Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden trojan/virus/worm


  • This topic is locked This topic is locked
3 replies to this topic

#1 mastadon

mastadon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 25 February 2009 - 12:35 AM

First off let me say that I am a seasoned vet when it comes to viruses and of the like. Now recently I have had caught a couple nasty things on my PC. How in the world it happened, I have no idea. The first of the issues came from a Trojan known as TDSS. i had scanned and scanned, then scanned some more and no matter what I did I could not get rid of the TDSS Trojan. After a while I said forget it I'll get a new HDD but, decided to not let the virus win. So I scanned again...and found a second trojan. The second Trojan was that lovely Vundo P.O.S. So i broke out my arsenal of cleaning and busting programs.

The first thing I have on my computer is AVG 8.0 Pro (with firewall, anti rootkit, anti spyware, and all the other goodies)
The second line of defense I have is PC Tools Spyware doctor

I have a few other things in case of emergency like Malwarebytes anti-malware, X-cleaner, ATF-cleaner, registry mechanic, Spybot S&D, HJT, and ESET online scanner.

Now to get rid of these i turned off all my system restore options and rebooted in safe mode. I scanned the hell out of my computer and deleted all the BS that was in my computer. After about 6 hours of scanning and deleting i finally got everything and rebooted. After the reboot I scanned with a few more things and found nothing. There are no traces of ANYTHING on this computer. and my HJT log tells a story of nothingness. That is one of the main reasons I am not posting the log in here, you will not see anything different then I do.

SO, i was fine for about 2 days until every time i searched in google I would be redirected to some site. after the 4th or 5th try i would be able to get to that site i wanted. so I scanned.....nothing came up on anything I have. I don't know why this is happening and maybe someone has had the same issue but, I have no idea where to take it from here.


I thank you for your time to listen to my story.



I forgot to post this but i read somewhere that I should run combofix and post the log

