Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix


  • This topic is locked This topic is locked
1 reply to this topic

#1 wasige

wasige

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 17 June 2009 - 02:05 PM

i just ran a combo fix and it instructed me to seek help on this forum. can anyone read this and tell me what i need to fix please? thank


ComboFix 09-06-16.05 - Owner 06/17/2009 12:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2047.1494 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Uninstall Fun Web Products.dll
c:\users\Owner\Documents\My Documents.url
c:\windows\hosts
c:\windows\lmhosts
c:\windows\SW_Win2146X32.DLL
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\gxvxcqkoenreiimpfimsdoyjcuybbblovspxt.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcqpcoviipdbwoxaqmhxcfmsennuiqrxty.dll
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-17 18:51 . 2009-06-17 18:51 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-06-17 18:51 . 2009-06-17 18:51 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-06-17 18:06 . 2009-06-17 18:06 -------- d-----w- c:\users\Owner\AppData\Local\CyberDefender Internet Security
2009-06-17 16:30 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-06-17 16:29 . 2009-06-17 16:29 -------- d-----w- c:\program files\BullGuard Ltd
2009-06-17 15:48 . 2009-06-17 18:41 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-17 15:48 . 2009-06-17 18:41 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-17 15:45 . 2009-06-17 15:45 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-17 15:45 . 2009-06-17 18:42 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-17 14:00 . 2009-06-17 14:00 62464 ----a-w- c:\programdata\BullGuard\Quarantine\kafuyora.exe
2009-06-17 13:57 . 2009-06-17 13:57 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-17 04:30 . 2009-06-17 04:30 -------- d-----w- c:\programdata\labilumu
2009-06-16 18:42 . 2009-06-17 16:35 -------- d-----w- c:\programdata\BullGuard
2009-06-16 18:41 . 2009-06-17 18:07 -------- d-----w- c:\users\Owner\AppData\Roaming\BullGuard
2009-06-16 10:30 . 2009-06-16 10:30 -------- d-----w- c:\programdata\tuzufiri
2009-06-16 10:30 . 2009-06-17 13:44 -------- d-----w- c:\programdata\doyuperu
2009-06-16 10:30 . 2009-06-16 10:30 -------- d-----w- c:\programdata\womemohe
2009-06-16 10:30 . 2009-06-16 10:30 -------- d-----w- c:\programdata\jubuzoda
2009-06-16 10:30 . 2009-06-16 10:30 -------- d-----w- c:\programdata\fumudome
2009-06-15 22:29 . 2009-06-15 22:29 -------- d-----w- c:\programdata\mepulosa
2009-06-15 22:29 . 2009-06-17 13:44 -------- d-----w- c:\programdata\wehohuki
2009-06-15 22:29 . 2009-06-17 13:33 -------- d-----w- c:\programdata\yezohoji
2009-06-15 22:29 . 2009-06-15 22:29 -------- d-----w- c:\programdata\dajikibu
2009-06-15 22:29 . 2009-06-15 22:29 -------- d-----w- c:\programdata\nekutefi
2009-06-15 19:51 . 2009-06-15 19:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-15 10:30 . 2009-06-15 10:30 -------- d-----w- c:\programdata\tasadevi
2009-06-14 16:28 . 2009-06-14 16:28 -------- d-----w- c:\programdata\mulukenu
2009-06-13 22:25 . 2009-06-13 22:25 -------- d-----w- c:\programdata\vipurogi
2009-06-13 04:23 . 2009-06-13 04:23 -------- d-----w- c:\programdata\dizolade
2009-06-12 10:18 . 2009-06-12 10:18 -------- d-----w- c:\programdata\pawafilo
2009-06-11 16:16 . 2009-06-17 13:33 -------- d-----w- c:\programdata\wojigovu
2009-06-11 16:16 . 2009-06-17 13:33 -------- d-----w- c:\programdata\lizatefa
2009-06-11 04:16 . 2009-06-11 04:16 -------- d-----w- c:\programdata\jozafuze
2009-06-10 10:13 . 2009-06-17 13:33 -------- d-----w- c:\programdata\tusiheku
