Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection, need some help


  • This topic is locked This topic is locked
6 replies to this topic

#1 ssdime

ssdime

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 May 2009 - 10:01 PM

I picked up something nasty somewhere...lol

My computer will open like 40 internet explorer windows with multiple tabs bogging my comp down. Closeing them is a hassle and usually ends with task manager ending the programs. Here is the DDS log...


DDS (Ver_09-05-14.01) - NTFSx86
Run by Trey at 19:39:59.08 on 27/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3069.1829 [GMT -7:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Trey\AppData\Roaming\pidle\pidle.exe
C:\Users\Trey\AppData\Roaming\Twain\Twain.exe
C:\Users\Trey\AppData\Roaming\digifast\digifast.exe
C:\Users\Trey\AppData\Roaming\Microsoft\Windows\spmaqk.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Trey\Downloads\dds(2).scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=6070818
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [userinit] c:\users\trey\appdata\roaming\ntos.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [pidle] "c:\users\trey\appdata\roaming\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [Twain] c:\users\trey\appdata\roaming\twain\Twain.exe
uRun: [DigiFast] c:\users\trey\appdata\roaming\digifast\digifast.exe
uRun: [SfKg6wIPuSpdc] c:\users\trey\appdata\roaming\microsoft\windows\spmaqk.exe
uRun: [rihazologo] Rundll32.exe "c:\programdata\ripodefe\ripodefe.dll",s
uRun: [d00e5bf5] rundll32.exe "c:\programdata\sozifeli\sozifeli.dll",b
uRun: [CPMd33d6869] Rundll32.exe "c:\programdata\begimepo\begimepo.dll",a
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\trey\appdata\roaming\mozilla\firefox\profiles\ktmjaw7s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.canada.com/vancouversun/index.html
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - component: c:\users\trey\appdata\roaming\mozilla\firefox\profiles\ktmjaw7s.default\extensions\{ddb7e7f0-96e4-11dd-ad8b-0800200c9a66}\components\dfff.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-10 64160]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-8-18 5504]

