Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uacinit.dll


  • This topic is locked This topic is locked
10 replies to this topic

#1 skeen87

skeen87

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 07 August 2009 - 12:36 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 12:32:48.75 on Fri 08/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.585 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://pantagraph.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
{04f42ec8-7b56-49dc-a9ff-553325415bee}
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {58439964-8ef6-4247-8e60-b13635a3f366} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Tarantula] c:\program files\razer\tarantula\razerhid.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [Power2GoExpress] NA
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.clarkcolor.com/ClarkActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} - hxxp://71.189.121.71/home/SonySncCs3View.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://217.128.151.33/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://128.128.32.108/activex/AxisCamControl.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.66.37.162:8000/activex/AMC.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: fsp_lmwl - fsp_lmwl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\bagusevo.dll c:\windows\system32\wulowemo.dll c:\windows\system32\yunizawa.dll c:\windows\system32\gobunihi.dll c:\windows\system32\jevulove.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\rsoh8vup.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101676&l=dis
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-2-26 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-27 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-27 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-27 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-27 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-7-27 1370488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-2-26 5576712]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-2-26 563720]
R2 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2009-4-7 162432]
R2 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2009-4-7 12032]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 wmcmgc;Windows Management Configuration;c:\windows\system32\svchost.exe -k netsvcs [2007-3-9 14336]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-7-27 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-2-26 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-2-26 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-2-26 27232]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [2007-12-6 10096]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S2 iamfudz;iamfudz;c:\windows\system32\drivers\lwzsndot.sys --> c:\windows\system32\drivers\lwzsndot.sys [?]
S2 lkswdxvkvulajj;lkswdxvkvulajj;\??\c:\windows\system32\drivers\iwekouthlrpvas.sys --> c:\windows\system32\drivers\iwekouthlrpvas.sys [?]
S2 ttopnhpfroehys;ttopnhpfroehys;\??\c:\windows\system32\drivers\epevojsraco.sys --> c:\windows\system32\drivers\epevojsraco.sys [?]
S2 whchx;whchx;c:\windows\system32\drivers\facqn.sys --> c:\windows\system32\drivers\facqn.sys [?]
S2 yatwiid;yatwiid;c:\windows\system32\drivers\jqjfjbc.sys --> c:\windows\system32\drivers\jqjfjbc.sys [?]
S2 zsojoud;zsojoud;c:\windows\system32\drivers\hdzfat.sys --> c:\windows\system32\drivers\hdzfat.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-7-27 29208]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-08-07 00:42 34,816 a------- c:\windows\system32\drivers\rootrepeal.sys
2009-08-06 02:29 102,800 a------- c:\windows\system32\drivers\tmcomm.sys
2009-07-31 14:48 <DIR> --d----- c:\docume~1\owner\applic~1\com.Desktop.FlyCast.7C0C57158F17768D90610B2E569AA275F34D83AB.1
2009-07-31 14:48 <DIR> --d----- c:\program files\FlyCast
2009-07-27 00:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-07-27 00:43 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-27 00:43 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-27 00:43 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-27 00:43 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-27 00:43 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-27 00:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-27 00:42 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-07-27 00:42 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-07-25 10:51 <DIR> --d----- c:\docume~1\owner\applic~1\AVG8
2009-07-22 22:52 18,312 a------- c:\windows\uhuhu.dll
2009-07-22 22:52 18,273 a------- c:\windows\unoho.bin
2009-07-22 22:52 18,134 a------- c:\windows\yqedivyvac._dl
2009-07-22 22:52 17,795 a------- c:\docume~1\alluse~1\applic~1\mowe.exe
2009-07-22 22:52 16,563 a------- c:\program files\common files\zazyf.pif
2009-07-22 22:52 13,712 a------- c:\windows\jaryxyk.bin
2009-07-22 22:52 10,023 a------- c:\windows\system32\oditi.inf
2009-07-17 15:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 15:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-17 15:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 14:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-07-17 14:21 1,181,022 a------- c:\windows\system32\TmpA1714781
2009-07-16 22:25 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-07-16 22:25 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-07-16 22:18 14,914 a------- c:\docume~1\alluse~1\applic~1\ohotamojyb.pif
2009-07-16 22:18 10,368 a------- c:\docume~1\alluse~1\applic~1\moqasyfexy.scr
2009-07-16 22:18 17,460 a------- c:\program files\common files\eboko.bin
2009-07-16 22:18 16,063 a------- c:\program files\common files\afotedeh.reg
2009-07-16 22:18 14,535 a------- c:\docume~1\owner\applic~1\vicyzim.exe
2009-07-16 22:18 13,505 a------- c:\program files\common files\qisimizo.bin
2009-07-16 22:18 10,196 a------- c:\docume~1\owner\applic~1\orykavukef.exe
2009-07-16 22:15 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-07-16 17:08 <DIR> -cd-h--- c:\windows\ie8
2009-07-13 18:47 1,933,312 a------- c:\windows\system32\cdintf250.dll
2009-07-13 18:46 <DIR> --d----- c:\program files\common files\Palo Alto Software
2009-07-13 18:46 <DIR> --d----- c:\program files\common files\Intuit
2009-07-12 21:23 19,207 a------- c:\docume~1\owner\applic~1\rohefozy.com
2009-07-12 21:23 18,760 a------- c:\windows\kome.com
2009-07-12 21:23 18,620 a------- c:\windows\system32\acizopug.com
2009-07-12 21:23 18,157 a------- c:\windows\cojypaqosy.com
2009-07-12 21:23 18,024 a------- c:\windows\ilow.dat
2009-07-12 21:23 17,032 a------- c:\windows\system32\kyzal.reg
2009-07-12 21:23 16,550 a------- c:\docume~1\owner\applic~1\fohi.reg
2009-07-12 21:23 15,010 a------- c:\windows\fapuli._sy
2009-07-12 21:23 13,375 a------- c:\windows\system32\edaqifi.pif
2009-07-12 21:23 12,860 a------- c:\docume~1\alluse~1\applic~1\egyp.dat
2009-07-12 21:23 11,134 a------- c:\docume~1\alluse~1\applic~1\zikamywosa.pif

