Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by win32:poly, can't surf the internet


  • This topic is locked This topic is locked
8 replies to this topic

#1 justice451

justice451

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 23 April 2009 - 10:02 AM

OK a few days ago I turned off Avast antivirus because one of my programs, dvdshrink, would not open. I gave up and shut down. When restarted by my brother later, he claimed to not be able to go onto the internet(bellsouth fastaccess dsl). I tried and found the same result: even with my box showing that it's connected to the internet, my computer claims that there is no such connection happening. Did virus boot scana with avast and the one virus that pops up is win32:poly. However even with these vuris scans, the problem still exists. I attempted to use other antivuris programs such as AVG antivirus, but they all find problems while running. It also locked the registry editor, even if I unlocked it for a moment. I want to know what to do to get rid of it so I can use the internet at my home again.

Ok attached the files instead

Attached Files


Edited by justice451, 23 April 2009 - 01:14 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:55 PM

Posted 05 May 2009 - 07:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 justice451

justice451
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 09 May 2009 - 11:38 AM

Yes my computer still has this problem. A few weeks ago I couldn't get a program to work, dvdshrink, as it wouldn't open when I clicked it, just a message saying that it was blocked by my antivirus. So I briefly turned off Avast antivirus online protection, but it still didn't open. I shut down with the program still off. When my brother rebooted later he complained he couldn't get internet access and i received the same problem as well. We have bellsouth fastaccess dsl and though the box showed that it was connected online the computer didn't, so every web browser i use(IE,Firefox,googlechrome) all claimed to not be connected, a page load error message kept popping up. Several virus boot scans with avast showed that win32:poly kept popping up everywhere. Alas the problem still remained no matter how many scans i did. Also my registry editor is blocked which happened with viruses before. Everythign else seems to work ok except getting internet access. I did this log file today. Thanks for responding. Also note that i can only check this page with other computers, not my own so it'll take time for me to check back. I may not be able to check until monday.


DDS (Ver_09-03-16.01) - NTFSx86
Run by dmfighter at 11:20:04.90 on Sat 05/09/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.171 [GMT -4:00]