2009-06-10 10:13 . 2009-06-17 13:33 -------- d-----w- c:\programdata\bapofofe
2009-06-09 22:23 . 2009-06-09 22:23 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-09 22:13 . 2009-06-17 13:33 -------- d-----w- c:\programdata\suwuwari
2009-06-09 22:13 . 2009-06-17 13:33 -------- d-----w- c:\programdata\hekonala
2009-06-09 09:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\ruweseli
2009-06-09 09:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\hejubuyi
2009-06-08 21:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\povunaho
2009-06-08 21:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\nezelibi
2009-06-08 09:42 . 2009-06-17 13:33 -------- d-----w- c:\programdata\paselilu
2009-06-08 09:42 . 2009-06-17 13:33 -------- d-----w- c:\programdata\bakifisu
2009-06-07 21:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\wonemawa
2009-06-07 21:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\bozadosu
2009-06-07 09:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\runafame
2009-06-07 09:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\linifuzu
2009-06-06 21:41 . 2009-06-06 21:41 -------- d-----w- c:\programdata\renukahi
2009-06-06 21:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\lomakata
2009-06-06 12:33 . 2009-06-06 12:41 -------- d-----w- c:\users\Owner\MOVIES
2009-06-06 09:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\godudona
2009-06-06 09:41 . 2009-06-17 13:33 -------- d-----w- c:\programdata\gawosige
2009-06-05 21:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\vobulite
2009-06-05 21:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\bumikogi
2009-06-05 09:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\munubigu
2009-06-05 09:40 . 2009-06-05 09:40 -------- d-----w- c:\programdata\diveredi
2009-06-04 21:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\beyamata
2009-06-04 21:40 . 2009-06-04 21:40 -------- d-----w- c:\programdata\wopeneda
2009-06-04 21:40 . 2009-06-04 21:40 -------- d-----w- c:\programdata\kemomupi
2009-06-04 09:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\rubepusa
2009-06-04 09:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\ketosegi
2009-06-04 09:40 . 2009-06-04 09:40 -------- d-----w- c:\programdata\loguteyu
2009-06-03 21:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\kimakaru
2009-06-03 21:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\dodohovo
2009-06-03 21:40 . 2009-06-03 21:40 -------- d-----w- c:\programdata\jibogosu
2009-06-03 08:43 . 2009-06-03 08:43 -------- d-----w- c:\programdata\zodipibe
2009-06-02 14:42 . 2009-06-02 14:42 -------- d-----w- c:\programdata\sekunara
2009-06-02 14:42 . 2009-06-02 14:42 -------- d-----w- c:\programdata\lavufanu
2009-06-02 14:41 . 2009-06-02 14:41 -------- d-----w- c:\programdata\zasiyugi
2009-06-01 20:36 . 2009-06-17 13:33 -------- d-----w- c:\programdata\misiruvu
2009-06-01 20:36 . 2009-06-17 13:33 -------- d-----w- c:\programdata\kalepopo
2009-06-01 08:36 . 2009-06-17 13:33 -------- d-----w- c:\programdata\vomusuna
2009-06-01 08:36 . 2009-06-17 13:33 -------- d-----w- c:\programdata\ganazohe
2009-05-31 20:35 . 2009-06-17 13:33 -------- d-----w- c:\programdata\lenoruta
2009-05-31 20:35 . 2009-06-17 13:33 -------- d-----w- c:\programdata\besigaza
2009-05-31 05:15 . 2009-06-17 13:33 -------- d-----w- c:\programdata\wiwuzoza
2009-05-31 05:15 . 2009-06-17 13:33 -------- d-----w- c:\programdata\kavanaga
2009-05-30 17:15 . 2009-06-17 13:33 -------- d-----w- c:\programdata\nutuhunu
2009-05-30 17:15 . 2009-06-17 13:33 -------- d-----w- c:\programdata\dokakuru
2009-05-30 04:06 . 2009-06-17 13:33 -------- d-----w- c:\programdata\yamihimo