==================== Find3M ====================

2009-08-06 02:58 286 a------- c:\program files\ovmhwfk.txt
2009-07-27 20:49 286 a------- c:\program files\bskiri.txt
2009-07-16 22:18 19,197 a------- c:\windows\system32\osasizagu.dll
2009-07-16 22:18 18,631 a------- c:\windows\uwavyc.com
2009-07-16 22:18 19,532 a------- c:\windows\system32\bypopi.bin
2009-07-16 22:18 14,229 a------- c:\windows\cequw.scr
2009-07-16 22:18 10,838 a------- c:\windows\racavusaja.bat
2009-07-16 22:18 10,231 a------- c:\windows\yfaxova.sys
2009-07-16 22:18 17,094 a------- c:\windows\osixihojag.bin
2009-07-16 22:18 16,019 a------- c:\windows\gibewutuv.bin
2009-07-16 22:18 13,309 a------- c:\windows\system32\vicis.pif
2008-12-03 05:51 188 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2008-08-31 03:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 12:34:28.40 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/19/2007 5:31:26 PM
System Uptime: 8/7/2009 12:21:02 PM (0 hours ago)

Motherboard: To be filled by O.E.M. | | MS-7207G
Processor: AMD Athlon™ 64 Processor 3500+ | CPU 1 | 2209/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 145 GiB total, 32.17 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/27/2009 7:10:00 PM - Avg8 Update

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 7.0
Adobe Shockwave Player 11
AGEIA PhysX v7.11.13
AiO_Scan_CDA
AiOSoftwareNPI
AOL Coach Version 2.0(Build:20041026.5 en)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Extreme
Ask Toolbar
Audacity 1.2.6
AVG 8.5
AVG Identity Protection
AXIS Media Control
AXIS Media Control Embedded
BitTorrent
Bonjour
BufferChm
C5100
c5100_Help
Choice Guard
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Dexter Screen Saver
DigiFast
Digital Media Reader
DNA
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Dual-Core Optimizer
DVD Solution
Empire Earth II
eSupportQFolder
Fax_CDA
FlyCast
FullDPAppQFolder
Google Updater
Governor of Poker
Hamachi 1.0.2.5
HD-DV decoder
HeartlandPokerLeague
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Driver Diagnostics
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
HP Wireless Keyboard Driver V1.7 (2.0.W-127AU MUL)
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
iTunes
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 13
Java™ 6 Update 3
Java™ 6 Update 7
Kingpin: Life of Crime
Lock My PC 4.6
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MpcStar 2.1
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Multimedia Keyboard Driver
MySpaceIM
Nero 7 Ultra Edition
neroxml
NewCopy_CDA
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
PanoStandAlone
PeerGuardian 2.0
PhotoGallery
Power2Go 4.0
PowerDVD
PowerISO
ProductContextNPI
Quicken 2007
RandMap
Razer Tarantula
Readme
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Registry Mechanic 8.0
Scan
ScannerCopy
SDFormatter
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Segoe UI
Sid Meier's Pirates!
SIM editor 4.0
SkinsHP1
SlideShow
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic_PrimoSDK
SPORE™
Spybot - Search & Destroy
Status
System Requirements Lab
The Rosetta Stone
The Sims™ 2 Deluxe
Toolbox
TrayApp
UltimateBet
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
VCRedistSetup
Viewpoint Media Player
WA Update v3.50 beta2
WebFldrs XP
WebReg
Winamp
Windows Backup Utility
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/7/2009 12:10:08 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7905E8817D. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/7/2009 10:31:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
8/7/2009 10:31:09 AM, error: Service Control Manager [7000] - The zsojoud service failed to start due to the following error: The system cannot find the file specified.
8/7/2009 10:31:09 AM, error: Service Control Manager [7000] - The yatwiid service failed to start due to the following error: The system cannot find the file specified.
8/7/2009 10:31:09 AM, error: Service Control Manager [7000] - The whchx service failed to start due to the following error: The system cannot find the file specified.
8/7/2009 10:31:09 AM, error: Service Control Manager [7000] - The Realtek EAPPkt Protocol service failed to start due to the following error: The system cannot find the file specified.
8/7/2009 10:31:09 AM, error: Service Control Manager [7000] - The iamfudz service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:00 PM

Posted 07 August 2009 - 03:50 PM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 07 August 2009 - 07:51 PM

ComboFix 09-07-14.08 - Owner 08/07/2009 19:44.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.863 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2343509291-3122718930-969194667-1003
c:\recycler\S-1-5-21-2343509291-3122718930-969194667-1003\desktop.ini
c:\recycler\S-1-5-21-2343509291-3122718930-969194667-1003\INFO2

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.

