Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Security Tool" virus infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 jayday

jayday

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 07 November 2009 - 07:51 PM

My PC became infected with the "Security Tool" virus / malware a little over 3 weeks ago. I followed the instructions posted on this site to remove the virus but ran into an issue. I attempted to download Malwarebytes Antimalware, but I'm unable to exectue mbam.exe.

I also attempted to download Superantispyware, but was unsuccessful in doing that also.

I have Avast antivirus running (a free version that I downloaded after the "Security Tool" virus infected my PC) and I received a warning that C:\WINDOWS\SYSTEM32\VIPUKEYU.DLL is infected with Win32:Vundo-GJ [Trj]. The recommend action is to "move to chest" which I have done.

For the past several days I have been receiving assistance from the moderator garmanma. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/269595/security-tool-virus/ ~ OB He had me run Rkill in addition to rootrepeal, Win32Diag and I also have a log.txt.


DDS.txt

DDS (Ver_09-10-26.01) - NTFSx86
Run by Jason Day at 19:32:57.92 on Sat 11/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.177 [GMT -5:00]

AV: avast! antivirus 4.8.1356 [VPS 091107-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Jason Day\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.sbc.com/dsl
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {52706EF7-D7A2-49AD-A615-E903858CF284} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9c1cf438-8994-43fe-8216-c87a7475bf19} - c:\windows\system32\axaltoc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [H/PC Connection Agent] c:\progra~1\mi3aa1~1\wcescomm.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [71080319] c:\docume~1\alluse~1\applic~1\71080319\71080319.exe
mRun: [48680430] c:\docume~1\alluse~1\applic~1\48680430\48680430.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [48084024] c:\docume~1\alluse~1\applic~1\48084024\48084024.exe
mRun: [64060723] c:\docume~1\alluse~1\applic~1\64060723\64060723.exe
mRun: [29127425] c:\docume~1\alluse~1\applic~1\29127425\29127425.exe
mRun: [73871834] c:\docume~1\alluse~1\applic~1\73871834\73871834.exe
mRun: [53738430] c:\docume~1\alluse~1\applic~1\53738430\53738430.exe
mRun: [06715524] c:\documents and settings\all users\application data\06715524\06715524.exe
mRun: [83220924] c:\documents and settings\all users\application data\83220924\83220924.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dakuwaviw] Rundll32.exe "c:\windows\system32\fawedevi.dll",a
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: __c0075818 - c:\windows\system32\__c0075818.dat
AppInit_DLLs: c:\windows\system32\kavezopa.dll c:\windows\system32\mizezilo.dll c:\windows\system32\vegozadi.dll vimoveta.dll c:\windows\system32\debeviva.dll c:\windows\system32\fawedevi.dll c:\windows\system32\kunuzavi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: fonizorez - {c702f2b0-3758-41f6-9ec5-5915d32db348} - c:\windows\system32\godidusa.dll
SSODL: gamojilom - {d7e307c3-482c-4eae-b627-d5fd7749ee1e} - c:\windows\system32\popezaho.dll
SSODL: damipaned - {8bbbe363-e55c-433e-a019-6de31f0fe2df} - c:\windows\system32\makatulo.dll
SSODL: favomalek - {193a944c-625e-4cb4-915f-cc7e370b5943} - c:\windows\system32\makatulo.dll
SSODL: leyulalet - {538d687b-0e21-4bc6-aba5-e120f8fc1882} - c:\windows\system32\fawedevi.dll
SSODL: kefoninaw - {9a127b44-fc9b-4da5-b73e-a7a8f62e5536} - c:\windows\system32\fawedevi.dll
SSODL: pokevebis - {034aa3a9-4ba8-4eec-89d7-fc824efc07fb} - c:\windows\system32\fawedevi.dll
SSODL: bejehenev - {8d2d48fa-bee7-404c-85c9-51ea3137c559} - c:\windows\system32\fawedevi.dll
SSODL: maziyupaz - {6db8b9e9-5cae-4f2f-9f7a-ab9eaafc82ca} - c:\windows\system32\vegozadi.dll
STS: jugezatag: {c702f2b0-3758-41f6-9ec5-5915d32db348} - c:\windows\system32\godidusa.dll
STS: tokatiluy: {d7e307c3-482c-4eae-b627-d5fd7749ee1e} - c:\windows\system32\popezaho.dll
STS: tokatiluy: {8bbbe363-e55c-433e-a019-6de31f0fe2df} - c:\windows\system32\makatulo.dll
STS: tokatiluy: {193a944c-625e-4cb4-915f-cc7e370b5943} - c:\windows\system32\makatulo.dll
STS: mujuzedij: {538d687b-0e21-4bc6-aba5-e120f8fc1882} - c:\windows\system32\fawedevi.dll
STS: mujuzedij: {9a127b44-fc9b-4da5-b73e-a7a8f62e5536} - c:\windows\system32\fawedevi.dll
STS: jugezatag: {034aa3a9-4ba8-4eec-89d7-fc824efc07fb} - c:\windows\system32\fawedevi.dll
STS: mujuzedij: {8d2d48fa-bee7-404c-85c9-51ea3137c559} - c:\windows\system32\fawedevi.dll
STS: tokatiluy: {6db8b9e9-5cae-4f2f-9f7a-ab9eaafc82ca} - c:\windows\system32\fawedevi.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli dinizuha.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-10 114768]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-10 20560]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-14 24652]
S3 501bf130-9418-4262-aa05-1834b83cf7fa;501bf130-9418-4262-aa05-1834b83cf7fa;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-12-22 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-06 22:06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 22:06:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 02:04:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 02:04:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-04 00:39:21 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-04 00:21:42 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-04 00:21:33 0 d-----w- c:\docume~1\jasond~1\applic~1\SUPERAntiSpyware.com
2009-11-03 23:54:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-17 01:49:01 3550592 ----a-w- C:\procexp.exe
2009-10-16 20:58:06 4045528 ----a-w- C:\mbam-setup.exe
2009-10-14 22:49:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-14 22:49:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-08-21 09:46:35 450560 ------w- c:\windows\system32\dllcache\jscript.dll
2009-04-12 12:33:53 0 ----a-w- c:\program files\temp01
2006-02-19 03:09:23 56 --sh--r- c:\windows\system32\4A9F9E28FB.sys
2009-07-13 19:56:43 1011606 --sha-w- c:\windows\system32\berinege.exe
2009-08-06 23:33:09 3 --sha-w- c:\windows\system32\bimeyonu.dll
2009-08-07 01:45:48 3 --sha-w- c:\windows\system32\bozagudu.dll
2009-08-07 03:13:23 3 --sha-w- c:\windows\system32\bufufodu.dll
2009-07-11 00:10:09 1011386 --sha-w- c:\windows\system32\buraboto.exe
2009-08-07 03:13:23 3 --sha-w- c:\windows\system32\daweyuve.dll
2009-08-04 00:38:11 90112 --sha-w- c:\windows\system32\debeviva.dll
2009-07-30 21:50:09 52224 --sha-w- c:\windows\system32\dinizuha.dll
2009-08-07 03:35:56 3 --sha-w- c:\windows\system32\disekoha.dll
2009-07-15 20:57:23 1112656 --sha-w- c:\windows\system32\duwibudo.exe
2009-07-21 20:55:02 38912 --sha-w- c:\windows\system32\fagonifa.dll
2009-07-30 21:49:24 52224 --sha-w- c:\windows\system32\fakubija.dll
2009-07-22 22:10:49 89088 --sha-w- c:\windows\system32\fawedevi.dll
2009-07-22 22:10:49 1050146 --sha-w- c:\windows\system32\fegufula.exe
2009-08-04 00:38:11 38912 --sha-w- c:\windows\system32\fiwevoga.dll
2009-08-07 03:35:56 3 --sha-w- c:\windows\system32\fuhubuga.dll
2009-07-16 21:54:33 38400 --sha-w- c:\windows\system32\guyifuhi.dll
2009-07-20 20:46:47 1011326 --sha-w- c:\windows\system32\hamohive.exe
2009-08-07 01:00:44 3 --sha-w- c:\windows\system32\jevayeyi.dll
2009-07-15 20:57:23 38912 --sha-w- c:\windows\system32\kadofebi.dll
2006-02-19 03:09:23 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-06 23:33:09 3 --sha-w- c:\windows\system32\kibalebe.dll
2009-07-16 21:54:33 89088 --sha-w- c:\windows\system32\kofidutu.dll
2009-08-07 02:08:20 3 --sha-w- c:\windows\system32\kokihove.dll
2009-07-09 20:28:40 1011718 --sha-w- c:\windows\system32\kugokigu.exe
2009-07-21 20:55:02 1051682 --sha-w- c:\windows\system32\kunuzavi.exe
2009-07-22 22:10:49 38912 --sha-w- c:\windows\system32\lohulatu.dll
2009-08-06 23:10:36 3 --sha-w- c:\windows\system32\nejefiju.dll
2009-07-14 22:25:10 52224 --sha-w- c:\windows\system32\nilujete.dll
2009-08-07 01:45:48 3 --sha-w- c:\windows\system32\nitifemo.dll
2009-07-20 20:46:47 38400 --sha-w- c:\windows\system32\nunupofa.dll
2009-08-07 01:00:44 3 --sha-w- c:\windows\system32\pufidihu.dll
2009-07-30 21:50:09 52224 --sha-w- c:\windows\system32\putevama.dll
2009-07-30 21:49:25 37888 --sha-w- c:\windows\system32\regizogu.dll
2009-08-07 02:08:20 3 --sha-w- c:\windows\system32\sekunara.dll
2009-08-06 23:10:36 3 --sha-w- c:\windows\system32\towozoha.dll
2009-08-06 23:55:41 3 --sha-w- c:\windows\system32\tuvojeto.dll
2009-07-16 21:54:36 1111915 --sha-w- c:\windows\system32\vakuhimu.exe
2009-07-30 21:49:24 90112 --sha-w- c:\windows\system32\vegozadi.dll
2009-07-30 21:50:09 52224 --sha-w- c:\windows\system32\vimoveta.dll
2009-07-10 12:03:33 1011429 --sha-w- c:\windows\system32\visegobu.exe
2009-08-07 01:23:16 3 --sha-w- c:\windows\system32\vuwizodi.dll
2009-08-07 01:23:16 3 --sha-w- c:\windows\system32\yaromido.dll
2009-07-21 20:55:02 52224 --sha-w- c:\windows\system32\yefapuza.dll
2009-08-06 23:55:41 3 --sha-w- c:\windows\system32\zopuwole.dll

