbrt" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VerizonServicepoint.exe"="c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-06-18 968696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-30 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"wuwasarote"="c:\windows\system32\pidokobo.dll" [2008-09-18 61440]
"84b699eb"="c:\windows\system32\gojobeju.dll" [2008-12-21 87339]
"CPM8785aa77"="c:\windows\system32\milokira.dll" [2008-12-21 95831]
"SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\Trevor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 110592]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 110592]
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2007-08-27 125624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-12-31 118784]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-09-03 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\milokira.dll" [2008-12-21 95831]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\milokira.dll [2008-12-21 95831]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\84b69944509]
2008-12-17 01:59 135168 c:\windows\system32\icm3232.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\milokira.dll,c:\windows\System32\icm3232.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\vubebiye.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trevor_the_vengeful\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trevor_the_vengeful\\half-life 2\\hl2.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141796478\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\verizon\\Servicepoint\\VerizonServicepoint.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\Trevor\LOCALS~1\Temp\pfsvgae.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-19 c:\windows\Tasks\At10.job
- c:\windows\system32\4521e6v7.exe []

2008-11-28 c:\windows\Tasks\At11.job
- c:\windows\system32\4521e6v7.exe []

2008-12-17 c:\windows\Tasks\At12.job
- c:\windows\system32\4521e6v7.exe []

2008-12-17 c:\windows\Tasks\At13.job
- c:\windows\system32\4521e6v7.exe []

2008-12-17 c:\windows\Tasks\At14.job
- c:\windows\system32\4521e6v7.exe []

2008-12-17 c:\windows\Tasks\At15.job
- c:\windows\system32\4521e6v7.exe []

2008-12-20 c:\windows\Tasks\At16.job
- c:\windows\system32\4521e6v7.exe []

2008-12-18 c:\windows\Tasks\At17.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At18.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At19.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At20.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At21.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At22.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At23.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At24.job
- c:\windows\system32\4521e6v7.exe []

2008-12-21 c:\windows\Tasks\At3.job
- c:\windows\system32\4521e6v7.exe []

2008-12-21 c:\windows\Tasks\At4.job
- c:\windows\system32\4521e6v7.exe []

2008-12-19 c:\windows\Tasks\At5.job
- c:\windows\system32\4521e6v7.exe []

2008-12-19 c:\windows\Tasks\At6.job
- c:\windows\system32\4521e6v7.exe []

2008-12-19 c:\windows\Tasks\At7.job
- c:\windows\system32\4521e6v7.exe []

2008-12-19 c:\windows\Tasks\At8.job
- c:\windows\system32\4521e6v7.exe []

2008-12-19 c:\windows\Tasks\At9.job
- c:\windows\system32\4521e6v7.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ISMModule6 - c:\program files\ISM\ISMModule6.exe
HKCU-Run-Nlet - c:\docume~1\Trevor\APPLIC~1\MCROSO~1.NET\fast.exe
HKCU-Run-Aim6 - (no file)
HKU-Default-Run-services32 - c:\program files\Common Files\Windows\mc-110-12-0000230.exe
Notify-__c002854E - c:\windows\system32\__c002854E.dat


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Trevor\Application Data\Mozilla\Firefox\Profiles\igml1mra.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 23:08:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\System32\icm3232.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ISP50\Bin\BartShel.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\windows\system32\rundll32.exe
c:\program files\ewido anti-spyware 4.0\guard.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\ISP50\Bin\PPShared.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\windows\system32\Tablet.exe
c:\program files\OpenOffice.org 2.0\program\soffice.bin
c:\windows\system32\wdfmgr.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-12-21 23:13:39 - machine was rebooted [Trevor]
ComboFix-quarantined-files.txt 2008-12-22 07:13:23

Pre-Run: 15,990,538,240 bytes free
Post-Run: 17,475,174,400 bytes free

279

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:26 AM

Posted 22 December 2008 - 11:05 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
pfsvgae


File::
c:\windows\system32\4521e6v7.exe
c:\docume~1\Trevor\LOCALS~1\Temp\pfsvgae.sys
c:\windows\system32\vubebiye.dll
c:\windows\System32\icm3232.dll
c:\windows\system32\milokira.dll
c:\windows\system32\pidokobo.dll
c:\windows\system32\gojobeju.dll
c:\windows\system32\jofamoja.dll
c:\windows\system32\54DDB00147.sys
c:\windows\system32\vufurajo.dll
c:\windows\system32\zitovovi.dll
c:\windows\system32\libupune.dll
c:\windows\system32\hobokuzu.dll


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\84b69944509]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wuwasarote"=-
"84b699eb"=-
"CPM8785aa77"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rsikn"=-
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


=================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Sartana

Sartana
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 29 December 2008 - 02:12 AM

(Sorry about the delay)

