Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009, trojans, can't run Windows Update


  • This topic is locked This topic is locked
9 replies to this topic

#1 Llyn

Llyn

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 31 January 2009 - 05:02 PM

Running XP home, IE 7 and Trend Internet Security Pro. Have had several Trojans, all quarantined or removed, over the last couple weeks. Antivirus 2009 "your PC is infected!" comes up over and over whenever I have IE open. Also getting lots of other blocked popups (I say blocked, but Trend doesn't just block them, it shows me a "blocked" message, so I'm still pelted with extra windows). Have run Adaware and Spybot with no real improvement. I considered switching to McAfee (available to me from my ISP), but can't in part because I can't run Windows Update, as the service disables itself every time I start it up. I have had to do two restores from setpoints after trojans, so I'm sure Windows does need updating. Sure hoping to get some help from the good people here (and hoping I've done this properly so that you can).

DDS log:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Lynn Springle at 14:43:45.70 on Sat 01/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.827 [GMT -5:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\ntbackup.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Lynn Springle\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {4fe34b02-1a5e-4d29-b203-2536b1d814ae} - c:\windows\system32\cl.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {278b5ad3-c698-e9fa-35d4-539d75c5ad47}: {74da5c57-d935-4d53-af9e-896c3da5b872} - c:\windows\system32\bwwxjh.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {adb4b028-fba7-460b-a003-4419800415cc} - c:\windows\system32\basesr.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\common\_helper.dll
BHO: {b9372a90-0696-4f7d-8c1a-09a9de41a2e5} - c:\windows\system32\hawalupe.dll
BHO: TSToolbarBHO: {c1656cca-d2ea-4a32-94ae-ae0b180e6449} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Transaction Protector: {e7620c98-fccc-40e5-92ec-c7685d2e1e40} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [SkypeClient] "c:\program files\pdt\voipvoiceintegration\VoIPVoice Integration.exe"
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [CPM870f4c2e] Rundll32.exe "c:\windows\system32\yazelado.dll",a
mRun: [843c7fb2] rundll32.exe "c:\windows\system32\jovireha.dll",b
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [divuwowufu] Rundll32.exe "c:\windows\system32\ladahawe.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\DELLNE~1.LNK -
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5498/mcfscan.cab
Filter: text/html - {f68ae8a2-9206-4c7d-a261-12cce881c438} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\zadamobu.dll bwwxjh.dll c:\windows\system32\yazelado.dll,c:\windows\system32\dorugeba.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ieModule - {D364F3BB-CAEF-4FAD-9607-C13BC8305B08} -
SSODL: InternetConnection - {F2CDE10E-1796-4FEF-9DB5-B9700A7A3087} -
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yazelado.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\yazelado.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\deniyiri.dll c:\windows\system32\dorugeba.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lynnsp~1\applic~1\mozilla\firefox\profiles\pf70b7rz.default\
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-12-16 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-4-24 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-4-24 648456]
R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2008-4-26 15232]
R4 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 942416]
R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-4-24 52240]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-12-16 36368]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-27 24652]

=============== Created Last 30 ================

2009-01-31 14:40 <DIR> --d----- c:\windows\system32\NtmsData
2009-01-26 17:23 1,479,362 ---sh--- c:\windows\system32\aherivoj.ini
2009-01-25 22:34 1,386,710 ---sh--- c:\windows\system32\utobamor.ini
2009-01-25 22:34 133,389 a--sh--- c:\windows\system32\bwwxjh.dll
2009-01-23 22:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-22 19:42 133,409 a--sh--- c:\windows\system32\ykzdrf.dll
2009-01-21 22:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-21 22:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 22:29 <DIR> --d----- c:\program files\Lavasoft
2009-01-20 21:01 1,386,710 ---sh--- c:\windows\system32\amobameh.ini
2009-01-19 21:30 1,359,059 ---sh--- c:\windows\system32\ayewilus.ini
2009-01-18 22:34 1,355,377 ---sh--- c:\windows\system32\ewofehiv.ini
2009-01-18 19:19 <DIR> --d----- c:\windows\pss
2009-01-18 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-01-18 18:28 61,224 a------- c:\documents and settings\lynn springle\GoToAssistDownloadHelper.exe
2009-01-18 16:38 <DIR> --d----- c:\windows\McAfee.com
2009-01-18 10:34 1,355,377 ---sh--- c:\windows\system32\ibopipad.ini
2009-01-17 22:34 1,355,386 ---sh--- c:\windows\system32\afanuhub.ini
2009-01-17 10:42 1,355,364 ---sh--- c:\windows\system32\esuraboj.ini
2009-01-17 10:33 133,740 a--sh--- c:\windows\system32\zioecl.dll
2009-01-17 10:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-01-17 09:33 1,355,355 ---sh--- c:\windows\system32\udubudos.ini
2009-01-17 02:08 1,003,957 a------- c:\windows\sysexplorer.exe
2009-01-17 02:08 51,197 a------- c:\windows\spoolsystem.exe
2009-01-17 02:08 47,872 a------- c:\windows\syscert.exe
2009-01-17 02:08 18,941 a------- c:\windows\vmreg.dll
2009-01-17 01:29 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-17 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-17 01:11 134,149 a------- c:\windows\reged.exe
2009-01-17 01:11 50,620 a------- c:\windows\sys.com
2009-01-17 01:11 <DIR> --d----- c:\program files\Spyware Guard 2009
2009-01-17 00:54 27,141 a------- c:\docume~1\alluse~1\applic~1\svhost.exe
2009-01-17 00:54 2,201 a------- c:\windows\system32\TDSSxekj.dll
2009-01-17 00:54 441 a------- c:\windows\system32\TDSSweat.dat
2009-01-15 19:36 131,822 a------- c:\windows\system32\vjpkmi.dll
2009-01-15 19:36 6,770 ---sh--- c:\windows\system32\yudenoze.dll
2009-01-15 19:36 6,770 ---sh--- c:\windows\system32\likodilu.dll
2009-01-14 22:55 131,775 a------- c:\windows\system32\btbtuy.dll
2009-01-14 22:52 6,770 ---sh--- c:\windows\system32\tofuropi.dll
2009-01-11 21:31 1,226,008 ---sh--- c:\windows\system32\esarazel.ini
2009-01-11 15:34 16,384 a------- c:\windows\DCEBoot.exe
2009-01-06 19:53 1,279,254 ---sh--- c:\windows\system32\ulatitem.ini