AV: AVG 7.5.516 *On-access scanning enabled* (Outdated)
AV: avast! antivirus 4.8.1296 [VPS 090420-0] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tdctxte.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\3361\SVCHOST.exe -sysrun
C:\Documents and Settings\dmfighter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\DOCUME~1\DMFIGH~1\LOCALS~1\Temp\2782168808.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Canon Backup\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
mURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
mURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mWinlogon: Userinit=c:\windows\system32\Userinit.exe,userinit.exe
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: adsoftinc: {3267abde-2104-df8a-6c4f-eb60be0d2f81} - c:\windows\system32\nsm4CE.dll
BHO: {6ffd043e-cae3-4894-a38d-d671ee1b1f55} - c:\windows\system32\viwafinu.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {E1BACF55-35E1-4E47-9247-2D48660E5545} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [BitTorrent DNA] "c:\program files\dna\btdna .exe"
uRun: [AlcoholAutomount] "g:\alcohol 120\axcmd.exe" /automount
uRun: [nvcoi] c:\program files\nvcoi\nvcoi.exe
uRun: [JavaCore] c:\program files\\javacore\\JavaCore.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Microsoft Windows Installer] c:\docume~1\dmfigh~1\locals~1\temp\ie.exe
uRun: [qnsvbunm] c:\windows\system32\puvyvklo.exe
uRun: [seiyquqv] c:\windows\system32\bgvupcto.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>] c:\windows\temp\tj5ar.exe
uRun: [GetPack18] "c:\program files\getpack\GetPack18.exe"
uRun: [GetPack19] "c:\program files\getpack\GetPack19.exe"
uRun: [GetPack20] "c:\program files\getpack\GetPack20.exe"
uRun: [VnrBlock20] "c:\program files\vnrblock\VnrBlock20.exe"
uRun: [Google Update] "c:\documents and settings\dmfighter\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [kumivehozi] Rundll32.exe "c:\windows\system32\yifulose.dll",s
uRun: [Windows Resurections] c:\windows\temp\tj5ar.exe
uRun: [Diagnostic Manager] c:\docume~1\dmfigh~1\locals~1\temp\2782168808.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [tgcmd] "c:\program files\support.com\bellsouth\hcenter.exe" /starthidden /tgcmdwrapper
mRun: [BellSouthAlertManager.exe] c:\program files\bellsouth\alert manager\BellSouthAlertManager.exe
mRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [LWBMOUSE] c:\program files\belkin mouse 1.0\MOUSE32A.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [LexPPS.exe] c:\windows\system32\lexpps.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [SetupHighSpeed.EXE] c:\windows\system32\SetupHighSpeed.EXE
mRun: [SetupHighSpeed .EXE] c:\windows\system32\SetupHighSpeed .EXE
mRun: [SetupHighSpeed .EXE] c:\windows\system32\SetupHighSpeed .EXE
mRun: [SetupHighSpeed .EXE] c:\windows\system32\SetupHighSpeed .EXE
mRun: [SetupHighSpeed .EXE] c:\windows\system32\SetupHighSpeed .EXE
mRun: [SetupHighSpeed .EXE] c:\windows\system32\SetupHighSpeed .EXE
mRun: [antiviirus] c:\program files\antiviirus.exe
mRun: [SDTray] "f:\spyware doctor\spyware doctor\SDTrayApp.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [hwpejeny] regsvr32 /u "c:\documents and settings\all users\application data\hwpejeny.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [{6e330308-c630-548d-90e4-c0bcaf3efea7}] c:\windows\system32\rundll32.exe "c:\windows\system32\bzqkcmcuno.dll" DllStart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [{2104f252-b0fe-63bc-4327-78b54d9d6c99}] c:\windows\system32\rundll32.exe "c:\windows\system32\mqxwocwveeeameywj.dll" DllStart
mRun: [oagnxxmbcxaigtc] c:\windows\system32\regsvr32.exe /s "c:\docume~1\dmfigh~1\locals~1\temp\jzzjbpjlnoph.dll"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [kumivehozi] Rundll32.exe "c:\windows\system32\bozilajo.dll",s