ComboFix 08-12-21.03 - Trevor 2008-12-25 0:58:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.390 [GMT -8:00]
Running from: c:\documents and settings\Trevor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Trevor\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\Trevor\LOCALS~1\Temp\pfsvgae.sys
c:\windows\system32\4521e6v7.exe
c:\windows\system32\54DDB00147.sys
c:\windows\system32\gojobeju.dll
c:\windows\system32\hobokuzu.dll
c:\windows\System32\icm3232.dll
c:\windows\system32\jofamoja.dll
c:\windows\system32\libupune.dll
c:\windows\system32\milokira.dll
c:\windows\system32\pidokobo.dll
c:\windows\system32\vubebiye.dll
c:\windows\system32\vufurajo.dll
c:\windows\system32\zitovovi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Trevor\Application Data\020000004c8d1980509C.manifest
c:\documents and settings\Trevor\Application Data\020000004c8d1980509O.manifest
c:\documents and settings\Trevor\Application Data\020000004c8d1980509P.manifest
c:\documents and settings\Trevor\Application Data\020000004c8d1980509S.manifest
c:\windows\system32\54DDB00147.sys
c:\windows\system32\abuwijih.ini
c:\windows\system32\ewagurom.ini
c:\windows\system32\hobokuzu.dll
c:\windows\System32\icm3232.dll
c:\windows\system32\imosuyag.ini
c:\windows\system32\kozafuli.dll
c:\windows\system32\libupune.dll
c:\windows\system32\milokira.dll
c:\windows\system32\olivebim.ini
c:\windows\system32\omuvudes.ini
c:\windows\system32\ujebojog.ini
c:\windows\system32\umadefep.ini
c:\windows\system32\vufurajo.dll
c:\windows\system32\zitovovi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PFSVGAE
-------\Service_pfsvgae


((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 09:06 --------- d-----w c:\documents and settings\Trevor\Application Data\OpenOffice.org2
2008-12-25 05:28 96,481 --sha-w c:\windows\system32\berikeki.dll
2008-12-25 05:28 84,130 --sha-w c:\windows\system32\gayusomi.dll
2008-12-24 12:20 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-24 11:32 97,911 --sha-w c:\windows\system32\fomegozu.dll
2008-12-23 23:32 96,030 --sha-w c:\windows\system32\bolanefi.dll
2008-12-23 23:32 63,274 --sha-w c:\windows\system32\jepewosi.dll
2008-12-23 11:32 94,956 --sha-w c:\windows\system32\tipifipo.dll
2008-12-22 23:31 97,857 --sha-w c:\windows\system32\jibuvuna.dll
2008-12-22 11:31 98,071 --sha-w c:\windows\system32\bewihafe.dll
2008-12-19 04:54 3,082,240 ----a-w c:\windows\Internet Logs\xDB67.tmp
2008-12-11 11:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-29 05:09 --------- d-----w c:\program files\Diablo II
2008-11-15 00:57 --------- d-----w c:\documents and settings\Trevor\Application Data\Azureus
2008-10-26 06:30 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-10-26 06:30 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-10-26 06:30 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-10-26 06:20 94,208 ----a-w c:\windows\DIIUnin.exe
2008-10-26 06:20 2,829 ----a-w c:\windows\DIIUnin.pif
2008-10-20 18:40 2,297,856 ----a-w c:\windows\Internet Logs\xDB66.tmp
2008-10-12 05:35 52,736 ----a-w c:\windows\ipuninst.exe
2008-10-03 07:50 13,497,240 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-03 07:49 2,258,944 ----a-w c:\windows\Internet Logs\xDB65.tmp
2008-12-20 00:11 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 00:11 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 00:11 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 00:11 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 00:11 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-23 23:32 63,274 --sha-w c:\windows\system32\hajutuki.dll
2007-11-16 06:09 1,056 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-23 23:32 63,274 --sha-w c:\windows\system32\yijazowi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-21_23.12.55.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-22 07:09:23 16,116 ----a-w c:\windows\system32\tablet.dat
+ 2008-12-25 09:05:52 16,116 ----a-w c:\windows\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09470e34-1919-4cec-91db-adbee439bf30}]
2008-09-23 15:32 63274 --ahs---- c:\windows\system32\yijazowi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 68856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bart Station"="c:\program files\ISP50\hta\station.sbrt" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VerizonServicepoint.exe"="c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-06-18 968696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-30 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\Trevor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 110592]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 110592]
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2007-08-27 125624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-12-31 118784]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-09-03 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trevor_the_vengeful\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trevor_the_vengeful\\half-life 2\\hl2.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141796478\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\verizon\\Servicepoint\\VerizonServicepoint.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-19 c:\windows\Tasks\At10.job
- c:\windows\system32\4521e6v7.exe []

2008-11-28 c:\windows\Tasks\At11.job
- c:\windows\system32\4521e6v7.exe []

2008-12-17 c:\windows\Tasks\At12.job
- c:\windows\system32\4521e6v7.exe []

2008-12-17 c:\windows\Tasks\At13.job
- c:\windows\system32\4521e6v7.exe []