==================== Find3M ====================

2009-01-31 09:31 7,090 a--sh--- c:\windows\system32\deborose.dll
2009-01-31 09:31 6,984 a--sh--- c:\windows\system32\hunazazi.dll
2009-01-31 09:31 6,927 a--sh--- c:\windows\system32\wukanipo.dll
2009-01-30 21:30 7,065 a--sh--- c:\windows\system32\wojifizi.dll
2009-01-30 21:30 7,043 a--sh--- c:\windows\system32\zakubigu.dll
2009-01-30 21:30 6,879 a--sh--- c:\windows\system32\koleyihi.dll
2009-01-30 09:30 7,021 a--sh--- c:\windows\system32\bunijufu.dll
2009-01-30 09:30 6,956 a--sh--- c:\windows\system32\pahiboji.dll
2009-01-30 09:30 6,928 a--sh--- c:\windows\system32\govezamu.dll
2009-01-30 08:30 63,714 a--sh--- c:\windows\system32\wisahiri.dll
2009-01-29 20:29 7,000 a--sh--- c:\windows\system32\tedutoki.dll
2009-01-29 20:29 6,963 a--sh--- c:\windows\system32\gigahone.dll
2009-01-29 20:29 6,963 a--sh--- c:\windows\system32\bakegeke.dll
2009-01-29 20:29 7,052 a--sh--- c:\windows\system32\vadopopa.dll
2009-01-29 08:29 7,125 a--sh--- c:\windows\system32\lopisedu.dll
2009-01-29 08:29 6,998 a--sh--- c:\windows\system32\lenuhuse.dll
2009-01-29 08:29 6,944 a--sh--- c:\windows\system32\poyekeku.dll
2009-01-29 08:29 6,883 a--sh--- c:\windows\system32\mizonuzi.dll
2009-01-28 20:29 6,977 a--sh--- c:\windows\system32\pafewamu.dll
2009-01-28 20:29 6,891 a--sh--- c:\windows\system32\ketosegi.dll
2009-01-28 20:29 6,974 a--sh--- c:\windows\system32\yokumawe.dll
2009-01-28 20:29 6,892 a--sh--- c:\windows\system32\hofubayi.dll
2009-01-27 21:23 6,975 a--sh--- c:\windows\system32\janaluko.dll
2009-01-27 21:23 6,947 a--sh--- c:\windows\system32\pimasebi.dll
2009-01-27 21:23 6,845 a--sh--- c:\windows\system32\sadujoka.dll
2009-01-27 21:23 7,018 a--sh--- c:\windows\system32\laboyaze.dll
2009-01-27 07:07 7,003 a--sh--- c:\windows\system32\budasazo.dll
2009-01-27 07:07 6,980 a--sh--- c:\windows\system32\dilizope.dll
2009-01-27 07:07 6,889 a--sh--- c:\windows\system32\dehageja.dll
2009-01-26 18:23 6,929 a--sh--- c:\windows\system32\kelesopu.dll
2009-01-26 18:23 6,928 a--sh--- c:\windows\system32\buyinuni.dll
2009-01-26 18:23 7,045 a--sh--- c:\windows\system32\radasufu.dll
2009-01-26 17:23 72,314 a--sh--- c:\windows\system32\beloniwa.dll
2009-01-26 17:23 93,441 -------- c:\windows\system32\jovireha.dll
2009-01-25 22:34 133,389 a--sh--- c:\windows\system32\lapomefe.dll
2009-01-25 22:34 98,975 a--sh--- c:\windows\system32\yazelado.dll
2009-01-25 22:34 85,720 -------- c:\windows\system32\romabotu.dll
2009-01-25 10:33 7,108 a--sh--- c:\windows\system32\yubejedo.dll
2009-01-25 10:33 7,057 a--sh--- c:\windows\system32\yoranata.dll
2009-01-25 10:33 6,971 a--sh--- c:\windows\system32\zurilule.dll
2009-01-24 20:43 7,043 a--sh--- c:\windows\system32\tagutezu.dll
2009-01-24 20:43 6,987 a--sh--- c:\windows\system32\nazoluha.dll
2009-01-24 20:43 6,970 a--sh--- c:\windows\system32\ruhufuga.dll
2009-01-24 08:43 7,012 a--sh--- c:\windows\system32\vororeni.dll
2009-01-24 08:43 6,958 a--sh--- c:\windows\system32\sahahura.dll
2009-01-24 08:43 6,858 a--sh--- c:\windows\system32\juhalobo.dll
2009-01-23 20:43 6,992 a--sh--- c:\windows\system32\royabido.dll
2009-01-23 20:43 6,969 a--sh--- c:\windows\system32\nunahiha.dll
2009-01-23 20:43 6,870 a--sh--- c:\windows\system32\gahikilu.dll
2009-01-23 08:42 7,076 a--sh--- c:\windows\system32\befavesi.dll
2009-01-23 08:42 7,031 a--sh--- c:\windows\system32\zohoketi.dll
2009-01-23 08:42 6,942 a--sh--- c:\windows\system32\yegitubu.dll
2009-01-22 20:42 7,055 a--sh--- c:\windows\system32\zofufelo.dll
2009-01-22 20:42 7,037 a--sh--- c:\windows\system32\natojuza.dll
2009-01-22 20:42 6,991 a--sh--- c:\windows\system32\yuzubayi.dll
2009-01-22 19:42 133,409 a--sh--- c:\windows\system32\pozalihi.dll
2009-01-22 19:42 65,250 a--sh--- c:\windows\system32\gitoribo.dll
2009-01-22 19:42 192,512 a------- c:\windows\system32\kdfvmgr.exe
2009-01-22 19:42 77,824 a------- c:\windows\system32\kdfapi.dll
2009-01-22 19:42 53,248 a------- c:\windows\system32\Kdfhok.dll
2009-01-22 19:42 726,568 a------- c:\windows\system32\kdfmgr.exe
2009-01-21 21:24 6,994 a--sh--- c:\windows\system32\figemami.dll
2009-01-21 21:24 7,092 a--sh--- c:\windows\system32\wiromega.dll
2009-01-21 21:24 7,010 a--sh--- c:\windows\system32\peyofosa.dll
2009-01-20 21:01 63,675 a--sh--- c:\windows\system32\mimuyawi.dll
2009-01-20 21:01 99,526 a--sh--- c:\windows\system32\pabehoso.dll
2009-01-20 21:01 87,266 -------- c:\windows\system32\hemaboma.dll
2009-01-19 21:30 87,207 -------- c:\windows\system32\suliweya.dll
2009-01-18 22:34 99,549 a--sh--- c:\windows\system32\tonasuta.dll
2009-01-18 10:34 100,539 a--sh--- c:\windows\system32\vukefese.dll
2009-01-18 10:34 85,085 -------- c:\windows\system32\dapipobi.dll
2009-01-17 10:33 85,300 -------- c:\windows\system32\jobaruse.dll
2009-01-17 10:33 133,740 a--sh--- c:\windows\system32\jokigaju.dll
2009-01-17 10:33 100,609 a--sh--- c:\windows\system32\guzuyavu.dll
2009-01-17 09:33 64,613 a--sh--- c:\windows\system32\nanazine.dll
2009-01-17 09:33 97,481 a--sh--- c:\windows\system32\tebleepe.dll
2009-01-17 09:33 85,130 a--sh--- c:\windows\system32\sodubudu.dll
2009-01-17 01:09 90,112 a------- c:\windows\DUMP34ea.tmp
2009-01-16 20:59 7,030 a--sh--- c:\windows\system32\bovutuna.dll
2009-01-16 20:59 6,994 a--sh--- c:\windows\system32\fayuwula.dll
2009-01-16 20:59 6,924 a--sh--- c:\windows\system32\dineweso.dll
2009-01-16 20:59 6,971 a--sh--- c:\windows\system32\nozimoga.dll
2009-01-16 07:58 6,904 a--sh--- c:\windows\system32\gupabufo.dll
2009-01-16 07:58 7,061 a--sh--- c:\windows\system32\zopiyinu.dll
2009-01-16 07:58 6,855 a--sh--- c:\windows\system32\vawuvate.dll
2009-01-15 20:36 68,737 a------- c:\windows\system32\dazonato.dll
2009-01-15 19:36 131,822 a------- c:\windows\system32\ramamibe.dll
2009-01-14 22:55 131,775 a------- c:\windows\system32\zohihele.dll
2009-01-14 22:55 101,689 a------- c:\windows\system32\gasahamo.dll
2009-01-14 22:55 86,187 -------- c:\windows\system32\pohuyuwo.dll
2009-01-14 11:40 64,295 a--sh--- c:\windows\system32\yofiluzo.dll
2009-01-13 20:39 7,032 a--sh--- c:\windows\system32\yiwoyula.dll
2009-01-13 20:39 7,021 a--sh--- c:\windows\system32\yoyesogu.dll
2009-01-13 20:39 6,973 a--sh--- c:\windows\system32\saguyezo.dll
2009-01-13 20:39 6,874 a--sh--- c:\windows\system32\yotegoba.dll
2009-01-13 07:08 7,108 a--sh--- c:\windows\system32\kebisoti.dll
2009-01-13 07:08 6,918 a--sh--- c:\windows\system32\wujuleza.dll
2009-01-13 07:08 6,986 a--sh--- c:\windows\system32\wufajojo.dll
2009-01-12 17:08 7,004 a--sh--- c:\windows\system32\notosujo.dll
2009-01-12 17:08:35 A--SH--- 6,960 c:\windows\system32\guzadiya.dll
0000-00-00 00:00 6,144 a--sh--- c:\windows\system32\befeleko.dll
0000-00-00 00:00 63,714 a--sh--- c:\windows\system32\dorugeba.dll
0000-00-00 00:00 2,048 a--sh--- c:\windows\system32\dujuledi.dll
2008-09-28 02:39 6,772 a--sh--- c:\windows\system32\fahuhuli.dll
0000-00-00 00:00 63,714 a--sh--- c:\windows\system32\hawalupe.dll
2008-09-27 14:40 63,728 a--sh--- c:\windows\system32\kuzeyogi.dll
0000-00-00 00:00 63,714 a--sh--- c:\windows\system32\ladahawe.dll
0000-00-00 00:00 112,640 a--sh--- c:\windows\system32\pebuhewe.dll
0000-00-00 00:00 6,768 a--sh--- c:\windows\system32\witiwegu.dll
2008-09-09 16:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat

