dBrett

sjpritch25 Everything works great. Thanks for your time, your patients and your help.

Computer is running good. I will download AV and spyware unless you want me to wait. The only thing out of the ordinary was Windows did a 5 step update when shutting down. It didn't prompt for an ok, just did an update. I ran a scan on the next start up and didn't find anything. Here are the MW and HJ logs: Malwarebytes' Anti-Malware 1.41 Database version: 2794 Windows 5.1.2600 Service Pack 3 9/13/2009 10:35:03 PM mbam-log-2009-09-13 (22-35-03).txt Scan type: Quick Scan Objects scanned: 121493 Time elapsed: 25 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:24 PM, on 9/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\dbs\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: I-News.lnk = C:\Program Files\Common Files\I-News\TrueWeather.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212904530769 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9494 bytes

Here are the Hijack log and CF log after copying the latest CFScript.txt file and running CF. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:06:18 PM, on 9/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\dbs\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: I-News.lnk = C:\Program Files\Common Files\I-News\TrueWeather.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212904530769 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9011 bytes ComboFix 09-09-12.A0 - Mom & Dad 09/13/2009 12:52.12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1548 [GMT -5:00] Running from: c:\documents and settings\Mom & Dad\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Mom & Dad\Desktop\CFScript.txt FILE :: "c:\windows\SYSTEM32\gamibuyo.dll.tmp" "c:\windows\SYSTEM32\hemokelu.dll.tmp" "c:\windows\SYSTEM32\vimuvayo.dll" "c:\windows\SYSTEM32\vovugesi.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\SYSTEM32\gamibuyo.dll.tmp c:\windows\SYSTEM32\hemokelu.dll.tmp c:\windows\SYSTEM32\vimuvayo.dll c:\windows\SYSTEM32\vovugesi.dll . ((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 ))))))))))))))))))))))))))))))) . 2009-09-13 17:50 . 2009-09-13 17:50 -------- d-----w- C:\Combo-Fix 2009-09-11 22:40 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 23:31 . 2009-09-08 23:31 -------- d-----w- c:\program files\Trend Micro 2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- C:\dbsII 2009-09-08 01:05 . 2009-09-08 01:05 -------- d-----w- c:\documents and settings\Mom & Dad\Application Data\Malwarebytes 2009-09-08 00:36 . 2009-09-12 05:50 -------- d-----w- C:\dbs 2009-09-08 00:05 . 2009-09-08 00:27 -------- d-----w- C:\dbsmalware 2009-09-07 18:28 . 2009-09-07 18:29 -------- d-----w- C:\Malwarebytes 2009-09-07 17:50 . 2009-09-07 18:25 -------- d-----w- C:\Malwarebytes' Anti-Malware 2009-09-06 23:09 . 2009-09-08 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 22:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 22:43 . 2009-09-12 07:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 22:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 22:43 . 2009-09-06 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-02 23:37 . 2009-07-08 18:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-01 22:04 . 2009-09-01 22:04 -------- d-----w- c:\documents and settings\Mom & Dad\.jagex_cache_32 2009-09-01 21:45 . 2009-09-01 21:45 -------- d-----w- C:\.jagex_cache_32 2009-09-01 21:40 . 2009-09-01 22:44 34 ----a-w- c:\documents and settings\Mom & Dad\jagex_runescape_preferences.dat 2009-09-01 21:40 . 2009-09-01 21:42 -------- d-----w- c:\windows\.jagex_cache_32 2009-09-01 19:43 . 2009-09-01 19:43 -------- d-----w- C:\spoolerlogs 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\MSBuild 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\Reference Assemblies 2009-08-22 08:04 . 2009-08-22 08:04 -------- d-----w- C:\1b59bdf808ae6faf0bfbe51c 2009-08-22 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-22 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-19 22:13 . 2009-08-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 23:15 . 2004-08-04 10:00 56320 ------w- c:\windows\system32\eventlog.dll 2009-09-02 23:36 . 2006-11-23 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-24 03:18 . 2007-05-29 12:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-23 16:22 . 2005-11-07 00:49 -------- d-----w- c:\program files\Google 2009-08-20 20:19 . 2008-08-29 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 23:47 . 2007-09-07 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-29 12:47 . 2007-09-07 22:42 -------- d-----w- c:\program files\Apple Software Update 2009-07-18 05:15 . 2008-08-04 02:52 -------- d-----w- c:\program files\Safari 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\program files\iTunes 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-18 05:12 . 2006-11-23 23:01 -------- d-----w- c:\program files\iPod 2009-07-18 05:12 . 2007-09-07 22:41 -------- d-----w- c:\program files\Common Files\Apple 2009-07-18 05:10 . 2009-07-18 05:09 -------- d-----w- c:\program files\QuickTime 2009-07-18 05:02 . 2009-07-18 05:02 -------- d-----w- c:\program files\Bonjour 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-04 10:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 17:16 . 2009-07-18 05:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 17:16 . 2007-09-07 22:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-06-29 16:12 . 2004-08-04 10:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-09_23.32.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-13 17:45 . 2009-09-13 17:45 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat + 2005-04-20 20:29 . 2007-07-27 15:41 16760 c:\windows\SYSTEM32\spmsg.dll + 2005-04-20 20:34 . 2009-09-11 22:52 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2005-04-20 20:34 . 2009-08-12 08:09 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2005-04-20 20:34 . 2009-08-12 08:09 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2005-04-20 20:34 . 2009-09-11 22:52 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2005-04-20 20:34 . 2009-09-11 22:52 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2005-04-20 20:34 . 2009-09-11 22:52 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2005-04-20 20:34 . 2009-08-12 08:09 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2005-04-20 20:34 . 2009-09-11 22:52 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2005-04-20 20:34 . 2009-09-11 22:52 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2004-08-04 10:00 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\jscript.dll - 2004-08-04 10:00 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\jscript.dll + 2007-08-14 00:38 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll - 2007-08-14 00:38 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll + 2005-04-20 20:34 . 2009-09-11 22:52 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2005-04-20 20:34 . 2009-08-12 08:09 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2005-04-20 20:34 . 2009-09-11 22:52 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2005-04-20 20:34 . 2009-09-11 22:52 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2005-04-20 20:34 . 2009-09-11 22:52 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2005-04-20 20:34 . 2009-09-11 22:52 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2005-04-20 20:34 . 2009-08-12 08:09 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2005-04-20 20:34 . 2009-09-11 22:52 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2005-04-20 20:34 . 2009-08-12 08:09 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2004-08-04 10:00 . 