Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 larbuthn

larbuthn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 01 June 2010 - 03:34 PM

Can someone help me analyze this Combo Fix log please and let me know if I should take any further steps? Thank you in advance!

ComboFix 10-06-01.01 - Marilyn Arbuthnott 06/01/2010 15:56:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.591 [GMT -4:00]
Running from: c:\documents and settings\Marilyn Arbuthnott\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Marilyn Arbuthnott\GoToAssistDownloadHelper.exe
c:\windows\PRAGMAfnntiksmuw
c:\windows\PRAGMAfnntiksmuw\pragmabbr.dll
c:\windows\PRAGMAfnntiksmuw\PRAGMAc.dll
c:\windows\PRAGMAfnntiksmuw\PRAGMAcfg.ini
c:\windows\PRAGMAfnntiksmuw\PRAGMAd.sys
c:\windows\PRAGMAfnntiksmuw\pragmaserf.dll
c:\windows\PRAGMAfnntiksmuw\PRAGMAsrcr.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\fiyobubi.dll
c:\windows\system32\fozijesa.dll
c:\windows\system32\hidowewu.dll
c:\windows\system32\lutukogo.dll
c:\windows\system32\majiriho.dll
c:\windows\system32\vebikosi.dll
c:\windows\Tasks\gtpnczsh.job
c:\windows\Temp\tmp3.tmp
d:\program files\Data Protection

Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PRAGMAfnntiksmuw
-------\Legacy_PRAGMAfnntiksmuw


