Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Pop Ups


  • Please log in to reply
14 replies to this topic

#1 Squid9

Squid9

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 January 2010 - 04:20 AM


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Owner at 0:54:05.21 on Wed 01/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.345 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [wohuhuval] Rundll32.exe "c:\windows\system32\nayazika.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: kabujupe.dll c:\windows\system32\ c:\windows\system32\ c:\windows\system32\nayazika.dll
SSODL: zarofopub - {70603387-fb36-4a16-b05c-c963be41ed9c} - c:\windows\system32\madubiha.dll
SSODL: funujayur - {d215404a-610c-40d2-87ad-8749cfaf52e0} - c:\windows\system32\nayazika.dll
STS: tokatiluy: {70603387-fb36-4a16-b05c-c963be41ed9c} - c:\windows\system32\madubiha.dll
STS: kupuhivus: {d215404a-610c-40d2-87ad-8749cfaf52e0} - c:\windows\system32\nayazika.dll
LSA: Notification Packages = scecli rudadiza.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-01-27 08:42:22 0 d-----w- c:\program files\Trend Micro
2010-01-27 02:46:36 35328 ---ha-w- c:\windows\system32\contpart.dll
2010-01-21 00:52:44 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2010-01-21 00:52:44 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2010-01-21 00:52:44 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2010-01-21 00:52:44 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2010-01-21 00:52:44 135168 ------w- c:\windows\system32\dllcache\wshom.ocx
2010-01-21 00:52:43 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2010-01-20 20:57:29 0 d-sh--w- c:\documents and settings\hp_owner\IECompatCache
2010-01-19 22:42:04 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-19 22:42:04 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-19 22:42:04 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-19 22:42:03 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-19 22:42:03 266828 ----a-r- c:\windows\system32\drivers\LVAFT.cfg
2010-01-19 22:41:32 82289 ----a-r- c:\windows\system32\lvcoinst.ini
2010-01-19 22:41:32 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-19 22:41:32 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-19 22:41:32 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2010-01-19 22:41:32 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2010-01-19 22:40:56 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-19 22:12:24 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
2010-01-19 22:01:07 0 d-----w- c:\windows\system32\scripting
2010-01-19 22:01:05 0 d-----w- c:\windows\system32\en
2010-01-19 22:01:05 0 d-----w- c:\windows\system32\bits
2010-01-19 21:25:59 40960 ------w- c:\windows\system32\drivers\sisagp.sys
2010-01-19 21:24:52 20992 ------w- c:\windows\system32\faxpatch.exe
2010-01-19 02:13:52 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-19 02:13:52 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-19 02:13:52 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-19 02:13:52 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-19 02:13:52 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-19 02:13:51 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-18 21:51:46 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2010-01-18 21:51:12 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2010-01-18 21:51:12 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2010-01-18 21:51:12 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2010-01-18 21:51:12 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2010-01-18 21:51:12 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2010-01-18 21:51:12 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-01-18 21:50:50 253952 ------w- c:\windows\system32\dllcache\es.dll
2010-01-18 21:50:45 345600 ------w- c:\windows\system32\dllcache\localspl.dll
2010-01-18 21:50:34 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-18 21:50:33 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-18 21:50:33 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-18 21:50:33 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-01-18 21:50:31 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-18 21:50:31 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-18 21:50:30 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-18 21:50:30 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-18 21:49:58 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-18 21:49:57 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-18 21:49:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-18 21:49:33 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2010-01-18 21:49:33 225856 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-01-18 21:49:32 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2010-01-18 21:49:32 147968 ------w- c:\windows\system32\dllcache\dnsapi.dll
2010-01-18 21:49:32 138496 ------w- c:\windows\system32\dllcache\afd.sys
2010-01-18 21:49:29 28672 ------w- c:\windows\system32\verclsid.exe
2010-01-18 21:48:55 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-18 21:48:51 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-18 21:48:47 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-18 21:48:27 8461312 ------w- c:\windows\system32\dllcache\shell32.dll
2010-01-18 21:48:24 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-18 21:47:52 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-01-18 21:47:40 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-18 21:47:40 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-18 21:47:39 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-18 21:47:39 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-18 21:47:16 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-18 21:47:09 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-01-18 21:46:37 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-18 21:46:37 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-18 21:45:42 0 d-----w- c:\windows\system32\PreInstall
2010-01-18 21:32:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-18 21:32:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-18 21:28:23 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-18 21:25:05 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-18 21:25:05 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-18 21:24:13 0 d-----w- c:\program files\iPod
2010-01-18 21:24:10 0 d-----w- c:\program files\iTunes
2010-01-18 21:22:56 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-18 21:22:56 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-18 21:15:41 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-18 20:57:18 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-18 20:55:58 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-18 20:36:12 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-18 20:36:09 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-18 20:35:48 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-18 20:35:46 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2010-01-18 20:35:37 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-18 20:35:33 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-18 20:35:12 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-18 20:35:12 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-18 20:35:12 303104 ----a-r- c:\windows\system32\hpovst11.dll
2010-01-18 20:35:11 958464 ----a-r- c:\windows\system32\hpotiop4.dll
2010-01-18 20:35:11 675840 ----a-r- c:\windows\system32\hpowiax4.dll
2010-01-18 20:35:10 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-18 12:17:09 0 dcsh--r- C:\cmdcons
2010-01-18 12:16:56 0 d-----w- c:\windows\setupupd
2010-01-18 12:07:17 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-18 12:07:01 1853 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EL494AA-ABA a1226n_YC_0Pavi_QMXF544_E54NAheBLU3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.10_T051014_WXH2_L409_M959_J160_7AMD_8Athlon 64_92.19_#051128_N10EC8139_Z10573052_G10025954.MRK
2010-01-18 12:06:57 90112 ----a-w- c:\windows\system32\ps2.EXE
2010-01-18 11:05:26 0 d-----w- c:\docume~1\hp_owner\applic~1\Symantec
2010-01-18 11:05:26 0 d-----w- c:\docume~1\hp_owner\applic~1\Intuit
2010-01-18 11:01:24 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2010-01-18 09:44:55 1 -c--a-w- C:\s
2010-01-18 00:01:53 139681 ----a-w- c:\windows\hpoins15.dat
2010-01-18 00:01:53 1039 ------w- c:\windows\hpomdl15.dat
2010-01-16 10:05:30 0 d-----r- c:\program files\Skype
2010-01-12 21:39:33 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-12 21:39:33 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-12 02:04:53 19569 ----a-w- c:\windows\005298_.tmp
2010-01-11 08:29:07 0 d-----w- c:\program files\DownloadXCtrl.com