=============== Created Last 30 ================

2009-05-27 16:56 <DIR> --d----- c:\programdata\tefifohi
2009-05-27 16:56 <DIR> --d----- c:\programdata\begimepo
2009-05-27 16:56 <DIR> --d----- c:\progra~2\tefifohi
2009-05-27 16:56 <DIR> --d----- c:\progra~2\begimepo
2009-05-26 18:18 <DIR> --d----- c:\programdata\tezekura
2009-05-26 18:18 <DIR> --d----- c:\programdata\ripodefe
2009-05-26 18:18 <DIR> --d----- c:\programdata\guditowi
2009-05-26 18:18 <DIR> --d----- c:\progra~2\tezekura
2009-05-26 18:18 <DIR> --d----- c:\progra~2\ripodefe
2009-05-26 18:18 <DIR> --d----- c:\progra~2\guditowi
2009-05-26 18:16 <DIR> --d----- c:\programdata\hejapive
2009-05-26 18:16 <DIR> --d----- c:\programdata\fihiyota
2009-05-26 18:16 <DIR> --d----- c:\programdata\dewulale
2009-05-26 18:16 <DIR> --d----- c:\progra~2\hejapive
2009-05-26 18:16 <DIR> --d----- c:\progra~2\fihiyota
2009-05-26 18:16 <DIR> --d----- c:\progra~2\dewulale
2009-05-25 18:20 <DIR> --d----- c:\programdata\sozifeli
2009-05-25 18:20 <DIR> --d----- c:\programdata\derahihu
2009-05-25 18:20 <DIR> --d----- c:\progra~2\sozifeli
2009-05-25 18:20 <DIR> --d----- c:\progra~2\derahihu
2009-05-25 06:20 <DIR> --d----- c:\programdata\hasimire
2009-05-25 06:20 <DIR> --d----- c:\programdata\furakalu
2009-05-25 06:20 <DIR> --d----- c:\progra~2\hasimire
2009-05-25 06:20 <DIR> --d----- c:\progra~2\furakalu
2009-05-24 18:20 <DIR> --d----- c:\programdata\tafenugo
2009-05-24 18:20 <DIR> --d----- c:\programdata\fahuhuli
2009-05-24 18:20 <DIR> --d----- c:\progra~2\tafenugo
2009-05-24 18:20 <DIR> --d----- c:\progra~2\fahuhuli
2009-05-24 06:20 <DIR> --d----- c:\programdata\yosohede
2009-05-24 06:20 <DIR> --d----- c:\programdata\vajarusu
2009-05-24 06:20 <DIR> --d----- c:\progra~2\yosohede
2009-05-24 06:20 <DIR> --d----- c:\progra~2\vajarusu
2009-05-23 18:20 <DIR> --d----- c:\programdata\vulademu
2009-05-23 18:20 <DIR> --d----- c:\programdata\nukavuso
2009-05-23 18:20 <DIR> --d----- c:\progra~2\vulademu
2009-05-23 18:20 <DIR> --d----- c:\progra~2\nukavuso
2009-05-21 20:03 <DIR> --d----- c:\programdata\yezimuya
2009-05-21 20:03 <DIR> --d----- c:\programdata\herutoho
2009-05-21 20:03 <DIR> --d----- c:\progra~2\yezimuya
2009-05-21 20:03 <DIR> --d----- c:\progra~2\herutoho
2009-05-20 18:43 <DIR> --d----- c:\programdata\kuwalobe
2009-05-20 18:43 <DIR> --d----- c:\programdata\dutudari
2009-05-20 18:43 <DIR> --d----- c:\progra~2\kuwalobe
2009-05-20 18:43 <DIR> --d----- c:\progra~2\dutudari
2009-05-19 16:41 <DIR> --d----- c:\programdata\yuniyuzi
2009-05-19 16:41 <DIR> --d----- c:\programdata\riyijuvu
2009-05-19 16:41 <DIR> --d----- c:\progra~2\yuniyuzi
2009-05-19 16:41 <DIR> --d----- c:\progra~2\riyijuvu
2009-05-18 17:12 <DIR> --d----- c:\programdata\pijuvayo
2009-05-18 17:12 <DIR> --d----- c:\programdata\nalejida
2009-05-18 17:12 <DIR> --d----- c:\progra~2\pijuvayo
2009-05-18 17:12 <DIR> --d----- c:\progra~2\nalejida
2009-05-18 05:11 <DIR> --d----- c:\programdata\luvefupu
2009-05-18 05:11 <DIR> --d----- c:\programdata\linimufo
2009-05-18 05:11 <DIR> --d----- c:\progra~2\luvefupu
2009-05-18 05:11 <DIR> --d----- c:\progra~2\linimufo
2009-05-17 17:11 <DIR> --d----- c:\programdata\nadubesu
2009-05-17 17:11 <DIR> --d----- c:\programdata\budipugu
2009-05-17 17:11 <DIR> --d----- c:\progra~2\nadubesu
2009-05-17 17:11 <DIR> --d----- c:\progra~2\budipugu
2009-05-16 19:07 <DIR> --d----- c:\programdata\gumizoju
2009-05-16 19:07 <DIR> --d----- c:\programdata\dadirova
2009-05-16 19:07 <DIR> --d----- c:\progra~2\gumizoju
2009-05-16 19:07 <DIR> --d----- c:\progra~2\dadirova
2009-05-14 16:46 <DIR> --d----- c:\programdata\yubiyufo
2009-05-14 16:46 <DIR> --d----- c:\programdata\difoyuro
2009-05-14 16:46 <DIR> --d----- c:\progra~2\yubiyufo
2009-05-14 16:46 <DIR> --d----- c:\progra~2\difoyuro
2009-05-13 17:25 <DIR> --d----- c:\programdata\risikaru
2009-05-13 17:25 <DIR> --d----- c:\programdata\gihemitu
2009-05-13 17:25 <DIR> --d----- c:\progra~2\risikaru
2009-05-13 17:25 <DIR> --d----- c:\progra~2\gihemitu
2009-05-13 05:27 <DIR> --d----- c:\programdata\kozanawi
2009-05-13 05:27 <DIR> --d----- c:\progra~2\kozanawi
2009-05-13 05:27 <DIR> --d----- c:\programdata\yodunika
2009-05-13 05:27 <DIR> --d----- c:\programdata\fuzahuyi
2009-05-13 05:27 <DIR> --d----- c:\progra~2\yodunika
2009-05-13 05:27 <DIR> --d----- c:\progra~2\fuzahuyi
2009-05-12 17:22 <DIR> --d----- c:\programdata\woborugu
2009-05-12 17:22 <DIR> --d----- c:\programdata\kegorafa
2009-05-12 17:22 <DIR> --d----- c:\progra~2\woborugu
2009-05-12 17:22 <DIR> --d----- c:\progra~2\kegorafa
2009-05-12 05:22 <DIR> --d----- c:\programdata\bubukuwa
2009-05-12 05:22 <DIR> --d----- c:\programdata\bozakita
2009-05-12 05:22 <DIR> --d----- c:\progra~2\bubukuwa
2009-05-12 05:22 <DIR> --d----- c:\progra~2\bozakita
2009-05-11 17:22 <DIR> --d----- c:\programdata\midogiru
2009-05-11 17:22 <DIR> --d----- c:\programdata\garowori
2009-05-11 17:22 <DIR> --d----- c:\progra~2\midogiru
2009-05-11 17:22 <DIR> --d----- c:\progra~2\garowori
2009-05-10 21:50 <DIR> --d----- c:\programdata\mivekele
2009-05-10 21:50 <DIR> --d----- c:\programdata\madubiha
2009-05-10 21:50 <DIR> --d----- c:\progra~2\mivekele
2009-05-10 21:50 <DIR> --d----- c:\progra~2\madubiha
2009-05-10 19:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-10 15:35 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-10 15:35 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-10 15:35 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-10 15:34 <DIR> --d----- c:\programdata\Lavasoft
2009-05-10 15:34 <DIR> --d----- c:\program files\Lavasoft
2009-05-10 09:50 <DIR> --d----- c:\programdata\pazajifo
2009-05-10 09:50 <DIR> --d----- c:\programdata\lemazoka
2009-05-10 09:50 <DIR> --d----- c:\progra~2\pazajifo
2009-05-10 09:50 <DIR> --d----- c:\progra~2\lemazoka
2009-05-09 21:50 <DIR> --d----- c:\programdata\wifamime
2009-05-09 21:50 <DIR> --d----- c:\programdata\tositiwe
2009-05-09 21:50 <DIR> --d----- c:\progra~2\wifamime
2009-05-09 21:50 <DIR> --d----- c:\progra~2\tositiwe
2009-05-09 09:50 <DIR> --d----- c:\programdata\pobezamu
2009-05-09 09:50 <DIR> --d----- c:\programdata\menudowe
2009-05-09 09:50 <DIR> --d----- c:\progra~2\pobezamu
2009-05-09 09:50 <DIR> --d----- c:\progra~2\menudowe
2009-05-08 21:50 <DIR> --d----- c:\programdata\ponubomu
2009-05-08 21:50 <DIR> --d----- c:\programdata\detokaje
2009-05-08 21:50 <DIR> --d----- c:\progra~2\ponubomu
2009-05-08 21:50 <DIR> --d----- c:\progra~2\detokaje
2009-05-08 09:50 <DIR> --d----- c:\programdata\wugekoyi
2009-05-08 09:50 <DIR> --d----- c:\programdata\wideneje
2009-05-08 09:50 <DIR> --d----- c:\progra~2\wugekoyi
2009-05-08 09:50 <DIR> --d----- c:\progra~2\wideneje
2009-05-07 21:50 <DIR> --d----- c:\programdata\mamitabe
2009-05-07 21:50 <DIR> --d----- c:\programdata\mafuluwu
2009-05-07 21:50 <DIR> --d----- c:\progra~2\mamitabe
2009-05-07 21:50 <DIR> --d----- c:\progra~2\mafuluwu
2009-05-07 09:50 <DIR> --d----- c:\programdata\rujejori
2009-05-07 09:50 <DIR> --d----- c:\programdata\detezada
2009-05-07 09:50 <DIR> --d----- c:\progra~2\rujejori
2009-05-07 09:50 <DIR> --d----- c:\progra~2\detezada
2009-05-06 21:50 <DIR> --d----- c:\programdata\yusowojo
2009-05-06 21:50 <DIR> --d----- c:\programdata\jigujiyo
2009-05-06 21:50 <DIR> --d----- c:\progra~2\yusowojo
2009-05-06 21:50 <DIR> --d----- c:\progra~2\jigujiyo
2009-05-06 09:51 <DIR> --d----- c:\programdata\yigenomo
2009-05-06 09:51 <DIR> --d----- c:\programdata\piwuporo
2009-05-06 09:51 <DIR> --d----- c:\programdata\gavuvabu
2009-05-06 09:51 <DIR> --d----- c:\progra~2\yigenomo
2009-05-06 09:51 <DIR> --d----- c:\progra~2\piwuporo
2009-05-06 09:51 <DIR> --d----- c:\progra~2\gavuvabu
2009-05-06 09:50 <DIR> --d----- c:\programdata\yikizafe
2009-05-06 09:50 <DIR> --d----- c:\programdata\rosegoye
2009-05-06 09:50 <DIR> --d----- c:\programdata\hugekoja
2009-05-06 09:50 <DIR> --d----- c:\progra~2\yikizafe
2009-05-06 09:50 <DIR> --d----- c:\progra~2\rosegoye
2009-05-06 09:50 <DIR> --d----- c:\progra~2\hugekoja
2009-05-05 21:50 <DIR> --d----- c:\programdata\wufajojo
2009-05-05 21:50 <DIR> --d----- c:\programdata\fahajuwe
2009-05-05 21:50 <DIR> --d----- c:\progra~2\wufajojo
2009-05-05 21:50 <DIR> --d----- c:\progra~2\fahajuwe
2009-05-05 09:49 <DIR> --d----- c:\programdata\tiledovo
2009-05-05 09:49 <DIR> --d----- c:\programdata\bejayiti
2009-05-05 09:49 <DIR> --d----- c:\progra~2\tiledovo
2009-05-05 09:49 <DIR> --d----- c:\progra~2\bejayiti
2009-05-04 21:49 <DIR> --d----- c:\programdata\suhahebu
2009-05-04 21:49 <DIR> --d----- c:\programdata\hetuyevo
2009-05-04 21:49 <DIR> --d----- c:\progra~2\suhahebu
2009-05-04 21:49 <DIR> --d----- c:\progra~2\hetuyevo
2009-05-03 22:20 <DIR> --d----- c:\programdata\toyeleno
2009-05-03 22:20 <DIR> --d----- c:\programdata\fivikeka
2009-05-03 22:20 <DIR> --d----- c:\progra~2\toyeleno
2009-05-03 22:20 <DIR> --d----- c:\progra~2\fivikeka
2009-05-03 20:47 <DIR> --d----- c:\program files\Trend Micro
2009-05-03 10:20 <DIR> --d----- c:\programdata\yajumano
2009-05-03 10:20 <DIR> --d----- c:\programdata\piyuzuju
2009-05-03 10:20 <DIR> --d----- c:\progra~2\yajumano
2009-05-03 10:20 <DIR> --d----- c:\progra~2\piyuzuju
2009-05-02 21:32 <DIR> --d----- c:\programdata\vamitihu
2009-05-02 21:32 <DIR> --d----- c:\programdata\nawodope
2009-05-02 21:32 <DIR> --d----- c:\progra~2\vamitihu
2009-05-02 21:32 <DIR> --d----- c:\progra~2\nawodope
2009-05-02 09:32 <DIR> --d----- c:\programdata\yinonude
2009-05-02 09:32 <DIR> --d----- c:\programdata\powirabu
2009-05-02 09:32 <DIR> --d----- c:\progra~2\yinonude
2009-05-02 09:32 <DIR> --d----- c:\progra~2\powirabu
2009-05-01 21:37 <DIR> --d----- c:\users\trey\appdata\roaming\digifast
2009-05-01 21:33 <DIR> --d----- c:\users\trey\appdata\roaming\Twain
2009-05-01 21:32 <DIR> --d----- c:\programdata\wakozawa
2009-05-01 21:32 <DIR> --d----- c:\programdata\wabodezi
2009-05-01 21:32 <DIR> --d----- c:\programdata\denekilo
2009-05-01 21:32 <DIR> --d----- c:\progra~2\wakozawa
2009-05-01 21:32 <DIR> --d----- c:\progra~2\wabodezi
2009-05-01 21:32 <DIR> --d----- c:\progra~2\denekilo
2009-05-01 21:32 <DIR> --d----- c:\programdata\bohemuko
2009-05-01 21:32 <DIR> --d----- c:\progra~2\bohemuko
2009-05-01 21:32 <DIR> --d----- c:\programdata\poviwumi
2009-05-01 21:32 <DIR> --d----- c:\programdata\huhukuge
2009-05-01 21:32 <DIR> --d----- c:\programdata\gavapufa
2009-05-01 21:32 <DIR> --d----- c:\progra~2\poviwumi
2009-05-01 21:32 <DIR> --d----- c:\progra~2\huhukuge
2009-05-01 21:32 <DIR> --d----- c:\progra~2\gavapufa
2009-04-30 20:14 <DIR> --d----- c:\programdata\wayokuzo
2009-04-30 20:14 <DIR> --d----- c:\progra~2\wayokuzo
2009-04-30 20:14 <DIR> --d----- c:\programdata\yuwefoji
2009-04-30 20:14 <DIR> --d----- c:\programdata\siditesu
2009-04-30 20:14 <DIR> --d----- c:\progra~2\yuwefoji
2009-04-30 20:14 <DIR> --d----- c:\progra~2\siditesu
2009-04-30 20:05 <DIR> --d----- c:\users\trey\appdata\roaming\pidle
2009-04-30 20:05 <DIR> --d----- c:\programdata\pesubumu
2009-04-30 20:05 <DIR> --d----- c:\programdata\ganafihe
2009-04-30 20:05 <DIR> --d----- c:\programdata\fepayaju
2009-04-30 20:05 <DIR> --d----- c:\progra~2\pesubumu
2009-04-30 20:05 <DIR> --d----- c:\progra~2\ganafihe
2009-04-30 20:05 <DIR> --d----- c:\progra~2\fepayaju
2009-04-27 21:35 <DIR> --dsh--- c:\windows\ftpcache
2009-04-27 21:29 <DIR> --d----- c:\program files\id Software
2009-04-27 20:39 319 a------- c:\windows\game.ini
2009-04-27 20:25 <DIR> --d----- c:\program files\Activision