2009-05-30 04:06 . 2009-06-17 13:33 -------- d-----w- c:\programdata\vodademo
2009-05-29 16:06 . 2009-06-17 13:33 -------- d-----w- c:\programdata\yagepodo
2009-05-29 16:06 . 2009-06-17 13:33 -------- d-----w- c:\programdata\rafaweti
2009-05-28 23:47 . 2009-06-17 13:33 -------- d-----w- c:\programdata\kakijigu
2009-05-28 23:47 . 2009-06-17 13:33 -------- d-----w- c:\programdata\gahejeyu
2009-05-27 22:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\vajezinu
2009-05-27 22:40 . 2009-06-17 13:33 -------- d-----w- c:\programdata\fopelene
2009-05-27 22:40 . 2009-05-27 22:40 -------- d-----w- c:\programdata\hovogove
2009-05-27 21:09 . 2009-05-27 21:30 -------- d-----w- C:\swsetup
2009-05-27 10:39 . 2009-06-17 13:33 -------- d-----w- c:\programdata\wutivoba
2009-05-27 10:39 . 2009-05-27 10:40 -------- d-----w- c:\programdata\welatili
2009-05-27 10:39 . 2009-06-17 13:33 -------- d-----w- c:\programdata\zadimeve
2009-05-26 22:17 . 2009-06-17 13:33 -------- d-----w- c:\programdata\ritupeja
2009-05-26 22:17 . 2009-06-17 13:33 -------- d-----w- c:\programdata\kowavelo
2009-05-26 22:17 . 2009-05-26 22:17 -------- d-----w- c:\programdata\batusoka
2009-05-26 10:16 . 2009-06-17 13:33 -------- d-----w- c:\programdata\kuzefawi
2009-05-26 10:16 . 2009-05-26 10:16 -------- d-----w- c:\programdata\wuyedawa
2009-05-26 02:32 . 2009-05-26 02:37 163767 ----a-w- c:\windows\hpqins00.dat
2009-05-25 21:04 . 2009-06-17 13:33 -------- d-----w- c:\programdata\narafeba
2009-05-25 21:04 . 2009-05-25 21:04 -------- d-----w- c:\programdata\nehaleti
2009-05-25 09:04 . 2009-06-17 13:33 -------- d-----w- c:\programdata\yovimuti
2009-05-25 09:04 . 2009-05-25 09:04 -------- d-----w- c:\programdata\tujiyivu
2009-05-24 21:04 . 2009-06-17 13:33 -------- d-----w- c:\programdata\norupeze
2009-05-24 21:04 . 2009-05-25 08:42 -------- d-----w- c:\programdata\loyuwisa
2009-05-24 04:32 . 2009-06-17 13:33 -------- d-----w- c:\programdata\fevugari
2009-05-24 04:32 . 2009-05-24 04:32 -------- d-----w- c:\programdata\dezonemu
2009-05-23 16:32 . 2009-06-17 13:33 -------- d-----w- c:\programdata\kudafane
2009-05-23 16:32 . 2009-05-23 16:32 -------- d-----w- c:\programdata\ririzaki
2009-05-23 04:31 . 2009-06-17 13:33 -------- d-----w- c:\programdata\fovibopi
2009-05-23 04:31 . 2009-05-23 04:31 -------- d-----w- c:\programdata\nivenane
2009-05-22 16:31 . 2009-06-17 13:33 -------- d-----w- c:\programdata\hifejavi
2009-05-22 16:31 . 2009-05-22 16:31 -------- d-----w- c:\programdata\topitavi
2009-05-22 04:30 . 2009-06-17 13:33 -------- d-----w- c:\programdata\bulilija
2009-05-22 04:30 . 2009-05-22 04:31 -------- d-----w- c:\programdata\batufuke
2009-05-21 16:30 . 2009-06-17 13:33 -------- d-----w- c:\programdata\yovasuji
2009-05-21 16:30 . 2009-05-21 16:30 -------- d-----w- c:\programdata\pefemizi
2009-05-21 04:30 . 2009-06-17 13:33 -------- d-----w- c:\programdata\yirayolu
2009-05-21 04:30 . 2009-05-21 04:30 -------- d-----w- c:\programdata\zayuluha
2009-05-20 16:30 . 2009-06-17 13:33 -------- d-----w- c:\programdata\pejatewi
2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w- c:\programdata\wehemeru
2009-05-20 06:03 . 2007-04-26 21:57 16904 ----a-w- c:\windows\system32\authuitu.dll
2009-05-20 06:03 . 2007-05-16 15:41 29704 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-20 06:02 . 2009-05-20 06:03 -------- d-----w- c:\program files\TuneUp Utilities 2007
2009-05-20 06:00 . 2009-05-20 06:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 18:41 . 2009-06-17 15:48 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-17 18:41 . 2009-06-17 15:48 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-17 18:41 . 2007-02-02 00:38 1513 ----a-w- c:\windows\bthservsdp.dat