2009-08-07 05:42 . 2009-08-07 05:42 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-08-06 07:29 . 2009-08-06 07:29 102800 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-31 19:48 . 2009-07-31 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\com.Desktop.FlyCast.7C0C57158F17768D90610B2E569AA275F34D83AB.1
2009-07-31 19:48 . 2009-07-31 19:48 -------- d-----w- c:\docume~1\Owner\APPLIC~1\com.Desktop.FlyCast.7C0C57158F17768D90610B2E569AA275F34D83AB.1
2009-07-31 19:48 . 2009-07-31 19:48 -------- d-----w- c:\program files\FlyCast
2009-07-31 15:23 . 2009-07-31 15:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-07-31 15:23 . 2009-07-31 15:23 -------- d-----w- c:\docume~1\Owner\LOCALS~1\APPLIC~1\AVG Security Toolbar
2009-07-27 05:43 . 2009-07-27 05:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2009-07-27 05:43 . 2009-07-31 14:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-27 05:43 . 2009-07-27 05:43 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-27 05:43 . 2009-07-27 05:43 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-27 05:43 . 2009-07-31 14:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-27 05:43 . 2009-07-31 14:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-27 05:43 . 2009-08-07 23:00 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-27 05:43 . 2009-07-27 05:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-27 05:42 . 2009-07-27 05:42 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-07-27 05:42 . 2009-07-27 05:42 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-07-25 15:51 . 2009-07-25 15:51 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-25 15:51 . 2009-07-25 15:51 -------- d-----w- c:\docume~1\Owner\APPLIC~1\AVG8
2009-07-23 03:52 . 2009-07-23 03:52 18312 ----a-w- c:\windows\uhuhu.dll
2009-07-23 03:52 . 2009-07-23 03:52 18273 ----a-w- c:\windows\unoho.bin
2009-07-23 03:52 . 2009-07-23 03:52 16563 ----a-w- c:\program files\Common Files\zazyf.pif
2009-07-23 03:52 . 2009-07-23 03:52 13712 ----a-w- c:\windows\jaryxyk.bin
2009-07-20 16:42 . 2009-07-20 16:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-19 06:08 . 2009-07-19 06:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2009-07-17 20:01 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 20:01 . 2009-07-19 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 20:01 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 19:31 . 2009-07-17 19:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2009-07-17 03:25 . 2009-07-17 03:25 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-07-17 03:25 . 2009-07-17 03:25 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-07-17 03:23 . 2009-07-17 03:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-17 03:16 . 2009-07-17 03:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-17 03:15 . 2009-07-17 03:15 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-07-16 22:08 . 2009-07-16 22:08 -------- dc-h--w- c:\windows\ie8
2009-07-13 23:47 . 2006-04-12 15:11 1933312 ----a-w- c:\windows\system32\cdintf250.dll
2009-07-13 23:46 . 2009-07-13 23:46 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2009-07-13 23:46 . 2009-07-13 23:46 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-13 02:23 . 2009-07-13 02:23 19207 ----a-w- c:\documents and settings\Owner\Application Data\rohefozy.com
2009-07-13 02:23 . 2009-07-13 02:23 18760 ----a-w- c:\windows\kome.com
2009-07-13 02:23 . 2009-07-13 02:23 18620 ----a-w- c:\windows\system32\acizopug.com
2009-07-13 02:23 . 2009-07-13 02:23 18157 ----a-w- c:\windows\cojypaqosy.com
2009-07-13 02:23 . 2009-07-13 02:23 18024 ----a-w- c:\windows\ilow.dat
2009-07-13 02:23 . 2009-07-13 02:23 17032 ----a-w- c:\windows\system32\kyzal.reg
2009-07-13 02:23 . 2009-07-13 02:23 13375 ----a-w- c:\windows\system32\edaqifi.pif
2009-07-13 02:23 . 2009-07-13 02:23 11036 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\tohukidu.dat
2009-07-13 02:23 . 2009-07-13 02:23 11036 ----a-w- c:\docume~1\Owner\LOCALS~1\APPLIC~1\tohukidu.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 00:35 . 2008-01-25 02:21 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-08 00:33 . 2008-02-07 23:20 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-08-08 00:33 . 2008-02-07 23:20 -------- d-----w- c:\docume~1\Owner\APPLIC~1\DNA
2009-08-08 00:23 . 2008-02-07 23:20 -------- d-----w- c:\program files\DNA
2009-08-07 17:47 . 2008-02-07 23:20 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-08-07 17:47 . 2008-02-07 23:20 -------- d-----w- c:\docume~1\Owner\APPLIC~1\BitTorrent
2009-08-07 10:48 . 2008-12-22 23:45 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-08-07 10:48 . 2008-12-22 23:45 0 ----a-w- c:\docume~1\Owner\LOCALS~1\APPLIC~1\prvlcl.dat
2009-08-07 06:16 . 2009-02-20 14:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-08-07 02:40 . 2009-05-05 21:08 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 07:58 . 2009-08-06 07:58 286 ----a-w- c:\program files\ovmhwfk.txt
2009-07-28 01:49 . 2009-07-28 01:49 286 ----a-w- c:\program files\bskiri.txt