============= FINISH: 19:34:34.64 ===============

Attached Files


Edited by Orange Blossom, 08 November 2009 - 05:50 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:07 AM

Posted 12 November 2009 - 04:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 jayday

jayday
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 13 November 2009 - 01:30 PM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Jason Day at 12:56:18.82 on Fri 11/13/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.61 [GMT -5:00]

AV: avast! antivirus 4.8.1356 [VPS 091113-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Jason Day\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.sbc.com/dsl
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {52706EF7-D7A2-49AD-A615-E903858CF284} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9c1cf438-8994-43fe-8216-c87a7475bf19} - c:\windows\system32\axaltoc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Antivirus Plus BHO: {c2b5aab8-2183-4be7-81a6-f11493c45872} - c:\documents and settings\administrator\application data\antivirus plus\AntiVirus Plus.70367200.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [H/PC Connection Agent] c:\progra~1\mi3aa1~1\wcescomm.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\administrator\application data\antivirus plus\AntiVirus Plus.70367200.dll", start 70367200
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [71080319] c:\docume~1\alluse~1\applic~1\71080319\71080319.exe
mRun: [48680430] c:\docume~1\alluse~1\applic~1\48680430\48680430.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [48084024] c:\docume~1\alluse~1\applic~1\48084024\48084024.exe
mRun: [64060723] c:\docume~1\alluse~1\applic~1\64060723\64060723.exe
mRun: [29127425] c:\docume~1\alluse~1\applic~1\29127425\29127425.exe
mRun: [73871834] c:\docume~1\alluse~1\applic~1\73871834\73871834.exe
mRun: [53738430] c:\docume~1\alluse~1\applic~1\53738430\53738430.exe
mRun: [06715524] c:\documents and settings\all users\application data\06715524\06715524.exe
mRun: [83220924] c:\documents and settings\all users\application data\83220924\83220924.exe
mRun: [66701121] c:\documents and settings\all users\application data\66701121\66701121.exe
mRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\administrator\application data\antivirus plus\AntiVirus Plus.70367200.dll", start 70367200
mRun: [dakuwaviw] Rundll32.exe "c:\windows\system32\guhiziho.dll",a
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
dRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\administrator\application data\antivirus plus\AntiVirus Plus.70367200.dll", start 70367200
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\jasond~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: __c0075818 - c:\windows\system32\__c0075818.dat
AppInit_DLLs: c:\windows\system32\kavezopa.dll c:\windows\system32\mizezilo.dll c:\windows\system32\kunuzavi.dll c:\windows\system32\dadirova.dll bijukotu.dll c:\windows\system32\boruviya.dll c:\windows\system32\guhiziho.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: fonizorez - {c702f2b0-3758-41f6-9ec5-5915d32db348} - c:\windows\system32\godidusa.dll
SSODL: gamojilom - {d7e307c3-482c-4eae-b627-d5fd7749ee1e} - c:\windows\system32\popezaho.dll
SSODL: damipaned - {8bbbe363-e55c-433e-a019-6de31f0fe2df} - c:\windows\system32\makatulo.dll
SSODL: leyulalet - {538d687b-0e21-4bc6-aba5-e120f8fc1882} - c:\windows\system32\fawedevi.dll
SSODL: kefoninaw - {9a127b44-fc9b-4da5-b73e-a7a8f62e5536} - c:\windows\system32\fawedevi.dll
SSODL: pokevebis - {034aa3a9-4ba8-4eec-89d7-fc824efc07fb} - c:\windows\system32\fawedevi.dll
SSODL: bejehenev - {8d2d48fa-bee7-404c-85c9-51ea3137c559} - c:\windows\system32\fawedevi.dll
SSODL: wunokohir - {ea332d26-9102-4ff5-ac92-0428a5a15760} - c:\windows\system32\dadirova.dll
SSODL: barotofat - {f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb} - c:\windows\system32\boruviya.dll
SSODL: jugulorog - {a253023a-c11d-40fc-b2e5-22ab1b3592df} - c:\windows\system32\guhiziho.dll
SSODL: wejumunef - {81910469-41c6-4d10-88a9-614a1b608969} - c:\windows\system32\guhiziho.dll
STS: jugezatag: {c702f2b0-3758-41f6-9ec5-5915d32db348} - c:\windows\system32\godidusa.dll
STS: tokatiluy: {d7e307c3-482c-4eae-b627-d5fd7749ee1e} - c:\windows\system32\popezaho.dll
STS: tokatiluy: {8bbbe363-e55c-433e-a019-6de31f0fe2df} - c:\windows\system32\makatulo.dll
STS: tokatiluy: {193a944c-625e-4cb4-915f-cc7e370b5943} - c:\windows\system32\makatulo.dll
STS: mujuzedij: {538d687b-0e21-4bc6-aba5-e120f8fc1882} - c:\windows\system32\fawedevi.dll
STS: mujuzedij: {9a127b44-fc9b-4da5-b73e-a7a8f62e5536} - c:\windows\system32\fawedevi.dll
STS: jugezatag: {034aa3a9-4ba8-4eec-89d7-fc824efc07fb} - c:\windows\system32\fawedevi.dll
STS: mujuzedij: {8d2d48fa-bee7-404c-85c9-51ea3137c559} - c:\windows\system32\fawedevi.dll
STS: kupuhivus: {ea332d26-9102-4ff5-ac92-0428a5a15760} - c:\windows\system32\dadirova.dll
STS: tokatiluy: {f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb} - c:\windows\system32\boruviya.dll
STS: kupuhivus: {a253023a-c11d-40fc-b2e5-22ab1b3592df} - c:\windows\system32\guhiziho.dll
STS: mujuzedij: {81910469-41c6-4d10-88a9-614a1b608969} - c:\windows\system32\guhiziho.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli jasosise.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-10 114768]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-10 20560]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-14 24652]
S3 501bf130-9418-4262-aa05-1834b83cf7fa;501bf130-9418-4262-aa05-1834b83cf7fa;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-12-22 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-06 22:06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 22:06:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 02:04:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 02:04:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-04 00:39:21 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-04 00:21:42 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-04 00:21:33 0 d-----w- c:\docume~1\jasond~1\applic~1\SUPERAntiSpyware.com
2009-11-03 23:54:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-17 01:49:01 3550592 ----a-w- C:\procexp.exe
2009-10-16 20:58:06 4045528 ----a-w- C:\mbam-setup.exe
2009-10-14 22:49:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-14 22:49:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-08-21 09:46:35 450560 ------w- c:\windows\system32\dllcache\jscript.dll
2009-04-12 12:33:53 0 ----a-w- c:\program files\temp01
2006-02-19 03:09:23 56 --sh--r- c:\windows\system32\4A9F9E28FB.sys
2009-07-13 19:56:43 1011606 --sha-w- c:\windows\system32\berinege.exe
2009-08-13 00:54:45 53760 --sha-w- c:\windows\system32\bijukotu.dll
2009-08-06 23:33:09 3 --sha-w- c:\windows\system32\bimeyonu.dll
2009-08-07 01:45:48 3 --sha-w- c:\windows\system32\bozagudu.dll
2009-08-07 03:13:23 3 --sha-w- c:\windows\system32\bufufodu.dll
2009-08-08 01:19:55 3 --sha-w- c:\windows\system32\bulawasi.dll
2009-07-11 00:10:09 1011386 --sha-w- c:\windows\system32\buraboto.exe
2009-08-07 03:13:23 3 --sha-w- c:\windows\system32\daweyuve.dll
2009-08-07 03:35:56 3 --sha-w- c:\windows\system32\disekoha.dll
2009-07-15 20:57:23 1112656 --sha-w- c:\windows\system32\duwibudo.exe
2009-08-13 00:54:08 61440 --sha-w- c:\windows\system32\fopinope.dll
2009-08-07 03:35:56 3 --sha-w- c:\windows\system32\fuhubuga.dll
2009-08-13 13:25:53 93184 --sha-w- c:\windows\system32\guhiziho.dll
2009-07-20 20:46:47 1011326 --sha-w- c:\windows\system32\hamohive.exe
2009-08-13 00:54:45 53760 --sha-w- c:\windows\system32\jasosise.dll
2009-08-07 01:00:44 3 --sha-w- c:\windows\system32\jevayeyi.dll
2006-02-19 03:09:23 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-06 23:33:09 3 --sha-w- c:\windows\system32\kibalebe.dll
2009-08-07 02:08:20 3 --sha-w- c:\windows\system32\kokihove.dll
2009-07-09 20:28:40 1011718 --sha-w- c:\windows\system32\kugokigu.exe
2009-08-08 01:42:30 3 --sha-w- c:\windows\system32\mebokewe.dll
2009-08-13 13:25:53 61440 --sha-w- c:\windows\system32\nasikaje.dll
2009-08-06 23:10:36 3 --sha-w- c:\windows\system32\nejefiju.dll
2009-08-07 01:45:48 3 --sha-w- c:\windows\system32\nitifemo.dll
2009-08-07 01:00:44 3 --sha-w- c:\windows\system32\pufidihu.dll
2009-08-13 00:54:45 53760 --sha-w- c:\windows\system32\putabami.dll
2009-08-13 13:25:55 39424 --sha-w- c:\windows\system32\sakalimo.dll
2009-08-07 02:08:20 3 --sha-w- c:\windows\system32\sekunara.dll
2009-08-06 23:10:36 3 --sha-w- c:\windows\system32\towozoha.dll
2009-08-06 23:55:41 3 --sha-w- c:\windows\system32\tuvojeto.dll
2009-08-08 01:42:33 3 --sha-w- c:\windows\system32\tuvumuge.dll
2009-07-16 21:54:36 1111915 --sha-w- c:\windows\system32\vakuhimu.exe
2009-07-10 12:03:33 1011429 --sha-w- c:\windows\system32\visegobu.exe
2009-08-07 01:23:16 3 --sha-w- c:\windows\system32\vuwizodi.dll
2009-08-07 01:23:16 3 --sha-w- c:\windows\system32\yaromido.dll
2009-08-08 01:19:58 3 --sha-w- c:\windows\system32\yuwelete.dll
2009-08-13 00:54:07 53760 --sha-w- c:\windows\system32\zinudemi.dll
2009-08-06 23:55:41 3 --sha-w- c:\windows\system32\zopuwole.dll
2009-08-13 00:54:07 1209915 --sha-w- c:\windows\system32\zuhenawu.exe