((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-06-01 16:02 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-01 16:02 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-01 16:02 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-01 16:02 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-01 16:02 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-01 16:02 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-01 16:02 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-01 16:01 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-01 16:01 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-01 16:01 . 2010-06-01 16:01 -------- d-----w- d:\program files\Alwil Software
2010-06-01 16:01 . 2010-06-01 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-01 15:36 . 2010-06-01 15:36 -------- d-----w- d:\program files\Trend Micro
2010-06-01 13:13 . 2010-06-01 13:14 -------- d-----w- c:\documents and settings\Marilyn Arbuthnott\Local Settings\Application Data\Temp
2010-06-01 11:36 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-01 06:05 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-01 05:22 . 2010-06-01 05:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-01 05:21 . 2010-06-01 05:22 -------- d-----w- d:\program files\Lavasoft
2010-06-01 05:11 . 2010-06-01 05:11 -------- d-----w- c:\documents and settings\Marilyn Arbuthnott\Local Settings\Application Data\Yahoo
2010-06-01 04:53 . 2010-06-01 04:53 -------- d-----w- d:\program files\microsoft frontpage
2010-06-01 02:59 . 2010-06-01 04:36 -------- d-----w- c:\windows\system32\NtmsData
2010-06-01 02:58 . 2010-06-01 02:58 -------- d-----w- c:\documents and settings\Marilyn Arbuthnott\Application Data\Avira
2010-06-01 02:48 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-01 02:48 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-01 02:48 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-01 02:48 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-01 02:48 . 2010-06-01 02:48 -------- d-----w- d:\program files\Avira
2010-06-01 02:48 . 2010-06-01 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 20:17 . 2010-06-01 20:17 503808 ----a-w- c:\documents and settings\Marilyn Arbuthnott\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6ce587ef-n\msvcp71.dll
2010-06-01 20:17 . 2010-06-01 20:17 499712 ----a-w- c:\documents and settings\Marilyn Arbuthnott\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6ce587ef-n\jmc.dll
2010-06-01 20:17 . 2010-06-01 20:17 348160 ----a-w- c:\documents and settings\Marilyn Arbuthnott\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6ce587ef-n\msvcr71.dll
2010-06-01 15:36 . 2010-06-01 15:36 388096 ----a-r- c:\documents and settings\Marilyn Arbuthnott\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-01 05:11 . 2008-05-28 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-04-24 16:54 . 2010-04-24 16:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-24 16:54 . 2010-04-24 16:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-24 16:54 . 2010-04-24 16:54 159232 ----a-w- c:\windows\system32\o.dat
2010-01-18 06:34 . 2010-01-18 06:34 1 -csha-w- c:\windows\system32\bepanoto.dll
2010-01-16 21:30 . 2010-01-16 21:30 1 -csha-w- c:\windows\system32\dawenegi.dll
2010-01-17 15:48 . 2010-01-17 15:48 1 -csha-w- c:\windows\system32\dilevuso.dll
2010-01-18 21:56 . 2010-01-18 21:56 1 --sha-w- c:\windows\system32\dudipepe.dll
2010-01-18 07:40 . 2010-01-18 07:40 1 -csha-w- c:\windows\system32\feboyeza.dll
2010-01-20 00:29 . 2010-01-20 00:29 1 -csha-w- c:\windows\system32\fesimohe.dll
2010-01-19 23:38 . 2010-01-19 23:38 1 -csha-w- c:\windows\system32\fuyigeze.dll
2010-01-18 06:34 . 2010-01-18 06:34 1 -csha-w- c:\windows\system32\gayuzime.dll
2010-01-14 01:55 . 2010-01-14 01:55 1 -csha-w- c:\windows\system32\gebojele.dll
2010-01-18 06:09 . 2010-01-18 06:09 1 -csha-w- c:\windows\system32\gihemitu.dll
2010-01-16 21:30 . 2010-01-16 21:30 1 -csha-w- c:\windows\system32\gilagapa.dll
2010-01-20 00:54 . 2010-01-20 00:54 1 -csha-w- c:\windows\system32\girivezu.dll
2010-01-16 22:35 . 2010-01-16 22:35 1 -csha-w- c:\windows\system32\gosahoju.dll
2010-01-18 06:09 . 2010-01-18 06:09 1 -csha-w- c:\windows\system32\guwiveju.dll
2010-01-18 21:30 . 2010-01-18 21:30 1 -csha-w- c:\windows\system32\guwudeme.dll
2010-01-18 21:56 . 2010-01-18 21:56 1 -csha-w- c:\windows\system32\higaziku.dll
2010-01-16 23:01 . 2010-01-16 23:01 1 -csha-w- c:\windows\system32\horihosu.dll
2010-01-16 22:35 . 2010-01-16 22:35 1 -csha-w- c:\windows\system32\japamogi.dll
2010-01-18 08:34 . 2010-01-18 08:34 1 -csha-w- c:\windows\system32\jawepuwa.dll
2010-01-18 04:38 . 2010-01-18 04:38 1 -csha-w- c:\windows\system32\jayedune.dll
2010-01-18 05:03 . 2010-01-18 05:03 1 -csha-w- c:\windows\system32\kikuvupi.dll