ComboFix 09-02-24.02 - mastaDON 2009-02-25 0:58:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2787 [GMT -5:00]
Running from: c:\documents and settings\mastaDON\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-24 12:21 . 2009-02-24 13:00 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-23 16:11 . 1999-12-13 01:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-02-23 16:11 . 1999-11-18 01:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-02-23 16:05 . 2009-02-23 16:05 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\Creative
2009-02-23 16:00 . 2000-05-22 03:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2009-02-23 16:00 . 2006-10-06 01:17 53,248 --------- c:\windows\Ctregrun.exe
2009-02-23 15:59 . 2009-02-23 16:12 <DIR> d--h----- c:\program files\Creative Installation Information
2009-02-23 15:59 . 2009-02-23 15:59 <DIR> d-------- c:\program files\Common Files\Creative
2009-02-23 15:57 . 2008-02-21 22:46 23,273 -ra------ c:\windows\system32\Ludap17.ini
2009-02-23 15:57 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-02-23 15:57 . 2007-04-20 15:28 3,118 --------- c:\windows\system32\AudioDrv.ini
2009-02-23 15:57 . 2005-03-08 01:17 54 -ra------ c:\windows\system32\ctzapxx.ini
2009-02-23 15:56 . 2009-02-23 16:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2009-02-23 15:55 . 2000-12-13 05:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2
2009-02-23 15:55 . 2003-07-23 23:17 4,174,814 -ra------ c:\windows\system32\ct4mgm.sf2
2009-02-23 15:55 . 1999-09-22 10:18 2,167,684 --------- c:\windows\system32\CT2MGM.SF2
2009-02-23 15:54 . 2009-02-23 16:10 <DIR> d-------- c:\program files\Creative
2009-02-22 18:27 . 2009-02-22 18:27 <DIR> d-------- c:\program files\Veoh Networks
2009-02-20 09:56 . 2009-02-20 09:56 4 --a------ c:\windows\vtbxmxxy
2009-02-20 09:15 . 2009-02-24 18:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 09:15 . 2009-02-20 09:15 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\Malwarebytes
2009-02-20 09:15 . 2009-02-20 09:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 09:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 09:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 01:09 . 2009-02-20 01:09 <DIR> d-------- C:\VundoFix Backups
2009-02-19 23:22 . 2009-02-20 01:17 1,104 --a------ c:\windows\smkkmaly
2009-02-14 19:01 . 2009-02-24 19:40 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-14 19:01 . 2009-02-14 19:01 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\PC Tools
2009-02-14 19:01 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-14 19:01 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-14 19:01 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-14 19:01 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-14 18:47 . 2009-02-14 18:47 2,080 --a------ c:\windows\system32\drivers\dHook.sys
2009-02-07 01:24 . 2009-02-07 01:25 <DIR> d-------- c:\program files\Xfire
2009-02-07 01:24 . 2009-02-07 21:05 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\Xfire
2009-01-31 02:57 . 2009-01-31 02:57 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\DivX
2009-01-30 04:52 . 2009-01-30 04:58 <DIR> d-------- c:\program files\DivX
2009-01-28 18:28 . 2009-02-13 13:57 189,672 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-28 18:28 . 2009-02-13 13:57 138,584 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-28 18:28 . 2009-01-28 18:28 22,328 --a------ c:\documents and settings\mastaDON\Application Data\PnkBstrK.sys
2009-01-28 18:27 . 2009-02-11 00:44 70,968 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-28 18:27 . 2009-01-28 18:27 273 --a------ c:\windows\game.ini
2009-01-28 18:15 . 2009-01-28 18:15 <DIR> d--hs---- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 05:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-25 05:40 --------- d-----w c:\documents and settings\mastaDON\Application Data\uTorrent
2009-02-25 01:02 --------- d-----w c:\program files\Steam
2009-02-24 04:16 --------- d-----w c:\documents and settings\mastaDON\Application Data\dvdcss
2009-02-23 21:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 20:56 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-23 20:56 102,400 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-22 23:39 --------- d-----w c:\documents and settings\mastaDON\Application Data\Move Networks
2009-02-20 02:04 --------- d-----w c:\documents and settings\mastaDON\Application Data\DNA
2009-02-19 22:54 --------- d-----w c:\program files\DNA
2009-02-18 13:24 --------- d-----w c:\program files\Game Cam
2009-02-07 03:44 --------- d-----w c:\program files\SystemRequirementsLab
2009-02-07 03:44 --------- d-----w c:\documents and settings\mastaDON\Application Data\SystemRequirementsLab
2009-01-27 01:35 --------- d-----w c:\documents and settings\mastaDON\Application Data\LimeWire
2009-01-23 01:17 42,320 ----a-w c:\windows\system32\xfcodec.dll
2009-01-19 07:38 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-19 07:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-18 16:08 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-18 15:25 --------- d-----w c:\program files\Alcohol Soft
2009-01-15 14:31 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-14 16:06 --------- d-----w c:\program files\Trend Micro
2009-01-14 15:48 --------- d-----w c:\program files\Windows Desktop Search
2009-01-14 15:11 --------- d-----w c:\program files\InterActual
2009-01-12 00:32 --------- d-----w c:\program files\Common Files\INCA Shared
2009-01-08 13:26 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 13:26 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-08 13:26 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-08 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-03 01:49 --------- d-----w c:\documents and settings\mastaDON\Application Data\Windows Search
2009-01-03 01:15 --------- d-----w c:\program files\MSXML 6.0
2009-01-03 01:06 --------- d-----w c:\documents and settings\mastaDON\Application Data\Damdai
2009-01-01 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\IJJIGame
2008-12-25 14:19 --------- d-----w c:\documents and settings\mastaDON\Application Data\DAEMON Tools Pro
2008-12-25 14:17 --------- d-----w c:\program files\DAEMON Tools Pro
2008-12-25 13:56 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2008-12-25 12:46 --------- d-----w c:\program files\MSBuild
2008-12-25 12:43 --------- d-----w c:\program files\Reference Assemblies
2008-12-18 05:34 2,771 ----a-w c:\windows\system32\sdbackup.reg
2008-12-13 07:11 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-29 23:57 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-05-01 02:28 1,654,869 ----a-w c:\documents and settings\All Users\Application Data\DynuEncrypt.dll
2008-03-09 12:25 236 ---ha-w c:\program files\Common Files\dx.reg
.