============= FINISH: 12:57:49.09 ===============

Attached Files



#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:07 AM

Posted 13 November 2009 - 11:52 PM

Hello, and :( to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :(
  • As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be two people helping you instead of just one, but responses may be somewhat delayed so please be patient!!!!
Please give me a little time to go through your logs. My instructions will be forthcoming.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:07 AM

Posted 16 November 2009 - 02:54 PM

Hello jayday.

I just wanted to give you an update. I have composed a fix for your machine. However, the coach working with me on your case has experienced hard drive failure, and is unable to log on to BC today. We should have some instructions for you sometime tomorrow.

Sorry for the delay.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:07 AM

Posted 16 November 2009 - 08:47 PM

Hello jayday.

Let's get started

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps may require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

***************************************************

I do not recommend that you have more than one antivirus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Trend Micro PC-cillin Internet Security or Avast!.

***************************************************
  • Please download OTM by OldTimer and save it to your desktop. Do Not launch the program yet; we will be using it in a little while.
  • Please open a Notepad file: (From the Start Menu, click Run and type notepad in the window that appears.)
  • Copy the contents of the below code box into the notepad window.
  • Save the file as Fix.txt on your desktop. We will be using this from safe mode later on.
    :files
    c:\windows\system32\axaltoc.dll
    c:\windows\system32\fawedevi.dll
    c:\windows\system32\kavezopa.dll
    c:\windows\system32\mizezilo.dll
    c:\windows\system32\vegozadi.dll
    c:\windows\system32\debeviva.dll
    c:\windows\system32\kunuzavi.dll
    c:\windows\system32\godidusa.dll
    c:\windows\system32\popezaho.dll
    c:\windows\system32\makatulo.dll
    c:\windows\system32\bimeyonu.dll
    c:\windows\system32\bozagudu.dll
    c:\windows\system32\bufufodu.dll
    c:\windows\system32\buraboto.exe
    c:\windows\system32\daweyuve.dll
    c:\windows\system32\dinizuha.dll
    c:\windows\system32\disekoha.dll
    c:\windows\system32\duwibudo.exe
    c:\windows\system32\fagonifa.dll
    c:\windows\system32\fakubija.dll
    c:\windows\system32\fegufula.exe
    c:\windows\system32\fiwevoga.dll
    c:\windows\system32\fuhubuga.dll
    c:\windows\system32\guyifuhi.dll
    c:\windows\system32\hamohive.exe
    c:\windows\system32\jevayeyi.dll
    c:\windows\system32\kadofebi.dll
    c:\windows\system32\kibalebe.dll
    c:\windows\system32\kofidutu.dll
    c:\windows\system32\kokihove.dll
    c:\windows\system32\kugokigu.exe
    c:\windows\system32\lohulatu.dll
    c:\windows\system32\nejefiju.dll
    c:\windows\system32\nilujete.dll
    c:\windows\system32\nitifemo.dll
    c:\windows\system32\nunupofa.dll
    c:\windows\system32\pufidihu.dll
    c:\windows\system32\putevama.dll
    c:\windows\system32\regizogu.dll
    c:\windows\system32\sekunara.dll
    c:\windows\system32\towozoha.dll
    c:\windows\system32\tuvojeto.dll
    c:\windows\system32\vakuhimu.exe
    c:\windows\system32\vimoveta.dll
    c:\windows\system32\visegobu.exe
    c:\windows\system32\vuwizodi.dll
    c:\windows\system32\vuwizodi.dll
    c:\windows\system32\yefapuza.dll
    c:\windows\system32\zopuwole.dll
    c:\documents and settings\administrator\application data\antivirus plus
    c:\documents and settings\all users\application data\71080319
    c:\documents and settings\all users\application data\48680430
    c:\documents and settings\all users\application data\48084024
    c:\documents and settings\all users\application data\64060723
    c:\documents and settings\all users\application data\29127425
    c:\documents and settings\all users\application data\73871834
    c:\documents and settings\all users\application data\53738430
    c:\documents and settings\all users\application data\06715524
    c:\documents and settings\all users\application data\83220924
    c:\windows\system32\__c0075818.dat
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c1cf438-8994-43fe-8216-c87a7475bf19}]
    [-HKEY_CLASSES_ROOT\CLSID\{9c1cf438-8994-43fe-8216-c87a7475bf19}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AntiVirus Plus"=-
    "dakuwaviw"=-
    "71080319"=-
    "48680430"=-
    "48084024"=-
    "64060723"=-
    "29127425"=-
    "73871834"=-
    "53738430"=-
    "06715524"=-
    "83220924"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AntiVirus Plus"=-
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AntiVirus Plus"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NAME]
    "__c0075818"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "fonizorez"=-
    "gamojilom"=-
    "damipaned"=-
    "favomalek"=-
    "leyulalet"=-
    "kefoninaw"=-
    "pokevebis"=-
    "bejehenev"=-
    "maziyupaz"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{c702f2b0-3758-41f6-9ec5-5915d32db348}"=-
    "{d7e307c3-482c-4eae-b627-d5fd7749ee1e}"=-
    "{8bbbe363-e55c-433e-a019-6de31f0fe2df}"=-
    "{193a944c-625e-4cb4-915f-cc7e370b5943}"=-
    "{538d687b-0e21-4bc6-aba5-e120f8fc1882}"=-
    "{9a127b44-fc9b-4da5-b73e-a7a8f62e5536}"=-
    "{034aa3a9-4ba8-4eec-89d7-fc824efc07fb}"=-
    "{8d2d48fa-bee7-404c-85c9-51ea3137c559}"=-
    "{6db8b9e9-5cae-4f2f-9f7a-ab9eaafc82ca}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7): "scecli"
    :Commands
    [Reboot]
***************************************************