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
1989-12-12 17:10:10 980000 -csh--r- c:\windows\bfnxirj.exe
1601-01-01 00:03:28 51200 --sha-w- c:\windows\system32\bupufana.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\buvoyaki.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\gosofuwu.dll
1601-01-01 00:03:52 52224 --sha-w- c:\windows\system32\kabujupe.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\lazikito.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\mazimiru.dll
1601-01-01 00:03:28 61952 --sha-w- c:\windows\system32\midogiru.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\muyasera.dll
1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\nayazika.dll
1601-01-01 00:03:52 52224 --sha-w- c:\windows\system32\rudadiza.dll
1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\vozigoji.dll

============= FINISH: 0:55:27.12 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 27 January 2010 - 07:30 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:






It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Squid9

Squid9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 January 2010 - 02:44 PM

Here is the combo-fix log

ComboFix 10-01-27.02 - HP_Owner 01/27/2010 11:20:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.378 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
.
The following files were disabled during the run:
c:\windows\system32\contpart.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd
c:\documents and settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
C:\LOG.TXT
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851
c:\recycler\S-1-5-21-1010934419-4180047958-1971578831-1009
c:\recycler\S-1-5-21-1165326018-1391115414-2364944756-1009
c:\recycler\S-1-5-21-117609710-484061587-682003330-1003
c:\recycler\S-1-5-21-1207674520-694568024-1671151783-1009
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1033
c:\recycler\S-1-5-21-1742568955-2471313218-3826365711-1009
c:\recycler\S-1-5-21-1811088947-2493235131-42045036-1009
c:\recycler\S-1-5-21-2097810147-2414173311-4179830588-1009
c:\recycler\S-1-5-21-2561763290-1568568798-973460034-1009
c:\recycler\S-1-5-21-2976147382-2330400717-2498288943-1009
c:\recycler\S-1-5-21-3026744378-1432267735-2660858646-1009
c:\recycler\S-1-5-21-3398726924-2842074846-2387231758-1009
c:\recycler\S-1-5-21-3688199314-4203102652-1301412033-1009
c:\recycler\S-1-5-21-3873090855-2664224936-4233479300-1009
c:\recycler\S-1-5-21-4023036164-647591774-3216552800-1009
c:\recycler\S-1-5-21-433215248-1994763479-1768955852-1009
c:\recycler\S-1-5-21-540037450-133146222-1564180253-1009
c:\recycler\S-1-5-21-858352232-180471746-2137941221-1009
C:\s
c:\windows\2.log
c:\windows\567788.bat
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\hosts
c:\windows\jmmark2.dat
c:\windows\MailSwitch.ocx
c:\windows\maponr.dll
c:\windows\run.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\hizapego.dll
c:\windows\system32\kabujupe.dll
c:\windows\system32\muyasera.dll
c:\windows\system32\ps2.bat
c:\windows\system32\rudadiza.dll
c:\windows\Tasks\jzgxzhil.job
c:\windows\twain_16.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 08:42 . 2010-01-27 08:42 -------- d-----w- c:\program files\Trend Micro
2010-01-27 02:46 . 2010-01-27 02:46 35328 ----a-w- c:\windows\system32\contpart.dll.vir
2010-01-21 19:17 . 2010-01-21 19:17 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Cooliris
2010-01-21 00:52 . 2008-05-09 10:53 90112 ----a-w- c:\windows\system32\dllcache\wshext.dll
2010-01-21 00:52 . 2008-05-09 10:53 172032 ----a-w- c:\windows\system32\dllcache\scrrun.dll
2010-01-21 00:52 . 2008-05-09 10:53 180224 ----a-w- c:\windows\system32\dllcache\scrobj.dll
2010-01-21 00:52 . 2008-05-08 11:24 155648 ----a-w- c:\windows\system32\dllcache\wscript.exe
2010-01-21 00:52 . 2008-05-07 09:07 135168 ----a-w- c:\windows\system32\dllcache\cscript.exe
2010-01-20 20:57 . 2010-01-20 20:57 -------- d-sh--w- c:\documents and settings\HP_Owner\IECompatCache
2010-01-19 22:42 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-19 22:42 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-19 22:42 . 2009-04-30 22:57 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-19 22:42 . 2009-04-30 23:03 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-19 22:41 . 2009-04-30 23:01 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-19 22:41 . 2009-04-30 23:00 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2010-01-19 22:41 . 2009-04-30 22:57 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2010-01-19 22:41 . 2009-04-30 22:39 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-19 22:40 . 2009-04-30 23:03 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-19 22:39 . 2010-01-19 22:42 -------- d-----w- c:\program files\Logitech
2010-01-19 22:12 . 2009-03-21 14:06 989696 ----a-w- c:\windows\system32\dllcache\kernel32.dll
2010-01-19 22:01 . 2010-01-19 22:01 -------- d-----w- c:\windows\system32\scripting
2010-01-19 22:01 . 2010-01-19 22:01 -------- d-----w- c:\windows\system32\en
2010-01-19 22:01 . 2010-01-19 22:01 -------- d-----w- c:\windows\system32\bits
2010-01-19 21:25 . 2008-04-14 00:12 3901 ----a-w- c:\windows\system32\drivers\siint5.dll
2010-01-19 21:24 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\faxpatch.exe
2010-01-19 02:13 . 2009-12-21 19:14 12800 ----a-w- c:\windows\system32\dllcache\xpshims.dll
2010-01-19 02:13 . 2009-12-21 19:14 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-19 02:13 . 2009-12-21 19:14 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-19 02:13 . 2009-12-21 19:14 246272 ----a-w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-19 02:13 . 2009-12-21 19:14 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-01-19 02:13 . 2009-12-21 19:14 11070464 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-01-18 21:51 . 2008-06-24 16:43 74240 ----a-w- c:\windows\system32\dllcache\mscms.dll