============= FINISH: 14:45:00.60 ===============


HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:13 PM, on 1/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.del...amp;ibd=3080419
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {4FE34B02-1A5E-4D29-B203-2536B1D814AE} - C:\WINDOWS\system32\cl.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: {278b5ad3-c698-e9fa-35d4-539d75c5ad47} - {74da5c57-d935-4d53-af9e-896c3da5b872} - C:\WINDOWS\system32\bwwxjh.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {ADB4B028-FBA7-460B-A003-4419800415CC} - C:\WINDOWS\system32\basesr.dll (file missing)
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll (file missing)
O2 - BHO: (no name) - {b9372a90-0696-4f7d-8c1a-09a9de41a2e5} - C:\WINDOWS\system32\hawalupe.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [CPM870f4c2e] Rundll32.exe "c:\windows\system32\yazelado.dll",a
O4 - HKLM\..\Run: [843c7fb2] rundll32.exe "C:\WINDOWS\system32\jovireha.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [divuwowufu] Rundll32.exe "C:\WINDOWS\system32\ladahawe.dll",s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SkypeClient] "C:\Program Files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://download-games.pogo.com/online2/pog...mesLauncher.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...498/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {f68ae8a2-9206-4c7d-a261-12cce881c438} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\zadamobu.dll bwwxjh.dll c:\windows\system32\yazelado.dll,C:\WINDOWS\system32\dorugeba.dll
O21 - SSODL: ieModule - {D364F3BB-CAEF-4FAD-9607-C13BC8305B08} - (no file)
O21 - SSODL: InternetConnection - {F2CDE10E-1796-4FEF-9DB5-B9700A7A3087} - (no file)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yazelado.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yazelado.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15326 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 01 February 2009 - 10:02 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 February 2009 - 10:54 AM

Thanks for your reply. OK, here's the Combo-Fix log:

ComboFix 09-01-31.03 - Lynn Springle 2009-02-01 10:27:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1236 [GMT -5:00]
Running from: c:\documents and settings\Lynn Springle\Desktop\Combo-Fix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\svhost.exe
c:\program files\Microsoft Common
c:\program files\Spyware Guard 2009
c:\program files\Spyware Guard 2009\conf.cfg
c:\program files\Spyware Guard 2009\mbase.vdb
c:\program files\Spyware Guard 2009\quarantine.vdb
c:\program files\Spyware Guard 2009\queue.vdb
c:\program files\Spyware Guard 2009\vbase.vdb
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\afanuhub.ini
c:\windows\system32\aherivoj.ini
c:\windows\system32\ahoyaboz.ini
c:\windows\system32\amobameh.ini
c:\windows\system32\ayewilus.ini
c:\windows\system32\bavovayo.dll
c:\windows\system32\befeleko.dll
c:\windows\system32\beloniwa.dll
c:\windows\system32\bemadoko.dll.tmp
c:\windows\system32\bojikubu.dll
c:\windows\system32\btbtuy.dll
c:\windows\system32\buhojazi.dll.tmp
c:\windows\system32\bwwxjh.dll
c:\windows\system32\chaowp.dll
c:\windows\system32\dapipobi.dll
c:\windows\system32\dapohoso.dll.tmp
c:\windows\system32\dazonato.dll
c:\windows\system32\debaluti.dll
c:\windows\system32\deniyiri.dll.tmp
c:\windows\system32\dorugeba.dll
c:\windows\system32\dujuledi.dll
c:\windows\system32\esarazel.ini
c:\windows\system32\esuraboj.ini
c:\windows\system32\ewofehiv.ini
c:\windows\system32\gasahamo.dll
c:\windows\system32\gitoribo.dll
c:\windows\system32\gukisoni.dll
c:\windows\system32\guzuyavu.dll
c:\windows\system32\hawalupe.dll
c:\windows\system32\hemaboma.dll
c:\windows\system32\hikikuti.dll
c:\windows\system32\hototire.dll.tmp
c:\windows\system32\ibopipad.ini
c:\windows\system32\ihamofuk.ini
c:\windows\system32\itulabed.ini
c:\windows\system32\izuvubot.ini
c:\windows\system32\jejesahe.dll.tmp
c:\windows\system32\jobaruse.dll
c:\windows\system32\jokigaju.dll
c:\windows\system32\jovireha.dll
c:\windows\system32\jowujino.dll.tmp
c:\windows\system32\judunivu.dll
c:\windows\system32\juperama.dll
c:\windows\system32\kitariji.dll
c:\windows\system32\kizenuku.dll
c:\windows\system32\kulebipu.dll.tmp
c:\windows\system32\ladahawe.dll
c:\windows\system32\lapomefe.dll
c:\windows\system32\lazusoju.dll
c:\windows\system32\lezarase.dll
c:\windows\system32\lofotasa.dll.tmp
c:\windows\system32\mafisule.dll.tmp
c:\windows\system32\mimuyawi.dll
c:\windows\system32\mudubida.dll.tmp
c:\windows\system32\nanazine.dll
c:\windows\system32\niyureva.dll.tmp
c:\windows\system32\onofavan.ini
c:\windows\system32\pabehoso.dll
c:\windows\system32\pebuhewe.dll
c:\windows\system32\pedabara.dll
c:\windows\system32\penotewi.dll.tmp
c:\windows\system32\pohuyuwo.dll
c:\windows\system32\popeyuwi.dll
c:\windows\system32\pozalihi.dll
c:\windows\system32\qlvzjv.dll
c:\windows\system32\ramamibe.dll
c:\windows\system32\rimuneyo.dll.tmp
c:\windows\system32\romabotu.dll
c:\windows\system32\sodubudu.dll
c:\windows\system32\suliweya.dll
c:\windows\system32\tatetimo.dll
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSpltu.dll
c:\windows\system32\TDSSubwm.dat
c:\windows\system32\TDSSweat.dat
c:\windows\system32\TDSSxekj.dll
c:\windows\system32\tebleepe.dll
c:\windows\system32\tewiseni.dll
c:\windows\system32\tobuvuzi.dll
c:\windows\system32\tonasuta.dll
c:\windows\system32\tovisagu.dll.tmp
c:\windows\system32\ubawabon.ini
c:\windows\system32\udubudos.ini
c:\windows\system32\ulatitem.ini
c:\windows\system32\usodatap.ini
c:\windows\system32\utobamor.ini
c:\windows\system32\vagevefo.dll.tmp
c:\windows\system32\vjpkmi.dll
c:\windows\system32\vukefese.dll
c:\windows\system32\wisahiri.dll
c:\windows\system32\wuguzane.dll
c:\windows\system32\yazelado.dll
c:\windows\system32\ykzdrf.dll
c:\windows\system32\yofiluzo.dll
c:\windows\system32\yujukumi.dll
c:\windows\system32\yuvamati.dll.tmp
c:\windows\system32\zadamobu.dll.tmp
c:\windows\system32\zapegisi.dll.tmp
c:\windows\system32\zioecl.dll
c:\windows\system32\zisizaru.dll.tmp
c:\windows\system32\zohihele.dll
c:\windows\system32\zuzadoja.dll
c:\windows\vmreg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-31 15:45 . 2009-01-31 15:45 302,725,120 --a------ C:\OutlookPlus013109.bkf
2009-01-31 15:09 . 2009-01-31 15:34 4,342,892,544 --a------ C:\Sims013109.bkf
2009-01-31 14:50 . 2009-01-31 15:05 2,489,679,872 --a------ C:\Jan312009.bkf
2009-01-31 14:40 . 2009-01-31 16:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-23 22:43 . 2009-01-21 22:30 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-21 22:30 . 2009-01-21 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-21 22:29 . 2009-01-21 22:29 <DIR> d-------- c:\program files\Lavasoft
2009-01-21 22:29 . 2009-01-21 22:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 22:23 . 2009-01-21 22:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-18 18:31 . 2009-01-18 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2009-01-18 18:28 . 2009-01-18 18:28 61,224 --------- c:\documents and settings\Lynn Springle\GoToAssistDownloadHelper.exe
2009-01-18 17:59 . 2009-01-18 17:59 0 --a------ c:\windows\nsreg.dat
2009-01-18 16:38 . 2009-01-18 16:38 <DIR> d-------- c:\windows\McAfee.com
2009-01-17 10:06 . 2009-01-17 10:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-17 01:29 . 2009-01-17 01:32 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 01:29 . 2009-01-17 02:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-15 19:36 . 2009-01-15 19:36 6,770 ---hs---- c:\windows\system32\yudenoze.dll
2009-01-15 19:36 . 2009-01-15 19:36 6,770 ---hs---- c:\windows\system32\likodilu.dll