mRun: [94dab905] rundll32.exe "c:\windows\system32\wukaripa.dll",b
mRun: [CPM97e98a99] Rundll32.exe "c:\windows\system32\fabireze.dll",a
mRun: [Radio-TV adverts] c:\windows\temp\rtv_winupd.exe
mRun: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
dRun: [svc] c:\program files\thunmail\testabd.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mtvnet~1.lnk - c:\program files\mtv networks\vopt\MTVOptTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
LSP: c:\windows\system32\avgfwafu.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: avgwlntf - avgwlntf.dll
Notify: awtqq - awtqq.dll
Notify: byXNgfCR - byXNgfCR.dll
Notify: cbxxwwv - cbxxwwv.dll
Notify: cdeccebcffa - c:\windows\system32\cdeccebcffa.dll
Notify: dbsrv - c:\windows\cursors\dbsrv.dll
Notify: efcbcby - efcbcby.dll
Notify: igfxcui - igfxdev.dll
Notify: rssync - rssync.dll
Notify: smvctfp - c:\windows\smvctfp.dll
AppInit_DLLs: cru629.dat c:\windows\system32\melusume.dll c:\windows\system32\korenobi.dll c:\windows\system32\tudopupa.dll c:\windows\system32\wavowibi.dll c:\windows\system32\gewapaba.dll c:\windows\system32\nimaboyu.dll c:\windows\system32\mejiyolo.dll c:\windows\system32\fabireze.dll,c:\progra~1\thunmail\testabd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fabireze.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\fabireze.dll
SEH: {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - No File
SEH: {70ab0a8b-8a8a-496f-a339-4cd2f3352991} - c:\windows\system32\efcbcby.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {a8eeb996-62aa-4e48-995d-eaddcac47476} - c:\windows\system32\byXNgfCR.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\khfCuTME
LSA: Notification Packages = scecli c:\windows\system32\melusume.dll c:\windows\system32\wavowibi.dll c:\windows\system32\nimaboyu.dll MTUSETU.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dmfigh~1\applic~1\mozilla\firefox\profiles\t4m6hrvg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\program files\mozilla firefox\components\1bc49ef5-b115-7965-796e-e9359c6fb4e0.dll
FF - component: c:\program files\mozilla firefox\components\nsadsoftinc.dll
FF - plugin: c:\documents and settings\dmfighter\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-3-20 41288]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2009-4-21 10760]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2009-4-21 26952]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-3-20 56832]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-3-20 74240]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 afisicx;afisicx Service;c:\windows\system32\afisicx.exe [2004-8-4 195584]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-3-23 155160]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2009-4-21 438784]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2009-4-21 69632]
R2 AvgCoreSvc;AVG7 Resident Shield Service;c:\progra~1\grisoft\avg7\avgrssvc.exe [2009-4-21 212992]
R2 DhcpSrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-20 254976]
R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2004-8-4 194560]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-3-23 254040]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-17 111184]
S1 dlf0a63;dlf0a63;c:\windows\system32\drivers\dlf0a63.sys --> c:\windows\system32\drivers\dlf0a63.sys [?]
S1 rdsync;Frequency R-SynCPU;c:\windows\system32\rdsync.sys [2009-2-8 0]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-17 20560]
S2 AVGFwSrv;AVG Firewall;c:\progra~1\grisoft\avg7\avgfwsrv.exe [2009-4-21 858624]
S2 RMTASSIST;Remote Assistance;"c:\windows\algr.exe" --> c:\windows\algr.exe [?]
S3 6250spi;Elan USB Bridge Service;c:\windows\system32\drivers\6250spi.sys --> c:\windows\system32\drivers\6250spi.sys [?]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-3-23 352920]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

