Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Guard 2009


  • This topic is locked This topic is locked
20 replies to this topic

#1 tmcmahon2

tmcmahon2

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 10 November 2009 - 08:12 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/270097/personal-guard-2009/ ~ OB

Personal Guard 2009 has infected my computer and it comes back within 10 seconds of deletion. It has prevented me from accessing safe mode and random popups come up while I am browsing the internet.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Tim at 18:28:56.37 on Tue 11/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.947 [GMT -6:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AIM6\anotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\Tim\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mWinlogon: Shell=Explorer.exe logon.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [desakivim] Rundll32.exe "c:\windows\system32\sesanujo.dll",a
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
AppInit_DLLs: pinofivu.dll c:\windows\system32\sesanujo.dll
SSODL: wifapagid - {ef523c5f-cefb-487e-acc3-ef81a04ec11d} - c:\windows\system32\sofekiri.dll
SSODL: lezoyulam - {86fdcff8-28b4-49f6-8fef-2e7c42611d60} - c:\windows\system32\sofekiri.dll
SSODL: bamuvidoj - {0e9d5226-833a-4fd0-8294-c4c132b8c030} - c:\windows\system32\sofekiri.dll
SSODL: jokamavav - {eb1e363c-48f6-4cd4-be47-0a6d86e49a09} - c:\windows\system32\sofekiri.dll
SSODL: hahupuhen - {33a0a1a2-962e-48ad-a6f0-b6368a050480} - c:\windows\system32\sofekiri.dll
SSODL: jedowifah - {feed996e-3c85-4189-a2ce-c6b069683207} - c:\windows\system32\jijoyowe.dll
SSODL: SysNet - {ECA006FD-31E9-4FA0-A714-3E1065FE1EB9} - c:\documents and settings\all users\microsoft adata\sysnet.dll
SSODL: bobipazeg - {8b797e64-6ef6-4e62-ad53-9e05b4cdece1} - c:\windows\system32\sesanujo.dll
STS: gahurihor: {ef523c5f-cefb-487e-acc3-ef81a04ec11d} - c:\windows\system32\sofekiri.dll
STS: mujuzedij: {86fdcff8-28b4-49f6-8fef-2e7c42611d60} - c:\windows\system32\sofekiri.dll
STS: tokatiluy: {0e9d5226-833a-4fd0-8294-c4c132b8c030} - c:\windows\system32\sofekiri.dll
STS: jugezatag: {eb1e363c-48f6-4cd4-be47-0a6d86e49a09} - c:\windows\system32\sofekiri.dll
STS: tokatiluy: {33a0a1a2-962e-48ad-a6f0-b6368a050480} - c:\windows\system32\sofekiri.dll
STS: mujuzedij: {feed996e-3c85-4189-a2ce-c6b069683207} - c:\windows\system32\jijoyowe.dll
STS: jugezatag: {8b797e64-6ef6-4e62-ad53-9e05b4cdece1} - c:\windows\system32\sesanujo.dll
LSA: Notification Packages = scecli tatoyame.dll tapusura.dll tuhenato.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\52l3btl3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\documents and settings\tim\application data\mozilla\firefox\profiles\52l3btl3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 206256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-3 348824]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-28 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]

=============== Created Last 30 ================

2009-11-09 15:39:00 0 d-----w- C:\Personal Guard 2009
2009-11-09 15:39:00 0 ----a-w- C:\Personal Guard 2009.lnk
2009-11-09 06:40:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 06:40:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 06:40:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-09 06:40:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 00:23:24 0 d-----w- c:\program files\Personal Guard 2009
2009-11-08 23:19:16 0 d-----w- c:\docume~1\tim\applic~1\Malwarebytes
2009-11-08 21:42:12 39424 --sh--w- c:\windows\system32\sanidayi.dll
2009-11-06 02:23:20 736 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-05 08:37:24 0 d-----w- c:\documents and settings\tim\windows contacts contact
2009-11-04 03:11:50 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-04 03:11:39 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-04 03:11:39 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-04 03:11:39 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-04 03:11:31 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-04 03:11:31 0 d-----w- c:\program files\common files\PC Tools
2009-11-04 03:11:23 0 d-----w- c:\program files\Spyware Doctor
2009-11-04 03:11:23 0 d-----w- c:\docume~1\tim\applic~1\PC Tools
2009-11-04 03:11:23 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-04 03:06:51 0 d-----w- c:\docume~1\tim\applic~1\GetRightToGo
2009-11-04 02:20:48 51197 ----a-w- c:\windows\spoov.exe
2009-11-04 02:20:48 47872 ----a-w- c:\windows\certsystem.exe
2009-11-04 02:20:48 38352 ----a-w- c:\windows\regred.exe
2009-11-04 02:20:48 33149 ----a-w- c:\windows\usexplorer.exe
2009-11-04 02:20:48 28320 ----a-w- c:\windows\securits.com
2009-11-04 02:20:48 18941 ----a-w- c:\windows\microsoftdef.dll
2009-11-04 02:20:45 0 d-----w- c:\documents and settings\all users\Microsoft AData
2009-11-04 02:19:26 577536 ----a-w- c:\windows\system32\logon.exe