------- Sigcheck -------

2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2001-08-23 07:00 327168 e7774698bb0d14b0710a9a31e209f9b6 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-10-26 13:11 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\dllcache\TCPIP.SYS
2008-10-26 13:11 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SetDefaultMIDI"="MIDIDef.exe" [2005-04-21 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"P17Helper"="SPIRun.dll" [2006-07-02 c:\windows\system32\SPIRun.dll]

c:\documents and settings\mastaDON\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 08:26 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mastaDON^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^mastaDON^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-11-22 19:36 203720 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-24 00:58 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 17:41 2828184 c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-20 12:22 1410296 c:\progra~1\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\msg\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\games\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-20 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-20 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-20 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-08 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-14 356920]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-11-20 29208]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-10-10 1310720]
S0 ivipgeii;ivipgeii;c:\windows\system32\drivers\aiafdeuy.sys --> c:\windows\system32\drivers\aiafdeuy.sys [?]
S0 smkkmaly;smkkmaly;c:\windows\system32\drivers\aqmimkpp.sys --> c:\windows\system32\drivers\aqmimkpp.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-11-20 29208]
S3 EnumHook2;Enumerate Global Windows Service 2;c:\windows\system32\drivers\dHook.sys [2009-02-14 2080]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\mastaDON\Application Data\Mozilla\Firefox\Profiles\awnshkry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Mininova Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\mastaDON\Application Data\Mozilla\Firefox\Profiles\awnshkry.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\mastaDON\Application Data\Mozilla\Firefox\Profiles\awnshkry.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 00:59:59
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-25 1:01:20
ComboFix-quarantined-files.txt 2009-02-25 06:01:09
ComboFix2.txt 2009-02-25 05:54:09

Pre-Run: 17,017,487,360 bytes free
Post-Run: 17,002,622,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

247

Edited by mastadon, 25 February 2009 - 01:06 AM.


BC AdBot (Login to Remove)

 


#2 mastadon

mastadon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 06 March 2009 - 09:30 AM

Its been almost 2 weeks and Its been getting worse..I ran combofix again and came up with this.