2009-07-28 00:12 . 2008-02-19 02:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 00:12 . 2008-12-04 17:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-28 00:10 . 2007-11-19 22:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 05:45 . 2009-01-28 20:03 -------- d-----w- c:\program files\PeerGuardian2
2009-07-27 05:42 . 2008-07-21 23:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-23 03:52 . 2009-07-23 03:52 17795 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\mowe.exe
2009-07-23 01:54 . 2009-04-07 14:42 -------- d-----w- c:\program files\Atari
2009-07-19 06:26 . 2008-01-30 03:24 -------- d-----w- c:\program files\Electronic Arts
2009-07-17 19:30 . 2008-08-06 02:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Petroglyph
2009-07-17 19:30 . 2008-08-06 02:42 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Petroglyph
2009-07-17 19:22 . 2009-06-09 05:40 -------- d-----w- c:\program files\PopCap Games
2009-07-16 14:39 . 2009-04-02 04:40 -------- d-----w- c:\program files\UltimateBet
2009-07-16 14:11 . 2008-07-17 20:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Hamachi
2009-07-16 14:11 . 2008-07-17 20:00 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Hamachi
2009-07-13 23:47 . 2008-01-29 22:19 -------- d-----w- c:\program files\Quicken
2009-07-13 02:23 . 2009-07-13 02:23 19207 ----a-w- c:\docume~1\Owner\APPLIC~1\rohefozy.com
2009-07-13 02:23 . 2009-07-13 02:23 16550 ----a-w- c:\documents and settings\Owner\Application Data\fohi.reg
2009-07-13 02:23 . 2009-07-13 02:23 16550 ----a-w- c:\docume~1\Owner\APPLIC~1\fohi.reg
2009-07-13 02:23 . 2009-07-13 02:23 12860 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\egyp.dat
2009-07-13 02:23 . 2009-07-13 02:23 11134 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\zikamywosa.pif
2009-06-29 22:33 . 2009-06-29 01:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\15961874
2009-06-21 13:12 . 2007-11-19 22:57 -------- d-----w- c:\program files\Java
2009-06-21 13:10 . 2009-06-21 13:10 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-09 05:58 . 2009-06-09 05:42 25 ----a-w- c:\windows\popcinfot.dat
2009-06-09 05:41 . 2009-06-09 05:41 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PopCap Games
2009-06-06 06:01 . 2009-06-06 06:00 7040776 ----a-w- c:\documents and settings\Owner\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-05-18 20:46 . 2009-05-18 20:46 83446 ----a-w- c:\documents and settings\Owner\Application Data\HeartlandPokerLeague\uninst.exe
2009-06-24 00:43 . 2008-12-23 20:21 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-29 342848]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-31 2000152]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 14:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2007-11-29 17:42 44400 ----a-w- c:\windows\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Quake.1[Game]-neno001\\glquake.exe"=
"c:\\Program Files\\Microprose\\Risk II\\RISKII.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\UltimateBet\\mainclient.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2/26/2009 12:46 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/27/2009 12:43 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/27/2009 12:43 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/27/2009 12:43 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/27/2009 12:42 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/27/2009 12:42 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [7/27/2009 12:42 AM 1370488]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [3/9/2007 6:01 PM 14336]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/27/2009 12:42 AM 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2/26/2009 12:46 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2/26/2009 12:46 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2/26/2009 12:46 PM 27232]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [12/6/2007 8:57 PM 10096]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 1:45 AM 124832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2/26/2009 12:46 PM 5576712]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2/26/2009 12:46 PM 563720]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 iamfudz;iamfudz;c:\windows\system32\drivers\lwzsndot.sys --> c:\windows\system32\drivers\lwzsndot.sys [?]
S2 lkswdxvkvulajj;lkswdxvkvulajj;\??\c:\windows\system32\drivers\iwekouthlrpvas.sys --> c:\windows\system32\drivers\iwekouthlrpvas.sys [?]
S2 ttopnhpfroehys;ttopnhpfroehys;\??\c:\windows\system32\drivers\epevojsraco.sys --> c:\windows\system32\drivers\epevojsraco.sys [?]
S2 whchx;whchx;c:\windows\system32\drivers\facqn.sys --> c:\windows\system32\drivers\facqn.sys [?]
S2 yatwiid;yatwiid;c:\windows\system32\drivers\jqjfjbc.sys --> c:\windows\system32\drivers\jqjfjbc.sys [?]
S2 zsojoud;zsojoud;c:\windows\system32\drivers\hdzfat.sys --> c:\windows\system32\drivers\hdzfat.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/27/2009 12:42 AM 29208]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
oaubccfg