==================== Find3M ====================

2009-10-11 23:16:19 614 ----a-w- C:\startupentrysecuritytool4.reg
2009-10-11 23:16:04 614 ----a-w- C:\startupentrysecuritytool3.reg
2009-10-11 23:15:47 614 ----a-w- C:\startupentrysecuritytool2.reg
2009-10-11 23:15:26 614 ----a-w- C:\startupentrysecuritytool1.reg
2009-10-11 22:52:41 246 ----a-w- C:\Registry key security tool5.reg
2009-10-11 22:52:29 246 ----a-w- C:\Registry key security tool4.reg
2009-10-11 22:52:20 246 ----a-w- C:\Registry key security tool3.reg
2009-10-11 22:52:08 246 ----a-w- C:\Registry key security tool2.reg
2009-10-11 22:51:36 246 ----a-w- C:\Registry key security tool1.reg
2009-08-28 21:13:34 175577 ----a-w- c:\windows\system32\nvModes.dat
2009-08-21 09:46:35 450560 ------w- c:\windows\system32\dllcache\jscript.dll
2007-12-27 06:21:53 6026816 ----a-w- c:\program files\Firefox Setup 2.0.0.11.exe
2007-12-27 04:54:39 368 ----a-w- c:\program files\XPlay2_Hotfix_110507-01.reg
2007-12-27 04:48:32 7072440 ----a-w- c:\program files\xplay_2.3.6_en_trial_setup.exe
2007-12-27 04:45:38 451013 ----a-w- c:\program files\PodWorks_2.9.2.zip
2007-12-27 04:36:37 7663794 ----a-w- c:\program files\CopyTrans_Suite_v1.28.exe
2007-12-27 04:16:04 4039287 ----a-w- c:\program files\ipod-computer-transfer.exe
2007-12-27 04:05:32 1832864 ----a-w- c:\program files\ipod2computer.exe
2007-12-27 04:00:49 54330664 ----a-w- c:\program files\iTunesSetup.exe
2009-08-10 05:25:34 39424 --sha-w- c:\windows\system32\fasihebu.dll
2009-07-09 11:12:37 1011208 --sha-w- c:\windows\system32\fuyizeve.exe
2009-08-05 06:11:58 93184 --sha-w- c:\windows\system32\gezimihe.dll
2009-08-04 14:19:25 39424 --sha-w- c:\windows\system32\heyegafo.dll
2009-07-08 23:12:21 1011755 --sha-w- c:\windows\system32\jikuhunu.exe
2009-08-04 02:19:21 53760 --sha-w- c:\windows\system32\likekube.dll
2009-08-06 02:22:33 39424 --sha-w- c:\windows\system32\ludimeda.dll
2009-07-11 00:13:57 1011386 --sha-w- c:\windows\system32\mepahedi.exe
2009-08-04 02:19:21 92160 --sha-w- c:\windows\system32\miwohuja.dll
2009-08-09 09:39:13 39424 --sha-w- c:\windows\system32\payaruhi.dll
2009-08-10 05:26:12 53248 --sha-w- c:\windows\system32\pinofivu.dll
2009-08-10 05:25:34 53248 --sha-w- c:\windows\system32\piwogome.dll
2009-08-10 05:25:35 92672 --sha-w- c:\windows\system32\pogepehe.dll
2009-07-10 00:13:16 1011269 --sha-w- c:\windows\system32\puwohuwu.exe
2009-08-07 00:42:51 39424 --sha-w- c:\windows\system32\rawuyona.dll
2009-08-10 05:26:12 53248 --sha-w- c:\windows\system32\reboyuti.dll
2009-07-08 23:12:22 83968 --sha-w- c:\windows\system32\royomado.dll
2009-08-11 00:21:51 92672 --sha-w- c:\windows\system32\sesanujo.dll
2009-08-09 09:39:13 93184 --sha-w- c:\windows\system32\sosilore.dll
2009-08-11 00:21:51 39424 --sha-w- c:\windows\system32\tiwamora.dll
2009-08-10 05:26:12 53248 --sha-w- c:\windows\system32\tuhenato.dll
2009-08-04 02:19:22 39424 --sha-w- c:\windows\system32\vigahogu.dll
2009-08-07 22:16:58 39424 --sha-w- c:\windows\system32\vohetufa.dll
2009-07-11 12:14:08 1011222 --sha-w- c:\windows\system32\wowozeza.exe
2009-08-08 21:41:36 8192 --sha-w- c:\windows\system32\wuboheho.dll
2009-07-08 23:12:21 61440 --sha-w- c:\windows\system32\yaresuki.dll
2009-07-09 11:12:37 175104 --sha-w- c:\windows\system32\yevazani.dll
2009-08-05 06:11:58 39424 --sha-w- c:\windows\system32\yidopamo.dll
2009-08-08 21:41:36 13312 --sha-w- c:\windows\system32\yodejetu.dll

============= FINISH: 18:30:17.12 ===============

Attached Files


Edited by Orange Blossom, 10 November 2009 - 08:25 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 17 November 2009 - 08:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 tmcmahon2

tmcmahon2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 17 November 2009 - 08:26 PM

Thanks for responding to my message. Since I first posted, Security Tool has also attacked my computer a couple of times. I used Spyware Doctor to get rid of it twice. The third time, it was more stubborn and blocked practically every application. However, when I restarted my computer after running a spyware doctor scan and letting it fix everything, I was able to kill the application in task manager and delete it. Here are the new DDS logs and the RootRepeal report. I attached the root repeal report and the 2nd part of the DDS log.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Tim at 18:55:58.73 on Tue 11/17/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.991 [GMT -6:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Tim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mWinlogon: Shell=Explorer.exe logon.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [05700618] c:\documents and settings\all users\application data\05700618\05700618.exe
mRun: [33519122] c:\documents and settings\all users\application data\33519122\33519122.exe
mRun: [49467333] c:\docume~1\alluse~1\applic~1\49467333\49467333.exe
mRun: [desakivim] Rundll32.exe "c:\windows\system32\disesobe.dll",a
mRun: [personalguard] c:\program files\personal guard 2009\personalguard.exe
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
AppInit_DLLs: pinofivu.dll c:\windows\system32\disesobe.dll
SSODL: wifapagid - {ef523c5f-cefb-487e-acc3-ef81a04ec11d} - c:\windows\system32\sofekiri.dll
SSODL: lezoyulam - {86fdcff8-28b4-49f6-8fef-2e7c42611d60} - c:\windows\system32\sofekiri.dll
SSODL: bamuvidoj - {0e9d5226-833a-4fd0-8294-c4c132b8c030} - c:\windows\system32\sofekiri.dll
SSODL: jokamavav - {eb1e363c-48f6-4cd4-be47-0a6d86e49a09} - c:\windows\system32\sofekiri.dll
SSODL: hahupuhen - {33a0a1a2-962e-48ad-a6f0-b6368a050480} - c:\windows\system32\sofekiri.dll
SSODL: jedowifah - {feed996e-3c85-4189-a2ce-c6b069683207} - c:\windows\system32\jijoyowe.dll
SSODL: SysNet - {ECA006FD-31E9-4FA0-A714-3E1065FE1EB9} - c:\documents and settings\all users\microsoft adata\sysnet.dll
SSODL: tetijuhop - {2c9d4cb7-6da1-4bf8-876c-771108911ff1} - c:\windows\system32\disesobe.dll
STS: gahurihor: {ef523c5f-cefb-487e-acc3-ef81a04ec11d} - c:\windows\system32\sofekiri.dll
STS: mujuzedij: {86fdcff8-28b4-49f6-8fef-2e7c42611d60} - c:\windows\system32\sofekiri.dll
STS: tokatiluy: {0e9d5226-833a-4fd0-8294-c4c132b8c030} - c:\windows\system32\sofekiri.dll
STS: jugezatag: {eb1e363c-48f6-4cd4-be47-0a6d86e49a09} - c:\windows\system32\sofekiri.dll
STS: tokatiluy: {33a0a1a2-962e-48ad-a6f0-b6368a050480} - c:\windows\system32\sofekiri.dll
STS: mujuzedij: {feed996e-3c85-4189-a2ce-c6b069683207} - c:\windows\system32\jijoyowe.dll
STS: mujuzedij: {2c9d4cb7-6da1-4bf8-876c-771108911ff1} - c:\windows\system32\disesobe.dll
LSA: Notification Packages = scecli tatoyame.dll tapusura.dll tuhenato.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\52l3btl3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\documents and settings\tim\application data\mozilla\firefox\profiles\52l3btl3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 206256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-3 348824]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-28 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]