==================== Find3M ====================

2009-04-11 13:35 51,200 a------- c:\windows\inf\infpub.dat
2009-04-11 13:35 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-11 13:35 86,016 a------- c:\windows\inf\infstor.dat
2009-04-09 16:17 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-23 03:15 174 a--sh--- c:\program files\desktop.ini
2008-09-23 03:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-19 00:38 106,496 a----r-- c:\users\trey\appdata\roaming\ntos.exe
2007-11-02 23:47 220,008,707 a------- c:\users\trey\WoW-2.2.3.7359-to-0.3.0.7441-enUS-patch.exe
2007-10-14 14:47 96,076 a------- c:\users\trey\VideoAccessCodecInstall.exe
2007-10-08 20:48 5,979,191 a------- c:\users\trey\realalt160.exe
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:40:27.15 ===============


Let me know what I need to download or delete, please. I have a hijackthis and have used it before awhile ago. Thanks for your time.

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 08 June 2009 - 07:48 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
If you still require assistance post a new set of DDS Logs and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log please refer to this page and in step #6 there is instructions on downloading and running DDS. IF you have any problems just let me know in your next reply or simply post a Hijackthis log.

Thanks again and we apologzie for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 ssdime

ssdime
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 13 June 2009 - 10:09 AM

Thanks for getting back to me. Not a problem on the delay of reply I know you guys are busy. Here is my new DDS:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Trey at 8:00:53.63 on 13/06/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3069.1631 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Trey\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=6070818
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [userinit] c:\users\trey\appdata\roaming\ntos.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [pidle] "c:\users\trey\appdata\roaming\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [Twain] c:\users\trey\appdata\roaming\twain\Twain.exe
uRun: [DigiFast] c:\users\trey\appdata\roaming\digifast\digifast.exe
uRun: [SfKg6wIPuSpdc] c:\users\trey\appdata\roaming\microsoft\windows\spmaqk.exe
uRun: [rihazologo] Rundll32.exe "c:\programdata\ripodefe\ripodefe.dll",s
uRun: [d00e5bf5] rundll32.exe "c:\programdata\wuyawatu\wuyawatu.dll",b
uRun: [CPMd33d6869] Rundll32.exe "c:\programdata\beruvufi\beruvufi.dll",a
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\trey\appdata\roaming\mozilla\firefox\profiles\ktmjaw7s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.canada.com/vancouversun/index.html
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - component: c:\users\trey\appdata\roaming\mozilla\firefox\profiles\ktmjaw7s.default\extensions\{ddb7e7f0-96e4-11dd-ad8b-0800200c9a66}\components\dfff.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-10 64160]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-8-18 5504]