2009-05-20 17:44 2355200 c:\windows\SYSTEM32\WMVCore.dll + 2004-08-04 10:00 . 2009-05-20 17:44 2355200 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll + 2009-08-25 19:57 . 2009-08-25 19:57 5518336 c:\windows\Installer\11ed6e.msp + 2009-09-11 22:52 . 2009-08-28 19:38 24689600 c:\windows\SYSTEM32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968] "igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-01 290816] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-31 135168] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-31 53248] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "Malwarebytes Anti-Malware (reboot)"="c:\dbs\mbam.exe" [2009-09-10 1312080] "P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928] c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-6-9 2355200] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] I-News.lnk - c:\program files\Common Files\I-News\TrueWeather.exe [2005-5-5 5785600] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-12-12 229376] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\I-News\\TrueWeather.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"= "c:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"= "c:\\WINDOWS\\SYSTEM32\\wscntfy.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"= "c:\\Program Files\\Thomson\\Lyra Jukebox\\LyraHDTrayApp\\LYRAHD2TrayApp.exe"= "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\hpztsb09.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\WINDOWS\\SYSTEM32\\dla\\tfswctrl.exe"= "c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"= R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\SYSTEM32\DRIVERS\ScreamingBAudio.sys [3/27/2009 2:23 PM 23064] . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-09-13 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: turbotax.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-13 13:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-09-13 13:03 ComboFix-quarantined-files.txt 2009-09-13 18:03 ComboFix2.txt 2009-09-12 05:04 ComboFix3.txt 2009-09-11 22:40 ComboFix4.txt 2009-09-11 02:48 ComboFix5.txt 2009-09-13 17:51 Pre-Run: 85,091,958,784 bytes free Post-Run: 85,191,151,616 bytes free 224 --- E O F --- 2009-09-11 22:53 Thanks

File was uploaded to the link. After ComboFix the computer runs fine. Until you say it is clean I am only getting on to check here. I have not loaded a firewall yet, Mcafee was zapped by the virus so it is gone. I didn't want to mess things up by loading other stuff. After it is clean I will probably go through the "how to stay clean" forum on here. It looked like a step by step post on what to run for AV. Thanks

Here is hte Malware log file. Malwarebytes' Anti-Malware 1.41 Database version: 2783 Windows 5.1.2600 Service Pack 3 9/12/2009 2:23:10 AM mbam-log-2009-09-12 (02-23-10).txt Scan type: Quick Scan Objects scanned: 135141 Time elapsed: 26 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\wukaripa.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\WINDOWS\dxxdv34567.bat (KoobFace.Trace) -> Quarantined and deleted successfully.

Here are the CF log and the Hijack log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:51 AM, on 9/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: I-News.lnk = C:\Program Files\Common Files\I-News\TrueWeather.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212904530769 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9218 bytes ComboFix 09-09-11.01 - Mom & Dad 09/11/2009 23:38.11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1632 [GMT -5:00] Running from: c:\documents and settings\Mom & Dad\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Mom & Dad\Desktop\CFScript.txt FILE :: "c:\windows\system32\jizimuzi.dll" "c:\windows\system32\tenugizu.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\jizimuzi.dll c:\windows\system32\tenugizu.dll . ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-11 22:40 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-11 10:38 . 2009-09-11 10:38 173 ----a-w- c:\windows\dxxdv34567.bat 2009-09-08 23:31 . 2009-09-08 23:31 -------- d-----w- c:\program files\Trend Micro 2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- C:\dbsII 2009-09-08 01:05 . 2009-09-08 01:05 -------- d-----w- c:\documents and settings\Mom & Dad\Application Data\Malwarebytes 2009-09-08 00:36 . 2009-09-08 00:40 -------- d-----w- C:\dbs 2009-09-08 00:05 . 2009-09-08 00:27 -------- d-----w- C:\dbsmalware 2009-09-07 18:28 . 2009-09-07 18:29 -------- d-----w- C:\Malwarebytes 2009-09-07 17:50 . 2009-09-07 18:25 -------- d-----w- C:\Malwarebytes' Anti-Malware 2009-09-06 23:09 . 2009-09-08 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 22:43 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 22:43 . 2009-09-07 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 22:43 . 2009-09-06 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 22:43 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 23:37 . 2009-07-08 18:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-01 22:04 . 2009-09-01 22:04 -------- d-----w- c:\documents and settings\Mom & Dad\.jagex_cache_32 2009-09-01 21:45 . 2009-09-01 21:45 -------- d-----w- C:\.jagex_cache_32 2009-09-01 21:40 . 2009-09-01 22:44 34 ----a-w- c:\documents and settings\Mom & Dad\jagex_runescape_preferences.dat 2009-09-01 21:40 . 2009-09-01 21:42 -------- d-----w- c:\windows\.jagex_cache_32 2009-09-01 19:43 . 2009-09-01 19:43 -------- d-----w- C:\spoolerlogs 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\MSBuild 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\Reference Assemblies 2009-08-22 08:04 . 2009-08-22 08:04 -------- d-----w- C:\1b59bdf808ae6faf0bfbe51c 2009-08-22 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-22 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-19 22:13 . 2009-08-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-11 10:38 . 2009-06-11 10:38 53248 --sha-w- c:\windows\system32\wukaripa.exe 2009-09-10 16:47 . 2009-06-10 16:47 49664 --sha-w- c:\windows\system32\tigefeki.dll 2009-09-09 23:15 . 2004-08-04 10:00 56320 ------w- c:\windows\system32\eventlog.dll 2009-09-02 23:36 . 2006-11-23 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-24 03:18 . 2007-05-29 12:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-23 16:22 . 2005-11-07 00:49 -------- d-----w- c:\program files\Google 2009-08-20 20:19 . 2008-08-29 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 23:47 . 2007-09-07 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-29 12:47 . 2007-09-07 22:42 -------- d-----w- c:\program files\Apple Software Update 2009-07-18 05:15 . 2008-08-04 02:52 -------- d-----w- c:\program files\Safari 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\program files\iTunes 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-18 05:12 . 2006-11-23 23:01 -------- d-----w- c:\program files\iPod 2009-07-18 05:12 . 2007-09-07 22:41 -------- d-----w- c:\program files\Common Files\Apple 2009-07-18 05:10 . 2009-07-18 05:09 -------- d-----w- c:\program files\QuickTime 2009-07-18 05:02 . 2009-07-18 05:02 -------- d-----w- c:\program files\Bonjour 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-04 10:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 17:16 . 2009-07-18 05:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 17:16 . 2007-09-07 22:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-06-29 16:12 . 2004-08-04 10:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\gamibuyo.dll.tmp 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\hemokelu.dll.tmp 2009-06-10 16:48 . 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vimuvayo.dll 2009-06-10 16:48 . 