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

BHO-{04f42ec8-7b56-49dc-a9ff-553325415bee} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{58439964-8ef6-4247-8e60-b13635a3f366} - (no file)
HKCU-Run-Power2GoExpress - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://pantagraph.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} - hxxp://71.189.121.71/home/SonySncCs3View.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.66.37.162:8000/activex/AMC.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\rsoh8vup.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101676&l=dis
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\fsp_lmwl.dll
.
Completion time: 2009-08-08 19:48
ComboFix-quarantined-files.txt 2009-08-08 00:48

Pre-Run: 36,476,260,352 bytes free
Post-Run: 37,850,087,424 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
294 --- E O F --- 2008-11-12 09:03

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:00 PM

Posted 08 August 2009 - 01:58 AM

Hi,

Please follow the instructions I posted earlier and download Combofix from the link I gave you. You didn't disable your Antivirus and didn't allow it to install the recovery console. I can't stress how how important this is that you follow exact instructions.

Then post the new log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 08 August 2009 - 08:11 PM

ComboFix 09-07-14.08 - Owner 08/08/2009 20:06.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.936 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-07 05:42 . 2009-08-07 05:42 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-08-06 07:29 . 2009-08-06 07:29 102800 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-31 19:48 . 2009-07-31 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\com.Desktop.FlyCast.7C0C57158F17768D90610B2E569AA275F34D83AB.1
2009-07-31 19:48 . 2009-07-31 19:48 -------- d-----w- c:\program files\FlyCast
2009-07-27 05:43 . 2009-07-27 05:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2009-07-25 15:51 . 2009-07-25 15:51 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-23 03:52 . 2009-07-23 03:52 18312 ----a-w- c:\windows\uhuhu.dll
2009-07-23 03:52 . 2009-07-23 03:52 18273 ----a-w- c:\windows\unoho.bin
2009-07-23 03:52 . 2009-07-23 03:52 16563 ----a-w- c:\program files\Common Files\zazyf.pif
2009-07-23 03:52 . 2009-07-23 03:52 13712 ----a-w- c:\windows\jaryxyk.bin
2009-07-20 16:42 . 2009-07-20 16:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-19 06:08 . 2009-07-19 06:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2009-07-17 20:01 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 20:01 . 2009-07-19 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 20:01 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 19:31 . 2009-07-17 19:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2009-07-17 03:25 . 2009-07-17 03:25 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-07-17 03:25 . 2009-07-17 03:25 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-07-17 03:23 . 2009-07-17 03:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-17 03:16 . 2009-07-17 03:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-17 03:15 . 2009-07-17 03:15 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-07-16 22:08 . 2009-07-16 22:08 -------- dc-h--w- c:\windows\ie8
2009-07-13 23:47 . 2006-04-12 15:11 1933312 ----a-w- c:\windows\system32\cdintf250.dll
2009-07-13 23:46 . 2009-07-13 23:46 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2009-07-13 23:46 . 2009-07-13 23:46 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-13 02:23 . 2009-07-13 02:23 19207 ----a-w- c:\documents and settings\Owner\Application Data\rohefozy.com
2009-07-13 02:23 . 2009-07-13 02:23 18760 ----a-w- c:\windows\kome.com
2009-07-13 02:23 . 2009-07-13 02:23 18620 ----a-w- c:\windows\system32\acizopug.com
2009-07-13 02:23 . 2009-07-13 02:23 18157 ----a-w- c:\windows\cojypaqosy.com
2009-07-13 02:23 . 2009-07-13 02:23 18024 ----a-w- c:\windows\ilow.dat
2009-07-13 02:23 . 2009-07-13 02:23 17032 ----a-w- c:\windows\system32\kyzal.reg
2009-07-13 02:23 . 2009-07-13 02:23 13375 ----a-w- c:\windows\system32\edaqifi.pif
2009-07-13 02:23 . 2009-07-13 02:23 11036 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\tohukidu.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 01:05 . 2008-02-07 23:20 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-08-09 01:03 . 2008-01-25 02:21 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-08 16:45 . 2009-05-05 21:08 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-08 16:45 . 2008-02-07 23:20 -------- d-----w- c:\program files\DNA
2009-08-08 16:38 . 2008-07-21 23:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-08 16:26 . 2008-02-07 23:20 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-08-08 10:48 . 2008-12-22 23:45 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-08-08 07:18 . 2009-02-20 14:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-08-06 07:58 . 2009-08-06 07:58 286 ----a-w- c:\program files\ovmhwfk.txt
2009-07-28 01:49 . 2009-07-28 01:49 286 ----a-w- c:\program files\bskiri.txt
2009-07-28 00:12 . 2008-02-19 02:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 00:12 . 2008-12-04 17:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-28 00:10 . 2007-11-19 22:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 05:45 . 2009-01-28 20:03 -------- d-----w- c:\program files\PeerGuardian2
2009-07-23 03:52 . 2009-07-23 03:52 17795 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\mowe.exe
2009-07-23 01:54 . 2009-04-07 14:42 -------- d-----w- c:\program files\Atari
2009-07-19 06:26 . 2008-01-30 03:24 -------- d-----w- c:\program files\Electronic Arts
2009-07-17 19:30 . 2008-08-06 02:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Petroglyph
2009-07-17 19:22 . 2009-06-09 05:40 -------- d-----w- c:\program files\PopCap Games
2009-07-16 14:39 . 2009-04-02 04:40 -------- d-----w- c:\program files\UltimateBet
2009-07-16 14:11 . 2008-07-17 20:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Hamachi
2009-07-13 23:47 . 2008-01-29 22:19 -------- d-----w- c:\program files\Quicken
2009-07-13 02:23 . 2009-07-13 02:23 16550 ----a-w- c:\documents and settings\Owner\Application Data\fohi.reg
2009-07-13 02:23 . 2009-07-13 02:23 12860 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\egyp.dat
2009-07-13 02:23 . 2009-07-13 02:23 11134 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\zikamywosa.pif
2009-06-29 22:33 . 2009-06-29 01:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\15961874
2009-06-21 13:12 . 2007-11-19 22:57 -------- d-----w- c:\program files\Java
2009-06-21 13:10 . 2009-06-21 13:10 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-09 05:58 . 2009-06-09 05:42 25 ----a-w- c:\windows\popcinfot.dat
2009-06-06 06:01 . 2009-06-06 06:00 7040776 ----a-w- c:\documents and settings\Owner\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-05-18 20:46 . 2009-05-18 20:46 83446 ----a-w- c:\documents and settings\Owner\Application Data\HeartlandPokerLeague\uninst.exe
2009-08-08 16:37 . 2008-12-23 20:21 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-08_00.46.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-08 16:45 . 2009-08-08 16:45 16384 c:\windows\Temp\Perflib_Perfdata_120.dat
+ 2004-08-26 18:07 . 2009-08-08 16:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-26 18:07 . 2009-08-08 00:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-26 18:07 . 2009-08-08 00:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-08 16:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-08 16:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-26 18:07 . 2009-08-08 00:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-17 03:16 . 2009-08-08 16:44 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-17 03:16 . 2009-08-08 00:23 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-29 342848]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2007-11-29 17:42 44400 ----a-w- c:\windows\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Quake.1[Game]-neno001\\glquake.exe"=
"c:\\Program Files\\Microprose\\Risk II\\RISKII.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\UltimateBet\\mainclient.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 1:45 AM 124832]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [3/9/2007 6:01 PM 14336]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [12/6/2007 8:57 PM 10096]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 iamfudz;iamfudz;c:\windows\system32\drivers\lwzsndot.sys --> c:\windows\system32\drivers\lwzsndot.sys [?]
S2 lkswdxvkvulajj;lkswdxvkvulajj;\??\c:\windows\system32\drivers\iwekouthlrpvas.sys --> c:\windows\system32\drivers\iwekouthlrpvas.sys [?]
S2 ttopnhpfroehys;ttopnhpfroehys;\??\c:\windows\system32\drivers\epevojsraco.sys --> c:\windows\system32\drivers\epevojsraco.sys [?]
S2 whchx;whchx;c:\windows\system32\drivers\facqn.sys --> c:\windows\system32\drivers\facqn.sys [?]
S2 yatwiid;yatwiid;c:\windows\system32\drivers\jqjfjbc.sys --> c:\windows\system32\drivers\jqjfjbc.sys [?]
S2 zsojoud;zsojoud;c:\windows\system32\drivers\hdzfat.sys --> c:\windows\system32\drivers\hdzfat.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
oaubccfg