=============== Created Last 30 ================

2009-11-18 00:48:11 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-18 00:48:11 1409 ----a-w- c:\windows\QTFont.for
2009-11-18 00:31:00 262656 ----a-w- c:\program files\rkill.com
2009-11-18 00:26:52 0 d-----w- c:\program files\Personal Guard 2009
2009-11-09 15:39:00 0 d-----w- C:\Personal Guard 2009
2009-11-09 15:39:00 0 ----a-w- C:\Personal Guard 2009.lnk
2009-11-09 06:40:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 06:40:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 06:40:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-09 06:40:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 23:19:16 0 d-----w- c:\docume~1\tim\applic~1\Malwarebytes
2009-11-06 02:23:20 736 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-05 08:37:24 0 d-----w- c:\documents and settings\tim\windows contacts contact
2009-11-04 03:11:50 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-04 03:11:39 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-04 03:11:39 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-04 03:11:39 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-04 03:11:31 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-04 03:11:31 0 d-----w- c:\program files\common files\PC Tools
2009-11-04 03:11:23 0 d-----w- c:\program files\Spyware Doctor
2009-11-04 03:11:23 0 d-----w- c:\docume~1\tim\applic~1\PC Tools
2009-11-04 03:11:23 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-04 03:06:51 0 d-----w- c:\docume~1\tim\applic~1\GetRightToGo
2009-11-04 02:20:48 51197 ----a-w- c:\windows\spoov.exe
2009-11-04 02:20:48 47872 ----a-w- c:\windows\certsystem.exe
2009-11-04 02:20:48 38352 ----a-w- c:\windows\regred.exe
2009-11-04 02:20:48 33149 ----a-w- c:\windows\usexplorer.exe
2009-11-04 02:20:48 28320 ----a-w- c:\windows\securits.com
2009-11-04 02:20:48 18941 ----a-w- c:\windows\microsoftdef.dll
2009-11-04 02:20:45 0 d-----w- c:\documents and settings\all users\Microsoft AData
2009-11-04 02:19:26 577536 ----a-w- c:\windows\system32\logon.exe

==================== Find3M ====================

2009-10-11 23:16:19 614 ----a-w- C:\startupentrysecuritytool4.reg
2009-10-11 23:16:04 614 ----a-w- C:\startupentrysecuritytool3.reg
2009-10-11 23:15:47 614 ----a-w- C:\startupentrysecuritytool2.reg
2009-10-11 23:15:26 614 ----a-w- C:\startupentrysecuritytool1.reg
2009-10-11 22:52:41 246 ----a-w- C:\Registry key security tool5.reg
2009-10-11 22:52:29 246 ----a-w- C:\Registry key security tool4.reg
2009-10-11 22:52:20 246 ----a-w- C:\Registry key security tool3.reg
2009-10-11 22:52:08 246 ----a-w- C:\Registry key security tool2.reg
2009-10-11 22:51:36 246 ----a-w- C:\Registry key security tool1.reg
2009-08-28 21:13:34 175577 ----a-w- c:\windows\system32\nvModes.dat
2009-08-21 09:46:35 450560 ------w- c:\windows\system32\dllcache\jscript.dll
2007-12-27 06:21:53 6026816 ----a-w- c:\program files\Firefox Setup 2.0.0.11.exe
2007-12-27 04:54:39 368 ----a-w- c:\program files\XPlay2_Hotfix_110507-01.reg
2007-12-27 04:48:32 7072440 ----a-w- c:\program files\xplay_2.3.6_en_trial_setup.exe
2007-12-27 04:45:38 451013 ----a-w- c:\program files\PodWorks_2.9.2.zip
2007-12-27 04:36:37 7663794 ----a-w- c:\program files\CopyTrans_Suite_v1.28.exe
2007-12-27 04:16:04 4039287 ----a-w- c:\program files\ipod-computer-transfer.exe
2007-12-27 04:05:32 1832864 ----a-w- c:\program files\ipod2computer.exe
2007-12-27 04:00:49 54330664 ----a-w- c:\program files\iTunesSetup.exe
2009-08-13 15:36:57 39424 --sha-w- c:\windows\system32\dezudesu.dll
2009-08-18 00:19:57 92160 --sha-w- c:\windows\system32\disesobe.dll
2009-08-15 16:33:19 39424 --sha-w- c:\windows\system32\fadokase.dll
2009-08-10 05:25:34 39424 --sha-w- c:\windows\system32\fasihebu.dll
2009-08-16 22:11:27 39424 --sha-w- c:\windows\system32\fibanana.dll
2009-07-09 11:12:37 1011208 --sha-w- c:\windows\system32\fuyizeve.exe
2009-08-05 06:11:58 93184 --sha-w- c:\windows\system32\gezimihe.dll
2009-08-04 14:19:25 39424 --sha-w- c:\windows\system32\heyegafo.dll
2009-08-12 09:57:18 39424 --sha-w- c:\windows\system32\hoveyane.dll
2009-08-12 09:57:18 1212987 --sha-w- c:\windows\system32\howiduga.exe
2009-07-08 23:12:21 1011755 --sha-w- c:\windows\system32\jikuhunu.exe
2009-08-15 16:33:17 1209915 --sha-w- c:\windows\system32\konoyiru.exe
2009-08-04 02:19:21 53760 --sha-w- c:\windows\system32\likekube.dll
2009-08-06 02:22:33 39424 --sha-w- c:\windows\system32\ludimeda.dll
2009-07-11 00:13:57 1011386 --sha-w- c:\windows\system32\mepahedi.exe
2009-08-04 02:19:21 92160 --sha-w- c:\windows\system32\miwohuja.dll
2009-08-13 02:10:18 39424 --sha-w- c:\windows\system32\nonowoda.dll
2009-08-17 10:09:09 1120499 --sha-w- c:\windows\system32\nurofoyi.exe
2009-08-09 09:39:13 39424 --sha-w- c:\windows\system32\payaruhi.dll
2009-08-10 05:26:12 53248 --sha-w- c:\windows\system32\pinofivu.dll
2009-08-10 05:25:34 53248 --sha-w- c:\windows\system32\piwogome.dll
2009-07-10 00:13:16 1011269 --sha-w- c:\windows\system32\puwohuwu.exe
2009-08-07 00:42:51 39424 --sha-w- c:\windows\system32\rawuyona.dll
2009-08-10 05:26:12 53248 --sha-w- c:\windows\system32\reboyuti.dll
2009-07-08 23:12:22 83968 --sha-w- c:\windows\system32\royomado.dll
2009-08-16 04:58:38 61440 --sha-w- c:\windows\system32\rurajiye.dll
2009-08-11 00:21:51 39424 --sha-w- c:\windows\system32\tiwamora.dll
2009-08-10 05:26:12 53248 --sha-w- c:\windows\system32\tuhenato.dll
2009-08-04 02:19:22 39424 --sha-w- c:\windows\system32\vigahogu.dll
2009-08-07 22:16:58 39424 --sha-w- c:\windows\system32\vohetufa.dll
2009-08-17 10:09:09 39424 --sha-w- c:\windows\system32\wiludubu.dll
2009-07-11 12:14:08 1011222 --sha-w- c:\windows\system32\wowozeza.exe
2009-08-08 21:41:36 8192 --sha-w- c:\windows\system32\wuboheho.dll
2009-07-08 23:12:21 61440 --sha-w- c:\windows\system32\yaresuki.dll
2009-07-09 11:12:37 175104 --sha-w- c:\windows\system32\yevazani.dll
2009-08-16 04:58:38 39424 --sha-w- c:\windows\system32\yiborewa.dll
2009-08-05 06:11:58 39424 --sha-w- c:\windows\system32\yidopamo.dll
2009-08-08 21:41:36 13312 --sha-w- c:\windows\system32\yodejetu.dll
2009-08-18 00:19:57 39424 --sha-w- c:\windows\system32\zajeyema.dll

============= FINISH: 18:57:13.43 ===============

Attached Files



#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 18 November 2009 - 08:13 PM

Hello, and :( to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :(
  • As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be two people helping you instead of just one, but responses may be somewhat delayed so please be patient!!!!
Please give me a little time to go through your logs. My instructions will be forthcoming.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 20 November 2009 - 11:31 AM

Hello tmcmahon2 :(

Let's get started.