2008-12-17 c:\windows\Tasks\At14.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At15.job
- c:\windows\system32\4521e6v7.exe []

2008-12-23 c:\windows\Tasks\At16.job
- c:\windows\system32\4521e6v7.exe []

2008-12-24 c:\windows\Tasks\At17.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At18.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At19.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At20.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At21.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At22.job
- c:\windows\system32\4521e6v7.exe []

2008-12-25 c:\windows\Tasks\At23.job
- c:\windows\system32\4521e6v7.exe []

2008-12-25 c:\windows\Tasks\At24.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At3.job
- c:\windows\system32\4521e6v7.exe []

2008-12-22 c:\windows\Tasks\At4.job
- c:\windows\system32\4521e6v7.exe []

2008-12-24 c:\windows\Tasks\At5.job
- c:\windows\system32\4521e6v7.exe []

2008-12-23 c:\windows\Tasks\At6.job
- c:\windows\system32\4521e6v7.exe []

2008-12-19 c:\windows\Tasks\At7.job
- c:\windows\system32\4521e6v7.exe []

2008-12-19 c:\windows\Tasks\At8.job
- c:\windows\system32\4521e6v7.exe []

2008-12-19 c:\windows\Tasks\At9.job
- c:\windows\system32\4521e6v7.exe []
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Trevor\Application Data\Mozilla\Firefox\Profiles\igml1mra.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 01:05:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\ewido anti-spyware 4.0\guard.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\ISP50\Bin\BartShel.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Tablet.exe
c:\progra~1\ISP50\Bin\PPShared.exe
c:\windows\system32\wdfmgr.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-25 1:09:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-25 09:09:44
ComboFix2.txt 2008-12-22 07:13:41

Pre-Run: 17,885,163,520 bytes free
Post-Run: 18,216,419,328 bytes free

253




















Monday, December 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 29, 2008 02:04:50
Records in database: 1526551

Scan settings
Scan using the following database
extended
Scan archives
yes
Scan mail databases
yes

Scan area
My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned
118363
Threat name
17
Infected objects
26
Suspicious objects
0
Duration of the scan
02:09:25

File name
Threat name
Threats count

C:\61.tmp
Infected: not-a-virus:Downloader.Win32.Agent.q
1



C:\61.tmp
Infected: not-a-virus:AdWare.Win32.AdBand.b
1



C:\61.tmp
Infected: not-a-virus:AdWare.Win32.Agent.ctk
1



C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt
Infected: Hoax.HTML.Secureinvites.b
1



C:\Documents and Settings\Trevor\My Documents\download\xnexthendrix214x\FlyakiteOSX v3.5.exe
Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a
1



C:\Qoobox\Quarantine\C\Documents and Settings\Trevor\Application Data\ECURIT~1\wυaclt.exe.vir
Infected: not-a-virus:AdWare.Win32.PurityScan.hl
1



C:\Qoobox\Quarantine\C\Documents and Settings\Trevor\Application Data\MCROSO~1.NET\fast.exe.vir
Infected: Trojan-Downloader.Win32.PurityScan.fe
1



C:\Qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
Infected: not-a-virus:AdWare.Win32.PurityScan.hh
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\icm3232.dll.vir
Infected: Trojan-Downloader.Win32.Agent.arsg
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\zitovovi.dll.vir
Infected: Trojan-Downloader.Win32.Agent.awym
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\_icm3232_.dll.zip
Infected: Trojan-Downloader.Win32.Agent.arsg
2



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c002854E.dat.vir
Infected: Trojan-Downloader.Win32.Agent.aplz
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0029040.exe.vir
Infected: Trojan-Dropper.Win32.Agent.abpf
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0068A4E.exe.vir
Infected: Trojan-Dropper.Win32.Agent.abpf
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c006B1B9.exe.vir
Infected: Trojan-Dropper.Win32.Agent.abpf
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c006C46A.exe.vir
Infected: Trojan-Dropper.Win32.Agent.abpf
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0080E41.exe.vir
Infected: Trojan-Dropper.Win32.Agent.abpf
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0085CC9.exe.vir
Infected: Trojan-Dropper.Win32.Agent.abpf
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0096925.dat.vir
Infected: Trojan-Downloader.Win32.Agent.aovd
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00A4051.exe.vir
Infected: Trojan-Dropper.Win32.Agent.abpf
1



C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00E216F.dat.vir
Infected: Trojan-Downloader.Win32.Agent.aplz
1



C:\WINDOWS\system32\govegomu.dll
Infected: Trojan.Win32.Monder.afvy
1



C:\WINDOWS\system32\msrdo20x21.dll
Infected: Trojan-PSW.Win32.Agent.ael
1



C:\WINDOWS\system32\removefunc.ram
Infected: Trojan-Downloader.NSIS.Agent.p
1



C:\WINDOWS\system32\tsdrd.dll
Infected: not-a-virus:AdWare.Win32.PurityScan.hk
1



The selected area was scanned.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:26 AM