Reboot your computer in "Safe Mode" using the F8 method.
To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Make sure you choose the option without networking support. When logging in, do NOT log in under the account titled "Admin" or "Administrator". Log in under your normal user profile.

***************************************************

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • MyWay Search Assistant
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

***************************************************
  • Double click the Posted Image icon on your desktop.
  • Paste the entire contents of the Fix.txt Notepad file that I had you create under the Posted Image area.
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
***************************************************

You should be back in Normal Mode now.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade

In your next reply, please include the following:
OTM Log
RootRepeal Log
A new DDS.txt log. Note that I do not need Attach.txt this time. :(

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:07 AM

Posted 20 November 2009 - 12:02 PM

do you still need help?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:07 AM

Posted 22 November 2009 - 01:00 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:07 AM

Posted 30 November 2009 - 01:52 PM

Topic reopened per user's request.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:07 AM

Posted 30 November 2009 - 02:31 PM

Hello jayday. Welcome back.

Let's start by getting a fresh look at what's going on.
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

***************************************************

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
DDS.txt
Attach.txt
RootRepeal.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 jayday

jayday
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 30 November 2009 - 06:52 PM

DDS:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Jason Day at 18:17:33.96 on Mon 11/30/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.78 [GMT -5:00]

AV: avast! antivirus 4.8.1356 [VPS 091130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Documents and Settings\Jason Day\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.sbc.com/dsl
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {52706EF7-D7A2-49AD-A615-E903858CF284} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9c1cf438-8994-43fe-8216-c87a7475bf19} - c:\windows\system32\axaltoc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [H/PC Connection Agent] c:\progra~1\mi3aa1~1\wcescomm.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\administrator\application data\antivirus plus\AntiVirus Plus.70367200.dll", start 70367200
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [71080319] c:\docume~1\alluse~1\applic~1\71080319\71080319.exe
mRun: [48680430] c:\docume~1\alluse~1\applic~1\48680430\48680430.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [48084024] c:\docume~1\alluse~1\applic~1\48084024\48084024.exe
mRun: [64060723] c:\docume~1\alluse~1\applic~1\64060723\64060723.exe
mRun: [29127425] c:\docume~1\alluse~1\applic~1\29127425\29127425.exe
mRun: [73871834] c:\docume~1\alluse~1\applic~1\73871834\73871834.exe
mRun: [53738430] c:\docume~1\alluse~1\applic~1\53738430\53738430.exe
mRun: [06715524] c:\documents and settings\all users\application data\06715524\06715524.exe
mRun: [83220924] c:\documents and settings\all users\application data\83220924\83220924.exe
mRun: [66701121] c:\documents and settings\all users\application data\66701121\66701121.exe
mRun: [dakuwaviw] Rundll32.exe "c:\windows\system32\hofofazo.dll",a
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\jasond~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: __c0075818 - c:\windows\system32\__c0075818.dat
AppInit_DLLs: c:\windows\system32\kavezopa.dll c:\windows\system32\mizezilo.dll c:\windows\system32\kunuzavi.dll c:\windows\system32\dadirova.dll c:\windows\system32\boruviya.dll c:\windows\system32\hofofazo.dll c:\windows\system32\guhiziho.dll,bijukotu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: fonizorez - {c702f2b0-3758-41f6-9ec5-5915d32db348} - c:\windows\system32\godidusa.dll
SSODL: gamojilom - {d7e307c3-482c-4eae-b627-d5fd7749ee1e} - c:\windows\system32\popezaho.dll
SSODL: damipaned - {8bbbe363-e55c-433e-a019-6de31f0fe2df} - c:\windows\system32\makatulo.dll
SSODL: leyulalet - {538d687b-0e21-4bc6-aba5-e120f8fc1882} - c:\windows\system32\fawedevi.dll
SSODL: kefoninaw - {9a127b44-fc9b-4da5-b73e-a7a8f62e5536} - c:\windows\system32\fawedevi.dll
SSODL: pokevebis - {034aa3a9-4ba8-4eec-89d7-fc824efc07fb} - c:\windows\system32\fawedevi.dll
SSODL: bejehenev - {8d2d48fa-bee7-404c-85c9-51ea3137c559} - c:\windows\system32\fawedevi.dll
SSODL: wunokohir - {ea332d26-9102-4ff5-ac92-0428a5a15760} - c:\windows\system32\dadirova.dll
SSODL: barotofat - {f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb} - c:\windows\system32\boruviya.dll
SSODL: jugulorog - {a253023a-c11d-40fc-b2e5-22ab1b3592df} - c:\windows\system32\hofofazo.dll
SSODL: migobejur - {f3087833-6638-4449-b881-3ca7ea0f342a} - c:\windows\system32\hofofazo.dll
STS: jugezatag: {c702f2b0-3758-41f6-9ec5-5915d32db348} - c:\windows\system32\godidusa.dll
STS: tokatiluy: {d7e307c3-482c-4eae-b627-d5fd7749ee1e} - c:\windows\system32\popezaho.dll
STS: tokatiluy: {8bbbe363-e55c-433e-a019-6de31f0fe2df} - c:\windows\system32\makatulo.dll
STS: tokatiluy: {193a944c-625e-4cb4-915f-cc7e370b5943} - c:\windows\system32\makatulo.dll
STS: mujuzedij: {538d687b-0e21-4bc6-aba5-e120f8fc1882} - c:\windows\system32\fawedevi.dll
STS: mujuzedij: {9a127b44-fc9b-4da5-b73e-a7a8f62e5536} - c:\windows\system32\fawedevi.dll
STS: jugezatag: {034aa3a9-4ba8-4eec-89d7-fc824efc07fb} - c:\windows\system32\fawedevi.dll
STS: mujuzedij: {8d2d48fa-bee7-404c-85c9-51ea3137c559} - c:\windows\system32\fawedevi.dll
STS: kupuhivus: {ea332d26-9102-4ff5-ac92-0428a5a15760} - c:\windows\system32\dadirova.dll
STS: tokatiluy: {f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb} - c:\windows\system32\boruviya.dll
STS: kupuhivus: {a253023a-c11d-40fc-b2e5-22ab1b3592df} - c:\windows\system32\hofofazo.dll
STS: gahurihor: {f3087833-6638-4449-b881-3ca7ea0f342a} - c:\windows\system32\hofofazo.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli jasosise.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-10 114768]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-10 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-14 24652]
S3 501bf130-9418-4262-aa05-1834b83cf7fa;501bf130-9418-4262-aa05-1834b83cf7fa;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-12-22 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-13 18:21:35 14308680 ----a-w- C:\winzip140.exe
2009-11-06 22:06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 22:06:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 02:04:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 02:04:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-04 00:39:21 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-04 00:21:42 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-04 00:21:33 0 d-----w- c:\docume~1\jasond~1\applic~1\SUPERAntiSpyware.com
2009-11-03 23:54:17 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2009-11-06 22:05:49 4045528 ----a-w- C:\mbam-setup.exe
2009-10-16 15:57:58 3550592 ----a-w- C:\procexp.exe
2009-04-12 12:33:53 0 ----a-w- c:\program files\temp01
2006-02-19 03:09:23 56 --sh--r- c:\windows\system32\4A9F9E28FB.sys
2009-07-13 19:56:43 1011606 --sha-w- c:\windows\system32\berinege.exe
2009-08-06 23:33:09 3 --sha-w- c:\windows\system32\bimeyonu.dll
2009-08-07 01:45:48 3 --sha-w- c:\windows\system32\bozagudu.dll
2009-08-07 03:13:23 3 --sha-w- c:\windows\system32\bufufodu.dll
2009-08-08 01:19:55 3 --sha-w- c:\windows\system32\bulawasi.dll
2009-07-11 00:10:09 1011386 --sha-w- c:\windows\system32\buraboto.exe
2009-08-07 03:13:23 3 --sha-w- c:\windows\system32\daweyuve.dll
2009-08-07 03:35:56 3 --sha-w- c:\windows\system32\disekoha.dll
2009-07-15 20:57:23 1112656 --sha-w- c:\windows\system32\duwibudo.exe
2009-08-13 00:54:08 61440 --sha-w- c:\windows\system32\fopinope.dll
2009-08-07 03:35:56 3 --sha-w- c:\windows\system32\fuhubuga.dll
2009-07-20 20:46:47 1011326 --sha-w- c:\windows\system32\hamohive.exe
2009-08-30 15:41:43 92672 --sha-w- c:\windows\system32\hofofazo.dll
2009-08-30 15:41:44 39424 --sha-w- c:\windows\system32\hovufuka.dll
2009-08-13 00:54:45 53760 --sha-w- c:\windows\system32\jasosise.dll
2009-08-07 01:00:44 3 --sha-w- c:\windows\system32\jevayeyi.dll
2006-02-19 03:09:23 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-06 23:33:09 3 --sha-w- c:\windows\system32\kibalebe.dll
2009-08-07 02:08:20 3 --sha-w- c:\windows\system32\kokihove.dll
2009-07-09 20:28:40 1011718 --sha-w- c:\windows\system32\kugokigu.exe
2009-08-08 01:42:30 3 --sha-w- c:\windows\system32\mebokewe.dll
2009-08-13 13:25:53 61440 --sha-w- c:\windows\system32\nasikaje.dll
2009-08-06 23:10:36 3 --sha-w- c:\windows\system32\nejefiju.dll
2009-08-07 01:45:48 3 --sha-w- c:\windows\system32\nitifemo.dll
2009-08-07 01:00:44 3 --sha-w- c:\windows\system32\pufidihu.dll
2009-08-13 00:54:45 53760 --sha-w- c:\windows\system32\putabami.dll
2009-08-13 13:25:55 39424 --sha-w- c:\windows\system32\sakalimo.dll
2009-08-07 02:08:20 3 --sha-w- c:\windows\system32\sekunara.dll
2009-08-06 23:10:36 3 --sha-w- c:\windows\system32\towozoha.dll
2009-08-06 23:55:41 3 --sha-w- c:\windows\system32\tuvojeto.dll
2009-08-08 01:42:33 3 --sha-w- c:\windows\system32\tuvumuge.dll
2009-07-16 21:54:36 1111915 --sha-w- c:\windows\system32\vakuhimu.exe
2009-08-30 15:41:43 61952 --sha-w- c:\windows\system32\velivomo.dll
2009-07-10 12:03:33 1011429 --sha-w- c:\windows\system32\visegobu.exe
2009-08-07 01:23:16 3 --sha-w- c:\windows\system32\vuwizodi.dll
2009-08-07 01:23:16 3 --sha-w- c:\windows\system32\yaromido.dll
2009-08-08 01:19:58 3 --sha-w- c:\windows\system32\yuwelete.dll
2009-08-13 00:54:07 53760 --sha-w- c:\windows\system32\zinudemi.dll
2009-08-06 23:55:41 3 --sha-w- c:\windows\system32\zopuwole.dll
2009-08-13 00:54:07 1209915 --sha-w- c:\windows\system32\zuhenawu.exe