2010-01-18 21:51 . 2008-06-12 14:23 956928 ----a-w- c:\windows\system32\dllcache\msdtctm.dll
2010-01-18 21:51 . 2008-06-12 14:23 91648 ----a-w- c:\windows\system32\dllcache\mtxoci.dll
2010-01-18 21:51 . 2008-06-12 14:23 66560 ----a-w- c:\windows\system32\dllcache\mtxclu.dll
2010-01-18 21:51 . 2008-06-12 14:23 58880 ----a-w- c:\windows\system32\dllcache\msdtclog.dll
2010-01-18 21:51 . 2008-06-12 14:23 428032 ----a-w- c:\windows\system32\dllcache\msdtcprx.dll
2010-01-18 21:51 . 2008-06-12 14:23 161792 ----a-w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-01-18 21:50 . 2008-07-07 20:26 253952 ----a-w- c:\windows\system32\dllcache\es.dll
2010-01-18 21:50 . 2009-05-07 15:32 345600 ----a-w- c:\windows\system32\dllcache\localspl.dll
2010-01-18 21:50 . 2009-02-06 10:10 227840 ----a-w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-18 21:50 . 2009-02-09 12:10 453120 ----a-w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-18 21:50 . 2009-02-09 12:10 401408 ----a-w- c:\windows\system32\dllcache\rpcss.dll
2010-01-18 21:50 . 2009-02-06 11:11 110592 ----a-w- c:\windows\system32\dllcache\services.exe
2010-01-18 21:50 . 2009-03-06 14:22 284160 ----a-w- c:\windows\system32\dllcache\pdh.dll
2010-01-18 21:50 . 2009-02-09 12:10 714752 ----a-w- c:\windows\system32\dllcache\ntdll.dll
2010-01-18 21:50 . 2009-02-09 12:10 617472 ----a-w- c:\windows\system32\dllcache\advapi32.dll
2010-01-18 21:50 . 2009-02-09 12:10 473600 ----a-w- c:\windows\system32\dllcache\fastprox.dll
2010-01-18 21:49 . 2008-06-13 11:05 272128 ----a-w- c:\windows\system32\dllcache\bthport.sys
2010-01-18 21:49 . 2008-06-13 11:05 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2010-01-18 21:49 . 2009-11-21 15:51 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2010-01-18 21:49 . 2008-06-20 11:51 361600 ----a-w- c:\windows\system32\dllcache\tcpip.sys
2010-01-18 21:49 . 2008-06-20 11:08 225856 ----a-w- c:\windows\system32\dllcache\tcpip6.sys
2010-01-18 21:49 . 2008-08-14 10:04 138496 ----a-w- c:\windows\system32\dllcache\afd.sys
2010-01-18 21:49 . 2008-06-20 17:46 245248 ----a-w- c:\windows\system32\dllcache\mswsock.dll
2010-01-18 21:49 . 2008-06-20 17:46 147968 ----a-w- c:\windows\system32\dllcache\dnsapi.dll
2010-01-18 21:49 . 2008-04-14 00:12 28672 ----a-w- c:\windows\system32\verclsid.exe
2010-01-18 21:48 . 2008-05-08 14:02 203136 ----a-w- c:\windows\system32\dllcache\rmcast.sys
2010-01-18 21:48 . 2008-10-24 11:21 455296 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-18 21:48 . 2008-12-11 10:57 333952 ----a-w- c:\windows\system32\dllcache\srv.sys
2010-01-18 21:48 . 2008-06-17 19:02 8461312 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-01-18 21:48 . 2008-04-11 19:04 691712 ----a-w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-18 21:47 . 2009-04-15 14:51 585216 ----a-w- c:\windows\system32\dllcache\rpcrt4.dll
2010-01-18 21:47 . 2009-08-05 04:44 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-18 21:47 . 2009-08-04 14:20 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-18 21:47 . 2009-08-04 15:13 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-18 21:47 . 2009-08-04 14:20 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-18 21:47 . 2008-10-15 16:34 337408 ----a-w- c:\windows\system32\dllcache\netapi32.dll
2010-01-18 21:47 . 2008-10-23 12:36 286720 ----a-w- c:\windows\system32\dllcache\gdi32.dll
2010-01-18 21:46 . 2008-05-03 11:55 2560 ----a-w- c:\windows\system32\xpsp4res.dll
2010-01-18 21:46 . 2008-04-21 12:08 215552 ----a-w- c:\windows\system32\dllcache\wordpad.exe
2010-01-18 21:32 . 2010-01-18 21:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-18 21:25 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-18 21:25 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-18 21:24 . 2010-01-18 21:24 -------- d-----w- c:\program files\iPod
2010-01-18 21:24 . 2010-01-18 21:25 -------- d-----w- c:\program files\iTunes
2010-01-18 21:23 . 2010-01-18 21:23 -------- d-----w- c:\program files\QuickTime
2010-01-18 21:22 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-18 21:22 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-18 21:15 . 2010-01-18 21:15 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-18 21:14 . 2010-01-18 21:14 -------- d-----w- c:\program files\Common Files\Skype
2010-01-18 20:42 . 2010-01-18 20:42 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\HPAppData
2010-01-18 20:36 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-18 20:36 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-18 20:35 . 2007-03-30 15:29 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-18 20:35 . 2007-03-28 22:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2010-01-18 20:35 . 2007-03-28 21:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-01-18 20:35 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-18 20:35 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-18 20:35 . 2010-01-19 22:41 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-18 20:35 . 2007-03-17 06:39 303104 ----a-r- c:\windows\system32\hpovst11.dll
2010-01-18 20:35 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-18 20:35 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-18 20:35 . 2007-03-17 06:39 675840 ----a-r- c:\windows\system32\hpowiax4.dll
2010-01-18 20:35 . 2007-03-17 06:39 958464 ----a-r- c:\windows\system32\hpotiop4.dll
2010-01-18 20:35 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-18 12:08 . 2010-01-18 12:08 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2010-01-18 12:07 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-18 12:06 . 2004-10-25 22:17 90112 ----a-w- c:\windows\system32\ps2.EXE
2010-01-18 11:20 . 2010-01-18 11:20 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96.002\Local Settings\Application Data\Mozilla