Posted 29 December 2008 - 09:47 AM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\system32\govegomu.dll
    C:\WINDOWS\system32\msrdo20x21.dll
    C:\WINDOWS\system32\removefunc.ram
    C:\WINDOWS\system32\tsdrd.dll
    C:\Documents and Settings\Trevor\My Documents\download\xnexthendrix214x\FlyakiteOSX v3.5.exe
    C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt
    C:\61.tmp
    c:\windows\Tasks\At?.job
    c:\windows\Tasks\At??.job
    c:\windows\system32\yijazowi.dll
    c:\windows\system32\hajutuki.dll
    c:\windows\system32\berikeki.dll
    c:\windows\system32\gayusomi.dll
    c:\windows\system32\fomegozu.dll
    c:\windows\system32\bolanefi.dll
    c:\windows\system32\jepewosi.dll
    c:\windows\system32\tipifipo.dll
    c:\windows\system32\jibuvuna.dll
    c:\windows\system32\bewihafe.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09470e34-1919-4cec-91db-adbee439bf30}]
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please post a new log from Combofix.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Sartana

Sartana
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 02 January 2009 - 01:31 AM

OTMoveIt 3 crashed after I used it the first time. I used it again afterwards so, the following is probably useless. Sorry!

========== FILES ==========
File/Folder C:\WINDOWS\system32\govegomu.dll not found.
File/Folder C:\WINDOWS\system32\msrdo20x21.dll not found.
File/Folder C:\WINDOWS\system32\removefunc.ram not found.
File/Folder C:\WINDOWS\system32\tsdrd.dll not found.
File/Folder C:\Documents and Settings\Trevor\My Documents\download\xnexthendrix214x\FlyakiteOSX v3.5.exe not found.
File/Folder C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt not found.
File/Folder C:\61.tmp not found.
File/Folder c:\windows\Tasks\At?.job not found.
File/Folder c:\windows\Tasks\At??.job not found.
File/Folder c:\windows\system32\yijazowi.dll not found.
File/Folder c:\windows\system32\hajutuki.dll not found.
File/Folder c:\windows\system32\berikeki.dll not found.
File/Folder c:\windows\system32\gayusomi.dll not found.
File/Folder c:\windows\system32\fomegozu.dll not found.
File/Folder c:\windows\system32\bolanefi.dll not found.
File/Folder c:\windows\system32\jepewosi.dll not found.
File/Folder c:\windows\system32\tipifipo.dll not found.
File/Folder c:\windows\system32\jibuvuna.dll not found.
File/Folder c:\windows\system32\bewihafe.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09470e34-1919-4cec-91db-adbee439bf30}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Trevor\LOCALS~1\Temp\~DF3864.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Trevor\LOCALS~1\Temp\~DF4EF7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_524.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT06327.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0632a.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\igml1mra.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\igml1mra.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\igml1mra.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\igml1mra.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Trevor\Local Settings\Application Data\Mozilla\Firefox\Profiles\igml1mra.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12292008_232528




ComboFix 08-12-31.01 - Trevor 2009-01-02 3:08:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.260 [GMT -8:00]
Running from: c:\documents and settings\Trevor\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\adiniriv.ini
c:\windows\system32\arabadep.ini
c:\windows\system32\asizizag.ini
c:\windows\system32\beperuka.dll
c:\windows\system32\betifupu.dll
c:\windows\system32\bodizeya.dll
c:\windows\system32\dojisino.dll
c:\windows\system32\ejumusuv.ini
c:\windows\system32\etameneh.ini
c:\windows\system32\febudipi.dll
c:\windows\system32\femififi.dll
c:\windows\system32\heyehupi.dll
c:\windows\system32\ipuheyeh.ini
c:\windows\system32\jimekaju.dll
c:\windows\system32\lanimaye.dll
c:\windows\system32\odorisuj.ini
c:\windows\system32\oyamibev.ini
c:\windows\system32\powirimu.dll
c:\windows\system32\pusogumu.dll
c:\windows\system32\rohitelu.dll
c:\windows\system32\rojisabo.dll
c:\windows\system32\sazukojo.dll
c:\windows\system32\soyeviwa.dll
c:\windows\system32\telelepu.dll
c:\windows\system32\turazapu.dll
c:\windows\system32\umugosup.ini
c:\windows\system32\upufiteb.ini
c:\windows\system32\vagazodi.dll
c:\windows\system32\vajafeti.dll
c:\windows\system32\vebimayo.dll
c:\windows\system32\virinida.dll
c:\windows\system32\vusumuje.dll
c:\windows\system32\wefeyubi.dll
c:\windows\system32\wuyeligo.dll
c:\windows\system32\yomudaki.dll