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

BHO-{04f42ec8-7b56-49dc-a9ff-553325415bee} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{58439964-8ef6-4247-8e60-b13635a3f366} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-AVGIDS - c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
Notify-avgrsstarter - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://pantagraph.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} - hxxp://71.189.121.71/home/SonySncCs3View.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.66.37.162:8000/activex/AMC.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\rsoh8vup.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101676&l=dis
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 20:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\fsp_lmwl.dll

- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\ieframe.dll
c:\program files\HP Wireless Keyboard\HidKeybd.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-09 20:09
ComboFix-quarantined-files.txt 2009-08-09 01:09
ComboFix2.txt 2009-08-08 00:48

Pre-Run: 37,890,940,928 bytes free
Post-Run: 37,898,997,760 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
248 --- E O F --- 2008-11-12 09:03

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:00 PM

Posted 09 August 2009 - 05:19 AM

Hi,

Still not sure here what you have done. Can you just download Combofix.exe from the link I gave you? This because I see you renamed it and not sure either why you didn't install the Recovery Console. Also, it says it's running in reduced functionality.
Please install the recovery console (allow combofix to install it). In case Combofix gives an error, please let me know.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 09 August 2009 - 02:54 PM

ok when i run combofix the new i i downloaded. It does run but its invislble like the internet explorers thi trojan/rootikit runs, and is only visible in task manager. Please advise.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:00 PM

Posted 09 August 2009 - 04:08 PM

Sorry, I'm having difficulties with understanding you...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."

If it still shows the reduced functionality mode in the log, try from Windows safe mode.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 10 August 2009 - 12:41 AM