2010-01-17 00:06 . 2010-01-17 00:06 1 -csha-w- c:\windows\system32\layutasa.dll
2010-01-20 02:25 . 2010-01-20 02:25 1 -csha-w- c:\windows\system32\logozama.dll
2010-01-20 00:29 . 2010-01-20 00:29 1 -csha-w- c:\windows\system32\lupomoja.dll
2010-01-18 22:21 . 2010-01-18 22:21 1 -csha-w- c:\windows\system32\lurosuno.dll
2010-01-18 22:21 . 2010-01-18 22:21 1 -csha-w- c:\windows\system32\miyariye.dll
2010-01-17 00:06 . 2010-01-17 00:06 1 -csha-w- c:\windows\system32\mofelise.dll
2010-01-18 08:06 . 2010-01-18 08:06 1 -csha-w- c:\windows\system32\nesewodi.dll
2010-01-20 23:46 . 2010-01-20 23:46 1 -csha-w- c:\windows\system32\noturoya.dll
2010-01-18 05:03 . 2010-01-18 05:03 1 -csha-w- c:\windows\system32\pukotoyu.dll
2010-01-18 21:05 . 2010-01-18 21:05 1 -csha-w- c:\windows\system32\rehadiva.dll
2010-01-18 08:59 . 2010-01-18 08:59 1 -csha-w- c:\windows\system32\rofeyaza.dll
2010-01-15 02:00 . 2010-01-15 02:00 1 -csha-w- c:\windows\system32\sadokike.dll
2010-02-11 20:05 . 2010-02-11 20:05 67072 --sha-w- c:\windows\system32\sagimame.dll
2010-01-20 02:00 . 2010-01-20 02:00 1 -csha-w- c:\windows\system32\sapehemu.dll
2010-01-18 22:47 . 2010-01-18 22:47 1 -csha-w- c:\windows\system32\sejazasu.dll
2010-01-18 08:06 . 2010-01-18 08:06 1 -csha-w- c:\windows\system32\sijibale.dll
2010-01-18 21:05 . 2010-01-18 21:05 1 -csha-w- c:\windows\system32\tojovibo.dll
2010-01-20 23:23 . 2010-01-20 23:23 1 -csha-w- c:\windows\system32\torirayo.dll
2010-01-18 08:34 . 2010-01-18 08:34 1 -csha-w- c:\windows\system32\toyedofi.dll
2010-01-18 22:47 . 2010-01-18 22:47 1 -csha-w- c:\windows\system32\vabukusa.dll
2010-01-18 04:12 . 2010-01-18 04:12 1 -csha-w- c:\windows\system32\viruyuno.dll
2010-01-20 00:03 . 2010-01-20 00:03 1 --sha-w- c:\windows\system32\vozasela.dll
2010-01-18 04:38 . 2010-01-18 04:38 1 -csha-w- c:\windows\system32\vugopifu.dll
2010-01-16 21:04 . 2010-01-16 21:04 1 -csha-w- c:\windows\system32\vuladihi.dll
2010-01-18 07:40 . 2010-01-18 07:40 1 -csha-w- c:\windows\system32\wezutuvo.dll
2010-01-17 15:48 . 2010-01-17 15:48 1 -csha-w- c:\windows\system32\wivatema.dll
2010-01-14 01:55 . 2010-01-14 01:55 1 -csha-w- c:\windows\system32\wiwisoho.dll
2010-03-01 05:14 . 2010-03-01 05:14 96768 --sha-w- c:\windows\system32\wolizapa.dll
2010-01-16 21:04 . 2010-01-16 21:04 1 -csha-w- c:\windows\system32\wuyawatu.dll
2010-01-20 00:54 . 2010-01-20 00:54 1 -csha-w- c:\windows\system32\yafevefe.dll
2010-01-19 23:38 . 2010-01-19 23:38 1 -csha-w- c:\windows\system32\yegasuhi.dll
2010-01-20 23:23 . 2010-01-20 23:23 1 -csha-w- c:\windows\system32\yegupabu.dll
2010-01-20 23:46 . 2010-01-20 23:46 1 -csha-w- c:\windows\system32\yofabutu.dll
2010-01-14 01:55 . 2010-01-14 01:55 1 -csha-w- c:\windows\system32\yojobami.dll
2010-01-20 02:00 . 2010-01-20 02:00 1 -csha-w- c:\windows\system32\yovodaro.dll
2010-01-18 04:12 . 2010-01-18 04:12 1 -csha-w- c:\windows\system32\yufatisi.dll
2010-01-18 21:30 . 2010-01-18 21:30 1 -csha-w- c:\windows\system32\yufiyiro.dll
2010-01-20 00:03 . 2010-01-20 00:03 1 -csha-w- c:\windows\system32\yuguhehe.dll
2010-01-18 08:59 . 2010-01-18 08:59 1 -csha-w- c:\windows\system32\yusosimo.dll
2010-02-25 20:15 . 2010-02-25 20:15 97280 --sha-w- c:\windows\system32\zukidudu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e01a0107-a35a-460f-9be2-c9f38f3b1714}]
2010-02-11 20:05 67072 --sha-w- c:\windows\system32\sagimame.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-09-03 126976]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 148888]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"avast5"="d:\progra~2\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\Marilyn Arbuthnott\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-6-12 189952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-10-03 22:50 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-01 13:13 136176 ----atw- c:\documents and settings\Marilyn Arbuthnott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-07-12 06:15 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 -c--a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-04-03 22:12 777424 -c--a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/1/2010 2:05 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/1/2010 12:02 PM 164048]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [5/31/2010 10:48 PM 135336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/1/2010 12:02 PM 19024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1228208]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-651377827-682003330-1003Core.job
- c:\documents and settings\Marilyn Arbuthnott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-01 13:13]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-651377827-682003330-1003UA.job
- c:\documents and settings\Marilyn Arbuthnott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-01 13:13]