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-29 23:17 . 2008-12-29 23:17 <DIR> d-------- C:\_OTMoveIt
2008-12-28 23:03 . 2008-12-28 23:03 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 23:03 . 2008-12-28 23:03 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 11:15 --------- d-----w c:\documents and settings\Trevor\Application Data\OpenOffice.org2
2009-01-02 10:59 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-29 07:02 --------- d-----w c:\program files\Java
2008-12-19 04:54 3,082,240 ----a-w c:\windows\Internet Logs\xDB67.tmp
2008-12-11 11:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-29 05:09 --------- d-----w c:\program files\Diablo II
2008-11-15 00:57 --------- d-----w c:\documents and settings\Trevor\Application Data\Azureus
2008-10-26 06:30 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-10-26 06:30 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-10-26 06:30 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-10-26 06:20 94,208 ----a-w c:\windows\DIIUnin.exe
2008-10-26 06:20 2,829 ----a-w c:\windows\DIIUnin.pif
2008-10-20 18:40 2,297,856 ----a-w c:\windows\Internet Logs\xDB66.tmp
2008-10-12 05:35 52,736 ----a-w c:\windows\ipuninst.exe
2008-10-03 07:50 13,497,240 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-03 07:49 2,258,944 ----a-w c:\windows\Internet Logs\xDB65.tmp
2007-11-16 06:09 1,056 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-26 11:54 54,272 --sha-w c:\windows\system32\walikahe.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-21_23.12.55.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-04-13 10:19:56 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-12-29 07:03:05 144,792 ----a-w c:\windows\system32\java.exe
- 2005-04-13 10:20:04 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-29 07:03:05 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-04-13 11:48:54 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-29 07:03:05 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-12-22 07:09:23 16,116 ----a-w c:\windows\system32\tablet.dat
+ 2009-01-02 11:15:38 16,116 ----a-w c:\windows\system32\tablet.dat
+ 2009-01-02 11:15:28 16,384 ----atw c:\windows\temp\Perflib_Perfdata_25c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 68856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bart Station"="c:\program files\ISP50\hta\station.sbrt" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VerizonServicepoint.exe"="c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-06-18 968696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-30 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\Trevor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 110592]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 110592]
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2007-08-27 125624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-12-31 118784]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-09-03 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trevor_the_vengeful\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trevor_the_vengeful\\half-life 2\\hl2.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141796478\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\verizon\\Servicepoint\\VerizonServicepoint.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 3.0\\PhotoshopElementsFileAgent.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{09470e34-1919-4cec-91db-adbee439bf30} - c:\windows\system32\soyeviwa.dll