============= FINISH: 18:18:33.12 ===============


Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/1/2005 7:08:56 PM
System Uptime: 11/30/2009 12:28:39 PM (6 hours ago)

Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel® Celeron® CPU 2.53GHz | Microprocessor | 2526/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 26.97 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP598: 9/1/2009 11:04:29 PM - Software Distribution Service 3.0
RP599: 9/4/2009 8:59:08 PM - System Checkpoint
RP600: 9/11/2009 9:18:06 PM - Software Distribution Service 3.0
RP601: 9/13/2009 1:22:12 PM - System Checkpoint
RP602: 9/14/2009 7:27:49 PM - System Checkpoint
RP603: 9/15/2009 7:47:07 PM - System Checkpoint
RP604: 9/17/2009 6:05:19 PM - System Checkpoint
RP605: 9/21/2009 5:15:39 PM - System Checkpoint
RP606: 9/23/2009 7:34:40 PM - System Checkpoint
RP607: 9/24/2009 10:19:35 PM - System Checkpoint
RP608: 9/27/2009 11:49:37 AM - System Checkpoint
RP609: 9/30/2009 7:18:26 AM - System Checkpoint
RP610: 10/3/2009 3:44:37 PM - System Checkpoint
RP611: 10/8/2009 7:06:45 PM - System Checkpoint
RP612: 10/9/2009 7:23:21 PM - System Checkpoint
RP613: 10/12/2009 9:59:51 PM - System Checkpoint
RP614: 10/16/2009 5:50:44 PM - Installed Connect Service
RP615: 10/22/2009 6:26:46 PM - System Checkpoint
RP616: 11/3/2009 8:16:12 PM - Installed SUPERAntiSpyware Free Edition
RP617: 11/3/2009 9:41:23 PM - Removed SUPERAntiSpyware Free Edition
RP618: 11/4/2009 7:40:50 AM - Removed SUPERAntiSpyware Free Edition
RP619: 11/7/2009 9:11:17 PM - System Checkpoint
RP620: 11/13/2009 8:42:27 AM - System Checkpoint
RP621: 11/13/2009 1:23:09 PM - Installed WinZip 14.0
RP622: 11/30/2009 12:14:28 PM - Removed Trend Micro PC-cillin Internet Security 12
RP623: 11/30/2009 12:15:59 PM - Removed TMASOEDL
RP624: 11/30/2009 12:16:19 PM - Removed TMASOLDL

==== Installed Programs ======================

924PLC32
ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
AOLIcon
ArcSoft MediaConverter 2.5
ArcSoft PhotoStudio 5.5
Arthur's Wilderness Rescue
AT&T Self Support Tool
AT&T Yahoo! Applications
avast! Antivirus
Azureus Vuze
Barbie as The Island Princess
Barbie® Pet Rescue
Barbie™ Beauty Boutique™ CD-ROM
Barbie™ Diaries High School Mystery
Big Fish Games Client
Blue's Preschool
BroadJump Client Foundation
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 1.6.1
Canon Utilities EOS Capture 1.3
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Catz (remove only)
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
CSI-Dark Motives
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 924
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Disney's Magic Artist
Dora Backpack
Dora Lost City
EducateU
EOS Capture 1.3
EZface ActiveX 210
Get High Speed Internet!
getPlus®_ocx
GIMP 2.6.4
Google Desktop
Google Toolbar for Internet Explorer
Hello Kitty Cutie World
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Resizer Powertoy for Windows XP
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 10
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Java™ SE Runtime Environment 6 Update 1
Kiplinger's WILLPower
Learn2 Player (Uninstall Only)
LimeWire 4.16.7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MSXML 6 Service Pack 2 (KB954459)
Mystery Case Files: Ravenhearst™
MyWay Search Assistant
Nancy Drew: Treasure in the Royal Tower
Napster for Windows Media Player
Norton Security Scan
Paint.NET v3.36
Pdf995
PdfEdit995 (installed by TaxCut)
Phonics
Photo Click
PhotoStitch
PowerDVD 5.5
Premier Jeweler Software
Puppy Luv
QuickTime
RAW Image Task 2.0
RealPlayer
RemoteCapture Task 1.1
Rhapsody Player Engine
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
SA32xx Device Manager
Scooby-Doo™, Showdown in Ghost Town™
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic Copy Module
Sonic DLA
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware Free Edition
TaxCut Premium 2006
The ClueFinders® Mystery of the Missing Amulet™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip 14.0
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/30/2009 12:16:43 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/30/2009 12:11:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/30/2009 10:46:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/30/2009 10:46:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/30/2009 10:42:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP Fips intelppm SASKUTIL tmtdi
11/30/2009 10:42:54 AM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================


RootRepeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/30 18:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEEA71000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A99000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE4E5000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

==EOF==

Attached Files



#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:07 AM

Posted 01 December 2009 - 02:37 PM

Hello jayday.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps may require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