2010-01-18 11:04 . 2005-10-15 10:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-01-18 11:04 . 2005-10-15 10:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-01-18 11:04 . 2005-10-15 10:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-01-18 11:04 . 2005-10-15 10:10 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-01-18 11:04 . 2005-10-15 10:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2010-01-18 09:03 . 2010-01-19 22:44 43168 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 00:01 . 2010-01-18 20:47 139681 ----a-w- c:\windows\hpoins15.dat
2010-01-18 00:01 . 2007-06-05 23:04 1039 ------w- c:\windows\hpomdl15.dat
2010-01-17 23:51 . 2010-01-19 22:42 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-16 10:05 . 2010-01-27 03:58 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype
2010-01-16 10:05 . 2010-01-18 21:15 -------- d-----r- c:\program files\Skype
2010-01-16 08:52 . 2010-01-16 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-16 04:32 . 2010-01-16 04:32 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\LogiShrd
2010-01-16 04:29 . 2010-01-17 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-12 21:39 . 2009-10-15 16:28 81920 ----a-w- c:\windows\system32\dllcache\fontsub.dll
2010-01-12 21:39 . 2009-10-15 16:28 119808 ----a-w- c:\windows\system32\dllcache\t2embed.dll
2010-01-11 08:29 . 2010-01-11 08:29 -------- d-----w- c:\program files\DownloadXCtrl.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 19:34 . 2010-01-18 20:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-27 19:34 . 2010-01-18 20:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-27 07:40 . 2005-12-08 18:35 -------- d-----w- c:\program files\Yahoo!
2010-01-27 03:23 . 2008-09-28 20:35 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM
2010-01-19 22:06 . 2005-06-25 05:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-19 22:05 . 2010-01-19 22:05 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-01-19 22:05 . 2010-01-19 22:05 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-01-19 22:05 . 2010-01-19 22:05 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-01-19 22:05 . 2010-01-19 22:05 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-01-19 22:05 . 2010-01-19 22:05 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-01-19 22:05 . 2010-01-19 22:05 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-01-19 22:05 . 2010-01-19 22:05 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2010-01-19 22:05 . 2010-01-19 22:05 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-01-19 03:52 . 2005-10-15 10:08 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-19 02:55 . 2010-01-19 02:55 931840 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-18 21:31 . 2009-11-04 22:54 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-18 21:29 . 2009-11-10 00:26 79488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-18 20:42 . 2005-10-15 10:04 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-18 12:51 . 2005-10-15 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-18 12:40 . 2005-10-15 09:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 12:23 . 2005-10-15 09:51 -------- d-----w- c:\program files\Common Files\HP
2010-01-18 12:08 . 2010-01-18 11:05 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Symantec
2010-01-18 12:07 . 2010-01-18 11:05 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2010-01-18 12:07 . 2010-01-18 12:07 1853 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EL494AA-ABA a1226n_YC_0Pavi_QMXF544_E54NAheBLU3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.10_T051014_WXH2_L409_M959_J160_7AMD_8Athlon 64_92.19_#051128_N10EC8139_Z10573052_G10025954.MRK
2010-01-18 08:50 . 2009-10-24 21:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\HpUpdate
2009-12-24 08:12 . 2005-12-27 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-13 19:46 . 2009-08-18 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-13 19:46 . 2009-12-13 19:46 -------- d-----w- c:\program files\NOS
2009-12-11 03:46 . 2009-12-11 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-11 03:11 . 2009-12-11 02:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-08 07:59 . 2009-12-08 07:59 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\McAfee
2009-12-08 07:12 . 2008-09-07 16:58 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-12-08 05:49 . 2009-12-08 05:49 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-12-02 03:43 . 2009-12-13 19:46 34496 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\hlpmknz1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-12-02 03:43 . 2009-12-13 19:46 25936 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\hlpmknz1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-30 08:59 . 2009-02-20 05:44 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Move Networks
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 22:39 . 2009-12-24 08:12 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-10-30 07:07 . 2009-10-30 07:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
1989-12-12 17:10 . 2006-08-22 14:02 980000 -csh--r- c:\windows\bfnxirj.exe
1601-01-01 00:03 . 1601-01-01 00:03 51200 --sha-w- c:\windows\system32\bupufana.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\buvoyaki.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\gosofuwu.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\lazikito.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\mazimiru.dll
1601-01-01 00:03 . 1601-01-01 00:03 61440 --sha-w- c:\windows\system32\nalayafi.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\nayazika.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\suluyeba.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\vozigoji.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280]