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Trevor\Application Data\Mozilla\Firefox\Profiles\igml1mra.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 03:15:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*P*NULL*O*NULL*R*NULL*E*NULL*"!]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,76,02,00,00,01,00,00,00,05,00,00,00,78,00,\
00,00,00,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,\
00,46,08,00,00,2e,39,05,06,20,00,45,41,48,45,4c,50,7e,31,2e,4c,4e,4b,00,00,\
2e,00,03,00,04,00,ef,be,2e,39,05,06,2e,39,85,9b,14,00,00,00,45,00,41,00,20,\
00,48,00,65,00,6c,00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,\
0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,00,00,01,00,00,\
00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,00,be,05,00,00,\
2e,39,05,06,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,2e,00,03,00,04,\
00,ef,be,2e,39,05,06,2e,39,85,9b,14,00,00,00,52,00,65,00,61,00,64,00,20,00,\
4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,7c,00,00,00,02,00,00,00,6e,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,00,5c,06,00,00,2e,39,05,06,20,\
00,53,50,4f,52,45,43,7e,31,2e,4c,4e,4b,00,00,32,00,03,00,04,00,ef,be,2e,39,\
05,06,2e,39,85,9b,14,00,00,00,53,00,70,00,6f,00,72,00,65,00,2e,00,63,00,6f,\
00,6d,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,74,00,00,00,03,00,00,00,66,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,54,00,32,00,58,07,00,00,2e,39,05,06,20,00,\
53,50,4f,52,45,7e,31,2e,4c,4e,4b,00,2c,00,03,00,04,00,ef,be,2e,39,05,06,2e,\
39,85,9b,14,00,00,00,53,00,50,00,4f,00,52,00,45,00,22,21,2e,00,6c,00,6e,00,\
6b,00,00,00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,\
00,00,00,8a,00,00,00,04,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,6a,00,32,00,d3,07,00,00,2e,39,05,06,20,00,55,4e,49,4e,53,54,7e,31,2e,\
4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,2e,39,05,06,2e,39,86,9b,14,00,00,00,\
55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,53,00,50,00,4f,\
00,52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-1454471165-436374069-839522115-1004\Software\SecuROM\License information*NULL*]
@Security="Inherited"
"datasecu"=hex:67,e7,8b,2f,e5,aa,d2,47,87,13,21,44,e1,d6,f0,7d,5b,06,b1,24,87,\
76,56,4c,99,b0,24,9a,e7,54,c2,81,76,8b,67,64,bd,75,0b,46,77,40,4b,67,af,b1,\
df,c7,35,4b,f5,bd,ce,f3,a8,dd,29,b7,53,8d,04,31,7b,af,57,56,c8,ff,de,a7,87,\
6b,b4,fb,e5,af,f1,a3,fb,5d,e4,56,77,03,71,61,e6,f2,39,cd,0a,e4,2c,09,05,e0,\
a6,64,28,f4,2d,65,12,3e,3a,98,20,98,fc,44,1c,93,ae,04,68,3b,20,5f,ab,c7,68,\
f8,1d,b8,ee,b0,7e,f0,f8,a6,33,ea,47,25,67,e1,ee,7f,e6,ad,8d,2e,9c,f8,c6,29,\
14,b5,45,3e,b4,d5,be,81,01,41,f8,b6,f6,b3,d2,f8,d6,93,a4,5e,56,85,9f,9e,14,\
54,ce,86,f6,09,d6,23,85,73,15,35,fb,2c,36,c5,09,8e,99,d3,98,04,15,15,9d,b5,\
f1,e1,4c,4c,4c,69,70,9f,22,d2,41,5f,ad,d3,75,89,43,b4,86,d1,cf,64,70,26,4f,\
c5,a1,ac,17,0a,3d,5b,89,e9,b2,24,50,80,d2,e6,f5,e1,2d,d0,60,7b,c4,37,2a,27,\
87,c5,2c,91,2f,92,52,89,56,21,6e,ee,e3,c1,b0,ce,df,16,bd,0d,6a,4c,b3,7b,22,\
7b,72,b4,f3,81,e9,4f,e4,a4,3e,77,5e,00,45,47,be,61,e5,a6,2f,d9,81,7f,a1,67,\
a0,31,9d,83,cc,cc,60,a8,01,7d,55,b9,de,19,ad,2e,dc,f7,73,84,01,61,25,59,0a,\
33,67,57,41,77,71,13,b9,31,79,f0,c6,91,2b,fe,76,ba,d5,06,5a,ae,53,c0,a3,72,\
76,28,cb,b3,25,a4,26,9b,9f,b8,c6,09,86,c5,13,a5,c7,02,04,05,a2,05,75,46,3f,\
25,36,d9,20,5a,67,bd,03,89,3a,28,20,a7,67,93,17,71,96,1c,fa,8e,11,39,5e,da,\