We would like to take a look at the following file:
  • C:\Program Files\DNA\btdna.exe
  • Zip it first, to do that:
    • Go to the directory where the file is located and copy it to the desktop.
    • Right-click the selected file and select Send To from the Context menu => select Compressed (zip) Folder
    • Click Yes to any prompt. A zip file will be created on the desktop.
  • Click on this link: http://www.bleepingcomputer.com/submit-malware.php
  • Click Browse... and navigate to the zip file and highlight it to select.
  • Click Open.
  • Copy the link to this topic in the appropriate box.
  • Click Send File.
***************************************************
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\windows\system32\dezudesu.dll
    c:\windows\system32\disesobe.dll
    c:\windows\system32\fadokase.dll
    c:\windows\system32\fasihebu.dll
    c:\windows\system32\fibanana.dll
    c:\windows\system32\fuyizeve.exe
    c:\windows\system32\gezimihe.dll
    c:\windows\system32\heyegafo.dll
    c:\windows\system32\hoveyane.dll
    c:\windows\system32\howiduga.exe
    c:\windows\system32\jijoyowe.dll
    c:\windows\system32\jikuhunu.exe
    c:\windows\system32\konoyiru.exe
    c:\windows\system32\likekube.dll
    c:\windows\system32\ludimeda.dll
    c:\windows\system32\mepahedi.exe
    c:\windows\system32\miwohuja.dll
    c:\windows\system32\nonowoda.dll
    c:\windows\system32\nurofoyi.exe
    c:\windows\system32\payaruhi.dll
    c:\windows\system32\pinofivu.dll
    c:\windows\system32\piwogome.dll
    c:\windows\system32\puwohuwu.exe
    c:\windows\system32\rawuyona.dll
    c:\windows\system32\reboyuti.dll
    c:\windows\system32\royomado.dll
    c:\windows\system32\rurajiye.dll
    c:\windows\system32\sanidayi.dll
    c:\windows\system32\sesanujo.dll
    c:\windows\system32\sofekiri.dll
    c:\windows\system32\tapusura.dll
    c:\windows\system32\tatoyame.dll
    c:\windows\system32\tiwamora.dll
    c:\windows\system32\tuhenato.dll
    c:\windows\system32\vigahogu.dll
    c:\windows\system32\vohetufa.dll
    c:\windows\system32\wiludubu.dll
    c:\windows\system32\wowozeza.exe
    c:\windows\system32\wuboheho.dll
    c:\windows\system32\yaresuki.dll
    c:\windows\system32\yevazani.dll
    c:\windows\system32\yiborewa.dll
    c:\windows\system32\yidopamo.dll
    c:\windows\system32\yodejetu.dll
    c:\windows\system32\zajeyema.dll
    c:\documents and settings\all users\Microsoft AData\
    C:\Personal Guard 2009\
    c:\program files\Personal Guard 2009\
    c:\windows\system32\drivers\kgpcpy.cfg
    c:\windows\system32\logon.exe
    c:\windows\spoov.exe
    c:\windows\certsystem.exe
    c:\windows\regred.exe
    c:\windows\usexplorer.exe
    c:\windows\securits.com
    c:\windows\microsoftdef.dll
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "desakivim"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "wifapagid"=-
    "lezoyulam"=-
    "bamuvidoj"=-
    "jokamavav"=-
    "hahupuhen"=-
    "jedowifah"=-
    "bobipazeg"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{ef523c5f-cefb-487e-acc3-ef81a04ec11d}"=-
    "{86fdcff8-28b4-49f6-8fef-2e7c42611d60}"=-
    "{0e9d5226-833a-4fd0-8294-c4c132b8c030}"=-
    "{eb1e363c-48f6-4cd4-be47-0a6d86e49a09}"=-
    "{33a0a1a2-962e-48ad-a6f0-b6368a050480}"=-
    "{feed996e-3c85-4189-a2ce-c6b069683207}"=-
    "{8b797e64-6ef6-4e62-ad53-9e05b4cdece1}"=-
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7): "scecli"
    
    :Commands
    [reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
~Blade


In your next reply, please include the following:
OTM log
A new DDS.txt log. Note that I do not need Attach.txt this time.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 tmcmahon2

tmcmahon2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 20 November 2009 - 04:23 PM

Thanks for the help, I'll be patient throughout the process.

As far as your last instructions, everything seemed to go fine. While the OTM program was running however, there were two error messages that said "Bad Image" and stated that "The application or DLL c:\windows\system32\wuboheho.dll is not a valid Windows image. Please check this against your installation diskette" This same message appeared for c:\windows\system32\yodejeyu.dll. Other than that, I was able to do everything fine. As far as the restart, my computer takes like 15 minutes to shut down windows now, can that be a symptom of malware? Also, there was a different message on bootup that said something about not being able to find logon.exe. It was different from the usual one i got after i got the virus. Anyway, thanks and here are the logs.

OTM:

========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\dezudesu.dll
c:\windows\system32\dezudesu.dll moved successfully.
File/Folder c:\windows\system32\disesobe.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\fadokase.dll
c:\windows\system32\fadokase.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\fasihebu.dll
c:\windows\system32\fasihebu.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\fibanana.dll
c:\windows\system32\fibanana.dll moved successfully.
c:\windows\system32\fuyizeve.exe moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\gezimihe.dll
c:\windows\system32\gezimihe.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\heyegafo.dll
c:\windows\system32\heyegafo.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\hoveyane.dll
c:\windows\system32\hoveyane.dll moved successfully.
c:\windows\system32\howiduga.exe moved successfully.
File/Folder c:\windows\system32\jijoyowe.dll not found.
c:\windows\system32\jikuhunu.exe moved successfully.
c:\windows\system32\konoyiru.exe moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\likekube.dll
c:\windows\system32\likekube.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\ludimeda.dll
c:\windows\system32\ludimeda.dll moved successfully.
c:\windows\system32\mepahedi.exe moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\miwohuja.dll
c:\windows\system32\miwohuja.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\nonowoda.dll
c:\windows\system32\nonowoda.dll moved successfully.
c:\windows\system32\nurofoyi.exe moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\payaruhi.dll
c:\windows\system32\payaruhi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\pinofivu.dll
c:\windows\system32\pinofivu.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\piwogome.dll
c:\windows\system32\piwogome.dll moved successfully.
c:\windows\system32\puwohuwu.exe moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\rawuyona.dll
c:\windows\system32\rawuyona.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\reboyuti.dll
c:\windows\system32\reboyuti.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\royomado.dll
c:\windows\system32\royomado.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\rurajiye.dll
c:\windows\system32\rurajiye.dll moved successfully.
File/Folder c:\windows\system32\sanidayi.dll not found.
File/Folder c:\windows\system32\sesanujo.dll not found.
File/Folder c:\windows\system32\sofekiri.dll not found.
File/Folder c:\windows\system32\tapusura.dll not found.
File/Folder c:\windows\system32\tatoyame.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\tiwamora.dll
c:\windows\system32\tiwamora.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\tuhenato.dll
c:\windows\system32\tuhenato.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vigahogu.dll
c:\windows\system32\vigahogu.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vohetufa.dll
c:\windows\system32\vohetufa.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\wiludubu.dll
c:\windows\system32\wiludubu.dll moved successfully.
c:\windows\system32\wowozeza.exe moved successfully.
LoadLibrary failed for c:\windows\system32\wuboheho.dll
c:\windows\system32\wuboheho.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yaresuki.dll
c:\windows\system32\yaresuki.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yevazani.dll
c:\windows\system32\yevazani.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yiborewa.dll
c:\windows\system32\yiborewa.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yidopamo.dll
c:\windows\system32\yidopamo.dll moved successfully.
LoadLibrary failed for c:\windows\system32\yodejetu.dll
c:\windows\system32\yodejetu.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\zajeyema.dll
c:\windows\system32\zajeyema.dll moved successfully.
c:\documents and settings\all users\Microsoft AData folder moved successfully.
C:\Personal Guard 2009 folder moved successfully.
c:\program files\Personal Guard 2009\q folder moved successfully.
c:\program files\Personal Guard 2009 folder moved successfully.
c:\windows\system32\drivers\kgpcpy.cfg moved successfully.
c:\windows\system32\logon.exe moved successfully.
c:\windows\spoov.exe moved successfully.
c:\windows\certsystem.exe moved successfully.
c:\windows\regred.exe moved successfully.
c:\windows\usexplorer.exe moved successfully.
c:\windows\securits.com moved successfully.
LoadLibrary failed for c:\windows\microsoftdef.dll
c:\windows\microsoftdef.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\desakivim deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wifapagid deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lezoyulam deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\bamuvidoj deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\jokamavav deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hahupuhen deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\jedowifah deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\bobipazeg not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{ef523c5f-cefb-487e-acc3-ef81a04ec11d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef523c5f-cefb-487e-acc3-ef81a04ec11d}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{86fdcff8-28b4-49f6-8fef-2e7c42611d60} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86fdcff8-28b4-49f6-8fef-2e7c42611d60}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{0e9d5226-833a-4fd0-8294-c4c132b8c030} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e9d5226-833a-4fd0-8294-c4c132b8c030}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{eb1e363c-48f6-4cd4-be47-0a6d86e49a09} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb1e363c-48f6-4cd4-be47-0a6d86e49a09}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{33a0a1a2-962e-48ad-a6f0-b6368a050480} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33a0a1a2-962e-48ad-a6f0-b6368a050480}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{feed996e-3c85-4189-a2ce-c6b069683207} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{feed996e-3c85-4189-a2ce-c6b069683207}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{8b797e64-6ef6-4e62-ad53-9e05b4cdece1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b797e64-6ef6-4e62-ad53-9e05b4cdece1}\ not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7): "scecli" /E : value set successfully!
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.2.0 log created on 11202009_144621



DDS:




DDS (Ver_09-10-26.01) - NTFSx86
Run by Tim at 15:12:21.59 on Fri 11/20/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1028 [GMT -6:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\O5YJCHIN\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mWinlogon: Shell=Explorer.exe logon.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [05700618] c:\documents and settings\all users\application data\05700618\05700618.exe
mRun: [33519122] c:\documents and settings\all users\application data\33519122\33519122.exe
mRun: [49467333] c:\docume~1\alluse~1\applic~1\49467333\49467333.exe
mRun: [desakivim] Rundll32.exe "c:\windows\system32\vawakoto.dll",a
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
AppInit_DLLs: c:\windows\system32\vawakoto.dll c:\windows\system32\miwohuja.dll,pinofivu.dll c:\windows\system32\yevazani.dll c:\windows\system32\gezimihe.dll
SSODL: SysNet - {ECA006FD-31E9-4FA0-A714-3E1065FE1EB9} - c:\documents and settings\all users\microsoft adata\sysnet.dll
SSODL: videfijer - {d21e9fd2-cf24-47a8-9917-ca5748dc5356} - c:\windows\system32\vawakoto.dll
STS: gahurihor: {d21e9fd2-cf24-47a8-9917-ca5748dc5356} - c:\windows\system32\vawakoto.dll
LSA: Notification Packages = scecli tuhenato.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\52l3btl3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\documents and settings\tim\application data\mozilla\firefox\profiles\52l3btl3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 206256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-3 348824]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-28 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]

=============== Created Last 30 ================

2009-11-20 20:50:34 51197 ----a-w- c:\windows\spoov.exe
2009-11-20 20:50:34 47872 ----a-w- c:\windows\certsystem.exe
2009-11-20 20:50:34 38352 ----a-w- c:\windows\regred.exe
2009-11-20 20:50:34 33149 ----a-w- c:\windows\usexplorer.exe
2009-11-20 20:50:34 28320 ----a-w- c:\windows\securits.com
2009-11-20 20:50:34 18941 ----a-w- c:\windows\microsoftdef.dll
2009-11-20 20:50:33 0 d-----w- c:\program files\Personal Guard 2009
2009-11-20 20:46:21 0 d-----w- C:\_OTM
2009-11-18 00:48:11 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-18 00:48:11 1409 ----a-w- c:\windows\QTFont.for
2009-11-18 00:31:00 262656 ----a-w- c:\program files\rkill.com
2009-11-09 15:39:00 0 ----a-w- C:\Personal Guard 2009.lnk
2009-11-09 06:40:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 06:40:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 06:40:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-09 06:40:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 23:19:16 0 d-----w- c:\docume~1\tim\applic~1\Malwarebytes
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-05 08:37:24 0 d-----w- c:\documents and settings\tim\windows contacts contact
2009-11-04 03:11:50 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-04 03:11:39 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-04 03:11:39 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-04 03:11:39 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-04 03:11:31 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-04 03:11:31 0 d-----w- c:\program files\common files\PC Tools
2009-11-04 03:11:23 0 d-----w- c:\program files\Spyware Doctor
2009-11-04 03:11:23 0 d-----w- c:\docume~1\tim\applic~1\PC Tools
2009-11-04 03:11:23 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-04 03:06:51 0 d-----w- c:\docume~1\tim\applic~1\GetRightToGo