***************************************************
  • Please download OTM by OldTimer and save it to your desktop. Do Not launch the program yet; we will be using it in a little while.
  • Please open a Notepad file: (From the Start Menu, click Run and type notepad in the window that appears.)
  • Copy the contents of the below code box into the notepad window.
  • Save the file as Fix.txt on your desktop. We will be using this from safe mode later on.
    :files
    c:\windows\system32\axaltoc.dll
    c:\windows\system32\fawedevi.dll
    c:\windows\system32\kavezopa.dll
    c:\windows\system32\mizezilo.dll
    c:\windows\system32\vegozadi.dll
    c:\windows\system32\debeviva.dll
    c:\windows\system32\kunuzavi.dll
    c:\windows\system32\godidusa.dll
    c:\windows\system32\popezaho.dll
    c:\windows\system32\makatulo.dll
    c:\windows\system32\bimeyonu.dll
    c:\windows\system32\bozagudu.dll
    c:\windows\system32\bufufodu.dll
    c:\windows\system32\buraboto.exe
    c:\windows\system32\daweyuve.dll
    c:\windows\system32\dinizuha.dll
    c:\windows\system32\disekoha.dll
    c:\windows\system32\duwibudo.exe
    c:\windows\system32\fagonifa.dll
    c:\windows\system32\fakubija.dll
    c:\windows\system32\fegufula.exe
    c:\windows\system32\fiwevoga.dll
    c:\windows\system32\fuhubuga.dll
    c:\windows\system32\guyifuhi.dll
    c:\windows\system32\hamohive.exe
    c:\windows\system32\jevayeyi.dll
    c:\windows\system32\kadofebi.dll
    c:\windows\system32\kibalebe.dll
    c:\windows\system32\kofidutu.dll
    c:\windows\system32\kokihove.dll
    c:\windows\system32\kugokigu.exe
    c:\windows\system32\lohulatu.dll
    c:\windows\system32\nejefiju.dll
    c:\windows\system32\nilujete.dll
    c:\windows\system32\nitifemo.dll
    c:\windows\system32\nunupofa.dll
    c:\windows\system32\pufidihu.dll
    c:\windows\system32\putevama.dll
    c:\windows\system32\regizogu.dll
    c:\windows\system32\sekunara.dll
    c:\windows\system32\towozoha.dll
    c:\windows\system32\tuvojeto.dll
    c:\windows\system32\vakuhimu.exe
    c:\windows\system32\vimoveta.dll
    c:\windows\system32\visegobu.exe
    c:\windows\system32\vuwizodi.dll
    c:\windows\system32\vuwizodi.dll
    c:\windows\system32\yefapuza.dll
    c:\windows\system32\zopuwole.dll
    c:\documents and settings\administrator\application data\antivirus plus
    c:\documents and settings\all users\application data\71080319
    c:\documents and settings\all users\application data\48680430
    c:\documents and settings\all users\application data\48084024
    c:\documents and settings\all users\application data\64060723
    c:\documents and settings\all users\application data\29127425
    c:\documents and settings\all users\application data\73871834
    c:\documents and settings\all users\application data\53738430
    c:\documents and settings\all users\application data\06715524
    c:\documents and settings\all users\application data\83220924
    c:\windows\system32\__c0075818.dat
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c1cf438-8994-43fe-8216-c87a7475bf19}]
    [-HKEY_CLASSES_ROOT\CLSID\{9c1cf438-8994-43fe-8216-c87a7475bf19}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AntiVirus Plus"=-
    "dakuwaviw"=-
    "71080319"=-
    "48680430"=-
    "48084024"=-
    "64060723"=-
    "29127425"=-
    "73871834"=-
    "53738430"=-
    "06715524"=-
    "83220924"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AntiVirus Plus"=-
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AntiVirus Plus"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NAME]
    "__c0075818"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "fonizorez"=-
    "gamojilom"=-
    "damipaned"=-
    "favomalek"=-
    "leyulalet"=-
    "kefoninaw"=-
    "pokevebis"=-
    "bejehenev"=-
    "maziyupaz"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{c702f2b0-3758-41f6-9ec5-5915d32db348}"=-
    "{d7e307c3-482c-4eae-b627-d5fd7749ee1e}"=-
    "{8bbbe363-e55c-433e-a019-6de31f0fe2df}"=-
    "{193a944c-625e-4cb4-915f-cc7e370b5943}"=-
    "{538d687b-0e21-4bc6-aba5-e120f8fc1882}"=-
    "{9a127b44-fc9b-4da5-b73e-a7a8f62e5536}"=-
    "{034aa3a9-4ba8-4eec-89d7-fc824efc07fb}"=-
    "{8d2d48fa-bee7-404c-85c9-51ea3137c559}"=-
    "{6db8b9e9-5cae-4f2f-9f7a-ab9eaafc82ca}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7): "scecli"
    :Commands
    [Reboot]
***************************************************

Reboot your computer in "Safe Mode" using the F8 method.
To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Make sure you choose the option without networking support. When logging in, do NOT log in under the account titled "Admin" or "Administrator". Log in under your normal user profile.

***************************************************

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • MyWay Search Assistant
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

***************************************************
  • Double click the Posted Image icon on your desktop.
  • Paste the entire contents of the Fix.txt Notepad file that I had you create under the Posted Image area.
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
~Blade

In your next reply, please include the following:
OTM Log
A new DDS.txt log. Note that I do not need Attach.txt this time. :(

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 jayday

jayday
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 01 December 2009 - 06:30 PM

I attempted to remove MyWay Search Assistant three times while in safe mode but I received this message each time: "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

OTM Log:

========== FILES ==========
File/Folder c:\windows\system32\axaltoc.dll not found.
File/Folder c:\windows\system32\fawedevi.dll not found.
File/Folder c:\windows\system32\kavezopa.dll not found.
File/Folder c:\windows\system32\mizezilo.dll not found.
File/Folder c:\windows\system32\vegozadi.dll not found.
File/Folder c:\windows\system32\debeviva.dll not found.
File/Folder c:\windows\system32\kunuzavi.dll not found.
File/Folder c:\windows\system32\godidusa.dll not found.
File/Folder c:\windows\system32\popezaho.dll not found.
File/Folder c:\windows\system32\makatulo.dll not found.
LoadLibrary failed for c:\windows\system32\bimeyonu.dll
c:\windows\system32\bimeyonu.dll moved successfully.
LoadLibrary failed for c:\windows\system32\bozagudu.dll
c:\windows\system32\bozagudu.dll moved successfully.
LoadLibrary failed for c:\windows\system32\bufufodu.dll
c:\windows\system32\bufufodu.dll moved successfully.
c:\windows\system32\buraboto.exe moved successfully.
LoadLibrary failed for c:\windows\system32\daweyuve.dll
c:\windows\system32\daweyuve.dll moved successfully.
File/Folder c:\windows\system32\dinizuha.dll not found.
LoadLibrary failed for c:\windows\system32\disekoha.dll
c:\windows\system32\disekoha.dll moved successfully.
c:\windows\system32\duwibudo.exe moved successfully.
File/Folder c:\windows\system32\fagonifa.dll not found.
File/Folder c:\windows\system32\fakubija.dll not found.
File/Folder c:\windows\system32\fegufula.exe not found.
File/Folder c:\windows\system32\fiwevoga.dll not found.
LoadLibrary failed for c:\windows\system32\fuhubuga.dll
c:\windows\system32\fuhubuga.dll moved successfully.
File/Folder c:\windows\system32\guyifuhi.dll not found.
c:\windows\system32\hamohive.exe moved successfully.
LoadLibrary failed for c:\windows\system32\jevayeyi.dll
c:\windows\system32\jevayeyi.dll moved successfully.
File/Folder c:\windows\system32\kadofebi.dll not found.
LoadLibrary failed for c:\windows\system32\kibalebe.dll
c:\windows\system32\kibalebe.dll moved successfully.
File/Folder c:\windows\system32\kofidutu.dll not found.
LoadLibrary failed for c:\windows\system32\kokihove.dll
c:\windows\system32\kokihove.dll moved successfully.
c:\windows\system32\kugokigu.exe moved successfully.
File/Folder c:\windows\system32\lohulatu.dll not found.
LoadLibrary failed for c:\windows\system32\nejefiju.dll
c:\windows\system32\nejefiju.dll moved successfully.
File/Folder c:\windows\system32\nilujete.dll not found.
LoadLibrary failed for c:\windows\system32\nitifemo.dll
c:\windows\system32\nitifemo.dll moved successfully.
File/Folder c:\windows\system32\nunupofa.dll not found.
LoadLibrary failed for c:\windows\system32\pufidihu.dll
c:\windows\system32\pufidihu.dll moved successfully.
File/Folder c:\windows\system32\putevama.dll not found.
File/Folder c:\windows\system32\regizogu.dll not found.
LoadLibrary failed for c:\windows\system32\sekunara.dll
c:\windows\system32\sekunara.dll moved successfully.
LoadLibrary failed for c:\windows\system32\towozoha.dll
c:\windows\system32\towozoha.dll moved successfully.
LoadLibrary failed for c:\windows\system32\tuvojeto.dll
c:\windows\system32\tuvojeto.dll moved successfully.
c:\windows\system32\vakuhimu.exe moved successfully.
File/Folder c:\windows\system32\vimoveta.dll not found.
c:\windows\system32\visegobu.exe moved successfully.
LoadLibrary failed for c:\windows\system32\vuwizodi.dll
c:\windows\system32\vuwizodi.dll moved successfully.
File/Folder c:\windows\system32\vuwizodi.dll not found.
File/Folder c:\windows\system32\yefapuza.dll not found.
LoadLibrary failed for c:\windows\system32\zopuwole.dll
c:\windows\system32\zopuwole.dll moved successfully.
c:\documents and settings\administrator\application data\AntiVirus Plus folder moved successfully.
File/Folder c:\documents and settings\all users\application data\71080319 not found.
File/Folder c:\documents and settings\all users\application data\48680430 not found.
File/Folder c:\documents and settings\all users\application data\48084024 not found.
File/Folder c:\documents and settings\all users\application data\64060723 not found.
File/Folder c:\documents and settings\all users\application data\29127425 not found.
File/Folder c:\documents and settings\all users\application data\73871834 not found.
File/Folder c:\documents and settings\all users\application data\53738430 not found.
File/Folder c:\documents and settings\all users\application data\06715524 not found.
File/Folder c:\documents and settings\all users\application data\83220924 not found.
File/Folder c:\windows\system32\__c0075818.dat not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c1cf438-8994-43fe-8216-c87a7475bf19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c1cf438-8994-43fe-8216-c87a7475bf19}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{9c1cf438-8994-43fe-8216-c87a7475bf19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c1cf438-8994-43fe-8216-c87a7475bf19}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dakuwaviw deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\71080319 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\48680430 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\48084024 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\64060723 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\29127425 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\73871834 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\53738430 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\06715524 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\83220924 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus not found.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NAME not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fonizorez deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gamojilom deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\damipaned deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\favomalek not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\leyulalet deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kefoninaw deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pokevebis deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\bejehenev deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\maziyupaz not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{c702f2b0-3758-41f6-9ec5-5915d32db348} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c702f2b0-3758-41f6-9ec5-5915d32db348}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{d7e307c3-482c-4eae-b627-d5fd7749ee1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7e307c3-482c-4eae-b627-d5fd7749ee1e}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{8bbbe363-e55c-433e-a019-6de31f0fe2df} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bbbe363-e55c-433e-a019-6de31f0fe2df}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{193a944c-625e-4cb4-915f-cc7e370b5943} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{193a944c-625e-4cb4-915f-cc7e370b5943}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{538d687b-0e21-4bc6-aba5-e120f8fc1882} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{538d687b-0e21-4bc6-aba5-e120f8fc1882}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{9a127b44-fc9b-4da5-b73e-a7a8f62e5536} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a127b44-fc9b-4da5-b73e-a7a8f62e5536}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{034aa3a9-4ba8-4eec-89d7-fc824efc07fb} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034aa3a9-4ba8-4eec-89d7-fc824efc07fb}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{8d2d48fa-bee7-404c-85c9-51ea3137c559} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d2d48fa-bee7-404c-85c9-51ea3137c559}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{6db8b9e9-5cae-4f2f-9f7a-ab9eaafc82ca} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db8b9e9-5cae-4f2f-9f7a-ab9eaafc82ca}\ not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7): "scecli" /E : value set successfully!
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.2.0 log created on 12012009_180230


DDS Log:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Jason Day at 18:22:42.59 on Tue 12/01/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.183 [GMT -5:00]

AV: avast! antivirus 4.8.1356 [VPS 091201-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Jason Day\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.sbc.com/dsl
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {52706EF7-D7A2-49AD-A615-E903858CF284} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [H/PC Connection Agent] c:\progra~1\mi3aa1~1\wcescomm.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [66701121] c:\documents and settings\all users\application data\66701121\66701121.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\jasond~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: __c0075818 - c:\windows\system32\__c0075818.dat
AppInit_DLLs: bijukotu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: wunokohir - {ea332d26-9102-4ff5-ac92-0428a5a15760} - c:\windows\system32\dadirova.dll
SSODL: barotofat - {f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb} - c:\windows\system32\boruviya.dll
SSODL: migobejur - {f3087833-6638-4449-b881-3ca7ea0f342a} - c:\windows\system32\hofofazo.dll
STS: kupuhivus: {ea332d26-9102-4ff5-ac92-0428a5a15760} - c:\windows\system32\dadirova.dll
STS: tokatiluy: {f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb} - c:\windows\system32\boruviya.dll
STS: gahurihor: {f3087833-6638-4449-b881-3ca7ea0f342a} - c:\windows\system32\hofofazo.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli jasosise.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-10 114768]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-10 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-14 24652]
S3 501bf130-9418-4262-aa05-1834b83cf7fa;501bf130-9418-4262-aa05-1834b83cf7fa;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-12-22 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-12-01 23:02:30 0 d-----w- C:\_OTM
2009-11-13 18:21:35 14308680 ----a-w- C:\winzip140.exe
2009-11-06 22:06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 22:06:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 02:04:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 02:04:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-04 00:39:21 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-04 00:21:42 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-04 00:21:33 0 d-----w- c:\docume~1\jasond~1\applic~1\SUPERAntiSpyware.com
2009-11-03 23:54:17 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2009-11-06 22:05:49 4045528 ----a-w- C:\mbam-setup.exe
2009-10-16 15:57:58 3550592 ----a-w- C:\procexp.exe
2009-04-12 12:33:53 0 ----a-w- c:\program files\temp01
2006-02-19 03:09:23 56 --sh--r- c:\windows\system32\4A9F9E28FB.sys
2009-07-13 19:56:43 1011606 --sha-w- c:\windows\system32\berinege.exe
2009-08-08 01:19:55 3 --sha-w- c:\windows\system32\bulawasi.dll
2009-08-13 00:54:08 61440 --sha-w- c:\windows\system32\fopinope.dll
2009-08-30 15:41:44 39424 --sha-w- c:\windows\system32\hovufuka.dll
2009-08-13 00:54:45 53760 --sha-w- c:\windows\system32\jasosise.dll
2006-02-19 03:09:23 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-08 01:42:30 3 --sha-w- c:\windows\system32\mebokewe.dll
2009-08-13 13:25:53 61440 --sha-w- c:\windows\system32\nasikaje.dll
2009-08-13 00:54:45 53760 --sha-w- c:\windows\system32\putabami.dll
2009-08-13 13:25:55 39424 --sha-w- c:\windows\system32\sakalimo.dll
2009-08-08 01:42:33 3 --sha-w- c:\windows\system32\tuvumuge.dll
2009-08-30 15:41:43 61952 --sha-w- c:\windows\system32\velivomo.dll
2009-08-07 01:23:16 3 --sha-w- c:\windows\system32\yaromido.dll
2009-08-08 01:19:58 3 --sha-w- c:\windows\system32\yuwelete.dll
2009-08-13 00:54:07 53760 --sha-w- c:\windows\system32\zinudemi.dll
2009-08-13 00:54:07 1209915 --sha-w- c:\windows\system32\zuhenawu.exe

============= FINISH: 18:23:18.95 ===============

#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:07 AM

Posted 03 December 2009 - 08:12 AM

Hello jayday.

I attempted to remove MyWay Search Assistant three times while in safe mode but I received this message each time: "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


Try uninstalling it in Normal Mode please. If you still get the error let me know.