d8,a0,c0,2f,15,d5,37,c5,1a,46,d5,d9,e3,5e,83,92,6c,17,0e,4c,87,f8,d2,d5,db,\
bd,ed,cf,cb,16,07,ec,4b,cd,ad,57,ca,9b,59,d1,3c,5e,88,f2,19,86,21,dd,34,e3,\
41,9a,78,63,11,9b,f5,77,fa,03,d6,b2,ce,32,6b,e5,00,81,d2,d4,f5,c7,f8,f2,e5,\
60,46,b4,06,54,b5,92,d2,68,2a,f0,bb,68,b8,5f,d5,2e,1f,6b,2c,8c,b0,82,96,a8,\
2f,9c,9f,dc,2a,f4,3b,64,d9,b9,31,c7,f1,3b,f9,6a,03,96,7e,15,a6,88,58,e3,b3,\
0f,0f,94,57,e5,2a,76,09,5a,5b,eb,92,a5,d2,8f,26,6d,69,27,15,bf,e2,73,7a,14,\
e3,a7,d4,3b,0a,a1,ba,96,1e,40,5b,5f,08,84,91,f7,6a,3c,7c,d5,e3,3e,a4,2c,b0,\
f0,1e,27,09,a4,21,84,91,24,7a,40,6d,6b,22,6a,07,7a,18,39,90,a8,67,cc,d7,5a,\
b8,31,ee,96,c2,51,1c,46,15,d9,02,ea,c7,9a,07,0b,30,8a,45,a4,7b,0b,93,63,9a,\
f1,20,77,25,ce,63,b8,fb,cf,62,be,c3,61,58,8a,c6,83,df,e7,e6,f7,7b,18,71,4b,\
ac,f5,1f,c4,72,0e,36,c4,4c,30,3f,ac,3b,5e,d6,06,4b,99,33,4d,32,62,79,cc,6f,\
9e,21,68,c1,bd,46,2d,e9,76,ed,73,21,66,ec,69,2c,60,e1,d5,2c,97,da,ab,c8,d9,\
24,17,b3,7c,5c,f0,92,19,8a,9b,3c,63,e0,db,32,53,28,f9,7c,fc,b5,52,c0,53,62,\
6b,9e,7a,45,76,08,25,e0,31,c6,57,66,5f,14,48,d5,f7,f6,98,34,66,05,33,71,ab,\
e1,b8,7b,9e,41,98,0c,35,8e,34,e9,f6,fc,2b,e1,75,d5,0a,f4,bf,cf,76,84,ab,55,\
7b,d1,d1,10,a2,b0,3e,99,10,70,7d,cf,5d,d1,db,f1,25,7f,de,e0,0e,f1,78,15,80,\
de,f7,bd,8f,2f,93,66,7d,66,9c,c2,4b,3d,70,e6,23,a7,d8,97,1d,49,33,38,fa,85,\
ea,70,08,e1,14,5b,9a,63,da,8e,fc,4f,83,8a,53,9d,1e,29,25,d1,60,86,ca,1d,2b,\
86,02,0a,22,5e,09,5c,3c,e7,a5,bd,c8,ba,24,4e,59,b5,a7,7e,28,fb,fa,c9,91,d5,\
ca,b0,cc,a7,a9,45,0a,1c,36,fe,31,14,92,42,47,fe,68,12,28,89,5d,d5,90,29,ba,\
0c,2c,a9,87,d4,74,6e,1b,4b,cb,28,a2,d8,5c,30,b3,41,b4,66,61,74,5b,4b,b7,48,\
73,7f,03,c0,e3,c9,6e,f3,20,09,ac,87,a8,c5,c8,d4,2c,59,1b,31,63,ee,79,85,a6,\
83,ea,6a,75,ef,3c,0b,21,4c,41,71,37,8b,bb,6a,ec,06,20,f4,8e,8e,14,fe,4a,f4,\
09,53,ad,c4,0f,88,cd,34,96,9a,26,4a,41,b5,e9,5d,da,84,ae,3c,ba,66,7c,64,69,\
23,12,6b,af,e2,6d,98,20,d7,a5,cc,2d,f7,56,fe,5b,05,85,b9,43,99,8c,35,06,18,\
79,f1,a5,e0,21,fa,5c,16,09,60,1c,08,b3,c8,e3,26,e0,ae,1c,88,4e,f6,53,78,68,\
36,d3,f0,74,7f,25,cf,87,3c,f1,dc,3a,70,fa,b5,5a,5f,0b,ee,2e,14,ff,23,76,8e,\
48,59,b1,d0,30,d6,d5,10,1e,e8,86,da,13,5b,ab,e6,92,cf,27,ef,ec,61,24,5e,72,\
53,46,b4,4c,c6,99,ca,67,c5,82,a7,61,85,c1,66,c1,c2,c2,a3,e2,09,2e,0c,68,98,\
9a,fe,f4,bf,b9,c0,1e,47,f0,fe,75,32,de,63,dd,56,6b,21,36,4a,59,72,bf,a4,6c,\
3e,c8,b3,3b,86,d3,3c,82,a8,c6,8f,1c,ba,57,e6,62,9d,20,86,e8,1a,0e,cf,08,c1,\
47,86,d3,2a,51,b2,b7,be,8c,80,99,83,a6,a8,70,2a,48,27,7e,fc,26,c8,83,02,90,\
a9,2b,a5,d4,75,30,82,ab,4c,40,3b,98,4e,76,a1,16,77,dc,1d,db,9b,93,f9,0b,43,\
73,bc,c5,50,32,c8,8c,09,56,7b,d2,cc,d6,2b,e1,39,cc,11,4e,82,d5,62,d6,7c,ff,\
34,88,a2,8a,7b,24,e3,6d,34,a7,16,8b,f2,28,38,98,bc,90,96,47,55,ec,bb,d7,5c,\
67,d9,f9,4b,93,0f,4a,6c,f8,ae,67,93,bd,51,72,fa,39,4f,c2,ca,16,a0,4f,1d,5b,\
b1,16,cf,af,08,f2,1b,b5,e8,95,9c,b5,e5,92,28,a2,19,be,f7,6a,45,8a,28,14,eb,\
ec,01,f1,85,a6,8e,99,d8,fd,ce,54,97,71,05,08,f1,c8,22,a3,51,97,c3,55,ae,26,\
da,f6,40,c4,dc,52,a9,63,0d,59,27,47,d4,42,6a,0b,34,3a,02,81,e9,3d,3d,b3,8c,\
aa,c4,6b,c3,81,1d,5e,ab,41,34,98,20,b2,90,91,00,ed,dd,3d,fc,00,6b,12,5d,10,\
dd,97,32,b2,d4,70,f8,45,99,d9,e6,f0,04,52,93,e7,e4,b9,a8,bb,4f,b4,2b,5e,6c,\
08,d8,52,15,16,ef,54,88,3a,87,52,28,a7,c8,79,50,a5,cb,9a,66,d6,50,70,4b,95,\
9a,8e,b3,c8,74,e2,a5,a4,18,9f,e9,9c,ad,a8,c1,10,93,5a,dd,f2,8f,a1,eb,24,00,\
02,80,9c,6c,0f,91,12,85,70,cf,a8,ce,7b,7e,fc,75,fc,15,fb,74,75,6c,e9,ef,d0,\