==================== Find3M ====================

2009-10-11 23:16:19 614 ----a-w- C:\startupentrysecuritytool4.reg
2009-10-11 23:16:04 614 ----a-w- C:\startupentrysecuritytool3.reg
2009-10-11 23:15:47 614 ----a-w- C:\startupentrysecuritytool2.reg
2009-10-11 23:15:26 614 ----a-w- C:\startupentrysecuritytool1.reg
2009-10-11 22:52:41 246 ----a-w- C:\Registry key security tool5.reg
2009-10-11 22:52:29 246 ----a-w- C:\Registry key security tool4.reg
2009-10-11 22:52:20 246 ----a-w- C:\Registry key security tool3.reg
2009-10-11 22:52:08 246 ----a-w- C:\Registry key security tool2.reg
2009-10-11 22:51:36 246 ----a-w- C:\Registry key security tool1.reg
2009-08-28 21:13:34 175577 ----a-w- c:\windows\system32\nvModes.dat
2007-12-27 06:21:53 6026816 ----a-w- c:\program files\Firefox Setup 2.0.0.11.exe
2007-12-27 04:54:39 368 ----a-w- c:\program files\XPlay2_Hotfix_110507-01.reg
2007-12-27 04:48:32 7072440 ----a-w- c:\program files\xplay_2.3.6_en_trial_setup.exe
2007-12-27 04:45:38 451013 ----a-w- c:\program files\PodWorks_2.9.2.zip
2007-12-27 04:36:37 7663794 ----a-w- c:\program files\CopyTrans_Suite_v1.28.exe
2007-12-27 04:16:04 4039287 ----a-w- c:\program files\ipod-computer-transfer.exe
2007-12-27 04:05:32 1832864 ----a-w- c:\program files\ipod2computer.exe
2007-12-27 04:00:49 54330664 ----a-w- c:\program files\iTunesSetup.exe
2009-08-19 09:37:54 39424 --sha-w- c:\windows\system32\duzirasa.dll
2009-08-18 20:23:28 39424 --sha-w- c:\windows\system32\hajiruno.dll
2009-08-20 03:58:10 39424 --sha-w- c:\windows\system32\jenuhisu.dll
2009-08-20 20:36:11 39424 --sha-w- c:\windows\system32\nekidayi.dll
2009-08-20 20:36:11 92672 --sha-w- c:\windows\system32\vawakoto.dll

============= FINISH: 15:13:38.25 ===============

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 22 November 2009 - 12:42 PM

My apologies. . . I did not feel well yesterday. I will be working on your fix today. :(

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 22 November 2009 - 03:05 PM

Hello tmcmahon2.

Again, my apologies for the delay.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps may require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
***************************************************
  • Please open a Notepad file: (From the Start Menu, click Run and type notepad in the window that appears.)
  • Copy the contents of the below code box into the notepad window.
  • Save the file as Fix.txt on your desktop. We will be using this from safe mode later on.
    :file
    c:\documents and settings\all users\application data\05700618
    c:\documents and settings\all users\application data\33519122
    c:\docume~1\alluse~1\applic~1\49467333
    c:\documents and settings\all users\microsoft adata
    c:\windows\system32\duzirasa.dll
    c:\windows\system32\hajiruno.dll
    c:\windows\system32\jenuhisu.dll
    c:\windows\system32\nekidayi.dll
    c:\windows\system32\vawakoto.dll
    c:\windows\certsystem.exe
    c:\windows\regred.exe
    c:\windows\usexplorer.exe
    c:\windows\securits.com
    c:\windows\microsoftdef.dll
    c:\program files\Personal Guard 2009
    C:\Personal Guard 2009.lnk
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "desakivim"=-
    "05700618"=-
    "33519122"=-
    "49467333"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SysNet"=-
    "videfijer"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{d21e9fd2-cf24-47a8-9917-ca5748dc5356}"=-
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):"scecli"
    
    :commands
    [Reboot]
***************************************************

Reboot your computer in "Safe Mode" using the F8 method.
To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Make sure you choose the option without networking support. When logging in, do NOT log in under the account titled "Admin" or "Administrator". Log in under your normal user profile.

***************************************************
  • Double click the Posted Image icon on your desktop.
  • Paste the entire contents of the Fix.txt Notepad file that I had you create under the Posted Image area.
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
***************************************************

~Blade


In your next reply, please include the following:
GMER log
OTM log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 tmcmahon2

tmcmahon2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 24 November 2009 - 11:45 AM

I got a blue screen when I first ran the gmer program. I assumed it would come up again so I didn't write down what the whole message but it said something about a file not allowing it to run. The looked like another would of those japanese names and i think it was something like pvoidchoy.exe, or something similar. Anyway, I rebooted and gmer worked then. However, my computer hasn't been able to run in safe mode since getting personal guard and I still wasn't able to boot up in safe mode. A blue screen came up twice when I tried two different times, so I didn't do the OTM part of your instructions. I'm going home for Thanksgiving and I won't be bringing my computer so I won't be able to work on it from Wednesday night until Sunday night. Anyway, here is the gmer log. I tried to paste it but it was too long, so i will just attach it.

Attached Files

  • Attached File  gmer.log   412.09KB   2 downloads


#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 24 November 2009 - 07:15 PM

Hello.

Please go ahead with the rest of my instructions.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 tmcmahon2

tmcmahon2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 29 November 2009 - 11:42 PM

Well, it took a while but I finally got back to my computer and did the OTM step. Here is the log but it seemed like something went wrong in the first part since all those error messages appeared.

Error: Unable to interpret <:file> in the current context!
Error: Unable to interpret <c:\documents and settings\all users\application data\05700618> in the current context!
Error: Unable to interpret <c:\documents and settings\all users\application data\33519122> in the current context!
Error: Unable to interpret <c:\docume~1\alluse~1\applic~1\49467333> in the current context!
Error: Unable to interpret <c:\documents and settings\all users\microsoft adata> in the current context!
Error: Unable to interpret <c:\windows\system32\duzirasa.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\hajiruno.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\jenuhisu.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\nekidayi.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\vawakoto.dll> in the current context!
Error: Unable to interpret <c:\windows\certsystem.exe> in the current context!
Error: Unable to interpret <c:\windows\regred.exe> in the current context!
Error: Unable to interpret <c:\windows\usexplorer.exe> in the current context!
Error: Unable to interpret <c:\windows\securits.com> in the current context!
Error: Unable to interpret <c:\windows\microsoftdef.dll> in the current context!
Error: Unable to interpret <c:\program files\Personal Guard 2009> in the current context!
Error: Unable to interpret <C:\Personal Guard 2009.lnk> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\desakivim deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\05700618 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\33519122 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\49467333 deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysNet deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\videfijer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{d21e9fd2-cf24-47a8-9917-ca5748dc5356} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d21e9fd2-cf24-47a8-9917-ca5748dc5356}\ deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):"scecli" /E : value set successfully!
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.2.0 log created on 11292009_215124

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 30 November 2009 - 02:05 AM

Hello tmcmahon2.

Here is the log but it seemed like something went wrong in the first part since all those error messages appeared.

Sorry. . . that was my fault. There was an error in that script. Let's try it again. :(
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\documents and settings\all users\application data\05700618
    c:\documents and settings\all users\application data\33519122
    c:\docume~1\alluse~1\applic~1\49467333
    c:\documents and settings\all users\microsoft adata
    c:\windows\system32\duzirasa.dll
    c:\windows\system32\hajiruno.dll
    c:\windows\system32\jenuhisu.dll
    c:\windows\system32\nekidayi.dll
    c:\windows\system32\vawakoto.dll
    c:\windows\certsystem.exe
    c:\windows\regred.exe
    c:\windows\usexplorer.exe
    c:\windows\securits.com
    c:\windows\microsoftdef.dll
    c:\program files\Personal Guard 2009
    C:\Personal Guard 2009.lnk
    
    :commands
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
~Blade


In your next reply, please include the following:
OTM log
A new DDS.txt log. Note that I do not need Attach.txt this time.