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vovugesi.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-09_23.32.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-12 04:47 . 2009-09-12 04:47 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat + 2005-04-20 20:29 . 2007-07-27 15:41 16760 c:\windows\SYSTEM32\spmsg.dll + 2005-04-20 20:34 . 2009-09-11 22:52 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2005-04-20 20:34 . 2009-08-12 08:09 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2005-04-20 20:34 . 2009-08-12 08:09 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2005-04-20 20:34 . 2009-09-11 22:52 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2005-04-20 20:34 . 2009-09-11 22:52 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2005-04-20 20:34 . 2009-09-11 22:52 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2005-04-20 20:34 . 2009-08-12 08:09 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2005-04-20 20:34 . 2009-09-11 22:52 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2005-04-20 20:34 . 2009-09-11 22:52 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2004-08-04 10:00 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\jscript.dll - 2004-08-04 10:00 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\jscript.dll + 2007-08-14 00:38 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll - 2007-08-14 00:38 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll + 2005-04-20 20:34 . 2009-09-11 22:52 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2005-04-20 20:34 . 2009-08-12 08:09 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2005-04-20 20:34 . 2009-09-11 22:52 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2005-04-20 20:34 . 2009-09-11 22:52 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2005-04-20 20:34 . 2009-09-11 22:52 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2005-04-20 20:34 . 2009-08-12 08:09 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2005-04-20 20:34 . 2009-09-11 22:52 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2005-04-20 20:34 . 2009-08-12 08:09 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2005-04-20 20:34 . 2009-09-11 22:52 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2005-04-20 20:34 . 2009-08-12 08:09 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2004-08-04 10:00 . 2009-05-20 17:44 2355200 c:\windows\SYSTEM32\WMVCore.dll + 2004-08-04 10:00 . 2009-05-20 17:44 2355200 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll + 2009-08-25 19:57 . 2009-08-25 19:57 5518336 c:\windows\Installer\11ed6e.msp + 2009-09-11 22:52 . 2009-08-28 19:38 24689600 c:\windows\SYSTEM32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968] "igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-01 290816] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-31 135168] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-31 53248] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928] c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-6-9 2355200] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] I-News.lnk - c:\program files\Common Files\I-News\TrueWeather.exe [2005-5-5 5785600] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-12-12 229376] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\I-News\\TrueWeather.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"= "c:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"= "c:\\WINDOWS\\SYSTEM32\\wscntfy.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"= "c:\\Program Files\\Thomson\\Lyra Jukebox\\LyraHDTrayApp\\LYRAHD2TrayApp.exe"= "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\hpztsb09.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\WINDOWS\\SYSTEM32\\dla\\tfswctrl.exe"= "c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"= R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\SYSTEM32\DRIVERS\ScreamingBAudio.sys [3/27/2009 2:23 PM 23064] . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-09-12 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: turbotax.com . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{67ab4609-ad0d-4823-9ffc-311cf8ffe238} - c:\windows\system32\tenugizu.dll SharedTaskScheduler-{1b835c41-e8b0-4498-a006-40830cbb5596} - c:\windows\system32\tenugizu.dll SSODL-fakupoyuh-{67ab4609-ad0d-4823-9ffc-311cf8ffe238} - c:\windows\system32\tenugizu.dll SSODL-newisuvuy-{1b835c41-e8b0-4498-a006-40830cbb5596} - c:\windows\system32\tenugizu.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-11 23:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2224) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\SYSTEM32\BAsfIpM.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\SYSTEM32\CTSVCCDA.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\SYSTEM32\MsPMSPSv.exe c:\windows\SYSTEM32\wscntfy.exe c:\windows\SYSTEM32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\program files\Java\jre1.5.0_08\bin\jucheck.exe . ************************************************************************** . Completion time: 2009-09-12 0:04 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-12 05:04 ComboFix2.txt 2009-09-11 22:40 ComboFix3.txt 2009-09-11 02:48 ComboFix4.txt 2009-09-11 02:39 ComboFix5.txt 2009-09-12 04:36 Pre-Run: 85,223,485,440 bytes free Post-Run: 85,189,910,528 bytes free 257 --- E O F --- 2009-09-11 22:53

Used the "Save Target as". CF ran through the process. Rebooted the machine. After the reboot gave a message it couldn't find a file, sat there for a while then finished and made the log: ComboFix 09-09-11.01 - Mom & Dad 09/11/2009 17:24.10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1605 [GMT -5:00] Running from: c:\documents and settings\Mom & Dad\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Mom & Dad\Desktop\CFScript.txt * Created a new restore point file zipped: c:\windows\system32\firupifo.dll file zipped: c:\windows\system32\miluduri.dll file zipped: c:\windows\system32\nawodogi.dll file zipped: c:\windows\system32\toyipugu.dll file zipped: c:\windows\system32\visefiti.dll file zipped: c:\windows\SYSTEM32\mswebdvd.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\010112010146120114.xe c:\windows\0101120101465049.xe c:\windows\ld14.exe c:\windows\pp12.exe c:\windows\system32\firupifo.dll c:\windows\system32\miluduri.dll c:\windows\system32\nawodogi.dll c:\windows\system32\toyipugu.dll c:\windows\system32\vezurejo.dll c:\windows\system32\visefiti.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ERAZDBV -------\Legacy_OISLZU -------\Legacy_WSCXJKO -------\Service_erazdbv -------\Service_oislzu -------\Service_wscxjko ((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 ))))))))))))))))))))))))))))))) . 2009-09-11 10:38 . 2009-09-11 10:38 173 ----a-w- c:\windows\dxxdv34567.bat 2009-09-08 23:31 . 2009-09-08 23:31 -------- d-----w- c:\program files\Trend Micro 2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- C:\dbsII 2009-09-08 01:05 . 2009-09-08 01:05 -------- d-----w- c:\documents and settings\Mom & Dad\Application Data\Malwarebytes 2009-09-08 00:36 . 2009-09-08 00:40 -------- d-----w- C:\dbs 2009-09-08 00:05 . 2009-09-08 00:27 -------- d-----w- C:\dbsmalware 2009-09-07 18:28 . 2009-09-07 18:29 -------- d-----w- C:\Malwarebytes 2009-09-07 17:50 . 2009-09-07 18:25 -------- d-----w- C:\Malwarebytes' Anti-Malware 2009-09-06 23:09 . 2009-09-08 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 22:43 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 22:43 . 2009-09-07 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 22:43 . 2009-09-06 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 22:43 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 23:37 . 