***************************************************
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\windows\system32\berinege.exe
    c:\windows\system32\bulawasi.dll
    c:\windows\system32\fopinope.dll
    c:\windows\system32\hovufuka.dll
    c:\windows\system32\jasosise.dll
    c:\windows\system32\mebokewe.dll
    c:\windows\system32\nasikaje.dll
    c:\windows\system32\putabami.dll
    c:\windows\system32\sakalimo.dll
    c:\windows\system32\tuvumuge.dll
    c:\windows\system32\velivomo.dll
    c:\windows\system32\yaromido.dll
    c:\windows\system32\yuwelete.dll
    c:\windows\system32\zinudemi.dll
    c:\windows\system32\zinudemi.dll
    
    
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "66701121"=-
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0075818]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "wunokohir"=-
    "barotofat"=-
    "migobejur"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{ea332d26-9102-4ff5-ac92-0428a5a15760}"=-
    "{f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb}"=-
    "{f3087833-6638-4449-b881-3ca7ea0f342a}"=-
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7): "scecli"
    
    :commands
    [reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
***************************************************

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------

VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.

Double click on renamed.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt in your next reply so we can continue cleaning the system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
OTM log
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 jayday

jayday
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 03 December 2009 - 07:29 PM

MyWay Search Assistant removed in normal mode.

OTM Log:

========== FILES ==========
c:\windows\system32\berinege.exe moved successfully.
LoadLibrary failed for c:\windows\system32\bulawasi.dll
c:\windows\system32\bulawasi.dll moved successfully.
LoadLibrary failed for c:\windows\system32\fopinope.dll
File move failed. c:\windows\system32\fopinope.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\hovufuka.dll
File move failed. c:\windows\system32\hovufuka.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\jasosise.dll
File move failed. c:\windows\system32\jasosise.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\mebokewe.dll
c:\windows\system32\mebokewe.dll moved successfully.
LoadLibrary failed for c:\windows\system32\nasikaje.dll
File move failed. c:\windows\system32\nasikaje.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\putabami.dll
File move failed. c:\windows\system32\putabami.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\sakalimo.dll
File move failed. c:\windows\system32\sakalimo.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\tuvumuge.dll
c:\windows\system32\tuvumuge.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\velivomo.dll
c:\windows\system32\velivomo.dll moved successfully.
LoadLibrary failed for c:\windows\system32\yaromido.dll
c:\windows\system32\yaromido.dll moved successfully.
LoadLibrary failed for c:\windows\system32\yuwelete.dll
c:\windows\system32\yuwelete.dll moved successfully.
LoadLibrary failed for c:\windows\system32\zinudemi.dll
File move failed. c:\windows\system32\zinudemi.dll scheduled to be moved on reboot.
File/Folder c:\windows\system32\zinudemi.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{52706EF7-D7A2-49AD-A615-E903858CF284}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52706EF7-D7A2-49AD-A615-E903858CF284}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\66701121 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0075818\ deleted successfully.
Invalid CLSID key: __c0075818
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wunokohir deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\barotofat deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\migobejur deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{ea332d26-9102-4ff5-ac92-0428a5a15760} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea332d26-9102-4ff5-ac92-0428a5a15760}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92fdae7-1e5f-45db-bee0-b5eb8b88f0cb}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{f3087833-6638-4449-b881-3ca7ea0f342a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3087833-6638-4449-b881-3ca7ea0f342a}\ deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7): "scecli" /E : value set successfully!
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.2.0 log created on 12032009_181753

Combo Fix Log:

ComboFix 09-12-03.02 - Jason Day 12/03/2009 18:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.241 [GMT -5:00]
Running from: c:\documents and settings\Jason Day\Desktop\renamed.exe
AV: avast! antivirus 4.8.1356 [VPS 091203-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\avp.ico
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk
c:\documents and settings\Administrator\Start Menu\Programs\AntiVirus Plus
c:\documents and settings\Administrator\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\documents and settings\Administrator\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\documents and settings\Administrator\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus
c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\documents and settings\Dianne Day\Desktop\Security Tool.lnk
c:\documents and settings\Dianne Day\Start Menu\Programs\Security Tool.lnk
c:\documents and settings\Jason Day\Application Data\avp.ico
c:\documents and settings\Jason Day\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk
c:\documents and settings\Jason Day\Start Menu\Programs\AntiVirus Plus
c:\documents and settings\Jason Day\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\documents and settings\Jason Day\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\documents and settings\Jason Day\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\documents and settings\Kiley Day\Desktop\Security Tool.lnk
c:\documents and settings\Kiley Day\Start Menu\Programs\Security Tool.lnk
C:\LOG.TXT
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\recycler\S-1-5-21-606747145-1085031214-725345543-500
c:\windows\system32\drivers\qxzzbvvk.sys
c:\windows\system32\SKYNETaiqoigil.dat
c:\windows\system32\SKYNETxnscmejw.dat

c:\windows\system32\hid.dll . . . is infected!!

c:\windows\system32\midimap.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNETBQJITTIM
-------\Service_SKYNETbqjittim


((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-03 23:46 . 2009-12-03 23:47 -------- d-----w- c:\windows\LastGood
2009-12-01 23:02 . 2009-12-01 23:02 -------- d-----w- C:\_OTM
2009-11-13 18:23 . 2009-11-13 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-13 18:21 . 2009-11-13 18:21 14308680 ----a-w- C:\winzip140.exe
2009-11-06 22:05 . 2009-11-30 23:15 79488 ----a-w- c:\documents and settings\Jason Day\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-04 02:04 . 2009-11-06 21:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 02:04 . 2009-11-04 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 00:39 . 2009-11-04 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-04 00:21 . 2009-11-04 00:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-04 00:21 . 2009-11-04 00:21 -------- d-----w- c:\documents and settings\Jason Day\Application Data\SUPERAntiSpyware.com
2009-11-03 23:54 . 2009-11-03 23:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 23:05 . 2009-10-14 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 15:48 . 2005-12-20 00:15 -------- d-----w- c:\program files\Dl_cats
2009-11-14 00:10 . 2008-08-06 10:36 488968 ----a-w- c:\documents and settings\Jason Day\Application Data\Real\Update\setup\setup.exe
2009-11-13 23:01 . 2008-04-18 19:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-06 22:05 . 2009-10-16 20:58 4045528 ----a-w- C:\mbam-setup.exe
2009-10-17 01:35 . 2009-04-12 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 21:50 . 2005-11-29 02:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 20:58 . 2009-10-16 20:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-16 15:57 . 2009-10-17 01:49 3550592 ----a-w- C:\procexp.exe
2009-10-16 00:14 . 2009-10-16 00:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-10-14 22:49 . 2009-10-14 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-26 00:08 . 2009-09-26 00:08 10628032 ----a-w- c:\documents and settings\Jason Day\Application Data\Azureus\tmp\AZU20908.tmp\Vuze_4.2.0.8b_win32.exe
2009-09-22 01:50 . 2009-09-22 01:50 132 ----a-w- c:\documents and settings\Jason Day\Local Settings\Application Data\fusioncache.dat
2009-09-15 10:59 . 2009-10-10 23:08 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-10-10 23:08 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-10-10 23:08 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-10 23:08 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-10 23:08 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-10-10 23:09 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-10-10 23:09 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-10-10 23:09 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-10-10 23:08 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-04-12 12:33 . 2009-04-12 12:33 0 ----a-w- c:\program files\temp01
2006-02-19 03:09 . 2005-12-31 06:38 56 --sh--r- c:\windows\system32\4A9F9E28FB.sys
2006-02-19 03:09 . 2005-12-31 06:38 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-13 00:54 . 2009-08-13 00:54 1209915 --sha-w- c:\windows\system32\zuhenawu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-20 29744]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-22 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-12 136600]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\Kiley Day\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-4-29 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-10-13 495432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Ymsgr_tray.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\Setup\\avast.setup"=
"c:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"=
"c:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 924\\dlccmon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiadap.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/10/2009 6:08 PM 114768]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/10/2009 6:08 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/14/2009 9:56 PM 24652]
S3 501bf130-9418-4262-aa05-1834b83cf7fa;501bf130-9418-4262-aa05-1834b83cf7fa;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/22/2005 5:40 PM 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\Norton Security Scan for Jason Day.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-05 00:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-H/PC Connection Agent - c:\progra~1\MI3AA1~1\wcescomm.exe
AddRemove-Pdf995 - c:\program files\pdf995\setup.exe uninstall
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-Scooby-Doo™, Showdown in Ghost Town™ - c:\program files\The Learning Company\Scooby-Doo™
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 18:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32\wups2.dll.wusetup.167859.new 44768 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1204)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\dlcccoms.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-12-03 18:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-03 23:59

Pre-Run: 28,843,761,664 bytes free
Post-Run: 29,536,595,968 bytes free

- - End Of File - - 6DFC1E81F028B601D6D94EF8A3A104FA




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users