Edited by Blade Zephon, 30 November 2009 - 02:06 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 tmcmahon2

tmcmahon2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 30 November 2009 - 05:59 PM

Here's the logs

OTM

========== FILES ==========
File/Folder c:\documents and settings\all users\application data\05700618 not found.
File/Folder c:\documents and settings\all users\application data\33519122 not found.
File/Folder c:\docume~1\alluse~1\applic~1\49467333 not found.
File/Folder c:\documents and settings\all users\microsoft adata not found.
DllUnregisterServer procedure not found in c:\windows\system32\duzirasa.dll
c:\windows\system32\duzirasa.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\hajiruno.dll
c:\windows\system32\hajiruno.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\jenuhisu.dll
c:\windows\system32\jenuhisu.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\nekidayi.dll
c:\windows\system32\nekidayi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vawakoto.dll
c:\windows\system32\vawakoto.dll moved successfully.
c:\windows\certsystem.exe moved successfully.
c:\windows\regred.exe moved successfully.
c:\windows\usexplorer.exe moved successfully.
c:\windows\securits.com moved successfully.
LoadLibrary failed for c:\windows\microsoftdef.dll
c:\windows\microsoftdef.dll moved successfully.
c:\program files\Personal Guard 2009\q folder moved successfully.
c:\program files\Personal Guard 2009 folder moved successfully.
C:\Personal Guard 2009.lnk moved successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.2.0 log created on 11302009_152253


DDS


DDS (Ver_09-10-26.01) - NTFSx86
Run by Tim at 16:56:22.42 on Mon 11/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.858 [GMT -6:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Tim\Desktop\ddds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mWinlogon: Shell=Explorer.exe logon.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [desakivim] Rundll32.exe "c:\windows\system32\vawakoto.dll",a
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
AppInit_DLLs: c:\windows\system32\vawakoto.dll
SSODL: videfijer - {d21e9fd2-cf24-47a8-9917-ca5748dc5356} - c:\windows\system32\vawakoto.dll
STS: gahurihor: {d21e9fd2-cf24-47a8-9917-ca5748dc5356} - c:\windows\system32\vawakoto.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\52l3btl3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\documents and settings\tim\application data\mozilla\firefox\profiles\52l3btl3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 206256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-3 348824]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-28 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]

=============== Created Last 30 ================

2009-11-22 20:38:43 0 d-----w- C:\Gmer
2009-11-20 20:50:34 51197 ----a-w- c:\windows\spoov.exe
2009-11-20 20:46:21 0 d-----w- C:\_OTM
2009-11-18 00:48:11 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-18 00:48:11 1409 ----a-w- c:\windows\QTFont.for
2009-11-18 00:31:00 262656 ----a-w- c:\program files\rkill.com
2009-11-09 06:40:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 06:40:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 06:40:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-09 06:40:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 23:19:16 0 d-----w- c:\docume~1\tim\applic~1\Malwarebytes
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-05 08:37:24 0 d-----w- c:\documents and settings\tim\windows contacts contact
2009-11-04 03:11:50 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-04 03:11:39 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-04 03:11:39 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-04 03:11:39 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-04 03:11:31 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-04 03:11:31 0 d-----w- c:\program files\common files\PC Tools
2009-11-04 03:11:23 0 d-----w- c:\program files\Spyware Doctor
2009-11-04 03:11:23 0 d-----w- c:\docume~1\tim\applic~1\PC Tools
2009-11-04 03:11:23 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-04 03:06:51 0 d-----w- c:\docume~1\tim\applic~1\GetRightToGo

==================== Find3M ====================

2009-10-11 23:16:19 614 ----a-w- C:\startupentrysecuritytool4.reg
2009-10-11 23:16:04 614 ----a-w- C:\startupentrysecuritytool3.reg
2009-10-11 23:15:47 614 ----a-w- C:\startupentrysecuritytool2.reg
2009-10-11 23:15:26 614 ----a-w- C:\startupentrysecuritytool1.reg
2009-10-11 22:52:41 246 ----a-w- C:\Registry key security tool5.reg
2009-10-11 22:52:29 246 ----a-w- C:\Registry key security tool4.reg
2009-10-11 22:52:20 246 ----a-w- C:\Registry key security tool3.reg
2009-10-11 22:52:08 246 ----a-w- C:\Registry key security tool2.reg
2009-10-11 22:51:36 246 ----a-w- C:\Registry key security tool1.reg
2007-12-27 06:21:53 6026816 ----a-w- c:\program files\Firefox Setup 2.0.0.11.exe
2007-12-27 04:54:39 368 ----a-w- c:\program files\XPlay2_Hotfix_110507-01.reg
2007-12-27 04:48:32 7072440 ----a-w- c:\program files\xplay_2.3.6_en_trial_setup.exe
2007-12-27 04:45:38 451013 ----a-w- c:\program files\PodWorks_2.9.2.zip
2007-12-27 04:36:37 7663794 ----a-w- c:\program files\CopyTrans_Suite_v1.28.exe
2007-12-27 04:16:04 4039287 ----a-w- c:\program files\ipod-computer-transfer.exe
2007-12-27 04:05:32 1832864 ----a-w- c:\program files\ipod2computer.exe
2007-12-27 04:00:49 54330664 ----a-w- c:\program files\iTunesSetup.exe

============= FINISH: 16:57:25.73 ===============

#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 02 December 2009 - 09:17 PM

Hello tmcmahon2,

Things are looking better, but we've still got a little way to go.
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\windows\spoov.exe
    C:\startupentrysecuritytool4.reg
    C:\startupentrysecuritytool3.reg
    C:\startupentrysecuritytool2.reg
    C:\startupentrysecuritytool1.reg
    C:\Registry key security tool5.reg
    C:\Registry key security tool4.reg
    C:\Registry key security tool3.reg
    C:\Registry key security tool2.reg
    C:\Registry key security tool1.reg
    
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "videfijer"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{d21e9fd2-cf24-47a8-9917-ca5748dc5356}"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "desakivim"=-
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="Explorer.exe"
    
    :commands
    [reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
***************************************************

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply .
~Blade


In your next reply, please include the following:
OTM log
Kaspersky Online Scan log
A new DDS.txt log. Note that I do not need Attach.txt this time.
How is your computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 tmcmahon2

tmcmahon2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 05 December 2009 - 07:24 PM

Thanks a lot for your help. All the symptoms appear to be gone currently and my computer is running fine. Here are the logs you asked for:

DDS


DDS (Ver_09-10-26.01) - NTFSx86
Run by Tim at 18:20:25.03 on Sat 12/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1164 [GMT -6:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Tim\Desktop\ddds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\52l3btl3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\documents and settings\tim\application data\mozilla\firefox\profiles\52l3btl3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 206256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-3 348824]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-28 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]