2009-07-08 18:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-01 22:04 . 2009-09-01 22:04 -------- d-----w- c:\documents and settings\Mom & Dad\.jagex_cache_32 2009-09-01 21:45 . 2009-09-01 21:45 -------- d-----w- C:\.jagex_cache_32 2009-09-01 21:40 . 2009-09-01 22:44 34 ----a-w- c:\documents and settings\Mom & Dad\jagex_runescape_preferences.dat 2009-09-01 21:40 . 2009-09-01 21:42 -------- d-----w- c:\windows\.jagex_cache_32 2009-09-01 19:43 . 2009-09-01 19:43 -------- d-----w- C:\spoolerlogs 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\MSBuild 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\Reference Assemblies 2009-08-22 08:04 . 2009-08-22 08:04 -------- d-----w- C:\1b59bdf808ae6faf0bfbe51c 2009-08-22 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-22 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-19 22:13 . 2009-08-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-11 10:38 . 2009-06-11 10:38 88576 --sha-w- c:\windows\system32\jizimuzi.dll 2009-09-11 10:38 . 2009-06-11 10:38 53248 --sha-w- c:\windows\system32\wukaripa.exe 2009-09-10 16:47 . 2009-06-10 16:47 49664 --sha-w- c:\windows\system32\tigefeki.dll 2009-09-10 16:47 . 2009-06-10 16:47 89088 --sha-w- c:\windows\system32\tenugizu.dll 2009-09-09 23:15 . 2004-08-04 10:00 56320 ------w- c:\windows\system32\eventlog.dll 2009-09-02 23:36 . 2006-11-23 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-24 03:18 . 2007-05-29 12:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-23 16:22 . 2005-11-07 00:49 -------- d-----w- c:\program files\Google 2009-08-20 20:19 . 2008-08-29 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 23:47 . 2007-09-07 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-29 12:47 . 2007-09-07 22:42 -------- d-----w- c:\program files\Apple Software Update 2009-07-18 05:15 . 2008-08-04 02:52 -------- d-----w- c:\program files\Safari 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\program files\iTunes 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-18 05:12 . 2006-11-23 23:01 -------- d-----w- c:\program files\iPod 2009-07-18 05:12 . 2007-09-07 22:41 -------- d-----w- c:\program files\Common Files\Apple 2009-07-18 05:10 . 2009-07-18 05:09 -------- d-----w- c:\program files\QuickTime 2009-07-18 05:02 . 2009-07-18 05:02 -------- d-----w- c:\program files\Bonjour 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-04 10:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 17:16 . 2009-07-18 05:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 17:16 . 2007-09-07 22:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-06-29 16:12 . 2004-08-04 10:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\gamibuyo.dll.tmp 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\hemokelu.dll.tmp 2009-06-10 16:48 . 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vimuvayo.dll 2009-06-10 16:48 . 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vovugesi.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-09_23.32.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-11 22:33 . 2009-09-11 22:33 16384 c:\windows\Temp\Perflib_Perfdata_ea8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968] "igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-01 290816] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-31 135168] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-31 53248] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "dedafonin"="c:\windows\system32\tenugizu.dll" [2009-09-10 89088] "P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928] c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-6-9 2355200] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] I-News.lnk - c:\program files\Common Files\I-News\TrueWeather.exe [2005-5-5 5785600] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-12-12 229376] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{37383626-1d87-40ae-b801-f7f609fd18b8}"= "c:\windows\system32\tenugizu.dll" [2009-09-10 89088] "{687fb86f-5075-4b1b-b2c3-934050f4cc58}"= "c:\windows\system32\tenugizu.dll" [2009-09-10 89088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "polusenub"= {37383626-1d87-40ae-b801-f7f609fd18b8} - c:\windows\system32\tenugizu.dll [2009-09-10 89088] "kutinojeg"= {687fb86f-5075-4b1b-b2c3-934050f4cc58} - c:\windows\system32\tenugizu.dll [2009-09-10 89088] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\I-News\\TrueWeather.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"= "c:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"= "c:\\WINDOWS\\SYSTEM32\\wscntfy.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"= "c:\\Program Files\\Thomson\\Lyra Jukebox\\LyraHDTrayApp\\LYRAHD2TrayApp.exe"= "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\hpztsb09.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\WINDOWS\\SYSTEM32\\dla\\tfswctrl.exe"= "c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"= R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\SYSTEM32\DRIVERS\ScreamingBAudio.sys [3/27/2009 2:23 PM 23064] . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-09-11 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: turbotax.com . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{04dc3765-f487-46ed-8b0b-8340f0fd4e7a} - c:\windows\system32\visefiti.dll SSODL-zasezokik-{04dc3765-f487-46ed-8b0b-8340f0fd4e7a} - c:\windows\system32\visefiti.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-11 17:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1892) c:\windows\system32\WININET.dll c:\windows\system32\tenugizu.dll c:\windows\system32\jizimuzi.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\ati2evxx.exe c:\windows\SYSTEM32\rundll32.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\SYSTEM32\BAsfIpM.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\SYSTEM32\CTSVCCDA.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\SYSTEM32\MsPMSPSv.exe c:\program files\iPod\bin\iPodService.exe c:\windows\SYSTEM32\wscntfy.exe c:\program files\Java\jre1.5.0_08\bin\jucheck.exe . ************************************************************************** . Completion time: 2009-09-11 17:40 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-11 22:40 ComboFix2.txt 2009-09-11 02:48 ComboFix3.txt 2009-09-11 02:39 ComboFix4.txt 2009-09-11 02:28 ComboFix5.txt 2009-09-11 22:22 Pre-Run: 85,370,183,680 bytes free Post-Run: 85,306,552,320 bytes free 252 --- E O F --- 2009-09-02 02:53 Hijack log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:45:25 PM, on 9/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [dedafonin] Rundll32.exe "c:\windows\system32\tenugizu.dll",a O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: I-News.lnk = C:\Program Files\Common Files\I-News\TrueWeather.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212904530769 O20 - AppInit_DLLs: c:\windows\system32\jizimuzi.dll c:\windows\system32\tenugizu.dll O21 - SSODL: polusenub - {37383626-1d87-40ae-b801-f7f609fd18b8} - c:\windows\system32\tenugizu.dll O21 - SSODL: kutinojeg - {687fb86f-5075-4b1b-b2c3-934050f4cc58} - c:\windows\system32\tenugizu.dll O22 - SharedTaskScheduler: jugezatag - {37383626-1d87-40ae-b801-f7f609fd18b8} - c:\windows\system32\tenugizu.dll O22 - SharedTaskScheduler: kupuhivus - {687fb86f-5075-4b1b-b2c3-934050f4cc58} - c:\windows\system32\tenugizu.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9862 bytes No browser opened after CF ran. There was a security ballon message that wanted to install a firewall, but no browser. Also, each time CF starts after dropping the CFScript file on the icon a prompt to download a newer version of CF is available. I check yes each time. Thanks for the patients.