ComboFix 09-08-09.04 - Owner 08/10/2009 0:29.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.1063 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Cpvff.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\diris._dl
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ehoby.vbs
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ifit._sy
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ometutosu.db
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\tosis.vbs
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ufuhyjej.dll
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\xyhawizan.bat
c:\windows\Installer\1324b.msi
c:\windows\run.log
c:\windows\system32\drivers\UACyjcbbuwyvx.sys
c:\windows\system32\UACawjxyehvgy.dll
c:\windows\system32\UACfeorhntetr.db
c:\windows\system32\UACgaahmawccr.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClpkbauwleh.dat
c:\windows\system32\UACmpsybvqlmj.dll
c:\windows\system32\UACnqwyxacwpu.dll
c:\windows\system32\UACofikohpgkt.dll
c:\windows\system32\UACxkbgbtanqd.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 05:35 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-10 05:35 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-07 05:42 . 2009-08-07 05:42 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-08-06 07:29 . 2009-08-06 07:29 102800 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-31 19:48 . 2009-07-31 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\com.Desktop.FlyCast.7C0C57158F17768D90610B2E569AA275F34D83AB.1
2009-07-31 19:48 . 2009-07-31 19:48 -------- d-----w- c:\program files\FlyCast
2009-07-27 05:43 . 2009-07-27 05:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2009-07-25 15:51 . 2009-07-25 15:51 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-23 03:52 . 2009-07-23 03:52 18312 ----a-w- c:\windows\uhuhu.dll
2009-07-23 03:52 . 2009-07-23 03:52 18273 ----a-w- c:\windows\unoho.bin
2009-07-23 03:52 . 2009-07-23 03:52 16563 ----a-w- c:\program files\Common Files\zazyf.pif
2009-07-23 03:52 . 2009-07-23 03:52 13712 ----a-w- c:\windows\jaryxyk.bin
2009-07-20 16:42 . 2009-07-20 16:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-19 06:08 . 2009-07-19 06:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2009-07-17 20:01 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 20:01 . 2009-07-19 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 20:01 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 19:31 . 2009-07-17 19:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2009-07-17 03:25 . 2009-07-17 03:25 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-07-17 03:25 . 2009-07-17 03:25 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-07-17 03:23 . 2009-07-17 03:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-17 03:16 . 2009-07-17 03:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-17 03:15 . 2009-07-17 03:15 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-07-16 22:08 . 2009-07-16 22:08 -------- dc-h--w- c:\windows\ie8
2009-07-13 23:47 . 2006-04-12 15:11 1933312 ----a-w- c:\windows\system32\cdintf250.dll
2009-07-13 23:46 . 2009-07-13 23:46 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2009-07-13 23:46 . 2009-07-13 23:46 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-13 02:23 . 2009-07-13 02:23 19207 ----a-w- c:\documents and settings\Owner\Application Data\rohefozy.com
2009-07-13 02:23 . 2009-07-13 02:23 18760 ----a-w- c:\windows\kome.com
2009-07-13 02:23 . 2009-07-13 02:23 18620 ----a-w- c:\windows\system32\acizopug.com
2009-07-13 02:23 . 2009-07-13 02:23 18157 ----a-w- c:\windows\cojypaqosy.com
2009-07-13 02:23 . 2009-07-13 02:23 18024 ----a-w- c:\windows\ilow.dat
2009-07-13 02:23 . 2009-07-13 02:23 17032 ----a-w- c:\windows\system32\kyzal.reg
2009-07-13 02:23 . 2009-07-13 02:23 13375 ----a-w- c:\windows\system32\edaqifi.pif
2009-07-13 02:23 . 2009-07-13 02:23 11036 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\tohukidu.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 05:22 . 2008-02-07 23:20 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-08-10 04:52 . 2008-01-25 02:21 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-10 04:51 . 2008-02-07 23:20 -------- d-----w- c:\program files\DNA
2009-08-09 23:34 . 2008-02-07 23:20 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-08-09 08:19 . 2009-02-20 14:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-08-08 16:45 . 2009-05-05 21:08 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-08 16:38 . 2008-07-21 23:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-08 10:48 . 2008-12-22 23:45 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-08-06 07:58 . 2009-08-06 07:58 286 ----a-w- c:\program files\ovmhwfk.txt
2009-07-28 01:49 . 2009-07-28 01:49 286 ----a-w- c:\program files\bskiri.txt
2009-07-28 00:12 . 2008-02-19 02:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 00:12 . 2008-12-04 17:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-28 00:10 . 2007-11-19 22:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 05:45 . 2009-01-28 20:03 -------- d-----w- c:\program files\PeerGuardian2
2009-07-23 03:52 . 2009-07-23 03:52 17795 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\mowe.exe
2009-07-23 01:54 . 2009-04-07 14:42 -------- d-----w- c:\program files\Atari
2009-07-19 06:26 . 2008-01-30 03:24 -------- d-----w- c:\program files\Electronic Arts
2009-07-17 19:30 . 2008-08-06 02:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Petroglyph
2009-07-17 19:22 . 2009-06-09 05:40 -------- d-----w- c:\program files\PopCap Games
2009-07-16 14:39 . 2009-04-02 04:40 -------- d-----w- c:\program files\UltimateBet
2009-07-16 14:11 . 2008-07-17 20:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Hamachi
2009-07-13 23:47 . 2008-01-29 22:19 -------- d-----w- c:\program files\Quicken
2009-07-13 02:23 . 2009-07-13 02:23 16550 ----a-w- c:\documents and settings\Owner\Application Data\fohi.reg
2009-07-13 02:23 . 2009-07-13 02:23 12860 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\egyp.dat
2009-07-13 02:23 . 2009-07-13 02:23 11134 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\zikamywosa.pif
2009-06-29 22:33 . 2009-06-29 01:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\15961874
2009-06-21 13:12 . 2007-11-19 22:57 -------- d-----w- c:\program files\Java
2009-06-21 13:10 . 2009-06-21 13:10 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-09 05:58 . 2009-06-09 05:42 25 ----a-w- c:\windows\popcinfot.dat
2009-06-06 06:01 . 2009-06-06 06:00 7040776 ----a-w- c:\documents and settings\Owner\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-05-18 20:46 . 2009-05-18 20:46 83446 ----a-w- c:\documents and settings\Owner\Application Data\HeartlandPokerLeague\uninst.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-08-08_00.46.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 05:28 . 2009-08-10 05:28 16384 c:\windows\Temp\Perflib_Perfdata_4c8.dat
+ 2004-08-26 18:07 . 2009-08-10 04:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-26 18:07 . 2009-08-08 00:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-26 18:07 . 2009-08-08 00:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-10 04:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-10 04:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-26 18:07 . 2009-08-08 00:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-17 03:16 . 2009-08-10 04:51 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-17 03:16 . 2009-08-08 00:23 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-29 342848]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2007-11-29 17:42 44400 ----a-w- c:\windows\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Quake.1[Game]-neno001\\glquake.exe"=
"c:\\Program Files\\Microprose\\Risk II\\RISKII.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\UltimateBet\\mainclient.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 1:45 AM 124832]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [3/9/2007 6:01 PM 14336]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [12/6/2007 8:57 PM 10096]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 iamfudz;iamfudz;c:\windows\system32\drivers\lwzsndot.sys --> c:\windows\system32\drivers\lwzsndot.sys [?]
S2 lkswdxvkvulajj;lkswdxvkvulajj;\??\c:\windows\system32\drivers\iwekouthlrpvas.sys --> c:\windows\system32\drivers\iwekouthlrpvas.sys [?]
S2 ttopnhpfroehys;ttopnhpfroehys;\??\c:\windows\system32\drivers\epevojsraco.sys --> c:\windows\system32\drivers\epevojsraco.sys [?]
S2 whchx;whchx;c:\windows\system32\drivers\facqn.sys --> c:\windows\system32\drivers\facqn.sys [?]
S2 yatwiid;yatwiid;c:\windows\system32\drivers\jqjfjbc.sys --> c:\windows\system32\drivers\jqjfjbc.sys [?]
S2 zsojoud;zsojoud;c:\windows\system32\drivers\hdzfat.sys --> c:\windows\system32\drivers\hdzfat.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
oaubccfg