2009-06-17 18:28 . 2007-06-15 03:26 -------- d-----w- c:\program files\CyberDefender
2009-06-17 15:38 . 2007-05-18 22:41 -------- d-----w- c:\program files\Trend Micro
2009-06-17 14:00 . 2009-06-17 14:00 50826 ----a-w- c:\programdata\BullGuard\Quarantine\kemomupi.dll
2009-06-17 13:44 . 2009-05-07 16:44 -------- d-----w- c:\programdata\gewigemo
2009-06-16 19:09 . 2009-04-16 05:19 -------- d-----w- c:\users\Owner\AppData\Roaming\SlimBrowser
2009-06-16 10:30 . 2009-03-16 10:30 15360 --sha-w- c:\programdata\fumudome\fumudome.exe
2009-06-15 22:29 . 2009-03-15 22:29 15360 --sha-w- c:\programdata\nekutefi\nekutefi.exe
2009-06-15 22:13 . 2007-02-02 01:00 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 10:56 . 2007-11-28 04:51 456 ----a-w- c:\users\Owner\AppData\Roaming\wklnhst.dat
2009-05-27 21:33 . 2007-02-02 00:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 21:11 . 2007-02-02 00:55 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-27 21:00 . 2007-07-09 01:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Image Zone Express
2009-05-24 21:05 . 2009-04-10 15:17 16384 ----a-w- c:\windows\DCEBoot.exe
2009-05-20 06:21 . 2009-04-23 18:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-18 15:51 . 2009-05-18 15:51 -------- d-----w- c:\programdata\weziroze
2009-05-18 09:13 . 2009-05-18 08:41 -------- d-----w- c:\program files\SlimBrowser
2009-05-18 08:30 . 2009-05-18 07:43 -------- d-----w- c:\program files\Flock
2009-05-18 08:29 . 2009-05-02 21:27 -------- d-----w- c:\program files\AVS4YOU
2009-05-18 08:29 . 2009-05-02 21:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-18 08:25 . 2009-04-12 05:29 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-18 08:20 . 2009-05-18 08:20 -------- d-----w- c:\programdata\Norton Installer
2009-05-18 07:44 . 2009-05-18 07:44 -------- d-----w- c:\users\Owner\AppData\Roaming\Flock
2009-05-18 06:51 . 2009-04-25 01:23 -------- d-----w- c:\program files\AbiSuite2
2009-05-17 22:28 . 2009-05-17 22:28 -------- d-----w- c:\programdata\metupuli
2009-05-17 19:18 . 2009-05-17 19:18 -------- d-----w- c:\programdata\wotimela
2009-05-17 18:55 . 2009-05-17 18:55 -------- d-----w- c:\programdata\hapafese
2009-05-17 18:33 . 2009-05-17 18:32 -------- d-----w- c:\programdata\lanabiya
2009-05-17 08:37 . 2009-05-17 00:19 -------- d-----w- c:\programdata\Microsoft Help
2009-05-17 08:31 . 2009-05-17 08:31 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-17 08:12 . 2009-04-10 01:25 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-17 06:13 . 2009-05-17 06:13 -------- d-----w- c:\programdata\kotakowe
2009-05-17 01:14 . 2009-05-17 01:14 -------- d-----w- c:\program files\Investintech.com Inc
2009-05-17 01:01 . 2009-05-17 01:01 -------- d-----w- c:\program files\Softinterface, Inc
2009-05-17 00:54 . 2007-05-18 22:21 108248 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-17 00:49 . 2009-05-16 23:55 -------- d-----w- c:\users\Owner\AppData\Roaming\GetRightToGo
2009-05-17 00:27 . 2009-05-17 00:27 -------- d-----w- c:\program files\Microsoft.NET
2009-05-16 23:38 . 2009-05-16 23:38 -------- d-----w- c:\users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-16 18:13 . 2009-05-16 18:13 -------- d-----w- c:\programdata\yajosofo
2009-05-16 03:00 . 2009-05-16 03:00 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 01:47 . 2009-05-13 15:33 -------- d-----w- c:\programdata\kabifoti
2009-05-14 01:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 20:57 . 2009-05-13 20:57 -------- d-----w- c:\program files\Microsoft
2009-05-13 20:57 . 2009-05-13 20:56 -------- d-----w- c:\program files\Windows Live