=============== Created Last 30 ================

2009-06-07 18:59 <DIR> --d----- c:\programdata\wuyawatu
2009-06-07 18:59 <DIR> --d----- c:\programdata\bajiyaje
2009-06-07 18:59 <DIR> --d----- c:\progra~2\wuyawatu
2009-06-07 18:59 <DIR> --d----- c:\progra~2\bajiyaje
2009-06-07 06:59 <DIR> --d----- c:\programdata\tesifeke
2009-06-07 06:59 <DIR> --d----- c:\programdata\beruvufi
2009-06-07 06:59 <DIR> --d----- c:\progra~2\tesifeke
2009-06-07 06:59 <DIR> --d----- c:\progra~2\beruvufi
2009-06-06 18:59 <DIR> --d----- c:\programdata\tehofina
2009-06-06 18:59 <DIR> --d----- c:\programdata\malekijo
2009-06-06 18:59 <DIR> --d----- c:\progra~2\tehofina
2009-06-06 18:59 <DIR> --d----- c:\progra~2\malekijo
2009-06-06 06:59 <DIR> --d----- c:\programdata\juzarifo
2009-06-06 06:59 <DIR> --d----- c:\progra~2\juzarifo
2009-06-06 06:59 <DIR> --d----- c:\programdata\javasila
2009-06-06 06:59 <DIR> --d----- c:\progra~2\javasila
2009-06-05 18:59 <DIR> --d----- c:\programdata\gebetepe
2009-06-05 18:59 <DIR> --d----- c:\programdata\faseholu
2009-06-05 18:59 <DIR> --d----- c:\progra~2\gebetepe
2009-06-05 18:59 <DIR> --d----- c:\progra~2\faseholu
2009-06-05 06:59 <DIR> --d----- c:\programdata\nobagadu
2009-06-05 06:59 <DIR> --d----- c:\programdata\benikobu
2009-06-05 06:59 <DIR> --d----- c:\progra~2\nobagadu
2009-06-05 06:59 <DIR> --d----- c:\progra~2\benikobu
2009-06-04 18:59 <DIR> --d----- c:\programdata\zeniyuda
2009-06-04 18:59 <DIR> --d----- c:\programdata\golopate
2009-06-04 18:59 <DIR> --d----- c:\progra~2\zeniyuda
2009-06-04 18:59 <DIR> --d----- c:\progra~2\golopate
2009-06-04 06:59 <DIR> --d----- c:\programdata\vidiwupu
2009-06-04 06:59 <DIR> --d----- c:\programdata\kegawapi
2009-06-04 06:59 <DIR> --d----- c:\progra~2\vidiwupu
2009-06-04 06:59 <DIR> --d----- c:\progra~2\kegawapi
2009-06-03 18:59 <DIR> --d----- c:\programdata\ropepenu
2009-06-03 18:59 <DIR> --d----- c:\programdata\bolizimo
2009-06-03 18:59 <DIR> --d----- c:\progra~2\ropepenu
2009-06-03 18:59 <DIR> --d----- c:\progra~2\bolizimo
2009-06-03 06:59 <DIR> --d----- c:\programdata\sasoliha
2009-06-03 06:59 <DIR> --d----- c:\programdata\jupozife
2009-06-03 06:59 <DIR> --d----- c:\progra~2\sasoliha
2009-06-03 06:59 <DIR> --d----- c:\progra~2\jupozife
2009-06-02 18:59 <DIR> --d----- c:\programdata\pivumuwe
2009-06-02 18:59 <DIR> --d----- c:\programdata\bekoduya
2009-06-02 18:59 <DIR> --d----- c:\progra~2\pivumuwe
2009-06-02 18:59 <DIR> --d----- c:\progra~2\bekoduya
2009-06-01 17:40 <DIR> --d----- c:\programdata\yejedotu
2009-06-01 17:40 <DIR> --d----- c:\programdata\rehotiza
2009-06-01 17:40 <DIR> --d----- c:\progra~2\yejedotu
2009-06-01 17:40 <DIR> --d----- c:\progra~2\rehotiza
2009-05-31 22:17 <DIR> --d----- c:\programdata\muwuhare
2009-05-31 22:17 <DIR> --d----- c:\programdata\gozuwupi
2009-05-31 22:17 <DIR> --d----- c:\progra~2\muwuhare
2009-05-31 22:17 <DIR> --d----- c:\progra~2\gozuwupi
2009-05-31 10:17 <DIR> --d----- c:\programdata\kimupabe
2009-05-31 10:17 <DIR> --d----- c:\programdata\doluwuhi
2009-05-31 10:17 <DIR> --d----- c:\progra~2\kimupabe
2009-05-31 10:17 <DIR> --d----- c:\progra~2\doluwuhi
2009-05-30 19:05 <DIR> --d----- c:\programdata\zupejaku
2009-05-30 19:05 <DIR> --d----- c:\programdata\tajojeti
2009-05-30 19:05 <DIR> --d----- c:\progra~2\zupejaku
2009-05-30 19:05 <DIR> --d----- c:\progra~2\tajojeti
2009-05-27 16:56 <DIR> --d----- c:\programdata\tefifohi
2009-05-27 16:56 <DIR> --d----- c:\programdata\begimepo
2009-05-27 16:56 <DIR> --d----- c:\progra~2\tefifohi
2009-05-27 16:56 <DIR> --d----- c:\progra~2\begimepo
2009-05-26 18:18 <DIR> --d----- c:\programdata\tezekura
2009-05-26 18:18 <DIR> --d----- c:\programdata\ripodefe
2009-05-26 18:18 <DIR> --d----- c:\programdata\guditowi
2009-05-26 18:18 <DIR> --d----- c:\progra~2\tezekura
2009-05-26 18:18 <DIR> --d----- c:\progra~2\ripodefe
2009-05-26 18:18 <DIR> --d----- c:\progra~2\guditowi
2009-05-26 18:16 <DIR> --d----- c:\programdata\hejapive
2009-05-26 18:16 <DIR> --d----- c:\programdata\fihiyota
2009-05-26 18:16 <DIR> --d----- c:\programdata\dewulale
2009-05-26 18:16 <DIR> --d----- c:\progra~2\hejapive
2009-05-26 18:16 <DIR> --d----- c:\progra~2\fihiyota
2009-05-26 18:16 <DIR> --d----- c:\progra~2\dewulale
2009-05-25 18:20 <DIR> --d----- c:\programdata\sozifeli
2009-05-25 18:20 <DIR> --d----- c:\programdata\derahihu
2009-05-25 18:20 <DIR> --d----- c:\progra~2\sozifeli
2009-05-25 18:20 <DIR> --d----- c:\progra~2\derahihu
2009-05-25 06:20 <DIR> --d----- c:\programdata\hasimire
2009-05-25 06:20 <DIR> --d----- c:\programdata\furakalu
2009-05-25 06:20 <DIR> --d----- c:\progra~2\hasimire
2009-05-25 06:20 <DIR> --d----- c:\progra~2\furakalu
2009-05-24 18:20 <DIR> --d----- c:\programdata\tafenugo
2009-05-24 18:20 <DIR> --d----- c:\programdata\fahuhuli
2009-05-24 18:20 <DIR> --d----- c:\progra~2\tafenugo
2009-05-24 18:20 <DIR> --d----- c:\progra~2\fahuhuli
2009-05-24 06:20 <DIR> --d----- c:\programdata\yosohede
2009-05-24 06:20 <DIR> --d----- c:\programdata\vajarusu
2009-05-24 06:20 <DIR> --d----- c:\progra~2\yosohede
2009-05-24 06:20 <DIR> --d----- c:\progra~2\vajarusu
2009-05-23 18:20 <DIR> --d----- c:\programdata\vulademu
2009-05-23 18:20 <DIR> --d----- c:\programdata\nukavuso
2009-05-23 18:20 <DIR> --d----- c:\progra~2\vulademu
2009-05-23 18:20 <DIR> --d----- c:\progra~2\nukavuso
2009-05-21 20:03 <DIR> --d----- c:\programdata\yezimuya
2009-05-21 20:03 <DIR> --d----- c:\programdata\herutoho
2009-05-21 20:03 <DIR> --d----- c:\progra~2\yezimuya
2009-05-21 20:03 <DIR> --d----- c:\progra~2\herutoho
2009-05-20 18:43 <DIR> --d----- c:\programdata\kuwalobe
2009-05-20 18:43 <DIR> --d----- c:\programdata\dutudari
2009-05-20 18:43 <DIR> --d----- c:\progra~2\kuwalobe
2009-05-20 18:43 <DIR> --d----- c:\progra~2\dutudari
2009-05-19 16:41 <DIR> --d----- c:\programdata\yuniyuzi
2009-05-19 16:41 <DIR> --d----- c:\programdata\riyijuvu
2009-05-19 16:41 <DIR> --d----- c:\progra~2\yuniyuzi
2009-05-19 16:41 <DIR> --d----- c:\progra~2\riyijuvu
2009-05-18 17:12 <DIR> --d----- c:\programdata\pijuvayo
2009-05-18 17:12 <DIR> --d----- c:\programdata\nalejida
2009-05-18 17:12 <DIR> --d----- c:\progra~2\pijuvayo
2009-05-18 17:12 <DIR> --d----- c:\progra~2\nalejida
2009-05-18 05:11 <DIR> --d----- c:\programdata\luvefupu
2009-05-18 05:11 <DIR> --d----- c:\programdata\linimufo
2009-05-18 05:11 <DIR> --d----- c:\progra~2\luvefupu
2009-05-18 05:11 <DIR> --d----- c:\progra~2\linimufo
2009-05-17 17:11 <DIR> --d----- c:\programdata\nadubesu
2009-05-17 17:11 <DIR> --d----- c:\programdata\budipugu
2009-05-17 17:11 <DIR> --d----- c:\progra~2\nadubesu
2009-05-17 17:11 <DIR> --d----- c:\progra~2\budipugu
2009-05-16 19:07 <DIR> --d----- c:\programdata\gumizoju
2009-05-16 19:07 <DIR> --d----- c:\programdata\dadirova
2009-05-16 19:07 <DIR> --d----- c:\progra~2\gumizoju
2009-05-16 19:07 <DIR> --d----- c:\progra~2\dadirova
2009-05-14 16:46 <DIR> --d----- c:\programdata\yubiyufo
2009-05-14 16:46 <DIR> --d----- c:\programdata\difoyuro
2009-05-14 16:46 <DIR> --d----- c:\progra~2\yubiyufo
2009-05-14 16:46 <DIR> --d----- c:\progra~2\difoyuro

==================== Find3M ====================

2009-04-11 13:35 51,200 a------- c:\windows\inf\infpub.dat
2009-04-11 13:35 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-11 13:35 86,016 a------- c:\windows\inf\infstor.dat
2008-09-23 03:15 174 a--sh--- c:\program files\desktop.ini
2008-09-23 03:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-19 00:38 106,496 a----r-- c:\users\trey\appdata\roaming\ntos.exe
2007-11-02 23:47 220,008,707 a------- c:\users\trey\WoW-2.2.3.7359-to-0.3.0.7441-enUS-patch.exe
2007-10-14 14:47 96,076 a------- c:\users\trey\VideoAccessCodecInstall.exe
2007-10-08 20:48 5,979,191 a------- c:\users\trey\realalt160.exe
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:01:16.58 ===============

I have managed to get around this virus a bit in the last few days. When I boot up my comp there is a open file security warning that has come up ever since the problems have occured. I have always clicked cancel, never run. After I click cancel I get the problems with IE. Now I just leave the warning up on my computer and it seems like the virus isnt running. The open file warning is for a file called ntos.exe hope this helps.