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

BHO-{04f42ec8-7b56-49dc-a9ff-553325415bee} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{58439964-8ef6-4247-8e60-b13635a3f366} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://pantagraph.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} - hxxp://71.189.121.71/home/SonySncCs3View.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.66.37.162:8000/activex/AMC.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\rsoh8vup.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101676&l=dis
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 00:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-703126901-4242364551-1895474545-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e4,0e,4c,1c,b5,40,e5,de,b9,25,a2,de,27,93,f6,a6,af,a8,93,61,d5,a4,93,
4c,ef,3d,aa,00,0f,2d,d0,9e,5e,e8,62,9f,b3,c8,19,2f,0c,45,57,e6,8d,bd,9d,a0,\
"??"=hex:a9,66,c3,db,37,a7,78,95,c3,1b,19,fa,f8,8b,db,be

[HKEY_USERS\S-1-5-21-703126901-4242364551-1895474545-1003\Software\SecuROM\License information*]
"datasecu"=hex:6d,6c,4b,08,87,c8,42,78,63,b6,c7,60,57,49,c2,cc,25,e9,02,26,24,
ef,10,d2,c8,3c,4c,71,63,f7,25,9e,7d,e7,79,bf,41,99,65,82,1b,1b,aa,a7,66,5b,\
"rkeysecu"=hex:28,48,93,5e,e9,b0,94,ec,cc,a0,37,e7,68,62,6f,0c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\fsp_lmwl.dll
.
Completion time: 2009-08-10 0:38
ComboFix-quarantined-files.txt 2009-08-10 05:37
ComboFix2.txt 2009-08-09 01:09
ComboFix3.txt 2009-08-08 00:48

Pre-Run: 37,762,453,504 bytes free
Post-Run: 37,732,270,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

274 --- E O F --- 2008-11-12 09:03

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:00 PM

Posted 10 August 2009 - 02:31 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.



Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\uhuhu.dll
c:\windows\unoho.bin
c:\program files\Common Files\zazyf.pif
c:\windows\jaryxyk.bin
c:\documents and settings\Owner\Application Data\rohefozy.com
c:\windows\kome.com
c:\windows\system32\acizopug.com
c:\windows\cojypaqosy.com
c:\windows\ilow.dat
c:\windows\system32\kyzal.reg
c:\windows\system32\edaqifi.pif
c:\documents and settings\Owner\Local Settings\Application Data\tohukidu.dat
c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
c:\program files\ovmhwfk.txt
c:\program files\bskiri.txt
c:\docume~1\ALLUSE~1\APPLIC~1\mowe.exe
c:\documents and settings\Owner\Application Data\fohi.reg
c:\docume~1\ALLUSE~1\APPLIC~1\egyp.dat
c:\docume~1\ALLUSE~1\APPLIC~1\zikamywosa.pif
Folder::
c:\docume~1\ALLUSE~1\APPLIC~1\15961874
Driver::
wmcmgc
iamfudz
lkswdxvkvulajj
ttopnhpfroehys
whchx
yatwiid
zsojoud
NetSvc::
wmcmgc
oaubccfg



Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:00 PM

Posted 05 September 2009 - 05:44 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users