2009-05-13 20:57 . 2009-05-13 20:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-13 20:53 . 2009-05-13 20:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-09 04:45 . 2009-05-09 04:45 -------- d-----w- c:\programdata\tidujeki
2009-05-07 04:43 . 2009-05-07 04:43 -------- d-----w- c:\programdata\ruyopuse
2009-05-07 00:37 . 2009-05-07 00:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-05-07 00:37 . 2009-05-07 00:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-05-06 16:43 . 2009-05-06 16:43 -------- d-----w- c:\programdata\lojafuyu
2009-05-05 21:00 . 2009-05-17 01:01 811008 ----a-w- c:\windows\system32\tx15.dll
2009-05-05 16:43 . 2009-05-05 16:43 -------- d-----w- c:\programdata\semasowa
2009-05-04 11:30 . 2009-05-17 01:01 577536 ----a-w- c:\windows\system32\tx15_rtf.dll
2009-05-03 04:33 . 2009-05-03 04:33 -------- d-----w- c:\programdata\gizezomi
2009-05-02 21:28 . 2009-05-02 21:28 -------- d-----w- c:\users\Owner\AppData\Roaming\AVS4YOU
2009-05-02 21:28 . 2009-05-02 21:28 -------- d-----w- c:\programdata\AVS4YOU
2009-05-01 18:53 . 2009-05-17 01:01 1695744 ----a-w- c:\windows\system32\beconvlib.dll
2009-04-28 10:51 . 2009-04-28 10:51 87376 ----a-w- c:\windows\system32\BGLsp.dll
2009-04-25 17:23 . 2009-04-25 17:23 -------- d-----w- c:\programdata\pubinibu
2009-04-25 17:23 . 2009-04-25 17:23 -------- d-----w- c:\programdata\lesinayi
2009-04-24 07:10 . 2009-05-17 01:01 1069056 ----a-w- c:\windows\system32\tx15_dox.dll
2009-04-24 02:38 . 2009-04-20 18:30 -------- d-----w- c:\programdata\NOS
2009-04-24 02:38 . 2009-04-20 18:30 -------- d-----w- c:\program files\NOS
2009-04-23 18:49 . 2009-04-23 18:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-23 17:19 . 2009-04-23 17:19 -------- d-----w- c:\programdata\vozepuyo
2009-04-22 16:18 . 2009-04-22 16:18 -------- d-----w- c:\programdata\jigefuwi
2009-04-22 09:00 . 2009-05-17 01:01 626688 ----a-w- c:\windows\system32\tx15_htm.dll
2009-04-21 21:07 . 2009-04-21 21:07 -------- d-----w- c:\programdata\rowisofi
2009-04-17 11:20 . 2009-05-17 01:01 753664 ----a-w- c:\windows\system32\tx15_doc.dll
2009-04-12 05:34 . 2009-04-12 05:34 13025 ----a-w- c:\users\Owner\AppData\Roaming\nvModes.dat
2009-04-10 08:19 . 2009-04-10 08:19 0 ----a-w- c:\windows\nsreg.dat
2009-04-10 06:29 . 2009-04-10 06:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-07 08:06 . 2009-05-17 01:01 360448 ----a-w- c:\windows\system32\tx15_css.dll
2009-04-07 07:30 . 2009-05-17 01:01 655360 ----a-w- c:\windows\system32\tx15_pdf.dll
2009-04-06 18:25 . 2009-05-17 01:01 131072 ----a-w- c:\windows\system32\CSVSpecialProcessing.dll
2009-04-06 10:32 . 2009-04-06 10:32 19784 ----a-w- c:\windows\system32\BgOutlookHook.dll
2009-04-01 19:06 . 2009-04-01 19:06 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-30 09:32 . 2009-05-17 01:01 131072 ----a-w- c:\windows\system32\tx15_ic.dll
2009-03-23 12:07 . 2009-03-23 12:07 305688 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-03-23 12:07 . 2009-03-23 12:07 29208 ----a-w- c:\windows\system32\drivers\afw.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-19 12800]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-06-17 304464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-26 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-26 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-26 81920]
"PC Hardware Manager"="c:\program files\PC Hardware Manager\PCHardwareManager.exe" [2006-11-23 469504]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MRT"="c:\windows\system32\MRT.exe" [2009-05-07 24699336]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-06-17 304464]