ComboFix 09-03-04.01 - mastaDON 2009-03-06 9:15:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2659 [GMT -5:00]
Running from: c:\documents and settings\mastaDON\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dajenezo.dll
c:\windows\system32\gaweyego.dll
c:\windows\system32\iznoym.dll
c:\windows\system32\ozeziran.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-04 20:00 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-04 20:00 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-04 20:00 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-04 20:00 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-04 20:00 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-04 20:00 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-04 20:00 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-04 20:00 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-04 20:00 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-04 20:00 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-04 20:00 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-04 20:00 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-04 14:52 . 2009-03-04 14:51 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-25 22:42 . 2009-02-26 00:45 <DIR> d-------- c:\program files\PS3 Media Server
2009-02-24 12:21 . 2009-02-24 13:00 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-23 16:11 . 1999-12-13 01:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-02-23 16:11 . 1999-11-18 01:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-02-23 16:05 . 2009-02-23 16:05 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\Creative
2009-02-23 16:00 . 2000-05-22 03:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2009-02-23 16:00 . 2006-10-06 01:17 53,248 --------- c:\windows\Ctregrun.exe
2009-02-23 15:59 . 2009-02-23 16:12 <DIR> d--h----- c:\program files\Creative Installation Information
2009-02-23 15:59 . 2009-02-23 15:59 <DIR> d-------- c:\program files\Common Files\Creative
2009-02-23 15:57 . 2008-02-21 22:46 23,273 -ra------ c:\windows\system32\Ludap17.ini
2009-02-23 15:57 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-02-23 15:57 . 2007-04-20 15:28 3,118 --------- c:\windows\system32\AudioDrv.ini
2009-02-23 15:57 . 2005-03-08 01:17 54 -ra------ c:\windows\system32\ctzapxx.ini
2009-02-23 15:56 . 2009-02-23 16:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2009-02-23 15:55 . 2000-12-13 05:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2
2009-02-23 15:55 . 2003-07-23 23:17 4,174,814 -ra------ c:\windows\system32\ct4mgm.sf2
2009-02-23 15:55 . 1999-09-22 10:18 2,167,684 --------- c:\windows\system32\CT2MGM.SF2
2009-02-23 15:54 . 2009-02-23 16:10 <DIR> d-------- c:\program files\Creative
2009-02-22 18:27 . 2009-02-22 18:27 <DIR> d-------- c:\program files\Veoh Networks
2009-02-20 09:56 . 2009-02-20 09:56 4 --a------ c:\windows\vtbxmxxy
2009-02-20 09:15 . 2009-02-24 18:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 09:15 . 2009-02-20 09:15 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\Malwarebytes
2009-02-20 09:15 . 2009-02-20 09:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 09:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 09:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-19 23:22 . 2009-02-20 01:17 1,104 --a------ c:\windows\smkkmaly
2009-02-14 19:01 . 2009-03-04 05:28 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-14 19:01 . 2009-02-14 19:01 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\PC Tools
2009-02-14 19:01 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-14 19:01 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-14 19:01 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-14 19:01 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-14 18:47 . 2009-02-14 18:47 2,080 --a------ c:\windows\system32\drivers\dHook.sys
2009-02-07 01:24 . 2009-02-07 01:25 <DIR> d-------- c:\program files\Xfire
2009-02-07 01:24 . 2009-02-07 21:05 <DIR> d-------- c:\documents and settings\mastaDON\Application Data\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 14:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-06 13:46 --------- d-----w c:\program files\DNA
2009-03-06 13:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 13:45 --------- d-----w c:\program files\Game Cam
2009-03-06 13:43 --------- d-----w c:\documents and settings\mastaDON\Application Data\uTorrent
2009-03-06 13:32 --------- d-----w c:\program files\Steam
2009-03-06 12:40 84,992 --sha-w c:\windows\system32\mubotito.dll
2009-03-06 12:40 79,872 --sha-w c:\windows\system32\narizezo.dll
2009-03-06 01:25 --------- d-----w c:\documents and settings\mastaDON\Application Data\dvdcss
2009-03-04 19:51 --------- d-----w c:\program files\Java
2009-03-03 20:59 --------- d-----w c:\documents and settings\mastaDON\Application Data\LimeWire
2009-02-28 10:07 --------- d-----w c:\documents and settings\mastaDON\Application Data\Move Networks
2009-02-23 20:56 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-23 20:56 102,400 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-13 18:57 189,672 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-13 18:57 138,584 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-11 05:44 70,968 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-07 03:44 --------- d-----w c:\program files\SystemRequirementsLab
2009-02-07 03:44 --------- d-----w c:\documents and settings\mastaDON\Application Data\SystemRequirementsLab
2009-01-31 07:57 --------- d-----w c:\documents and settings\mastaDON\Application Data\DivX
2009-01-30 09:58 --------- d-----w c:\program files\DivX
2009-01-28 23:28 22,328 ----a-w c:\documents and settings\mastaDON\Application Data\PnkBstrK.sys
2009-01-23 01:17 42,320 ----a-w c:\windows\system32\xfcodec.dll
2009-01-19 07:38 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-19 07:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-18 16:08 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-18 15:25 --------- d-----w c:\program files\Alcohol Soft
2009-01-15 14:31 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-14 16:06 --------- d-----w c:\program files\Trend Micro
2009-01-14 15:48 --------- d-----w c:\program files\Windows Desktop Search
2009-01-12 00:32 --------- d-----w c:\program files\Common Files\INCA Shared
2009-01-08 13:26 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 13:26 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-08 13:26 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-08 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-18 05:34 2,771 ----a-w c:\windows\system32\sdbackup.reg
2008-12-13 07:11 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-05-01 02:28 1,654,869 ----a-w c:\documents and settings\All Users\Application Data\DynuEncrypt.dll
2008-03-09 12:25 236 ---ha-w c:\program files\Common Files\dx.reg
1601-01-01 00:12 48,128 --sha-w c:\windows\system32\sewinuja.dll
1601-01-01 00:12 48,128 --sha-w c:\windows\system32\ziweyabu.dll
.