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 13 June 2009 - 11:08 AM

Hello.

let's start off with Combofix.

Download and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2
Link 3

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

If there were any problems please let me know.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 ssdime

ssdime
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 15 June 2009 - 01:14 PM

Ok ComboFix was run and it deleted a few files here is the log it gave me:

ComboFix 09-06-14.02 - Trey 15/06/2009 10:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3069.2354 [GMT -7:00]
Running from: c:\users\Trey\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SystemDefender
c:\program files\VideoAccessCodec
c:\programdata\Microsoft\Windows\Start Menu\Programs\videoplay
C:\resycled
c:\users\Trey\AppData\Roaming\digifast
c:\users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\videoplay
c:\users\Trey\AppData\Roaming\pidle
c:\users\Trey\AppData\Roaming\wsnpoem
D:\resycled
C:\Autorun.inf
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\VideoAccessCodec\install.ico
c:\program files\VideoAccessCodec\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\videoplay\Uninstall.lnk
c:\programdata\wuyawatu\wuyawatu.dll
c:\resycled\ntldr.com
c:\users\Trey\AppData\Local\Microsoft\Windows\Temporary Internet Files\bestwiner.stt
c:\users\Trey\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\Trey\AppData\Roaming\digifast\config.cfg
c:\users\Trey\AppData\Roaming\digifast\DFUninstall.exe
c:\users\Trey\AppData\Roaming\digifast\digifast.exe
c:\users\Trey\AppData\Roaming\pidle\pidle.exe
c:\users\Trey\AppData\Roaming\twain\Twain.exe
c:\users\Trey\AppData\Roaming\wsnpoem\audio.dll
c:\users\Trey\AppData\Roaming\wsnpoem\video.dll
c:\windows\dat.txt
c:\windows\system32\drivers\gaopdxfipricsv.sys
c:\windows\system32\gaopdxpernkytt.dll
c:\windows\wsremover.exe
D:\Autorun.inf
d:\resycled\ntldr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-15 17:56 . 2009-06-15 17:56 -------- d-----w- c:\users\Trey\AppData\Local\temp
2009-06-15 17:56 . 2009-06-15 17:56 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-06-15 17:34 . 2009-06-15 17:34 -------- d-----w- c:\programdata\ronizuzu
2009-06-15 17:34 . 2009-06-15 17:34 -------- d-----w- c:\programdata\nevipisu
2009-06-15 17:34 . 2009-06-15 17:34 -------- d-----w- c:\programdata\kofiwizi
2009-06-15 17:32 . 2009-06-15 17:32 -------- d-----w- c:\programdata\tunuzode
2009-06-15 17:32 . 2009-06-15 17:32 -------- d-----w- c:\programdata\yopisiwi
2009-06-15 17:32 . 2009-06-15 17:32 -------- d-----w- c:\programdata\nunimoye
2009-06-15 17:32 . 2009-06-15 17:32 -------- d-----w- c:\programdata\narudinu
2009-06-08 01:59 . 2009-06-15 17:50 -------- d-----w- c:\programdata\wuyawatu
2009-06-08 01:59 . 2009-06-08 01:59 -------- d-----w- c:\programdata\bajiyaje
2009-06-07 13:59 . 2009-06-07 19:31 -------- d-----w- c:\programdata\tesifeke
2009-06-07 13:59 . 2009-06-07 13:59 -------- d-----w- c:\programdata\beruvufi
2009-06-07 01:59 . 2009-06-07 02:20 -------- d-----w- c:\programdata\malekijo
2009-06-07 01:59 . 2009-06-07 01:59 -------- d-----w- c:\programdata\tehofina
2009-06-06 13:59 . 2009-06-06 13:59 -------- d-----w- c:\programdata\juzarifo
2009-06-06 13:59 . 2009-06-06 14:20 -------- d-----w- c:\programdata\javasila
2009-06-06 01:59 . 2009-06-06 02:20 -------- d-----w- c:\programdata\faseholu
2009-06-06 01:59 . 2009-06-06 01:59 -------- d-----w- c:\programdata\gebetepe
2009-06-05 13:59 . 2009-06-05 14:20 -------- d-----w- c:\programdata\nobagadu
2009-06-05 13:59 . 2009-06-05 13:59 -------- d-----w- c:\programdata\benikobu
2009-06-05 01:59 . 2009-06-05 02:20 -------- d-----w- c:\programdata\golopate
2009-06-05 01:59 . 2009-06-05 01:59 -------- d-----w- c:\programdata\zeniyuda
2009-06-04 13:59 . 2009-06-04 14:20 -------- d-----w- c:\programdata\kegawapi
2009-06-04 13:59 . 2009-06-04 13:59 -------- d-----w- c:\programdata\vidiwupu
2009-06-04 01:59 . 2009-06-04 02:20 -------- d-----w- c:\programdata\bolizimo
2009-06-04 01:59 . 2009-06-04 01:59 -------- d-----w- c:\programdata\ropepenu
2009-06-03 13:59 . 2009-06-03 14:21 -------- d-----w- c:\programdata\jupozife
2009-06-03 13:59 . 2009-06-03 13:59 -------- d-----w- c:\programdata\sasoliha
2009-06-03 01:59 . 2009-06-03 01:59 -------- d-----w- c:\programdata\bekoduya
2009-06-03 01:59 . 2009-06-03 01:59 -------- d-----w- c:\programdata\pivumuwe
2009-06-02 00:40 . 2009-06-02 00:40 -------- d-----w- c:\programdata\rehotiza
2009-06-02 00:40 . 2009-06-02 00:40 -------- d-----w- c:\programdata\yejedotu
2009-06-01 05:17 . 2009-06-01 05:18 -------- d-----w- c:\programdata\gozuwupi
2009-06-01 05:17 . 2009-06-01 05:17 -------- d-----w- c:\programdata\muwuhare
2009-05-31 17:17 . 2009-05-31 17:18 -------- d-----w- c:\programdata\doluwuhi
2009-05-31 17:17 . 2009-05-31 17:17 -------- d-----w- c:\programdata\kimupabe
2009-05-31 02:05 . 2009-05-31 02:06 -------- d-----w- c:\programdata\tajojeti
2009-05-31 02:05 . 2009-05-31 02:05 -------- d-----w- c:\programdata\zupejaku
2009-05-27 23:56 . 2009-05-27 23:56 -------- d-----w- c:\programdata\tefifohi
2009-05-27 23:56 . 2009-05-27 23:56 -------- d-----w- c:\programdata\begimepo
2009-05-27 01:18 . 2009-06-15 17:34 -------- d-----w- c:\programdata\tezekura
2009-05-27 01:18 . 2009-06-15 17:34 -------- d-----w- c:\programdata\ripodefe
2009-05-27 01:18 . 2009-06-15 17:34 -------- d-----w- c:\programdata\guditowi
2009-05-27 01:16 . 2009-05-27 01:16 -------- d-----w- c:\programdata\fihiyota
2009-05-27 01:16 . 2009-05-27 01:16 -------- d-----w- c:\programdata\hejapive
2009-05-27 01:16 . 2009-05-27 01:16 -------- d-----w- c:\programdata\dewulale
2009-05-26 01:20 . 2009-05-31 02:28 -------- d-----w- c:\programdata\sozifeli
2009-05-26 01:20 . 2009-05-26 01:20 -------- d-----w- c:\programdata\derahihu
2009-05-25 13:20 . 2009-05-25 13:42 -------- d-----w- c:\programdata\hasimire
2009-05-25 13:20 . 2009-05-25 13:20 -------- d-----w- c:\programdata\furakalu
2009-05-25 01:20 . 2009-05-25 01:42 -------- d-----w- c:\programdata\fahuhuli
2009-05-25 01:20 . 2009-05-25 01:20 -------- d-----w- c:\programdata\tafenugo
2009-05-24 13:20 . 2009-05-24 13:41 -------- d-----w- c:\programdata\yosohede
2009-05-24 13:20 . 2009-05-24 13:20 -------- d-----w- c:\programdata\vajarusu
2009-05-24 01:20 . 2009-05-24 01:20 -------- d-----w- c:\programdata\nukavuso
2009-05-24 01:20 . 2009-05-24 01:20 -------- d-----w- c:\programdata\vulademu
2009-05-22 03:03 . 2009-05-22 03:03 -------- d-----w- c:\programdata\herutoho
2009-05-22 03:03 . 2009-05-22 03:03 -------- d-----w- c:\programdata\yezimuya
2009-05-21 01:43 . 2009-05-21 01:43 -------- d-----w- c:\programdata\dutudari
2009-05-21 01:43 . 2009-05-21 01:43 -------- d-----w- c:\programdata\kuwalobe
2009-05-19 23:41 . 2009-05-19 23:41 -------- d-----w- c:\programdata\riyijuvu
2009-05-19 23:41 . 2009-05-19 23:41 -------- d-----w- c:\programdata\yuniyuzi
2009-05-19 00:12 . 2009-05-24 01:42 -------- d-----w- c:\programdata\nalejida
2009-05-19 00:12 . 2009-05-19 00:12 -------- d-----w- c:\programdata\pijuvayo
2009-05-18 12:11 . 2009-05-18 12:33 -------- d-----w- c:\programdata\luvefupu
2009-05-18 12:11 . 2009-05-18 12:11 -------- d-----w- c:\programdata\linimufo
2009-05-18 00:11 . 2009-05-18 00:12 -------- d-----w- c:\programdata\nadubesu
2009-05-18 00:11 . 2009-05-18 00:11 -------- d-----w- c:\programdata\budipugu
2009-05-17 02:07 . 2009-05-17 02:07 -------- d-----w- c:\programdata\gumizoju
2009-05-17 02:07 . 2009-05-17 02:07 -------- d-----w- c:\programdata\dadirova