Added the path infront of the combo-fix.exe and cf ran again, but no browser afterwards. This is what I had in the run box "c:\Documents and Settings\Mom & Dad\Desktop\Combo-Fix.exe" "C:\Documents and Settings\Mom & Dad\Desktop\CFScript.txt". I tried moving the " " around with no luck.

Sorry, no luck getting it to run. I copied it from the post and tried. Changed the names... no luck. I keep getting a error box that says {Windows cannont find 'Combo-Fix.exe. Make sure you typed the name correctly and then try again. To search for a flie click the Start button and then click Search.}

Last time I did a drag and drop (Sorry, didn't know that wouldn't work...) This time I clicked on the link. It opened a txt file. I saved this to desktop. Then dropped on the CF icon. CF started and ran a scan, below. Still no message box or browser opening. Let me know if I am missing something. Thanks ComboFix 09-09-10.01 - Mom & Dad 09/10/2009 17:29.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1538 [GMT -5:00] Running from: c:\documents and settings\Mom & Dad\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Mom & Dad\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 ))))))))))))))))))))))))))))))) . 2009-09-08 23:31 . 2009-09-08 23:31 -------- d-----w- c:\program files\Trend Micro 2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- C:\dbsII 2009-09-08 01:05 . 2009-09-08 01:05 -------- d-----w- c:\documents and settings\Mom & Dad\Application Data\Malwarebytes 2009-09-08 00:36 . 2009-09-08 00:40 -------- d-----w- C:\dbs 2009-09-08 00:05 . 2009-09-08 00:27 -------- d-----w- C:\dbsmalware 2009-09-07 18:28 . 2009-09-07 18:29 -------- d-----w- C:\Malwarebytes 2009-09-07 17:50 . 2009-09-07 18:25 -------- d-----w- C:\Malwarebytes' Anti-Malware 2009-09-06 23:09 . 2009-09-08 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 22:43 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 22:43 . 2009-09-07 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 22:43 . 2009-09-06 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 22:43 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 23:37 . 2009-07-08 18:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-01 22:04 . 2009-09-01 22:04 -------- d-----w- c:\documents and settings\Mom & Dad\.jagex_cache_32 2009-09-01 21:45 . 2009-09-01 21:45 -------- d-----w- C:\.jagex_cache_32 2009-09-01 21:40 . 2009-09-01 22:44 34 ----a-w- c:\documents and settings\Mom & Dad\jagex_runescape_preferences.dat 2009-09-01 21:40 . 2009-09-01 21:42 -------- d-----w- c:\windows\.jagex_cache_32 2009-09-01 19:43 . 2009-09-01 19:43 -------- d-----w- C:\spoolerlogs 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\MSBuild 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\Reference Assemblies 2009-08-22 08:04 . 2009-08-22 08:04 -------- d-----w- C:\1b59bdf808ae6faf0bfbe51c 2009-08-22 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-22 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-19 22:13 . 2009-08-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-10 16:47 . 2009-06-10 16:47 49664 --sha-w- c:\windows\system32\tigefeki.dll 2009-09-10 16:47 . 2009-06-10 16:47 89088 --sha-w- c:\windows\system32\tenugizu.dll 2009-09-09 23:15 . 2004-08-04 10:00 56320 ------w- c:\windows\system32\eventlog.dll 2009-09-08 23:53 . 2009-06-08 23:53 88576 --sha-w- c:\windows\system32\miluduri.dll 2009-09-07 16:34 . 2009-06-07 16:34 88576 --sha-w- c:\windows\system32\visefiti.dll 2009-09-06 22:33 . 2009-06-06 22:33 50176 --sha-w- c:\windows\system32\toyipugu.dll 2009-09-06 22:33 . 2009-06-06 22:33 88576 --sha-w- c:\windows\system32\nawodogi.dll 2009-09-02 23:36 . 2006-11-23 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-02 14:24 . 2009-06-02 14:24 89088 --sha-w- c:\windows\system32\firupifo.dll 2009-08-24 03:18 . 2007-05-29 12:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-23 16:22 . 2005-11-07 00:49 -------- d-----w- c:\program files\Google 2009-08-20 20:19 . 2008-08-29 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 23:47 . 2007-09-07 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-29 12:47 . 2007-09-07 22:42 -------- d-----w- c:\program files\Apple Software Update 2009-07-18 05:15 . 2008-08-04 02:52 -------- d-----w- c:\program files\Safari 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\program files\iTunes 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-18 05:12 . 2006-11-23 23:01 -------- d-----w- c:\program files\iPod 2009-07-18 05:12 . 2007-09-07 22:41 -------- d-----w- c:\program files\Common Files\Apple 2009-07-18 05:10 . 2009-07-18 05:09 -------- d-----w- c:\program files\QuickTime 2009-07-18 05:02 . 2009-07-18 05:02 -------- d-----w- c:\program files\Bonjour 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-04 10:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 17:16 . 2009-07-18 05:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 17:16 . 2007-09-07 22:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-06-29 16:12 . 2004-08-04 10:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\gamibuyo.dll.tmp 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\hemokelu.dll.tmp 2009-06-10 16:48 . 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vimuvayo.dll 2009-06-10 16:48 . 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vovugesi.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-09_23.32.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-10 22:21 . 2009-09-10 22:21 16384 c:\windows\Temp\Perflib_Perfdata_cec.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b219a14-89a5-4576-8f2c-5ffa67034341}] 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vimuvayo.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968] "igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-01 290816] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-31 135168] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-31 53248] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "dedafonin"="c:\windows\system32\tenugizu.dll" [2009-09-10 89088] "P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928] "newahisore"="vovugesi.dll" - c:\windows\SYSTEM32\vovugesi.dll [2009-06-10 49664] c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-6-9 2355200] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] I-News.lnk - c:\program files\Common Files\I-News\TrueWeather.exe [2005-5-5 5785600] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-12-12 229376] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{04dc3765-f487-46ed-8b0b-8340f0fd4e7a}"= "c:\windows\system32\visefiti.dll" [2009-09-07 88576] "{840ef964-7d6c-440f-aef0-cd925430cfae}"= "c:\windows\system32\tenugizu.dll" [2009-09-10 89088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "nuwapazef"= {08d28c3b-63e2-4167-b1c8-151e82f69af4} - c:\windows\system32\visefiti.dll [2009-09-07 88576] "zasezokik"= {04dc3765-f487-46ed-8b0b-8340f0fd4e7a} - c:\windows\system32\visefiti.dll [2009-09-07 88576] "kofidinaz"= {840ef964-7d6c-440f-aef0-cd925430cfae} - c:\windows\system32\tenugizu.dll [2009-09-10 89088] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\I-News\\TrueWeather.