2009-01-14 22:52 . 2009-01-14 22:52 6,770 ---hs---- c:\windows\system32\tofuropi.dll
2009-01-11 15:34 . 2009-01-23 22:28 16,384 --a------ c:\windows\DCEBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 15:41 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Skype
2009-02-01 15:40 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\skypePM
2009-01-31 19:31 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Roxio
2009-01-30 09:44 --------- d-----w c:\program files\Microsoft IntelliPoint
2009-01-22 02:55 --------- d-----w c:\program files\Trend Micro
2009-01-18 23:15 --------- d-----w c:\program files\Common
2009-01-17 06:20 --------- d-----w c:\program files\Garden Planner v1.4
2009-01-17 06:09 90,112 ----a-w c:\windows\DUMP34ea.tmp
2008-12-26 19:05 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\ICAClient
2008-12-26 16:38 --------- d-----w c:\program files\LEGO Company
2008-12-26 16:36 --------- d-----w c:\program files\Chill
2008-12-26 16:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 04:03 --------- d-----w c:\program files\Common Files\SWF Studio
2008-12-26 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
2008-12-26 03:53 --------- d-----w c:\program files\SmartDraw 2009
2008-12-20 02:21 --------- d-----w c:\program files\SecondLife
2008-12-20 02:19 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\SecondLife
2008-12-13 15:30 --------- d-----w c:\program files\Viewpoint
2008-12-13 15:30 --------- d-----w c:\program files\Common Files\Viewpoint
2008-12-13 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-12 23:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 13:15 --------- d-----w c:\program files\Java
2008-12-07 20:46 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Move Networks
2008-12-03 01:26 --------- d-----w c:\program files\EA GAMES
2008-04-24 00:35 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-28 07:39 6,772 --sha-w c:\windows\system32\fahuhuli.dll
2008-09-27 19:40 63,728 --sha-w c:\windows\system32\kuzeyogi.dll
1601-01-01 00:12 6,768 --sha-w c:\windows\system32\witiwegu.dll
2008-09-09 21:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-12-16 492808]
"SkypeClient"="c:\program files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe" [2005-05-06 57344]
"TrendSecure Remote File Lock"="c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2008-02-15 423248]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-21 507224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled
backup=c:\windows\pss\ListProAlarms.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
backup=c:\windows\pss\Windows Search.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2008-04-24 12:25 202560 c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 08:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 11:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 07:07 8491008 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2007-09-17 10:56 124200 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 08:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-11 08:15 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2007-07-22 14:27 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-22 14:27 16132608 c:\windows\RTHDCPL.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"86169565844481811750493637329394"=c:\program files\Antivirus 2009\av2009.exe
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TMAS_OL\\TMAS_OL.exe"=
"c:\\WINDOWS\\system32\\searchprotocolhost.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Dell Network Assistant\\hnm_svc.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TmPfw.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCommander.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-08-23 5376]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-12-16 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-27 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-12-16 333328]
R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2008-04-26 15232]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-04-24 52240]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-04-24 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-04-24 648456]
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-21 22:30]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1e186d8f-bcc0-4fd4-a507-f725c998e46a} - c:\windows\system32\qlvzjv.dll
BHO-{4FE34B02-1A5E-4D29-B203-2536B1D814AE} - c:\windows\system32\cl.dll
BHO-{ADB4B028-FBA7-460B-A003-4419800415CC} - c:\windows\system32\basesr.dll
BHO-{b9372a90-0696-4f7d-8c1a-09a9de41a2e5} - c:\windows\system32\hawalupe.dll
MSConfigStartUp-843c7fb2 - c:\windows\system32\dapipobi.dll
MSConfigStartUp-CPM870f4c2e - c:\windows\system32\vukefese.dll
MSConfigStartUp-divuwowufu - c:\windows\system32\niyureva.dll
MSConfigStartUp-svschost - c:\windows\system32\svschost.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
FF - ProfilePath - c:\documents and settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 10:40:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvc]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\SecuROM\License information*]
"datasecu"=hex:b9,d4,90,a0,7d,a2,53,c0,65,29,28,ae,60,6e,8a,bd,8b,5d,b4,ad,d7,
bf,9c,ec,e0,8c,7d,1f,51,f9,7c,d4,ba,b0,03,f2,c0,0e,61,7d,b7,5d,bb,bb,0a,53,\
"rkeysecu"=hex:55,01,57,37,1c,4e,c7,1c,10,cc,7c,b4,67,ae,6b,6e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-02-01 10:50:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-01 15:49:17