c:\documents and settings\HP_Owner.YOUR-27E1513D96\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-15 36903]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-04-30 22:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 18:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 23:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

BHO-{a20ce80d-1feb-47b0-a941-1099b25aeec0} - jijivafo.dll
HKLM-Run-wohuhuval - c:\windows\system32\hizapego.dll
HKLM-Run-fowahugawa - rudadiza.dll
SharedTaskScheduler-{70603387-fb36-4a16-b05c-c963be41ed9c} - c:\windows\system32\madubiha.dll
SharedTaskScheduler-{b22f3e33-cda8-43a3-afbe-9fbc4a39f858} - c:\windows\system32\hizapego.dll
SSODL-zarofopub-{70603387-fb36-4a16-b05c-c963be41ed9c} - c:\windows\system32\madubiha.dll
SSODL-nogosizat-{b22f3e33-cda8-43a3-afbe-9fbc4a39f858} - c:\windows\system32\hizapego.dll
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 11:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1040)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\sm56hlpr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-27 11:43:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 19:43

Pre-Run: 63,293,652,992 bytes free
Post-Run: 64,167,317,504 bytes free

- - End Of File - - 12F6F34E2FA1AC3E36E9DCEB1483A235


#4 Squid9

Squid9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 January 2010 - 07:58 PM

can anyone help?

i have posted the dds log, attach.txt file, ark.txt file, and combo-fix log

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 28 January 2010 - 07:14 AM

QUOTE(Squid9 @ Jan 28 2010, 08:58 AM) View Post
can anyone help?

i have posted the dds log, attach.txt file, ark.txt file, and combo-fix log



1st rule: Be patient.. I'm just a normal person who help here for free.. I'm not a robot who 24/7 in front of the computer..


1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
KillAll::

File::
c:\windows\bfnxirj.exe
c:\windows\system32\bupufana.dll
c:\windows\system32\buvoyaki.dll
c:\windows\system32\gosofuwu.dll
c:\windows\system32\lazikito.dll
c:\windows\system32\mazimiru.dll
c:\windows\system32\nalayafi.dll
c:\windows\system32\nayazika.dll
c:\windows\system32\suluyeba.dll
c:\windows\system32\vozigoji.dll


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe/KittyFix.exe as depicted in the animation below. This will start ComboFix/KittyFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 Squid9

Squid9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 28 January 2010 - 04:32 PM

I apologize for that, im new to this site and well I guess I just got ahead of myself. Thanks for your help BTW. I really appreciate it. Here is the combofix log and the hijackthis log is in the atatchments.


ComboFix 10-01-28.02 - HP_Owner 01/28/2010 13:12:02.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.447 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt

FILE ::
"c:\windows\bfnxirj.exe"
"c:\windows\system32\bupufana.dll"
"c:\windows\system32\buvoyaki.dll"
"c:\windows\system32\gosofuwu.dll"
"c:\windows\system32\lazikito.dll"
"c:\windows\system32\mazimiru.dll"
"c:\windows\system32\nalayafi.dll"
"c:\windows\system32\nayazika.dll"
"c:\windows\system32\suluyeba.dll"
"c:\windows\system32\vozigoji.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\{9DEC42E0-E4EB-4FAD-9CB3-74F17AEC728D}
c:\documents and settings\HP_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\{9DEC42E0-E4EB-4FAD-9CB3-74F17AEC728D}\chrome.manifest
c:\documents and settings\HP_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\{9DEC42E0-E4EB-4FAD-9CB3-74F17AEC728D}\chrome\content\_cfg.js
c:\documents and settings\HP_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\{9DEC42E0-E4EB-4FAD-9CB3-74F17AEC728D}\chrome\content\overlay.xul
c:\documents and settings\HP_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\{9DEC42E0-E4EB-4FAD-9CB3-74F17AEC728D}\install.rdf
.
---- Previous Run -------
.
c:\windows\bfnxirj.exe
c:\windows\system32\gosofuwu.dll
c:\windows\system32\lazikito.dll
c:\windows\system32\mazimiru.dll
c:\windows\system32\nayazika.dll
c:\windows\system32\vozigoji.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-27 08:42 . 2010-01-27 08:42 -------- d-----w- c:\program files\Trend Micro
2010-01-27 02:46 . 2010-01-27 02:46 35328 ----a-w- c:\windows\system32\contpart.dll
2010-01-21 19:17 . 2010-01-21 19:17 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Cooliris
2010-01-21 00:52 . 2008-05-09 10:53 90112 ----a-w- c:\windows\system32\dllcache\wshext.dll
2010-01-21 00:52 . 2008-05-09 10:53 172032 ----a-w- c:\windows\system32\dllcache\scrrun.dll
2010-01-21 00:52 . 2008-05-09 10:53 180224 ----a-w- c:\windows\system32\dllcache\scrobj.dll
2010-01-21 00:52 . 2008-05-08 11:24 155648 ----a-w- c:\windows\system32\dllcache\wscript.exe
2010-01-21 00:52 . 2008-05-07 09:07 135168 ----a-w- c:\windows\system32\dllcache\cscript.exe
2010-01-20 20:57 . 2010-01-20 20:57 -------- d-sh--w- c:\documents and settings\HP_Owner\IECompatCache
2010-01-19 22:42 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-19 22:42 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-19 22:42 . 2009-04-30 22:57 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-19 22:42 . 2009-04-30 23:03 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-19 22:41 . 2009-04-30 23:01 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-19 22:41 . 2009-04-30 23:00 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2010-01-19 22:41 . 2009-04-30 22:57 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2010-01-19 22:41 . 2009-04-30 22:39 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-19 22:40 . 2009-04-30 23:03 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-19 22:39 . 2010-01-19 22:42 -------- d-----w- c:\program files\Logitech
2010-01-19 22:12 . 2009-03-21 14:06 989696 ----a-w- c:\windows\system32\dllcache\kernel32.dll
2010-01-19 22:01 . 2010-01-19 22:01 -------- d-----w- c:\windows\system32\scripting
2010-01-19 22:01 . 2010-01-19 22:01 -------- d-----w- c:\windows\system32\en
2010-01-19 22:01 . 2010-01-19 22:01 -------- d-----w- c:\windows\system32\bits
2010-01-19 21:25 . 2008-04-14 00:12 3901 ----a-w- c:\windows\system32\drivers\siint5.dll
2010-01-19 21:24 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\faxpatch.exe
2010-01-19 02:13 . 2009-12-21 19:14 12800 ----a-w- c:\windows\system32\dllcache\xpshims.dll
2010-01-19 02:13 . 2009-12-21 19:14 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-19 02:13 . 2009-12-21 19:14 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-19 02:13 . 2009-12-21 19:14 246272 ----a-w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-19 02:13 . 2009-12-21 19:14 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-01-19 02:13 . 2009-12-21 19:14 11070464 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-01-18 21:51 . 2008-06-24 16:43 74240 ----a-w- c:\windows\system32\dllcache\mscms.dll
2010-01-18 21:51 . 2008-06-12 14:23 956928 ----a-w- c:\windows\system32\dllcache\msdtctm.dll
2010-01-18 21:51 . 2008-06-12 14:23 91648 ----a-w- c:\windows\system32\dllcache\mtxoci.dll
2010-01-18 21:51 . 2008-06-12 14:23 66560 ----a-w- c:\windows\system32\dllcache\mtxclu.dll
2010-01-18 21:51 . 2008-06-12 14:23 58880 ----a-w- c:\windows\system32\dllcache\msdtclog.dll
2010-01-18 21:51 . 2008-06-12 14:23 428032 ----a-w- c:\windows\system32\dllcache\msdtcprx.dll
2010-01-18 21:51 . 2008-06-12 14:23 161792 ----a-w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-01-18 21:50 . 2008-07-07 20:26 253952 ----a-w- c:\windows\system32\dllcache\es.dll
2010-01-18 21:50 . 2009-05-07 15:32 345600 ----a-w- c:\windows\system32\dllcache\localspl.dll
2010-01-18 21:50 . 2009-02-06 10:10 227840 ----a-w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-18 21:50 . 2009-02-09 12:10 453120 ----a-w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-18 21:50 . 2009-02-09 12:10 401408 ----a-w- c:\windows\system32\dllcache\rpcss.dll
2010-01-18 21:50 . 2009-02-06 11:11 110592 ----a-w- c:\windows\system32\dllcache\services.exe
2010-01-18 21:50 . 2009-03-06 14:22 284160 ----a-w- c:\windows\system32\dllcache\pdh.dll
2010-01-18 21:50 . 2009-02-09 12:10 714752 ----a-w- c:\windows\system32\dllcache\ntdll.dll
2010-01-18 21:50 . 2009-02-09 12:10 617472 ----a-w- c:\windows\system32\dllcache\advapi32.dll
2010-01-18 21:50 . 2009-02-09 12:10 473600 ----a-w- c:\windows\system32\dllcache\fastprox.dll
2010-01-18 21:49 . 2008-06-13 11:05 272128 ----a-w- c:\windows\system32\dllcache\bthport.sys
2010-01-18 21:49 . 2008-06-13 11:05 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2010-01-18 21:49 . 2009-11-21 15:51 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2010-01-18 21:49 . 2008-06-20 11:51 361600 ----a-w- c:\windows\system32\dllcache\tcpip.sys
2010-01-18 21:49 . 2008-06-20 11:08 225856 ----a-w- c:\windows\system32\dllcache\tcpip6.sys
2010-01-18 21:49 . 2008-08-14 10:04 138496 ----a-w- c:\windows\system32\dllcache\afd.sys
2010-01-18 21:49 . 2008-06-20 17:46 245248 ----a-w- c:\windows\system32\dllcache\mswsock.dll
2010-01-18 21:49 . 2008-06-20 17:46 147968 ----a-w- c:\windows\system32\dllcache\dnsapi.dll
2010-01-18 21:49 . 2008-04-14 00:12 28672 ----a-w- c:\windows\system32\verclsid.exe
2010-01-18 21:48 . 2008-05-08 14:02 203136 ----a-w- c:\windows\system32\dllcache\rmcast.sys
2010-01-18 21:48 . 2008-10-24 11:21 455296 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-18 21:48 . 2008-12-11 10:57 333952 ----a-w- c:\windows\system32\dllcache\srv.sys
2010-01-18 21:48 . 2008-06-17 19:02 8461312 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-01-18 21:48 . 2008-04-11 19:04 691712 ----a-w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-18 21:47 . 2009-04-15 14:51 585216 ----a-w- c:\windows\system32\dllcache\rpcrt4.dll
2010-01-18 21:47 . 2009-08-05 04:44 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-18 21:47 . 2009-08-04 14:20 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-18 21:47 . 2009-08-04 15:13 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-18 21:47 . 2009-08-04 14:20 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-18 21:47 . 2008-10-15 16:34 337408 ----a-w- c:\windows\system32\dllcache\netapi32.dll
2010-01-18 21:47 . 2008-10-23 12:36 286720 ----a-w- c:\windows\system32\dllcache\gdi32.dll