=============== Created Last 30 ================

2009-05-05 22:08 2,713 ---sh--- c:\windows\system32\ridadane.exe
2009-05-05 00:31 2,713 ---sh--- c:\windows\system32\wirubifa.exe
2009-05-03 04:24 2,713 ---sh--- c:\windows\system32\sijibale.exe
2009-04-29 00:12 2,713 ---sh--- c:\windows\system32\jitabine.exe
2009-04-26 20:01 2,713 ---sh--- c:\windows\system32\kosumivo.exe
2009-04-24 01:56 0 a--sh--- c:\windows\system32\zayapilo.dll
2009-04-24 01:31 <DIR> --d-hr-- C:\$VAULT$.AVG
2009-04-21 17:07 <DIR> --d----- c:\docume~1\dmfigh~1\applic~1\AVG7
2009-04-21 17:07 110,592 a------- c:\windows\system32\avgfwafu.dll
2009-04-21 17:07 9,216 a------- c:\windows\system32\avgwlntf.dll
2009-04-20 22:09 0 a------- c:\windows\system32\IpSvchostF.dll
2009-04-20 22:04 0 a------- c:\windows\system32\100.tmp
2009-04-20 22:04 80 a------- c:\windows\system32\FD.tmp
2009-04-20 21:11 25,244 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-04-20 21:11 4,672 a------- c:\windows\system\WOWPOST.EXE
2009-04-20 21:11 5,600 a------- c:\windows\system\WINASPI.DLL
2009-04-20 21:00 21,504 a------- c:\windows\system32\AUTMGR.EXE
2009-04-20 21:00 984,576 a------- c:\windows\system32\kernel32_check.dll
2009-04-20 21:00 10,240 a------- c:\windows\system32\Packer.dll
2009-04-20 21:00 9 a------- c:\windows\system32\iphy.dll
2009-04-20 21:00 3 a------- c:\windows\system32\fhpatch.dll
2009-04-20 21:00 0 a------- c:\windows\system32\fiplock.dll
2009-04-20 20:59 <DIR> --d----- c:\windows\system32\3361
2009-04-20 20:59 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-20 20:59 <DIR> --d----- c:\windows\dhcp
2009-04-20 18:45 232,448 a------- c:\windows\system32\w.exe
2009-04-20 18:45 36,864 a------- c:\windows\system32\dpcxool64.sys
2009-04-20 18:45 8 a------- c:\windows\system32\comsa32.sys
2009-04-20 17:40 <DIR> --dshr-- c:\program files\ThunMail
2009-04-20 17:40 40,960 a------- c:\windows\system32\xz.exe
2009-04-19 16:58 1,409,589 ---sh--- c:\windows\system32\upufezik.ini
2009-04-18 03:08 1,409,580 ---sh--- c:\windows\system32\apirakuw.ini
2009-04-17 14:16 1,411,370 ---sh--- c:\windows\system32\opinakuw.ini
2009-04-16 18:29 2 a------- C:\-1797604950
2009-04-15 16:17 1,411,355 ---sh--- c:\windows\system32\azivubeb.ini
2009-04-10 12:00 686,592 a------- c:\windows\system32\nsm4CE.dll