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 17:50 . 2009-05-02 04:33 -------- d-----w- c:\users\Trey\AppData\Roaming\Twain
2009-06-15 17:33 . 2009-03-15 17:32 48640 --sha-w- c:\programdata\yopisiwi\yopisiwi.dll
2009-06-15 17:32 . 2009-03-15 17:32 87040 --sha-w- c:\programdata\nunimoye\nunimoye.dll
2009-06-15 17:32 . 2009-03-15 17:32 79360 --sha-w- c:\programdata\tunuzode\tunuzode.dll
2009-06-15 17:32 . 2009-03-15 17:32 15360 --sha-w- c:\programdata\narudinu\narudinu.exe
2009-06-08 01:59 . 2009-03-08 01:59 88064 --sha-w- c:\programdata\bajiyaje\bajiyaje.dll
2009-06-07 13:59 . 2009-03-07 13:59 87552 --sha-w- c:\programdata\beruvufi\beruvufi.dll
2009-06-07 13:59 . 2009-03-07 13:59 80384 ------w- c:\programdata\tesifeke\tesifeke.dll
2009-06-07 01:59 . 2009-03-07 01:59 87040 --sha-w- c:\programdata\tehofina\tehofina.dll
2009-06-07 01:59 . 2009-03-07 01:59 80896 ------w- c:\programdata\malekijo\malekijo.dll
2009-06-06 13:59 . 2009-03-06 13:59 79360 ------w- c:\programdata\javasila\javasila.dll
2009-06-06 13:59 . 2009-03-06 13:59 87552 --sha-w- c:\programdata\juzarifo\juzarifo.dll
2009-06-06 01:59 . 2009-03-06 01:59 87552 --sha-w- c:\programdata\gebetepe\gebetepe.dll
2009-06-06 01:59 . 2009-03-06 01:59 80384 ------w- c:\programdata\faseholu\faseholu.dll
2009-06-05 13:59 . 2009-03-05 13:59 80384 ------w- c:\programdata\nobagadu\nobagadu.dll
2009-06-05 13:59 . 2009-03-05 13:59 88576 --sha-w- c:\programdata\benikobu\benikobu.dll
2009-06-05 01:59 . 2009-03-05 01:59 80384 ------w- c:\programdata\golopate\golopate.dll
2009-06-05 01:59 . 2009-03-05 01:59 88576 --sha-w- c:\programdata\zeniyuda\zeniyuda.dll
2009-06-04 13:59 . 2009-03-04 13:59 80384 ------w- c:\programdata\kegawapi\kegawapi.dll
2009-06-04 13:59 . 2009-03-04 13:59 88576 --sha-w- c:\programdata\vidiwupu\vidiwupu.dll
2009-06-04 05:52 . 2008-11-04 05:54 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-04 01:59 . 2009-03-04 01:59 87040 --sha-w- c:\programdata\ropepenu\ropepenu.dll
2009-06-04 01:59 . 2009-03-04 01:59 80384 ------w- c:\programdata\bolizimo\bolizimo.dll
2009-06-03 13:59 . 2009-03-03 13:59 87040 --sha-w- c:\programdata\sasoliha\sasoliha.dll
2009-06-03 13:59 . 2009-03-03 13:59 80384 ------w- c:\programdata\jupozife\jupozife.dll
2009-06-03 01:59 . 2009-03-03 01:59 87040 --sha-w- c:\programdata\pivumuwe\pivumuwe.dll
2009-06-03 01:59 . 2009-03-03 01:59 80896 --sha-w- c:\programdata\bekoduya\bekoduya.dll
2009-06-02 00:40 . 2009-03-02 00:40 88064 --sha-w- c:\programdata\yejedotu\yejedotu.dll
2009-06-02 00:40 . 2009-03-02 00:40 80384 --sha-w- c:\programdata\rehotiza\rehotiza.dll
2009-06-01 05:17 . 2009-03-01 05:17 88576 --sha-w- c:\programdata\muwuhare\muwuhare.dll
2009-06-01 05:17 . 2009-03-01 05:17 79360 ------w- c:\programdata\gozuwupi\gozuwupi.dll
2009-05-31 17:17 . 1601-01-01 00:12 88576 --sha-w- c:\programdata\kimupabe\kimupabe.dll
2009-05-31 17:17 . 1601-01-01 00:12 79360 --sha-w- c:\programdata\doluwuhi\doluwuhi.dll
2009-05-31 02:05 . 1601-01-01 00:12 88576 --sha-w- c:\programdata\zupejaku\zupejaku.dll
2009-05-31 02:05 . 1601-01-01 00:12 79360 --sha-w- c:\programdata\tajojeti\tajojeti.dll
2009-05-27 23:56 . 2009-02-27 23:56 88064 --sha-w- c:\programdata\begimepo\begimepo.dll
2009-05-27 23:56 . 2009-02-27 23:56 80384 --sha-w- c:\programdata\tefifohi\tefifohi.dll
2009-05-27 01:18 . 2009-05-06 16:51 -------- d-----w- c:\programdata\yigenomo
2009-05-27 01:18 . 2009-05-06 16:51 -------- d-----w- c:\programdata\piwuporo
2009-05-27 01:18 . 2009-05-06 16:51 -------- d-----w- c:\programdata\gavuvabu
2009-05-27 01:17 . 2009-02-27 01:16 49152 --sha-w- c:\programdata\hejapive\hejapive.dll
2009-05-27 01:16 . 2009-02-27 01:16 87040 --sha-w- c:\programdata\dewulale\dewulale.dll
2009-05-27 01:16 . 2009-02-27 01:16 80896 --sha-w- c:\programdata\fihiyota\fihiyota.dll
2009-05-26 01:20 . 2009-02-26 01:20 87552 --sha-w- c:\programdata\derahihu\derahihu.dll
2009-05-26 01:20 . 2009-02-26 01:20 78848 ------w- c:\programdata\sozifeli\sozifeli.dll
2009-05-25 13:20 . 2009-02-25 13:20 87552 --sha-w- c:\programdata\furakalu\furakalu.dll
2009-05-25 13:20 . 2009-02-25 13:20 78848 ------w- c:\programdata\hasimire\hasimire.dll
2009-05-25 01:20 . 2009-02-25 01:20 87552 --sha-w- c:\programdata\tafenugo\tafenugo.dll
2009-05-25 01:20 . 2009-02-25 01:20 78848 ------w- c:\programdata\fahuhuli\fahuhuli.dll
2009-05-24 13:20 . 2009-02-24 13:20 78848 ------w- c:\programdata\yosohede\yosohede.dll
2009-05-24 13:20 . 2009-02-24 13:20 87552 --sha-w- c:\programdata\vajarusu\vajarusu.dll
2009-05-24 01:20 . 2009-02-24 01:20 87552 --sha-w- c:\programdata\vulademu\vulademu.dll
2009-05-24 01:20 . 2009-02-24 01:20 78848 --sha-w- c:\programdata\nukavuso\nukavuso.dll
2009-05-22 03:03 . 2009-02-22 03:03 78848 --sha-w- c:\programdata\herutoho\herutoho.dll
2009-05-22 03:03 . 2009-02-22 03:03 87552 --sha-w- c:\programdata\yezimuya\yezimuya.dll
2009-05-21 01:43 . 2009-02-21 01:43 87552 --sha-w- c:\programdata\kuwalobe\kuwalobe.dll
2009-05-21 01:43 . 2009-02-21 01:43 78848 --sha-w- c:\programdata\dutudari\dutudari.dll
2009-05-19 23:41 . 2009-02-19 23:41 87552 --sha-w- c:\programdata\yuniyuzi\yuniyuzi.dll
2009-05-19 23:41 . 2009-02-19 23:41 78848 --sha-w- c:\programdata\riyijuvu\riyijuvu.dll
2009-05-19 00:12 . 2009-02-19 00:12 87552 --sha-w- c:\programdata\pijuvayo\pijuvayo.dll
2009-05-19 00:12 . 2009-02-19 00:12 78848 ------w- c:\programdata\nalejida\nalejida.dll
2009-05-18 12:12 . 2009-02-18 12:11 87552 --sha-w- c:\programdata\linimufo\linimufo.dll
2009-05-18 12:12 . 2009-02-18 12:11 78848 ------w- c:\programdata\luvefupu\luvefupu.dll
2009-05-18 00:33 . 2009-05-14 00:25 -------- d-----w- c:\programdata\risikaru
2009-05-18 00:11 . 2009-02-18 00:11 78848 --sha-w- c:\programdata\nadubesu\nadubesu.dll
2009-05-18 00:11 . 2009-02-18 00:11 87552 --sha-w- c:\programdata\budipugu\budipugu.dll
2009-05-17 02:07 . 2009-02-17 02:07 87552 --sha-w- c:\programdata\dadirova\dadirova.dll
2009-05-17 02:07 . 2009-02-17 02:07 78848 --sha-w- c:\programdata\gumizoju\gumizoju.dll
2009-05-14 23:46 . 2009-05-14 23:46 -------- d-----w- c:\programdata\yubiyufo
2009-05-14 23:46 . 2009-02-14 23:46 88064 --sha-w- c:\programdata\difoyuro\difoyuro.dll
2009-05-14 23:46 . 2009-02-14 23:46 79872 --sha-w- c:\programdata\yubiyufo\yubiyufo.dll
2009-05-14 23:46 . 2009-05-14 23:46 -------- d-----w- c:\programdata\difoyuro
2009-05-14 00:25 . 2009-02-14 00:25 88064 --sha-w- c:\programdata\gihemitu\gihemitu.dll
2009-05-14 00:25 . 2009-02-14 00:25 79872 ------w- c:\programdata\risikaru\risikaru.dll
2009-05-14 00:25 . 2009-05-14 00:25 -------- d-----w- c:\programdata\gihemitu
2009-05-13 12:48 . 2009-05-13 12:27 -------- d-----w- c:\programdata\kozanawi
2009-05-13 12:27 . 2009-02-13 12:27 80384 ------w- c:\programdata\kozanawi\kozanawi.dll
2009-05-13 12:27 . 2009-02-13 12:27 86528 --sha-w- c:\programdata\fuzahuyi\fuzahuyi.dll
2009-05-13 12:27 . 2009-02-13 12:27 52224 --sha-w- c:\programdata\yodunika\yodunika.exe
2009-05-13 12:27 . 2009-05-13 12:27 -------- d-----w- c:\programdata\yodunika
2009-05-13 12:27 . 2009-05-13 12:27 -------- d-----w- c:\programdata\fuzahuyi
2009-05-13 00:43 . 2009-05-13 00:22 -------- d-----w- c:\programdata\woborugu
2009-05-13 00:22 . 2009-02-13 00:22 87552 --sha-w- c:\programdata\kegorafa\kegorafa.dll
2009-05-13 00:22 . 2009-02-13 00:22 79872 ------w- c:\programdata\woborugu\woborugu.dll
2009-05-13 00:22 . 2009-05-13 00:22 -------- d-----w- c:\programdata\kegorafa
2009-05-12 12:43 . 2009-05-12 12:22 -------- d-----w- c:\programdata\bubukuwa
2009-05-12 12:22 . 2009-02-12 12:22 88064 --sha-w- c:\programdata\bozakita\bozakita.dll
2009-05-12 12:22 . 2009-02-12 12:22 80384 ------w- c:\programdata\bubukuwa\bubukuwa.dll
2009-05-12 12:22 . 2009-05-12 12:22 -------- d-----w- c:\programdata\bozakita
2009-05-12 00:47 . 2009-05-12 00:22 -------- d-----w- c:\programdata\midogiru
2009-05-12 00:22 . 2009-05-11 04:50 -------- d-----w- c:\programdata\madubiha
2009-05-12 00:22 . 2009-02-12 00:22 88064 --sha-w- c:\programdata\garowori\garowori.dll
2009-05-12 00:22 . 2009-02-12 00:22 80384 ------w- c:\programdata\midogiru\midogiru.dll
2009-05-12 00:22 . 2009-05-12 00:22 -------- d-----w- c:\programdata\garowori
2009-05-11 04:50 . 2009-02-11 04:50 80384 --sha-w- c:\programdata\madubiha\madubiha.dll
2009-05-11 04:50 . 2009-02-11 04:50 88064 --sha-w- c:\programdata\mivekele\mivekele.dll
2009-05-11 04:50 . 2009-05-11 04:50 -------- d-----w- c:\programdata\mivekele
2009-05-11 02:21 . 2009-05-11 02:21 740452 ----a-w- c:\programdata\Lavasoft\Ad-Aware\ThreatWork\Submit\DivX.dll
2009-05-11 02:21 . 2009-05-11 02:21 36868 ----a-w- c:\programdata\Lavasoft\Ad-Aware\ThreatWork\Submit\wsremover.exe
2009-05-10 22:35 . 2009-05-10 22:34 -------- d-----w- c:\programdata\Lavasoft
2008-01-18 06:30 . 2008-01-18 06:29 24 --sh--w- c:\windows\S5AFF009C.tmp
2007-08-18 19:42 . 2007-08-18 19:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-03 486856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-07 3321856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CPMd33d6869"="c:\programdata\nunimoye\nunimoye.dll" [2009-06-15 87040]