c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Preload.lnk - c:\hp\bin\cloaker.exe [2007-2-1 27136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\Bin\hpqtra08.exe [2008-3-25 214360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-2-1 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"EarthLink2"= TCP:Profile=Private|Profile=Public|c:\program files\earthlink totalaccess\taskpanl.exe:taskpanl
"EarthLink1"= UDP:Profile=Private|Profile=Public|c:\program files\earthlink totalaccess\taskpanl.exe:taskpanl
"Backweb2"= TCP:Profile=Private|Profile=Public|c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"Backweb1"= UDP:Profile=Private|Profile=Public|c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"TCP Query User{F4D55306-8126-4A3B-BDCD-4A6A3939770F}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{26F425CB-1475-4785-A3C6-6634B2B07B8F}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [1/29/2008 5:29 PM 32784]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [3/23/2009 6:07 AM 29208]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [7/9/2008 5:28 PM 20496]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [6/17/2009 10:30 AM 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [6/23/2008 11:51 PM 21504]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [6/23/2008 11:51 PM 21504]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [6/23/2008 11:51 PM 21504]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [3/21/2007 5:25 PM 548488]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [3/23/2009 6:07 AM 305688]
R3 asusledbt;ASUS Bluetooth LED Device Driver;c:\windows\System32\drivers\asusledbt.sys [2/1/2007 6:49 PM 24880]
R3 athrusb;XPC 802.11b/g Wireless Kit Driver;c:\windows\System32\drivers\athrusb.sys [12/22/2006 9:05 PM 449536]
R3 CFXPDisplayName;CFXPDisplayName;c:\windows\System32\drivers\CFACPI.sys [2/1/2007 6:32 PM 7680]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\System32\drivers\hcw18bda.sys [4/18/2007 5:30 PM 366080]
S3 ar5524;Atheros AR5007 Wireless LAN device driver;c:\windows\System32\drivers\ar5524.sys [2/1/2007 6:32 PM 424448]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 01:35]

2009-05-28 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-02-02 23:04]

2009-06-17 c:\windows\Tasks\User_Feed_Synchronization-{89A530AD-3086-478B-B180-B39DD92E68E8}.job
- c:\windows\system32\msfeedssync.exe [2008-06-24 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-palofagawa - c:\programdata\gewigemo\gewigemo.dll
HKCU-Run-5ec5608a - c:\programdata\wehohuki\wehohuki.dll
HKCU-Run-CPM5df65316 - c:\programdata\doyuperu\doyuperu.dll
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\BGLsp.dll
Trusted Zone: sabre.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 12:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-17 12:53
ComboFix-quarantined-files.txt 2009-06-17 18:53

Pre-Run: 232,599,023,616 bytes free
Post-Run: 232,815,013,888 bytes free

383 --- E O F --- 2009-05-17 08:37

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:54 PM

Posted 17 June 2009 - 03:33 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM a Moderator.
The BC Staff/Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users