Pre-Run: 184,553,508,864 bytes free
Post-Run: 184,605,544,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
394 --- E O F --- 2008-12-18 08:01:25

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 02 February 2009 - 01:34 AM

Hello.. First of all, do you know anything about these files? If you and your friends don't know anything about it, you may delete them...

C:\OutlookPlus013109.bkf
C:\Sims013109.bkf
C:\Jan312009.bkf



Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please show hidden files and folders
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • c:\windows\system32\drivers\Lbd.sys
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\yudenoze.dll
c:\windows\system32\likodilu.dll
c:\windows\system32\tofuropi.dll
c:\windows\system32\fahuhuli.dll
c:\windows\system32\kuzeyogi.dll
c:\windows\system32\witiwegu.dll

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • Jotti/VirusTotal result.

Edited by fenzodahl512, 02 February 2009 - 01:38 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 02 February 2009 - 07:19 AM

I wanna be like you guys when I grow up.

OK, here's Jotti results:

Service load: 0% 100%

File: Lbd.sys
Status: OK
MD5: 0a2e3fd4a18962741b760c218e67813a
Packers detected: -

Scanner results
Scan taken on 02 Feb 2009 11:49:29 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing






And here's Combo-Fix log:
ComboFix 09-01-31.03 - Lynn Springle 2009-02-02 7:00:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1550 [GMT -5:00]
Running from: c:\documents and settings\Lynn Springle\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Lynn Springle\Desktop\CFScript.txt
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\fahuhuli.dll
c:\windows\system32\kuzeyogi.dll
c:\windows\system32\likodilu.dll
c:\windows\system32\tofuropi.dll
c:\windows\system32\witiwegu.dll
c:\windows\system32\yudenoze.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fahuhuli.dll
c:\windows\system32\kuzeyogi.dll
c:\windows\system32\likodilu.dll
c:\windows\system32\tofuropi.dll
c:\windows\system32\witiwegu.dll
c:\windows\system32\yudenoze.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))
.