"rihazologo"="c:\programdata\ronizuzu\ronizuzu.dll" [2009-03-15 48640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-08-18 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-03-26 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8E1F084E-3E97-47DB-BC2E-D08ECA302950}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F2D1309C-35AF-430A-9552-D2D6A418180C}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C3202D3C-685C-4C35-BFA2-B75822C29F03}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{5146EE2D-0C73-4DF2-8B2E-4C0C45FEBD9B}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{167C3818-F85F-465B-ACC8-86F056C0E78E}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{4A6C253A-5FBB-4D6B-BE3D-C0EA4CACD9C0}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{E40505B9-CABC-44C5-B701-FD6E90128DE2}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{1CE9A535-6367-4C3A-B91B-7E8D74510F3C}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{B07DD7C5-91DF-4F0F-B988-C9748F25538B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9166A9F9-F6CD-4CBE-8560-EC76EAB7053B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E6558926-805F-4556-8C08-68B30AA3DC5D}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{BCF7D5FD-5EB2-4C15-ADDC-9AFC719BDA6E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{290503A6-9841-4589-8640-5A7981060617}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{91092B22-D939-4FBD-B04F-77CBC2D89B5B}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{0696A41F-1695-491D-9ED5-D05CA3148051}c:\\program files\\steam\\steamapps\\trevski86\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\trevski86\counter-strike source\hl2.exe:hl2
"UDP Query User{1851E940-060D-4A04-A5C7-4423F18D57C3}c:\\program files\\steam\\steamapps\\trevski86\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\trevski86\counter-strike source\hl2.exe:hl2
"TCP Query User{AA7D7A45-6CAC-4DCE-935C-8379F65984C3}c:\\program files\\google\\google desktop search\\googledesktop.exe"= UDP:c:\program files\google\google desktop search\googledesktop.exe:Google Desktop
"UDP Query User{F32B579B-7B00-4C2E-8178-8FA8B877BE77}c:\\program files\\google\\google desktop search\\googledesktop.exe"= TCP:c:\program files\google\google desktop search\googledesktop.exe:Google Desktop
"TCP Query User{17AF9179-BCF7-4999-89F1-118DDF8080B3}c:\\users\\trey\\downloads\\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe"= UDP:c:\users\trey\downloads\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe:wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe
"UDP Query User{7ABA4360-2913-4DC7-BB2B-71577DCC6261}c:\\users\\trey\\downloads\\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe"= TCP:c:\users\trey\downloads\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe:wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe
"TCP Query User{42CD0786-1513-4E2B-ABE5-2F797622F18A}c:\\program files\\world of warcraft\\wowtest\\wow-0.2.0.7261-to-0.2.0.7272-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wowtest\wow-0.2.0.7261-to-0.2.0.7272-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B4BD4D45-9FB6-4D22-9256-5E0E4FF69922}c:\\program files\\world of warcraft\\wowtest\\wow-0.2.0.7261-to-0.2.0.7272-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wowtest\wow-0.2.0.7261-to-0.2.0.7272-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B24875F9-1FD7-4841-A8F0-7D1163EB6966}c:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe:Blizzard Downloader
"UDP Query User{136314CD-BBAA-4A8A-97FB-F76D1D02E99E}c:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe:Blizzard Downloader
"TCP Query User{C26090AE-F354-4511-9B60-019AF02289C7}c:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"UDP Query User{5FCAB1B0-4B2E-4CBB-B828-F62991D3FADB}c:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"TCP Query User{405944D1-8494-42A9-9EF5-2B888A38C765}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{4D1B023E-8304-4A73-8677-3D880E69A8D2}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{7FD7251E-3BB8-4F09-B890-F7669011B805}c:\\program files\\steam\\steam.exe"= UDP:c:\program files\steam\steam.exe:Steam
"UDP Query User{7FDABF68-1527-4458-99AC-7CB56DBEC622}c:\\program files\\steam\\steam.exe"= TCP:c:\program files\steam\steam.exe:Steam
"TCP Query User{6D2B0D27-C802-4BB1-B1C7-FEC3333A43C5}c:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"UDP Query User{69FBE195-356F-4D83-813D-9EC309480F28}c:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"TCP Query User{33AC3A77-BC42-4F6A-930B-E55CD8253D69}c:\\users\\trey\\downloads\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe"= UDP:c:\users\trey\downloads\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe
"UDP Query User{7C319B3D-10A4-403D-B019-99045FAAD897}c:\\users\\trey\\downloads\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe"= TCP:c:\users\trey\downloads\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe
"TCP Query User{8A863FCB-7CCB-4A46-960C-430370950024}c:\\program files\\world of warcraft\\wowtest\\wow-0.3.0.7521-to-0.3.0.7543-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wowtest\wow-0.3.0.7521-to-0.3.0.7543-enus-downloader.exe:Blizzard Downloader
"UDP Query User{66A702AC-3053-4911-95EE-377B7E182D26}c:\\program files\\world of warcraft\\wowtest\\wow-0.3.0.7521-to-0.3.0.7543-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wowtest\wow-0.3.0.7521-to-0.3.0.7543-enus-downloader.exe:Blizzard Downloader
"TCP Query User{45CDFF0C-9477-4A3F-81D2-2CD33BEC621C}c:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{7BEE3A9E-9FEE-45D8-A98F-100E037E9410}c:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"TCP Query User{33537018-4A7A-40EF-B565-1AC63D84A511}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{17A3CD06-B668-49AB-9136-BDC1E07CA9B4}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{DB1275EF-F2FA-453C-992B-55CE370E5FFE}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{D631F8FC-09E6-4AEE-9D2D-CFE50F25F301}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{2FA57A49-7A37-467C-A073-5CDC3ABD835D}c:\\program files\\warcraft iii\\v1.21a loader\\files\\war3.exe"= UDP:c:\program files\warcraft iii\v1.21a loader\files\war3.exe:Warcraft III
"UDP Query User{5C35AC86-AE32-438A-9416-5FEC9DD7CD58}c:\\program files\\warcraft iii\\v1.21a loader\\files\\war3.exe"= TCP:c:\program files\warcraft iii\v1.21a loader\files\war3.exe:Warcraft III
"{841FB9EE-6FC7-4CB3-8D8F-041F53A3A3BE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9F546E80-3F44-4B66-BF27-892BB28E0FFF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{06EFB219-FB15-4344-9875-62379A9EC3C0}c:\\program files\\steam\\steamapps\\trevski86\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\trevski86\counter-strike source\hl2.exe:hl2
"UDP Query User{F846ECD8-A448-4BA4-ACE1-08CF108DF5A3}c:\\program files\\steam\\steamapps\\trevski86\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\trevski86\counter-strike source\hl2.exe:hl2
"{BFB170BA-C782-40DE-94C1-F9E934A87976}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8526165E-0518-4748-9976-906AB4393E33}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{158CA43A-30C6-4997-A2F4-8CF5094595B1}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{1138E38A-7A63-470F-8586-8FDCF9153C40}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{7590710F-1484-4277-9F9B-16376FAFD08D}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{09B7F1E0-7A54-49A5-A383-741E997E8E5D}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{3351DCCF-11FB-481A-9ED2-A7A4B990A2F2}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{1841AA84-F9F4-47A1-9EE0-8913FE4E6C42}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{EA41E006-1201-4B68-9ADF-DBF45866C581}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{B39E8118-3FC4-4BC2-BF69-B76D876B7DB1}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{31B96E05-5294-4694-8C1E-B4F6A48F56B3}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{CEBCB4E1-3F06-44F4-BB8F-3A05BA067AC9}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{815C86FF-8783-4485-812C-BA9E347B89DD}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"TCP Query User{6D1681EC-650F-49CF-BAD3-1A17A0F16DC0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{21EB954B-3E4F-463D-9D03-8593E33D45B6}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/05/2009 3:35 PM 64160]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [29/10/2006 6:03 AM 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 12:06 PM 951632]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [27/09/2006 1:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [19/10/2006 12:49 PM 7424]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [18/08/2007 5:00 AM 5504]
.
Contents of the 'Scheduled Tasks' folder