=============== Created Last 30 ================

2009-11-30 19:33:46 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-22 20:38:43 0 d-----w- C:\Gmer
2009-11-20 20:46:21 0 d-----w- C:\_OTM
2009-11-18 00:48:11 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-18 00:48:11 1409 ----a-w- c:\windows\QTFont.for
2009-11-18 00:31:00 262656 ----a-w- c:\program files\rkill.com
2009-11-09 06:40:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 06:40:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 06:40:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-09 06:40:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 23:19:16 0 d-----w- c:\docume~1\tim\applic~1\Malwarebytes

==================== Find3M ====================

2007-12-27 06:21:53 6026816 ----a-w- c:\program files\Firefox Setup 2.0.0.11.exe
2007-12-27 04:54:39 368 ----a-w- c:\program files\XPlay2_Hotfix_110507-01.reg
2007-12-27 04:48:32 7072440 ----a-w- c:\program files\xplay_2.3.6_en_trial_setup.exe
2007-12-27 04:45:38 451013 ----a-w- c:\program files\PodWorks_2.9.2.zip
2007-12-27 04:36:37 7663794 ----a-w- c:\program files\CopyTrans_Suite_v1.28.exe
2007-12-27 04:16:04 4039287 ----a-w- c:\program files\ipod-computer-transfer.exe
2007-12-27 04:05:32 1832864 ----a-w- c:\program files\ipod2computer.exe
2007-12-27 04:00:49 54330664 ----a-w- c:\program files\iTunesSetup.exe

============= FINISH: 18:21:03.37 ===============


OTM

========== FILES ==========
c:\windows\spoov.exe moved successfully.
C:\startupentrysecuritytool4.reg moved successfully.
C:\startupentrysecuritytool3.reg moved successfully.
C:\startupentrysecuritytool2.reg moved successfully.
C:\startupentrysecuritytool1.reg moved successfully.
C:\Registry key security tool5.reg moved successfully.
C:\Registry key security tool4.reg moved successfully.
C:\Registry key security tool3.reg moved successfully.
C:\Registry key security tool2.reg moved successfully.
C:\Registry key security tool1.reg moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\videfijer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler\\{d21e9fd2-cf24-47a8-9917-ca5748dc5356} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d21e9fd2-cf24-47a8-9917-ca5748dc5356}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\desakivim deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\\"Shell"|"Explorer.exe" /E : value set successfully!
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.2.0 log created on 12042009_144048


Kaspersky Online Scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, December 5, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, December 04, 2009 19:57:39
Records in database: 3330505
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 101289
Threats found: 12
Infected objects found: 79
Suspicious objects found: 0
Scan duration: 02:56:37


File name / Threat / Threats count
C:\Documents and Settings\Tim\Local Settings\Temp\n.exn Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\105.tmp Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\13.tmp Infected: Trojan-Downloader.Win32.Genome.xqi 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\7.tmp Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BF.tmp Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\D7.tmp Infected: Trojan-Downloader.Win32.Genome.xdi 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\E2.tmp Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\E4.tmp Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\E6.tmp Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\E8.tmp Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\EA.tmp Infected: Packed.Win32.TDSS.aa 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F0.tmp Infected: Trojan.Win32.Vilsel.lov 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F1.tmp Infected: Trojan-Spy.Win32.Zbot.gen 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F4.tmp Infected: Trojan-Spy.Win32.Zbot.gen 1
C:\RECYCLER\S-1-5-21-2325754571-3674198663-3285735363-1006\Dc10\personalguard.exe Infected: Packed.Win32.TDSS.aa 1
C:\RECYCLER\S-1-5-21-2325754571-3674198663-3285735363-1006\Dc10\uninstalls.exe Infected: Packed.Win32.TDSS.aa 1
C:\RECYCLER\S-1-5-21-2325754571-3674198663-3285735363-1006\Dc11.exe Infected: Packed.Win32.TDSS.aa 1
C:\RECYCLER\S-1-5-21-2325754571-3674198663-3285735363-1006\Dc15.exe Infected: Packed.Win32.TDSS.aa 1
C:\RECYCLER\S-1-5-21-2325754571-3674198663-3285735363-1006\Dc25\05700618.exe Infected: Trojan.Win32.FraudPack.zux 1
C:\RECYCLER\S-1-5-21-2325754571-3674198663-3285735363-1006\Dc26\33519122.exe Infected: Packed.Win32.Krap.ai 1
C:\RECYCLER\S-1-5-21-2325754571-3674198663-3285735363-1006\Dc28\49467333.exe Infected: Packed.Win32.Krap.ai 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D2RO167\load-full[1].exe Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SHUZO1QV\load-full[1].exe Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WLAZ4HMJ\load-full[1].exe Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\gedajaga.dll.tmp Infected: Packed.Win32.Katusha.g 1
C:\WINDOWS\system32\hujareju.dll.tmp Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\joriwapi.dll.tmp Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\literake.dll.tmp Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\munoliho.dll.tmp Infected: Packed.Win32.Katusha.g 1
C:\WINDOWS\system32\sokibosu.dll.tmp Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\sonogute.dll.tmp Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\yaruheru.dll.tmp Infected: Packed.Win32.TDSS.aa 1
C:\WINDOWS\system32\zibijehe.dll.tmp Infected: Packed.Win32.Katusha.g 1
C:\_OTM\MovedFiles\11202009_144621\c_documents and settings\all users\Microsoft AData\sysnet.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_program files\Personal Guard 2009\personalguard.exe Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_program files\Personal Guard 2009\uninstalls.exe Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\dezudesu.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\fadokase.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\fasihebu.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\fibanana.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\fuyizeve.exe Infected: Packed.Win32.Krap.x 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\gezimihe.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\heyegafo.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\hoveyane.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\howiduga.exe Infected: Trojan.Win32.FraudPack.zux 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\jikuhunu.exe Infected: Packed.Win32.Krap.x 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\konoyiru.exe Infected: Packed.Win32.Krap.ai 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\likekube.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\ludimeda.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\mepahedi.exe Infected: Packed.Win32.Krap.x 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\miwohuja.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\nonowoda.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\nurofoyi.exe Infected: Packed.Win32.Krap.ai 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\payaruhi.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\pinofivu.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\piwogome.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\puwohuwu.exe Infected: Packed.Win32.Krap.x 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\rawuyona.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\reboyuti.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\royomado.dll Infected: Trojan.Win32.Monder.cupa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\rurajiye.dll Infected: Trojan.Win32.Monder.cvau 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\tiwamora.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\tuhenato.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\vigahogu.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\vohetufa.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\wiludubu.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\wowozeza.exe Infected: Packed.Win32.Krap.x 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\yaresuki.dll Infected: Packed.Win32.Katusha.g 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\yevazani.dll Infected: Trojan.Win32.Migotrup.jnp 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\yiborewa.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\yidopamo.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11202009_144621\c_windows\system32\zajeyema.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11302009_152253\c_program files\Personal Guard 2009\personalguard.exe Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11302009_152253\c_program files\Personal Guard 2009\uninstalls.exe Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11302009_152253\c_windows\system32\duzirasa.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11302009_152253\c_windows\system32\hajiruno.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11302009_152253\c_windows\system32\jenuhisu.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11302009_152253\c_windows\system32\nekidayi.dll Infected: Packed.Win32.TDSS.aa 1
C:\_OTM\MovedFiles\11302009_152253\c_windows\system32\vawakoto.dll Infected: Packed.Win32.TDSS.aa 1

Selected area has been scanned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users