2009-01-31 15:45 . 2009-01-31 15:45 302,725,120 --a------ C:\OutlookPlus013109.bkf
2009-01-31 15:09 . 2009-01-31 15:34 4,342,892,544 --a------ C:\Sims013109.bkf
2009-01-31 14:50 . 2009-01-31 15:05 2,489,679,872 --a------ C:\Jan312009.bkf
2009-01-31 14:40 . 2009-01-31 16:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-23 22:43 . 2009-01-21 22:30 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-21 22:30 . 2009-01-21 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-21 22:29 . 2009-01-21 22:29 <DIR> d-------- c:\program files\Lavasoft
2009-01-21 22:29 . 2009-01-21 22:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 22:23 . 2009-01-21 22:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-18 18:31 . 2009-01-18 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2009-01-18 18:28 . 2009-01-18 18:28 61,224 --------- c:\documents and settings\Lynn Springle\GoToAssistDownloadHelper.exe
2009-01-18 17:59 . 2009-01-18 17:59 0 --a------ c:\windows\nsreg.dat
2009-01-18 16:38 . 2009-01-18 16:38 <DIR> d-------- c:\windows\McAfee.com
2009-01-17 10:06 . 2009-01-17 10:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-17 01:29 . 2009-01-17 01:32 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 01:29 . 2009-01-17 02:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 15:34 . 2009-01-23 22:28 16,384 --a------ c:\windows\DCEBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 12:07 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Skype
2009-02-02 11:56 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\skypePM
2009-02-02 11:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-31 19:31 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Roxio
2009-01-30 09:44 --------- d-----w c:\program files\Microsoft IntelliPoint
2009-01-22 02:55 --------- d-----w c:\program files\Trend Micro
2009-01-18 23:15 --------- d-----w c:\program files\Common
2009-01-17 06:20 --------- d-----w c:\program files\Garden Planner v1.4
2009-01-17 06:09 90,112 ----a-w c:\windows\DUMP34ea.tmp
2008-12-26 19:05 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\ICAClient
2008-12-26 16:38 --------- d-----w c:\program files\LEGO Company
2008-12-26 16:36 --------- d-----w c:\program files\Chill
2008-12-26 16:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 04:03 --------- d-----w c:\program files\Common Files\SWF Studio
2008-12-26 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
2008-12-26 03:53 --------- d-----w c:\program files\SmartDraw 2009
2008-12-20 02:21 --------- d-----w c:\program files\SecondLife
2008-12-20 02:19 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\SecondLife
2008-12-13 15:30 --------- d-----w c:\program files\Viewpoint
2008-12-13 15:30 --------- d-----w c:\program files\Common Files\Viewpoint
2008-12-13 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-11 13:15 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 20:46 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Move Networks
2008-12-03 01:26 --------- d-----w c:\program files\EA GAMES
2008-04-24 00:35 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-09 21:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_10.48.30.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-12 23:07:35 1,165,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-02 11:43:30 1,165,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-12 23:07:36 20,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-02 11:43:30 20,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-12 23:07:35 159,504 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-02 11:43:30 159,504 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-12 23:07:35 184,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-02 11:43:30 184,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-12 23:07:35 217,864 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-02 11:43:30 217,864 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-12 23:07:36 18,704 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-02 11:43:30 18,704 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-12 23:07:36 35,088 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-02 11:43:30 35,088 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-12 23:07:35 845,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-02 11:43:30 845,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-12 23:07:35 922,384 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-02 11:43:30 922,384 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-12 23:07:35 272,648 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-02 11:43:30 272,648 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-12 23:07:36 888,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-02 11:43:30 888,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-12 23:07:35 1,172,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-02 11:43:30 1,172,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-08 10:41:42 333,824 ------w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 ------w c:\windows\system32\dllcache\srv.sys
+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-12-16 492808]
"SkypeClient"="c:\program files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe" [2005-05-06 57344]
"TrendSecure Remote File Lock"="c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2008-02-15 423248]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-21 507224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled
backup=c:\windows\pss\ListProAlarms.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
backup=c:\windows\pss\Windows Search.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2008-04-24 12:25 202560 c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 08:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 11:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 07:07 8491008 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2007-09-17 10:56 124200 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 08:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-11 08:15 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2007-07-22 14:27 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-22 14:27 16132608 c:\windows\RTHDCPL.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"86169565844481811750493637329394"=c:\program files\Antivirus 2009\av2009.exe
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TMAS_OL\\TMAS_OL.exe"=
"c:\\WINDOWS\\system32\\searchprotocolhost.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Dell Network Assistant\\hnm_svc.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TmPfw.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCommander.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-08-23 5376]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-12-16 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-27 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-12-16 333328]
R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2008-04-26 15232]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-04-24 52240]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-04-24 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-04-24 648456]
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-21 22:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
FF - ProfilePath - c:\documents and settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 07:07:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvc]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\SecuROM\License information*]
"datasecu"=hex:1a,40,42,38,60,38,fb,60,9a,ec,f4,e0,53,69,1b,08,02,ae,c0,a1,e2,
ca,4a,a6,0c,93,19,7b,eb,24,74,2a,cd,bf,c9,fe,02,a4,22,2b,83,42,f3,ec,c3,a4,\
"rkeysecu"=hex:94,b0,04,ff,5a,d4,77,50,ae,48,0a,00,9f,ab,78,2f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe
c:\program files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-02 7:15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-02 12:14:33
ComboFix2.txt 2009-02-01 15:50:36

Pre-Run: 184,391,897,088 bytes free
Post-Run: 184,456,089,600 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
292 --- E O F --- 2009-02-02 11:43:37

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 02 February 2009 - 07:29 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Folder::
c:\program files\Antivirus 2009

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"86169565844481811750493637329394"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the ComboFix log in your next reply...




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..

1. ComboFix
2. ESET Online Scanner
3. Tell me, how's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 02 February 2009 - 10:14 PM

'Puter's been acting better since after the first step :thumbup2:
Eset said it found 25 threats though -- makes me wonder what I'm paying Trend for virus/malware protection for, when all this junk gets through.