2009-06-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2008-09-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-pidle - c:\users\Trey\AppData\Roaming\pidle\pidle.exe
HKCU-Run-DigiFast - c:\users\Trey\AppData\Roaming\digifast\digifast.exe
HKCU-Run-d00e5bf5 - c:\programdata\wuyawatu\wuyawatu.dll


.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Trey\AppData\Roaming\Mozilla\Firefox\Profiles\ktmjaw7s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.canada.com/vancouversun/index.html
FF - component: c:\users\Trey\AppData\Roaming\Mozilla\Firefox\Profiles\ktmjaw7s.default\extensions\{ddb7e7f0-96e4-11dd-ad8b-0800200c9a66}\components\dfff.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 10:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Trey\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-15 11:11
ComboFix-quarantined-files.txt 2009-06-15 18:11

Pre-Run: 66,219,339,776 bytes free
Post-Run: 67,284,033,536 bytes free

392 --- E O F --- 2009-01-14 11:01

#6 ssdime

ssdime
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 16 June 2009 - 12:30 PM

I am going to be away for a few days this week. I am back on thursday so dont expect a reply until then thanks.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 17 June 2009 - 05:40 PM

Hello.

I'll close this topic and once you come back, please shoot me a PM and I'll re-open the topic for you so we can continue. :thumbup2:

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users