------- Sigcheck -------

2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2001-08-23 07:00 327168 e7774698bb0d14b0710a9a31e209f9b6 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-10-26 13:11 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\dllcache\TCPIP.SYS
2008-10-26 13:11 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b3a974b-e4ed-462a-a349-1bd950035334}]
48128 --ahs---- c:\windows\system32\ziweyabu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2005-04-21 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-04 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"gukokoyija"="c:\windows\system32\sewinuja.dll" [ 48128]
"3047f038"="c:\windows\system32\narizezo.dll" [2009-03-06 79872]
"CPM3374c3a4"="c:\windows\system32\mubotito.dll" [2009-03-06 84992]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"P17Helper"="SPIRun.dll" [2006-07-02 c:\windows\system32\SPIRun.dll]

c:\documents and settings\mastaDON\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\mubotito.dll" [2009-03-06 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mubotito.dll [2009-03-06 84992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 08:26 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\dajenezo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mastaDON^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^mastaDON^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-11-22 19:36 203720 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 17:41 2828184 c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-20 12:22 1410296 c:\progra~1\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\msg\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\games\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-20 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-20 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-20 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-08 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-11-20 29208]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-10-10 1310720]
S0 ivipgeii;ivipgeii;c:\windows\system32\drivers\aiafdeuy.sys --> c:\windows\system32\drivers\aiafdeuy.sys [?]
S0 smkkmaly;smkkmaly;c:\windows\system32\drivers\aqmimkpp.sys --> c:\windows\system32\drivers\aqmimkpp.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-11-20 29208]
S3 EnumHook2;Enumerate Global Windows Service 2;c:\windows\system32\drivers\dHook.sys [2009-02-14 2080]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-14 356920]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7fcb49fd-35c9-402c-85e2-4224650c1fc4} - c:\windows\system32\iznoym.dll
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\mastaDON\Application Data\Mozilla\Firefox\Profiles\awnshkry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Mininova Customized Web Search
FF - component: c:\documents and settings\mastaDON\Application Data\Mozilla\Firefox\Profiles\awnshkry.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\mastaDON\Application Data\Mozilla\Firefox\Profiles\awnshkry.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 09:19:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-03-06 9:24:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 14:24:45
ComboFix2.txt 2009-02-25 06:01:22
ComboFix3.txt 2009-02-25 05:54:09

Pre-Run: 14,780,678,144 bytes free
Post-Run: 14,749,429,760 bytes free

280

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:45 AM, on 3/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0b3a974b-e4ed-462a-a349-1bd950035334} - C:\WINDOWS\system32\ziweyabu.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [gukokoyija] Rundll32.exe "C:\WINDOWS\system32\sewinuja.dll",s
O4 - HKLM\..\Run: [3047f038] rundll32.exe "C:\WINDOWS\system32\narizezo.dll",b
O4 - HKLM\..\Run: [CPM3374c3a4] Rundll32.exe "C:\WINDOWS\system32\mubotito.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230944385812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230944344437
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\dajenezo.dll c:\windows\system32\mubotito.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mubotito.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mubotito.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8235 bytes