==================== Find3M ====================

2009-04-20 15:51 85,637 a------- c:\windows\system32\4a8755ed-9e3c-38c6-afdf-8a230a171769.exe
2009-04-20 15:41 108,032 a--sh--- c:\windows\system32\fabireze.dll.vir
2009-04-20 15:41 99,328 a--sh--- c:\windows\system32\tepepife.dll
2009-04-20 15:41 83,456 a--sh--- c:\windows\system32\yivimefe.exe
2009-04-19 16:57 108,032 a--sh--- c:\windows\system32\bemevaja.dll
2009-04-19 16:57 99,328 a--sh--- c:\windows\system32\kizefupu.dll
2009-04-19 16:57 83,456 a--sh--- c:\windows\system32\sawikali.exe
2009-04-18 15:55 99,328 a--sh--- c:\windows\system32\goyipeme.dll
2009-04-18 15:55 83,456 a--sh--- c:\windows\system32\kihinuga.exe
2009-04-18 15:55 108,032 a--sh--- c:\windows\system32\mejiyolo.dll.vir
2009-04-18 03:07 108,032 a--sh--- c:\windows\system32\jelukahu.dll
2009-04-18 03:07 83,456 a--sh--- c:\windows\system32\razusula.exe
2009-04-18 03:07 99,328 -------- c:\windows\system32\wukaripa.dll
2009-04-17 14:16 109,056 a--sh--- c:\windows\system32\tofayava.dll
2009-04-17 14:15 101,376 a--sh--- c:\windows\system32\wukanipo.dll
2009-04-17 14:15 83,456 a--sh--- c:\windows\system32\wuhahate.exe
2009-04-16 18:26 69,632 a--sh--- c:\windows\system32\dinizuha.dll
2009-04-16 18:25 109,568 a--sh--- c:\windows\system32\zeyoheko.dll
2009-04-16 18:25 101,888 a--sh--- c:\windows\system32\wefojuho.dll
2009-04-15 15:53 108,032 a--sh--- c:\windows\system32\kivihude.dll.vir
2009-03-22 21:15 1,053,184 a------- c:\windows\system32\mfc71u.dll
2009-03-22 21:15 503,808 a------- c:\windows\system32\msvcp71.dll
2009-03-22 21:15 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-22 21:15 89,600 a------- c:\windows\system32\atl71.dll
2009-03-22 21:15 258,352 a------- c:\windows\system32\unicows.dll
2009-03-02 16:45 300,544 a------- c:\windows\system32\jzzjbpjlnoph.dll
2009-02-08 13:00 25,354 a------- c:\windows\system32\hrpdcf.bin
2009-02-08 12:54 34,575 a--sh--- c:\windows\system32\EMTuCfhk.ini2
2008-12-15 22:29 87,608 a------- c:\docume~1\dmfigh~1\applic~1\inst.exe
2008-12-15 22:29 47,360 a------- c:\docume~1\dmfigh~1\applic~1\pcouffin.sys
2007-01-21 18:59 975,008 ac-sh--- c:\windows\pftcvms.bak1
2007-02-08 09:18 990,298 ac-sh--- c:\windows\pftcvms.bak2
2007-02-08 17:05 936,978 ac-sh--- c:\windows\pftcvms.ini2
2008-04-16 23:58 285,493 a--sh--- c:\windows\system32\aGgMmUtv.ini2
2008-03-21 14:29 293,675 a--sh--- c:\windows\system32\aybeg.ini2
2008-09-23 16:33 6,144 a--sh--- c:\windows\system32\bafopaga.dll
2009-01-16 18:26 69,632 a--sh--- c:\windows\system32\bozilajo.dll
2008-09-11 17:30 6,144 a--sh--- c:\windows\system32\bulimane.dll
2008-03-12 00:49 242,260 a--sh--- c:\windows\system32\hjkkj.ini2
2008-03-21 00:26 292,721 a--sh--- c:\windows\system32\ijjlm.ini2
2008-12-31 10:19 23,413 a--sh--- c:\windows\system32\juzutase.dll
2008-12-30 14:47 2,713 a--sh--- c:\windows\system32\kefazuwa.dll
2008-03-21 01:36 320 a--sh--- c:\windows\system32\kjllm.ini2
2008-04-29 19:03 520,540 a--sh--- c:\windows\system32\KjTAcfii.ini2
2009-01-01 13:05 23,413 a--sh--- c:\windows\system32\mudagisi.dll
2009-01-16 18:26 69,632 a--sh--- c:\windows\system32\nimaboyu.dll
2008-03-09 14:29 1,309,106 a--sh--- c:\windows\system32\qculddqc.ini2
2008-03-20 00:41 347,407 a--sh--- c:\windows\system32\qqstv.ini2
2008-03-22 13:15 293,326 a--sh--- c:\windows\system32\qqtss.ini2
2008-12-30 14:47 2,713 a--sh--- c:\windows\system32\sarapoga.dll
2009-02-04 02:53 37,719 a--sh--- c:\windows\system32\VGPWyyxx.ini2
2009-01-16 18:26 69,632 a--sh--- c:\windows\system32\viwafinu.dll
2008-12-31 22:11 4,096 a--sh--- c:\windows\system32\wanulago.dll
2008-03-26 04:43 275,569 a--sh--- c:\windows\system32\xbadd.ini2
2008-09-29 12:46 40,960 a--sh--- c:\windows\system32\zikewapo.dll