Here's the Combofix log:
ComboFix 09-01-31.03 - Lynn Springle 2009-02-02 20:15:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1446 [GMT -5:00]
Running from: c:\documents and settings\Lynn Springle\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Lynn Springle\Desktop\CFScript.txt
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-01-31 15:45 . 2009-01-31 15:45 302,725,120 --a------ C:\OutlookPlus013109.bkf
2009-01-31 15:09 . 2009-01-31 15:34 4,342,892,544 --a------ C:\Sims013109.bkf
2009-01-31 14:50 . 2009-01-31 15:05 2,489,679,872 --a------ C:\Jan312009.bkf
2009-01-31 14:40 . 2009-01-31 16:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-23 22:43 . 2009-01-21 22:30 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-21 22:30 . 2009-01-21 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-21 22:29 . 2009-01-21 22:29 <DIR> d-------- c:\program files\Lavasoft
2009-01-21 22:29 . 2009-01-21 22:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 22:23 . 2009-01-21 22:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-18 18:31 . 2009-01-18 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2009-01-18 18:28 . 2009-01-18 18:28 61,224 --------- c:\documents and settings\Lynn Springle\GoToAssistDownloadHelper.exe
2009-01-18 17:59 . 2009-01-18 17:59 0 --a------ c:\windows\nsreg.dat
2009-01-18 16:38 . 2009-01-18 16:38 <DIR> d-------- c:\windows\McAfee.com
2009-01-17 10:06 . 2009-01-17 10:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-17 01:29 . 2009-01-17 01:32 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 01:29 . 2009-01-17 02:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 15:34 . 2009-01-23 22:28 16,384 --a------ c:\windows\DCEBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 01:21 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Skype
2009-02-03 01:04 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\skypePM
2009-02-02 11:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-31 19:31 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Roxio
2009-01-30 09:44 --------- d-----w c:\program files\Microsoft IntelliPoint
2009-01-22 02:55 --------- d-----w c:\program files\Trend Micro
2009-01-18 23:15 --------- d-----w c:\program files\Common
2009-01-17 06:20 --------- d-----w c:\program files\Garden Planner v1.4
2009-01-17 06:09 90,112 ----a-w c:\windows\DUMP34ea.tmp
2008-12-26 19:05 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\ICAClient
2008-12-26 16:38 --------- d-----w c:\program files\LEGO Company
2008-12-26 16:36 --------- d-----w c:\program files\Chill
2008-12-26 16:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 04:03 --------- d-----w c:\program files\Common Files\SWF Studio
2008-12-26 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
2008-12-26 03:53 --------- d-----w c:\program files\SmartDraw 2009
2008-12-20 02:21 --------- d-----w c:\program files\SecondLife
2008-12-20 02:19 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\SecondLife
2008-12-13 15:30 --------- d-----w c:\program files\Viewpoint
2008-12-13 15:30 --------- d-----w c:\program files\Common Files\Viewpoint
2008-12-13 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-11 13:15 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 20:46 --------- d-----w c:\documents and settings\Lynn Springle\Application Data\Move Networks
2008-12-03 01:26 --------- d-----w c:\program files\EA GAMES
2008-04-24 00:35 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-09 21:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_10.48.30.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-12 23:07:35 1,165,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-02 11:43:30 1,165,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-12 23:07:36 20,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-02 11:43:30 20,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-12 23:07:35 159,504 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-02 11:43:30 159,504 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-12 23:07:35 184,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-02 11:43:30 184,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-12 23:07:35 217,864 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-02 11:43:30 217,864 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-12 23:07:36 18,704 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-02 11:43:30 18,704 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-12 23:07:36 35,088 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-02 11:43:30 35,088 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-12 23:07:35 845,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-02 11:43:30 845,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-12 23:07:35 922,384 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-02 11:43:30 922,384 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-12 23:07:35 272,648 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-02 11:43:30 272,648 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-12 23:07:36 888,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-02 11:43:30 888,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-12 23:07:35 1,172,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-02 11:43:30 1,172,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-08 10:41:42 333,824 ------w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 ------w c:\windows\system32\dllcache\srv.sys
+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-12-16 492808]
"SkypeClient"="c:\program files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe" [2005-05-06 57344]
"TrendSecure Remote File Lock"="c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2008-02-15 423248]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-21 507224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled
backup=c:\windows\pss\ListProAlarms.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
backup=c:\windows\pss\Windows Search.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2008-04-24 12:25 202560 c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 08:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 11:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 07:07 8491008 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2007-09-17 10:56 124200 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 08:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-11 08:15 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2007-07-22 14:27 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-22 14:27 16132608 c:\windows\RTHDCPL.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TMAS_OL\\TMAS_OL.exe"=
"c:\\WINDOWS\\system32\\searchprotocolhost.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Dell Network Assistant\\hnm_svc.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TmPfw.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCommander.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-08-23 5376]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-12-16 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-27 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-12-16 333328]
R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2008-04-26 15232]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-04-24 52240]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-04-24 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-04-24 648456]
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-21 22:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
FF - ProfilePath - c:\documents and settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 20:20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvc]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\SecuROM\License information*]
"datasecu"=hex:1a,40,42,38,60,38,fb,60,9a,ec,f4,e0,53,69,1b,08,02,ae,c0,a1,e2,
ca,4a,a6,0c,93,19,7b,eb,24,74,2a,cd,bf,c9,fe,02,a4,22,2b,83,42,f3,ec,c3,a4,\
"rkeysecu"=hex:94,b0,04,ff,5a,d4,77,50,ae,48,0a,00,9f,ab,78,2f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Microsoft ActiveSync\WCESMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft Office\Office12\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2009-02-02 20:29:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-03 01:28:13
ComboFix2.txt 2009-02-02 12:15:52
ComboFix3.txt 2009-02-01 15:50:36

Pre-Run: 184,408,514,560 bytes free
Post-Run: 184,441,208,832 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
276 --- E O F --- 2009-02-02 11:43:37


And the Eset scan log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3820 (20090203)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=0e17b2dde9243a4eba067617e2e3423b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-03 03:03:36
# local_time=2009-02-02 10:03:36 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=453272
# found=25
# scan_time=5191
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard2.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard3.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\svhost.exe.vir Win32/TrojanDownloader.FakeAlert.SM trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\bavovayo.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\btbtuy.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\chaowp.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\dazonato.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\hikikuti.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\kitariji.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\kuzeyogi.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\lezarase.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\mafisule.dll.tmp.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\mudubida.dll.tmp.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\pebuhewe.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\popeyuwi.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\qlvzjv.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\tatetimo.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\wuguzane.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\zohihele.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\jugazili.dll.tmp Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\navafono.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\patadosu.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\pudomehi.dll.tmp Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0HEZWL6Z\install[1].exe a variant of Win32/Kryptik.CV trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0HEZWL6Z\install[2].exe Win32/Agent.ODG trojan (unable to clean - deleted) 00000000000000000000000000000000

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 02 February 2009 - 11:44 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 03 February 2009 - 09:30 PM

Fabulous -- thank you so much!! No popups, no trojans, Win update works, all is well! I'm not quite sure what I'm paying Trend for virus/malware protection for, but even more I'm really glad you guys are here and willing to share your expertise!

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 03 February 2009 - 10:32 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users