2010-01-18 21:46 . 2008-05-03 11:55 2560 ----a-w- c:\windows\system32\xpsp4res.dll
2010-01-18 21:46 . 2008-04-21 12:08 215552 ----a-w- c:\windows\system32\dllcache\wordpad.exe
2010-01-18 21:32 . 2010-01-18 21:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-18 21:25 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-18 21:25 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-18 21:24 . 2010-01-18 21:24 -------- d-----w- c:\program files\iPod
2010-01-18 21:24 . 2010-01-18 21:25 -------- d-----w- c:\program files\iTunes
2010-01-18 21:23 . 2010-01-18 21:23 -------- d-----w- c:\program files\QuickTime
2010-01-18 21:22 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-18 21:22 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-18 21:15 . 2010-01-18 21:15 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-18 21:14 . 2010-01-18 21:14 -------- d-----w- c:\program files\Common Files\Skype
2010-01-18 20:42 . 2010-01-18 20:42 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\HPAppData
2010-01-18 20:36 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-18 20:36 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-18 20:35 . 2007-03-30 15:29 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-18 20:35 . 2007-03-28 22:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2010-01-18 20:35 . 2007-03-28 21:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-01-18 20:35 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-18 20:35 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-18 20:35 . 2010-01-19 22:41 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-18 20:35 . 2007-03-17 06:39 303104 ----a-r- c:\windows\system32\hpovst11.dll
2010-01-18 20:35 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-18 20:35 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-18 20:35 . 2007-03-17 06:39 675840 ----a-r- c:\windows\system32\hpowiax4.dll
2010-01-18 20:35 . 2007-03-17 06:39 958464 ----a-r- c:\windows\system32\hpotiop4.dll
2010-01-18 20:35 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-18 12:08 . 2010-01-18 12:08 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2010-01-18 12:07 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-18 12:06 . 2004-10-25 22:17 90112 ----a-w- c:\windows\system32\ps2.EXE
2010-01-18 11:20 . 2010-01-18 11:20 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96.002\Local Settings\Application Data\Mozilla
2010-01-18 11:04 . 2005-10-15 10:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-01-18 11:04 . 2005-10-15 10:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-01-18 11:04 . 2005-10-15 10:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-01-18 11:04 . 2005-10-15 10:10 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-01-18 11:04 . 2005-10-15 10:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2010-01-18 09:03 . 2010-01-19 22:44 43168 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 00:01 . 2010-01-18 20:47 139681 ----a-w- c:\windows\hpoins15.dat
2010-01-18 00:01 . 2007-06-05 23:04 1039 ------w- c:\windows\hpomdl15.dat
2010-01-17 23:51 . 2010-01-19 22:42 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-16 10:05 . 2010-01-27 03:58 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype
2010-01-16 10:05 . 2010-01-18 21:15 -------- d-----r- c:\program files\Skype
2010-01-16 08:52 . 2010-01-16 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-16 04:32 . 2010-01-16 04:32 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\LogiShrd
2010-01-16 04:29 . 2010-01-17 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-12 21:39 . 2009-10-15 16:28 81920 ----a-w- c:\windows\system32\dllcache\fontsub.dll
2010-01-12 21:39 . 2009-10-15 16:28 119808 ----a-w- c:\windows\system32\dllcache\t2embed.dll
2010-01-11 08:29 . 2010-01-11 08:29 -------- d-----w- c:\program files\DownloadXCtrl.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 21:18 . 2010-01-18 20:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-28 21:18 . 2010-01-18 20:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-27 07:40 . 2005-12-08 18:35 -------- d-----w- c:\program files\Yahoo!
2010-01-27 03:23 . 2008-09-28 20:35 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM
2010-01-19 22:06 . 2005-06-25 05:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-19 22:05 . 2010-01-19 22:05 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-01-19 22:05 . 2010-01-19 22:05 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-01-19 22:05 . 2010-01-19 22:05 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-01-19 22:05 . 2010-01-19 22:05 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-01-19 22:05 . 2010-01-19 22:05 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-01-19 22:05 . 2010-01-19 22:05 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-01-19 22:05 . 2010-01-19 22:05 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2010-01-19 22:05 . 2010-01-19 22:05 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-01-19 03:52 . 2005-10-15 10:08 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-19 02:55 . 2010-01-19 02:55 931840 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-18 21:31 . 2009-11-04 22:54 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-18 21:29 . 2009-11-10 00:26 79488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-18 20:42 . 2005-10-15 10:04 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-18 12:51 . 2005-10-15 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-18 12:40 . 2005-10-15 09:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 12:23 . 2005-10-15 09:51 -------- d-----w- c:\program files\Common Files\HP
2010-01-18 12:08 . 2010-01-18 11:05 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Symantec
2010-01-18 12:07 . 2010-01-18 11:05 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2010-01-18 12:07 . 2010-01-18 12:07 1853 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EL494AA-ABA a1226n_YC_0Pavi_QMXF544_E54NAheBLU3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.10_T051014_WXH2_L409_M959_J160_7AMD_8Athlon 64_92.19_#051128_N10EC8139_Z10573052_G10025954.MRK
2010-01-18 08:50 . 2009-10-24 21:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\HpUpdate
2009-12-24 08:12 . 2005-12-27 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-13 19:46 . 2009-08-18 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-13 19:46 . 2009-12-13 19:46 -------- d-----w- c:\program files\NOS
2009-12-11 03:46 . 2009-12-11 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-11 03:11 . 2009-12-11 02:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-08 07:59 . 2009-12-08 07:59 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\McAfee
2009-12-08 07:12 . 2008-09-07 16:58 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-12-08 05:49 . 2009-12-08 05:49 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-12-02 03:43 . 2009-12-13 19:46 34496 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\hlpmknz1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-12-02 03:43 . 2009-12-13 19:46 25936 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\hlpmknz1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-30 08:59 . 2009-02-20 05:44 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Move Networks
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 22:39 . 2009-12-24 08:12 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280]