============= FINISH: 11:23:56.64 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/7/2005 7:48:36 PM
System Uptime: 5/9/2009 10:59:06 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0R8060
Processor: IntelŪ PentiumŪ 4 CPU 2.80GHz | Microprocessor | 2792/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 4.606 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (FAT32) - 298 GiB total, 4.299 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: IntelŪ PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: IntelŪ PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Service: E100B

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0000
Manufacturer: Microsoft
Name: IntelŪ PRO/100 VE Network Connection - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0000
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0001
Manufacturer: Microsoft
Name: WAN Miniport (IP) - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0001
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0002
Manufacturer: Microsoft
Name: Westell WireSpeed Dual Connect Modem - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0002
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Direct Parallel
Device ID: ROOT\MS_PTIMINIPORT\0000
Manufacturer: Microsoft
Name: Direct Parallel
PNP Device ID: ROOT\MS_PTIMINIPORT\0000
Service: Raspti

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0000
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW)
PNP Device ID: ROOT\NET\0000
Service: wanatw

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ĩTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
4300
4300_Help
4300Trb
Ad-Aware 2007
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AiO_Scan_CDA
AiOSoftwareNPI
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft Multimedia Email
ArcSoft PhotoImpression 5
Ask Toolbar
Audio Editor Gold v9.2.16
Audio Editor Pro 2.92
avast! Antivirus
AVG 7.5
Bat
BChanger
Belkin Mouse 1.0
BellSouth FastAccess DSL Help Center
BellSouth Internet Security - Alert Manager 1.3.20
BitTorrent 6.0.1
BufferChm
CD/DVD-ROM Generator 1.20
Companion wizard
Conexant D850 56K V.9x DFVc Modem
Contextual Platform Adsoftinc
Corel VideoStudio 12
CPV
Creative MediaSource
Creative WebCam Center
Creative WebCam Instant Driver (1.00.08.0416)
Creative WebCam Instant User's Guide (English)
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Destinations
DeviceManagementQFolder
Digital Line Detect
DivX to DVD Converter
DivxToDVD 0.5.2b
DocProc
DocProcQFolder
DPS
DVD Decrypter (Remove Only)
DVD Flick
DVD Shrink 3.2
DVDInfoPro
Enhancement Browser Tools Bannerstyle
Enhancement Browser Tools Bannerstyles15
eSupportQFolder
Fax_CDA
Free FLV Converter V 5.0
Free FLV to AVI Video Converter v. 1.0
Free Video to Mp3 Converter version 3.1
Free YouTube Download 2.2
Free YouTube to Mp3 Converter version 3.1
FrostWire 4.13.5
getPlusŪ_ocx
Glove
GOM Player
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
ImgBurn
InstantShareDevicesMFC
IntelŪ Extreme Graphics 2 Driver
IntelŪ PRO Network Adapters and Drivers
IntelŪ PROSet for Wired Connections
Internet Explorer Default Page
Internet Speed Monitor
iPod for Windows 2005-10-12
IsoBuster 2.3
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 11
Java™ 6 Update 3
K-Lite Codec Pack 3.9.5 (Full)
Macromedia Flash Player
Magic Audio Editor Pro v7.4.0.10
MarketResearch
Mega Mission Helmet
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Modem Helper
Mozilla Firefox (3.0.8)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MTV Networks Video Optimizer
My Way Search Assistant
Nero 8
neroxml
Netflix Movie Viewer
NetWaiting
NewCopy_CDA
Norton Security Scan
nvcoi
OCR Software by I.R.I.S 7.0
Panda ActiveScan 2.0
PanoStandAlone
PDF Settings
Photo Click
PhotoFiltre
Polaroid Digital Cam
Polaroid iZone PhotoBase
PowerDVD 5.5
ProductContextNPI
QuickBooks Simple Start Special Edition
QuickTime
Readme
Real Alternative 1.7.5
RealPlayer
Realtek USB 2.0 Card Reader
RON Too1 Globaladsolution
Saint Paint Studio
Scan
ScannerCopy
Search Settings 1.2
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Serif DrawPlus 5.0
SolutionCenter
SolveigMM AVI Trimmer
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Live! 24-bit
Spyware Doctor 5.1
Status
StepMania (remove only)
The Sims 2
Toolbox
Torrent Harvester
TrayApp
Uninstall 1.0.0.1
Unload
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
VCRedistSetup
Veoh Web Player Beta
VeohTV BETA
VideoStudio
Viewpoint Media Player
VnrPack
WebFldrs XP
WebReg
WinAVI MP4 Converter
WinAVI Video Converter
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 2
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WordPerfect Office 12
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yu-Gi-Oh! ONLINE
Yu-Gi-Oh! ONLINE 2