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"= "c:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"= "c:\\WINDOWS\\SYSTEM32\\wscntfy.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"= "c:\\Program Files\\Thomson\\Lyra Jukebox\\LyraHDTrayApp\\LYRAHD2TrayApp.exe"= "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\hpztsb09.exe"= R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\SYSTEM32\DRIVERS\ScreamingBAudio.sys [3/27/2009 2:23 PM 23064] S2 erazdbv;erazdbv;c:\windows\system32\drivers\brgpnhwn.sys --> c:\windows\system32\drivers\brgpnhwn.sys [?] S2 oislzu;oislzu;c:\windows\system32\drivers\ixqjpuj.sys --> c:\windows\system32\drivers\ixqjpuj.sys [?] S2 wscxjko;wscxjko;c:\windows\system32\drivers\dgbiczy.sys --> c:\windows\system32\drivers\dgbiczy.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-09-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: turbotax.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-10 17:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(648) c:\windows\system32\tenugizu.dll c:\windows\system32\visefiti.dll - - - - - - - > 'explorer.exe'(1008) c:\windows\system32\WININET.dll c:\windows\system32\vovugesi.dll c:\windows\system32\vimuvayo.dll c:\windows\system32\tenugizu.dll c:\windows\system32\visefiti.dll c:\windows\system32\ieframe.dll . Completion time: 2009-09-10 17:38 ComboFix-quarantined-files.txt 2009-09-10 22:38 ComboFix2.txt 2009-09-10 17:52 ComboFix3.txt 2009-09-10 17:45 ComboFix4.txt 2009-09-10 17:05 ComboFix5.txt 2009-09-10 22:27 Pre-Run: 85,475,840,000 bytes free Post-Run: 85,443,289,088 bytes free 215 --- E O F --- 2009-09-02 02:53 Here is the Hijack log after the CF scan. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:47:29 PM, on 9/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: (no name) - {7b219a14-89a5-4576-8f2c-5ffa67034341} - vimuvayo.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [dedafonin] Rundll32.exe "c:\windows\system32\tenugizu.dll",a O4 - HKLM\..\Run: [newahisore] Rundll32.exe "vovugesi.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: I-News.lnk = C:\Program Files\Common Files\I-News\TrueWeather.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212904530769 O20 - AppInit_DLLs: c:\windows\system32\tenugizu.dll c:\windows\system32\visefiti.dll O21 - SSODL: nuwapazef - {08d28c3b-63e2-4167-b1c8-151e82f69af4} - c:\windows\system32\visefiti.dll O21 - SSODL: zasezokik - {04dc3765-f487-46ed-8b0b-8340f0fd4e7a} - c:\windows\system32\visefiti.dll O21 - SSODL: kofidinaz - {840ef964-7d6c-440f-aef0-cd925430cfae} - c:\windows\system32\tenugizu.dll O22 - SharedTaskScheduler: tokatiluy - {04dc3765-f487-46ed-8b0b-8340f0fd4e7a} - c:\windows\system32\visefiti.dll O22 - SharedTaskScheduler: jugezatag - {840ef964-7d6c-440f-aef0-cd925430cfae} - c:\windows\system32\tenugizu.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9786 bytes

...i tried one more time after I posted no success...and it started. It has not given me a message box after it ran. Here is the combofix file: ComboFix 09-09-09.09 - Mom & Dad 09/10/2009 12:47.4.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1586 [GMT -5:00] Running from: c:\documents and settings\Mom & Dad\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Mom & Dad\Desktop\CFScript.txt.url . ((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 ))))))))))))))))))))))))))))))) . 2009-09-08 23:31 . 2009-09-08 23:31 -------- d-----w- c:\program files\Trend Micro 2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- C:\dbsII 2009-09-08 01:05 . 2009-09-08 01:05 -------- d-----w- c:\documents and settings\Mom & Dad\Application Data\Malwarebytes 2009-09-08 00:36 . 2009-09-08 00:40 -------- d-----w- C:\dbs 2009-09-08 00:05 . 2009-09-08 00:27 -------- d-----w- C:\dbsmalware 2009-09-07 18:28 . 2009-09-07 18:29 -------- d-----w- C:\Malwarebytes 2009-09-07 17:50 . 2009-09-07 18:25 -------- d-----w- C:\Malwarebytes' Anti-Malware 2009-09-06 23:09 . 2009-09-08 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 22:43 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 22:43 . 2009-09-07 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 22:43 . 2009-09-06 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 22:43 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 23:37 . 2009-07-08 18:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-01 22:04 . 2009-09-01 22:04 -------- d-----w- c:\documents and settings\Mom & Dad\.jagex_cache_32 2009-09-01 21:45 . 2009-09-01 21:45 -------- d-----w- C:\.jagex_cache_32 2009-09-01 21:40 . 2009-09-01 22:44 34 ----a-w- c:\documents and settings\Mom & Dad\jagex_runescape_preferences.dat 2009-09-01 21:40 . 2009-09-01 21:42 -------- d-----w- c:\windows\.jagex_cache_32 2009-09-01 19:43 . 2009-09-01 19:43 -------- d-----w- C:\spoolerlogs 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\MSBuild 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\Reference Assemblies 2009-08-22 08:04 . 2009-08-22 08:04 -------- d-----w- C:\1b59bdf808ae6faf0bfbe51c 2009-08-22 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-22 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-19 22:13 . 2009-08-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-08-11 21:02 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-10 16:47 . 2009-06-10 16:47 49664 --sha-w- c:\windows\system32\tigefeki.dll 2009-09-10 16:47 . 2009-06-10 16:47 89088 --sha-w- c:\windows\system32\tenugizu.dll 2009-09-09 23:15 . 2004-08-04 10:00 56320 ------w- c:\windows\system32\eventlog.dll 2009-09-08 23:53 . 2009-06-08 23:53 88576 --sha-w- c:\windows\system32\miluduri.dll 2009-09-07 16:34 . 2009-06-07 16:34 88576 --sha-w- c:\windows\system32\visefiti.dll 2009-09-06 22:33 . 2009-06-06 22:33 50176 --sha-w- c:\windows\system32\toyipugu.dll 2009-09-06 22:33 . 