c:\documents and settings\HP_Owner.YOUR-27E1513D96\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-15 36903]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-04-30 22:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 18:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 23:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 13:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2680)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\docume~1\HP_Owner\LOCALS~1\Temp\catchme.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\sm56hlpr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-28 13:25:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 21:25
ComboFix2.txt 2010-01-27 19:43

Pre-Run: 64,108,113,920 bytes free
Post-Run: 64,101,367,808 bytes free

- - End Of File - - 4430FCB5FAADF831078BD4769190E2C0

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 29 January 2010 - 05:36 AM

Hello,

Please show hidden files and folders

Find these files and delete them manually

c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

How's the computer now? smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Squid9

Squid9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 29 January 2010 - 11:51 PM

Here is the MBAM log

Malwarebytes' Anti-Malware 1.44
Database version: 3660
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/29/2010 7:17:37 PM
mbam-log-2010-01-29 (19-17-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 314660
Time elapsed: 2 hour(s), 54 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\contpart.dll (Backdoo.Papras) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\contpart.dll (Backdoo.Papras) -> Delete on reboot.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll.vir (Trojan.Chksyn) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gosofuwu.dll.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hizapego.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kabujupe.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lazikito.dll.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mazimiru.dll.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\muyasera.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nayazika.dll.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rudadiza.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vozigoji.dll.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000080.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000081.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000083.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000038.dll (Backdoo.Papras) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000074.dll (Trojan.Chksyn) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000117.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000119.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000298.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000326.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000369.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000370.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000385.dll (Backdoo.Papras) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000399.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000436.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000485.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000486.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000487.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000488.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000489.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000586.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000614.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000650.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000686.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000716.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000753.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000884.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000912.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ivuyoqanejobeceb.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Combo-Fix29005C\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Combo-Fix29005C\PV.cfxxe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Combo-Fix29005C\pv.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.YOUR-27E1513D96\Local Settings\Application Data\Mozilla\Firefox\Profiles\k6y2fnpp.default\Cache\48A1D7F9d01 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system77428.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.




Here is the ESET Online Scanner log


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d1d4726dce011244b50b65793945a9a0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-30 04:40:45
# local_time=2010-01-29 08:40:45 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=148570
# found=9
# cleaned=9
# scan_time=4378
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\3b7e4533-748d6587 probably a variant of Java/TrojanDownloader.Agent.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\maponr.dll.vir a variant of Win32/Cimag.AZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000028.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000078.dll a variant of Win32/Cimag.AZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000110.exe a variant of Win32/Cimag.AZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000113.exe a variant of Win32/Kryptik.BTF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000116.exe Win32/TrojanDownloader.FakeAlert.AFQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000367.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000368.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 31 January 2010 - 05:12 AM

Erm.. reboot the computer and run Malwarebytes' again.. Post the fresh Malwarebytes' report here smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Squid9

Squid9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 31 January 2010 - 04:52 PM

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3660
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/31/2010 1:37:17 PM
mbam-log-2010-01-31 (13-37-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 314928
Time elapsed: 2 hour(s), 45 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP3\A0001017.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP3\A0001018.com (Trojan.Agent) -> Quarantined and deleted successfully.


#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 01 February 2010 - 05:29 AM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread smile.gif



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Squid9

Squid9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 01 February 2010 - 01:14 PM

Wow,Ive noticed that it has also sped up, it was much slower before. Thanks for your help. Do you have any programs you suggest to keep things like theses from happening again?

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 02 February 2010 - 06:50 AM

QUOTE(Squid9 @ Feb 2 2010, 02:14 AM) View Post
Wow,Ive noticed that it has also sped up, it was much slower before. Thanks for your help. Do you have any programs you suggest to keep things like theses from happening again?


Erm... I didn't see any antivirus on the computer.. What antivirus you actually use? If nothing, I would recommend Avira Antivir Personal Edition.. Its free and excellent!..

Also in addition, you might want a third party Firewall.. I recommend PC Tools Firewall Plus for its simplicity.. Anymore questions? smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Squid9

Squid9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 04 February 2010 - 04:14 AM

All I use is Spybot Search and Destroy

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 04 February 2010 - 07:05 AM

Spybot is a good antispyware but not an antivirus.. I reckon you to install one.. Here's a link to Avira Antivirus Free..

http://www.free-av.com/en/download/1/avira..._antivirus.html

Anymore question? smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users