-----------------------------------------------------------------------------------------------------------------------------------------------------

DDS log


DDS (Ver_09-02-01.01) - NTFSx86
Run by mastaDON at 9:37:33.46 on Fri 03/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2756 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Killerz\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {0b3a974b-e4ed-462a-a349-1bd950035334} - c:\windows\system32\ziweyabu.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [gukokoyija] Rundll32.exe "c:\windows\system32\sewinuja.dll",s
mRun: [3047f038] rundll32.exe "c:\windows\system32\narizezo.dll",b
mRun: [CPM3374c3a4] Rundll32.exe "c:\windows\system32\mubotito.dll",a
StartupFolder: c:\docume~1\mastadon\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} - hxxp://messenger.zone.msn.com/binary/Upwords.cab57176.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230944385812
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230944344437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\dajenezo.dll c:\windows\system32\mubotito.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mubotito.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\mubotito.dll
LSA: Notification Packages = scecli c:\windows\system32\dajenezo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mastadon\applic~1\mozilla\firefox\profiles\awnshkry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Mininova Customized Web Search
FF - component: c:\documents and settings\mastadon\application data\mozilla\firefox\profiles\awnshkry.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\mastadon\application data\mozilla\firefox\profiles\awnshkry.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-20 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-20 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-20 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-20 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-8 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-8 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-1-8 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-11-20 29208]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-10-10 1310720]
S0 ivipgeii;ivipgeii;c:\windows\system32\drivers\aiafdeuy.sys --> c:\windows\system32\drivers\aiafdeuy.sys [?]
S0 smkkmaly;smkkmaly;c:\windows\system32\drivers\aqmimkpp.sys --> c:\windows\system32\drivers\aqmimkpp.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-11-20 29208]
S3 EnumHook2;Enumerate Global Windows Service 2;c:\windows\system32\drivers\dHook.sys [2009-2-14 2080]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-14 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-14 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-14 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-14 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-14 1079176]

=============== Created Last 30 ================


==================== Find3M ====================

2009-03-06 07:40 79,872 a--sh--- c:\windows\system32\narizezo.dll
2009-03-06 07:40 84,992 a--sh--- c:\windows\system32\mubotito.dll
2009-02-23 15:56 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-02-23 15:56 102,400 a------- c:\windows\system32\OpenAL32.dll
2009-02-13 13:57 138,584 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-13 13:57 189,672 a------- c:\windows\system32\PnkBstrB.exe
2009-02-11 00:44 70,968 a------- c:\windows\system32\PnkBstrA.exe
2009-01-28 18:28 22,328 a------- c:\docume~1\mastadon\applic~1\PnkBstrK.sys
2009-01-22 20:17 42,320 a------- c:\windows\system32\xfcodec.dll
2009-01-15 09:31 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-08 08:26 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-08 08:26 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-08 08:26 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-18 00:34 2,771 a------- c:\windows\system32\sdbackup.reg
2008-12-13 02:11 98,304 a------- c:\windows\system32\CmdLineExt.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-04-30 21:28 1,654,869 a------- c:\docume~1\alluse~1\applic~1\DynuEncrypt.dll
2008-03-09 07:25 236 a---h--- c:\program files\common files\dx.reg
0000-00-00 00:00 48,128 a--sh--- c:\windows\system32\sewinuja.dll
0000-00-00 00:00 48,128 a--sh--- c:\windows\system32\ziweyabu.dll

============= FINISH: 9:37:57.18 ===============

Edited by mastadon, 06 March 2009 - 09:40 AM.


#3 mastadon

mastadon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 07 March 2009 - 10:57 AM

If there is no answer to this in by 9PM EST (GMT-5) then lock the topic as i will have reformatted.

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:27 PM

Posted 09 March 2009 - 08:20 PM

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users