2009-06-06 22:33 88576 --sha-w- c:\windows\system32\nawodogi.dll 2009-09-02 23:36 . 2006-11-23 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-02 14:24 . 2009-06-02 14:24 89088 --sha-w- c:\windows\system32\firupifo.dll 2009-08-24 03:18 . 2007-05-29 12:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-23 16:22 . 2005-11-07 00:49 -------- d-----w- c:\program files\Google 2009-08-20 20:19 . 2008-08-29 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 23:47 . 2007-09-07 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-29 12:47 . 2007-09-07 22:42 -------- d-----w- c:\program files\Apple Software Update 2009-07-18 05:15 . 2008-08-04 02:52 -------- d-----w- c:\program files\Safari 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\program files\iTunes 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-18 05:12 . 2006-11-23 23:01 -------- d-----w- c:\program files\iPod 2009-07-18 05:12 . 2007-09-07 22:41 -------- d-----w- c:\program files\Common Files\Apple 2009-07-18 05:10 . 2009-07-18 05:09 -------- d-----w- c:\program files\QuickTime 2009-07-18 05:02 . 2009-07-18 05:02 -------- d-----w- c:\program files\Bonjour 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-04 10:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 17:16 . 2009-07-18 05:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 17:16 . 2007-09-07 22:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-06-29 16:12 . 2004-08-04 10:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\gamibuyo.dll.tmp 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\hemokelu.dll.tmp 2009-06-10 16:48 . 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vimuvayo.dll 2009-06-10 16:48 . 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vovugesi.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-09_23.32.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-10 16:47 . 2009-09-10 16:47 16384 c:\windows\Temp\Perflib_Perfdata_abc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b219a14-89a5-4576-8f2c-5ffa67034341}] 2009-06-10 16:48 49664 --sha-w- c:\windows\SYSTEM32\vimuvayo.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968] "igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-01 290816] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-31 135168] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-31 53248] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "dedafonin"="c:\windows\system32\visefiti.dll" [2009-09-07 88576] "P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928] "newahisore"="vovugesi.dll" - c:\windows\SYSTEM32\vovugesi.dll [2009-06-10 49664] c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-6-9 2355200] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] I-News.lnk - c:\program files\Common Files\I-News\TrueWeather.exe [2005-5-5 5785600] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-12-12 229376] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{08d28c3b-63e2-4167-b1c8-151e82f69af4}"= "c:\windows\system32\visefiti.dll" [2009-09-07 88576] "{04dc3765-f487-46ed-8b0b-8340f0fd4e7a}"= "c:\windows\system32\visefiti.dll" [2009-09-07 88576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "nuwapazef"= {08d28c3b-63e2-4167-b1c8-151e82f69af4} - c:\windows\system32\visefiti.dll [2009-09-07 88576] "zasezokik"= {04dc3765-f487-46ed-8b0b-8340f0fd4e7a} - c:\windows\system32\tenugizu.dll [2009-09-10 89088] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\I-News\\TrueWeather.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"= "c:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"= "c:\\WINDOWS\\SYSTEM32\\wscntfy.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"= R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\SYSTEM32\DRIVERS\ScreamingBAudio.sys [3/27/2009 2:23 PM 23064] S2 erazdbv;erazdbv;c:\windows\system32\drivers\brgpnhwn.sys --> c:\windows\system32\drivers\brgpnhwn.sys [?] S2 oislzu;oislzu;c:\windows\system32\drivers\ixqjpuj.sys --> c:\windows\system32\drivers\ixqjpuj.sys [?] S2 wscxjko;wscxjko;c:\windows\system32\drivers\dgbiczy.sys --> c:\windows\system32\drivers\dgbiczy.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-09-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: turbotax.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-10 12:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(648) c:\windows\system32\visefiti.dll - - - - - - - > 'explorer.exe'(1116) c:\windows\system32\WININET.dll c:\windows\system32\visefiti.dll c:\windows\system32\vimuvayo.dll c:\windows\system32\tenugizu.dll c:\windows\system32\ieframe.dll . Completion time: 2009-09-10 12:52 ComboFix-quarantined-files.txt 2009-09-10 17:52 ComboFix2.txt 2009-09-10 17:45 ComboFix3.txt 2009-09-10 17:05 ComboFix4.txt 2009-09-09 23:36 Pre-Run: 85,492,432,896 bytes free Post-Run: 85,477,957,632 bytes free 210 --- E O F --- 2009-09-02 02:53 and here is the Hijack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:53:21 PM, on 9/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: (no name) - {7b219a14-89a5-4576-8f2c-5ffa67034341} - vimuvayo.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [dedafonin] Rundll32.exe "c:\windows\system32\visefiti.dll",a O4 - HKLM\..\Run: [newahisore] Rundll32.exe "vovugesi.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: I-News.lnk = C:\Program Files\Common Files\I-News\TrueWeather.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212904530769 O20 - AppInit_DLLs: c:\windows\system32\tenugizu.dll c:\windows\system32\visefiti.dll O21 - SSODL: nuwapazef - {08d28c3b-63e2-4167-b1c8-151e82f69af4} - c:\windows\system32\visefiti.dll O21 - SSODL: zasezokik - {04dc3765-f487-46ed-8b0b-8340f0fd4e7a} - c:\windows\system32\visefiti.dll O22 - SharedTaskScheduler: kupuhivus - {08d28c3b-63e2-4167-b1c8-151e82f69af4} - c:\windows\system32\visefiti.dll O22 - SharedTaskScheduler: tokatiluy - {04dc3765-f487-46ed-8b0b-8340f0fd4e7a} - c:\windows\system32\visefiti.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9604 bytes

I copied the CFScript.txt to my desktop. Dropped it on the ComboFix icon. It updated a file, open combofix, had a screen about a non affiliation with other combofix websites, opened a blue combofix box that reads "Please Wait Combofix is preparing to run". Then nothing happened. In the past there was a yellow blinking cursor in the blue box that let you know it was running, nothing there now. I waited for 90 minutes or so, then had to run back to work. Let me know if I did something incorrect and I can try again. Thanks for the help.