==== Event Viewer Messages From Past Week ========

5/8/2009 1:55:55 AM, error: Print [6161] - The document Wallet prints owned by dmfighter failed to print on printer HP Officejet 4300 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 5046272. Number of bytes printed: 5046272. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ALFREDO. Win32 error code returned by the print processor: 0 (0x0).
5/4/2009 7:42:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NMIndexingService service to connect.
5/4/2009 7:42:07 PM, error: Service Control Manager [7000] - The NMIndexingService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/4/2009 7:42:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
5/4/2009 6:30:25 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2009 6:30:10 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The system cannot find the file specified.
5/4/2009 6:30:10 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The system cannot find the file specified.
5/4/2009 6:30:10 PM, error: Service Control Manager [7000] - The AFD service failed to start due to the following error: The system cannot find the file specified.
5/4/2009 6:30:06 PM, error: Service Control Manager [7023] - The avast! Web Scanner service terminated with the following error: A socket operation encountered a dead network.
5/4/2009 6:30:06 PM, error: Service Control Manager [7001] - The aswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2009 6:30:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswSP aswTdi Beep IPSec MRxSmb NDIS NetBIOS NetBT sptd Tcpip
5/4/2009 6:29:53 PM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
5/4/2009 6:29:53 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
5/4/2009 6:29:53 PM, error: Service Control Manager [7023] - The Server service terminated with the following error: The system cannot find the file specified.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: The system cannot find the file specified.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: The system cannot find the file specified.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The AVG Firewall service depends on the IP Traffic Filter Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2009 6:29:53 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2009 6:29:53 PM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: The system cannot find the file specified.
5/4/2009 6:29:53 PM, error: Service Control Manager [7000] - The StarWind AE Service service failed to start due to the following error: The system cannot find the path specified.
5/4/2009 6:29:53 PM, error: Service Control Manager [7000] - The NDIS Usermode I/O Protocol service failed to start due to the following error: The system cannot find the file specified.
5/4/2009 6:29:53 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
5/4/2009 6:29:53 PM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
5/4/2009 6:29:18 PM, error: Workstation [5727] - Could not load RDR device driver.
5/4/2009 6:29:18 PM, error: Workstation [5727] - Could not load MRxSmb device driver.
5/4/2009 10:30:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/4/2009 10:29:23 AM, error: Service Control Manager [7000] - The NetBIOS Interface service failed to start due to the following error: The system cannot find the file specified.
5/3/2009 7:38:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
5/3/2009 7:38:34 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/3/2009 7:38:28 PM, error: Service Control Manager [7000] - The StarWind AE Service service failed to start due to the following error: The system cannot find the file specified.
5/2/2009 10:21:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
5/2/2009 10:21:37 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Edited by justice451, 09 May 2009 - 11:46 AM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:55 PM

Posted 10 May 2009 - 11:11 AM

Hello, justice451 :thumbup2:
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 justice451

justice451
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 11 May 2009 - 06:48 PM

I CAME BACK TO DOWNLOAD more combofix. I am transporting it to my computer on my wd passport. I received an error while running it, claims that it was infected and was shut off. I did not attempt to run it in safe mode or change the name, I will do these tonight and respond with the results tomorrow.

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:55 PM

Posted 11 May 2009 - 08:15 PM

Hello, justice451 :thumbup2:
DON'T PLUG THE EXTERNAL DRIVE BACK INTO YOUR CLEAN MACHINE!!!!!

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 justice451

justice451
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 12 May 2009 - 09:16 AM

Ok is it possible for you to tell me how to do the format/reinstall?and will I have to do the same to my external hard drive?im afraid it may be infected and can spread to other computers

The clean computer i plugged the passport in is a public computer, its antivirus has detected said virus and deleted it. I've also cleared out most of the files and am not scanning the remainder for viruses. Is it possible to format the external hard drive too? Mines a 320gb wd passport

Edited by justice451, 12 May 2009 - 01:09 PM.


#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:55 PM

Posted 12 May 2009 - 04:54 PM

Hello, justice451 :thumbup2:

Ok is it possible for you to tell me how to do the format/reinstall?and will I have to do the same to my external hard drive?im afraid it may be infected and can spread to other computers

http://spyware-free.us/tutorials/reformat/
EDIT: Yes, it can spread to other computers.

The clean computer i plugged the passport in is a public computer, its antivirus has detected said virus and deleted it. I've also cleared out most of the files and am not scanning the remainder for viruses. Is it possible to format the external hard drive too? Mines a 320gb wd passport

Right click the drive in My Computer -> Format...

Billy3

Edited by Billy O'Neal, 12 May 2009 - 04:54 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:55 PM

Posted 15 May 2009 - 09:54 AM

Hello, justice451 :thumbup2:
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users