a5,00,a4,8e,90,31,f6,b3,1a,60,bb,67,73,8f,90,33,21,62,cd,10,ee,9d,89,33,2e,\
c1,77,d1,89,2f,ea,e3,71,ec,af,90,e5,71,13,66,b4,34,75,c5,ed,11,cd,d9,52,94,\
a6,60,3c,89,b0,2b,14,01,14,65,88,5d,6d,d4,bf,f0,96,c3,93,12,b3,ff,34,13,8d,\
ee,fc,7f,4e,30,28,a7,eb,8b,d5,eb,73,bf,ce,ac,37,43,61,14,0a,9c,59,16,55,e9,\
c6,5f,9b,6e,cb,bd,c6,f7,29,64,bc,cd,c9,c3,57,26,77,30,21,0d,a1,83,c3,9f,e3,\
70,15,52,ec,34,82,22,b4,5d,4c,0f,db,53,3d,bf,e9,70,2a,3a,03,47,3b,ce,a2,17,\
9d,ed,72,02,0c,f8,3d,45,b7,ec,8e,f0,bc,4d,b3,6b,42,03,2c,00,41,6e,5b,8e,99,\
10,86,c1,fe,c0,d5,ab,db,80,42,2e,8a,a0,57,5d,75,85,55,05,0e,e3,54,b2,24,f9,\
cf,38,c8,9b,8e,57,0e,a5,20,e5,b7,e0,08,3f,c8,df,ed,b7,a2,52,c3,c1,16,5d,a5,\
90,9c,b4,61,a3,c3,8e,b6,7e,ac,ae,99,6c,bf,1a,3a,8c,0e,38,20,ad,4f,3a,91,36,\
76,17,7c,41,5a,f9,90,05,f3,fb,9e,23,72,c2,da,a7,ce,41,98,ef,72,b5,5e,5c,8b,\
02,a7,9f,65,15,ec,9f,58,05,49,08,b3,69,f7,5b,65,b1,64,02,16,b3,c2,7e,50,22,\
78,22,b1,5b,09,13,e4,39,6c,55,e3,99,2c,b2,a8,f8,44,69,82,5e,02,10,37,95,4b,\
26,4f,a7,1a,be,3f,5f,36,cd,dd,99,df,91,e5,a4,42,f4,f1,06,6e,52,6b,e6,77,68,\
13,cc,5e,f7,4e,d8,fc,fe,19,9e,16,47,f4,64,4b,5a,44,0f,07,5e,7c,12,44,35,70,\
be,b1,be,a3,aa,1a,31,2c,7c,a8,bc,a1,b5,c8,3d,ae,fd,80,c6,b2,f6,fc,50,9a,84,\
2b,0f,1d,df,d9,d3,ee,d0,68,d7,73,01,c0,d1,9a,04,bf,83,f2,9d,a5,92,b2,4d,35,\
c6,fe,b8,86,7a,eb,73,6d,26,40,24,c6,bf,d1,46,57,7e,a7,08,ac,7a,35,b4,17,fe,\
a5,e1,b1,37,ba,d9,9e,74,8c,10,10,db,b8,d5,42,e4,87,6f,6d,a7,20,4a,40,d0,dc,\
ae,40,d0,c4,b6,c0
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\TGN, Inc.\GameTap]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1454471165-436374069-839522115-1004
@Denied: (Full) (Guests)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (S-1-5-11)
"Guid"="FB2EBB8E-3C46-0DD7-D80A-0A0902340367"
"RegenerateGuid"=dword:00000001
"gametapVersion"="3.5.6.2459"
"gtEULAVersion"="1.6"
"hasRunSystemCheck"="true"
"playerOnly"="false"
"uiId"="-1"
"RunId"=dword:00000004
"NoPartialRepaints"="false"
"OSSharedData"="C:/Documents and Settings/All Users/Application Data/GameTap/"
"InstallStatus"=dword:00000000
"Errors"=dword:00000001
"Warnings"=dword:00000002
"Alerts"=dword:00000000
"ObserverId"="FB2EBB8E.3C46.0DD7.D80A.0A0902340367"
"FirstRunDate"="2008-10-10T04:50:35Z"
"postType"=dword:00000002
"catalogVersion"="2008-10-08_12:06:57 3.5"
"screenName"="Sartana214"
"accountId"="4730720"
"accountType"="customer"
"firstLoginDate"="2008-10-10T04:53:52Z"
"exitedClean"="true"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ISP50\Bin\BartShel.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ISP50\Bin\PPShared.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\ewido anti-spyware 4.0\guard.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.bin
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-01-02 3:20:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-02 11:19:40
ComboFix2.txt 2008-12-25 09:10:01
ComboFix3.txt 2008-12-22 07:13:41

Pre-Run: 17,844,359,168 bytes free
Post-Run: 18,065,227,776 bytes free

359

No sign of what I had... I'll update if anything turns up!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:26 AM

Posted 02 January 2009 - 10:04 AM

We need to clean up any remnants leftover from Combofix and OTMoveIt3.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:26 AM

Posted 10 January 2009 - 10:30 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users