2010-06-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2010-06-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Marilyn Arbuthnott\Application Data\Mozilla\Firefox\Profiles\kcpfn8dy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\Marilyn Arbuthnott\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-jinaloluhi - fiyobubi.dll
HKLM-Run-zozivubor - c:\windows\system32\majiriho.dll
SharedTaskScheduler-{d781e2b3-0123-4f25-af07-e3a42e387991} - c:\windows\system32\dipitiwo.dll
SharedTaskScheduler-{96dbe93e-fe5b-4e8a-9dbe-f0616bb48e4f} - c:\windows\system32\verimaba.dll
SharedTaskScheduler-{8909f5d6-0e35-4729-a6b5-a78f75425d54} - c:\windows\system32\migejodi.dll
SharedTaskScheduler-{3e32f9a5-3ac8-4847-b6b3-3be2a6a743dd} - c:\windows\system32\migejodi.dll
SharedTaskScheduler-{69d77450-de20-4a94-a649-f7755f414f18} - c:\windows\system32\migejodi.dll
SharedTaskScheduler-{419accd7-d06f-4509-82e3-07a955fa4493} - c:\windows\system32\migejodi.dll
SharedTaskScheduler-{60256047-66cc-4ac3-9a86-381c117274fc} - c:\windows\system32\tifileze.dll
SharedTaskScheduler-{043094fd-0fa2-448d-a7d2-46cff22deda1} - c:\windows\system32\sokazoya.dll
SharedTaskScheduler-{f08e8953-e1d5-42e3-8a32-6b0cfc43fad7} - c:\windows\system32\repozuyi.dll
SharedTaskScheduler-{0ea31e99-8912-4d6d-83f0-082a1d9e8371} - c:\windows\system32\repozuyi.dll
SharedTaskScheduler-{ebe57e65-6475-4c6b-9c40-d4fc57af96f7} - c:\windows\system32\sokazoya.dll
SharedTaskScheduler-{1d76f665-63bf-47dc-a2e3-7425f2f7c0d4} - c:\windows\system32\repozuyi.dll
SharedTaskScheduler-{01e1de69-d80c-4fb8-8034-14f295436e91} - c:\windows\system32\sokazoya.dll
SharedTaskScheduler-{0093a8e4-b3ce-4167-9d99-1f189c234eab} - c:\windows\system32\majiriho.dll
SSODL-yadurokom-{d781e2b3-0123-4f25-af07-e3a42e387991} - c:\windows\system32\dipitiwo.dll
SSODL-nemotehod-{96dbe93e-fe5b-4e8a-9dbe-f0616bb48e4f} - c:\windows\system32\verimaba.dll
SSODL-koravafop-{8909f5d6-0e35-4729-a6b5-a78f75425d54} - c:\windows\system32\migejodi.dll
SSODL-netikapaf-{3e32f9a5-3ac8-4847-b6b3-3be2a6a743dd} - c:\windows\system32\migejodi.dll
SSODL-dawemefur-{69d77450-de20-4a94-a649-f7755f414f18} - c:\windows\system32\migejodi.dll
SSODL-wujuzujij-{419accd7-d06f-4509-82e3-07a955fa4493} - c:\windows\system32\migejodi.dll
SSODL-kidugofeb-{60256047-66cc-4ac3-9a86-381c117274fc} - c:\windows\system32\tifileze.dll
SSODL-gadetotun-{043094fd-0fa2-448d-a7d2-46cff22deda1} - c:\windows\system32\sokazoya.dll
SSODL-pabavezuv-{f08e8953-e1d5-42e3-8a32-6b0cfc43fad7} - c:\windows\system32\repozuyi.dll
SSODL-peyohidov-{0ea31e99-8912-4d6d-83f0-082a1d9e8371} - c:\windows\system32\repozuyi.dll
SSODL-rayuzuwaw-{ebe57e65-6475-4c6b-9c40-d4fc57af96f7} - c:\windows\system32\sokazoya.dll
SSODL-hidapokoh-{1d76f665-63bf-47dc-a2e3-7425f2f7c0d4} - c:\windows\system32\repozuyi.dll
SSODL-sokidunih-{01e1de69-d80c-4fb8-8034-14f295436e91} - c:\windows\system32\sokazoya.dll
SSODL-yabogadal-{0093a8e4-b3ce-4167-9d99-1f189c234eab} - c:\windows\system32\majiriho.dll
MSConfigStartUp-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1124240845\ee\AOLHostManager.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-KeyAccess - kass.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-Age of Empires 2.0 - c:\program files\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-Medieval Total War - d:\program downloads folder\Uninst.isu
AddRemove-Move Networks Player_is1 - c:\documents and settings\Marilyn Arbuthnott\Application Data\Move Networks\ie_bin\unins000.exe
AddRemove-Red Alert 2 - d:\program downloads folder\Uninstll.EXE
AddRemove-Yuri's Revenge - d:\program downloads folder\Uninstll.EXE
AddRemove-{D32470A1-B10C-4059-BA53-CF0486F68EBC} - c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_10009_33068\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 16:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,c2,aa,15,e4,fa,0d,43,a6,a4,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,c2,aa,15,e4,fa,0d,43,a6,a4,89,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2260)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WgaTray.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
d:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Java\jre6\bin\jucheck.exe
d:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-06-01 16:25:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-01 20:25

Pre-Run: 183,455,744 bytes free
Post-Run: 513,650,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8812A0CB97ADE45C8CDC0C3E49634CCB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:25 AM

Posted 03 June 2010 - 07:17 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:25 AM

Posted 08 June 2010 - 08:01 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users