So far So Good. I will wait to hear before doing anything. Hope this is what you wanted me to post. Hijack This Log is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:39:12 PM, on 9/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: (no name) - {7b219a14-89a5-4576-8f2c-5ffa67034341} - C:\WINDOWS\system32\gamibuyo.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [newahisore] Rundll32.exe "C:\WINDOWS\system32\hemokelu.dll",s O4 - HKLM\..\Run: [dedafonin] Rundll32.exe "c:\windows\system32\visefiti.dll",a O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: I-News.lnk = C:\Program Files\Common Files\I-News\TrueWeather.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212904530769 O20 - AppInit_DLLs: C:\WINDOWS\system32\vimopihu.dll c:\windows\system32\visefiti.dll O21 - SSODL: nuwapazef - {08d28c3b-63e2-4167-b1c8-151e82f69af4} - c:\windows\system32\visefiti.dll O21 - SSODL: muhelivuy - {de03c493-f3c9-4354-9748-6c87929343cd} - c:\windows\system32\visefiti.dll O22 - SharedTaskScheduler: kupuhivus - {08d28c3b-63e2-4167-b1c8-151e82f69af4} - c:\windows\system32\visefiti.dll O22 - SharedTaskScheduler: kupuhivus - {de03c493-f3c9-4354-9748-6c87929343cd} - c:\windows\system32\visefiti.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9925 bytes ComboFix.txt file is: ComboFix 09-09-09.04 - Mom & Dad 09/09/2009 18:20.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1690 [GMT -5:00] Running from: c:\documents and settings\Mom & Dad\Desktop\Combo-Fix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\blyuwrjl.exe c:\documents and settings\All Users\Application Data\11091564 c:\documents and settings\All Users\Application Data\11091564\11091564 c:\documents and settings\All Users\Application Data\11091564\11091564.exe c:\documents and settings\All Users\Application Data\11091564\pc11091564ins C:\fyblb.exe c:\program files\AdvancedVirusRemover c:\program files\AdvancedVirusRemover\PAVRM.exe c:\program files\Protection System c:\program files\Protection System\xcoreext.xxx c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\Installer\59bedb7.msp c:\windows\Installer\WinRMSrv.msi c:\windows\msa.exe c:\windows\run.log c:\windows\system32\~.exe c:\windows\system32\besenije.dll c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\Data c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\fad.sys c:\windows\system32\drivers\UACyvyxumoqbo.sys c:\windows\system32\dutimode.dll c:\windows\system32\hupabubi.exe c:\windows\system32\letuyami.dll c:\windows\system32\lovebudo.exe c:\windows\system32\msxml71.dll c:\windows\system32\net.net c:\windows\system32\UACabwrrtlrqn.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACjupfaqutlp.dll c:\windows\system32\UACoewndptltx.dat c:\windows\system32\UACoinwvcrdyi.dll c:\windows\system32\UACrgomhfuxdu.dll c:\windows\system32\vimopihu.dll c:\windows\system32\voyuwuzo.dll c:\windows\system32\wingenocx.dll c:\windows\system32\winhelper.dll c:\windows\system32\winupdate.exe c:\windows\system32\wisdstr.exe C:\xvhu.exe F:\winlogon.exe Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected Restored copy from - c:\i386\BEEP.SYS Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_UACd.sys -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))))) . 2009-09-08 23:31 . 2009-09-08 23:31 -------- d-----w- c:\program files\Trend Micro 2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- C:\dbsII 2009-09-08 01:05 . 2009-09-08 01:05 -------- d-----w- c:\documents and settings\Mom & Dad\Application Data\Malwarebytes 2009-09-08 00:36 . 2009-09-08 00:40 -------- d-----w- C:\dbs 2009-09-08 00:05 . 2009-09-08 00:27 -------- d-----w- C:\dbsmalware 2009-09-07 18:28 . 2009-09-07 18:29 -------- d-----w- C:\Malwarebytes 2009-09-07 17:50 . 2009-09-07 18:25 -------- d-----w- C:\Malwarebytes' Anti-Malware 2009-09-06 23:09 . 2009-09-08 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 22:43 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 22:43 . 2009-09-07 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 22:43 . 2009-09-06 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 22:43 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 23:37 . 2009-07-08 18:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-01 22:04 . 2009-09-01 22:04 -------- d-----w- c:\documents and settings\Mom & Dad\.jagex_cache_32 2009-09-01 21:45 . 2009-09-01 21:45 -------- d-----w- C:\.jagex_cache_32 2009-09-01 21:40 . 2009-09-01 22:44 34 ----a-w- c:\documents and settings\Mom & Dad\jagex_runescape_preferences.dat 2009-09-01 21:40 . 2009-09-01 21:42 -------- d-----w- c:\windows\.jagex_cache_32 2009-09-01 19:43 . 2009-09-01 19:43 -------- d-----w- C:\spoolerlogs 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\MSBuild 2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\Reference Assemblies 2009-08-22 08:04 . 2009-08-22 08:04 -------- d-----w- C:\1b59bdf808ae6faf0bfbe51c 2009-08-22 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-22 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-19 22:13 . 2009-08-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-08-11 21:02 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 23:15 . 2004-08-04 10:00 56320 ----a-w- c:\windows\system32\eventlog.dll 2009-09-08 23:53 . 2009-06-08 23:53 88576 --sha-w- c:\windows\system32\miluduri.dll 2009-09-07 16:34 . 2009-06-07 16:34 88576 --sha-w- c:\windows\system32\visefiti.dll 2009-09-06 22:33 . 2009-06-06 22:33 50176 --sha-w- c:\windows\system32\toyipugu.dll 2009-09-06 22:33 . 2009-06-06 22:33 88576 --sha-w- c:\windows\system32\nawodogi.dll 2009-09-02 23:36 . 2006-11-23 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-02 14:24 . 2009-06-02 14:24 89088 --sha-w- c:\windows\system32\firupifo.dll 2009-08-24 03:18 . 2007-05-29 12:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-23 16:22 . 2005-11-07 00:49 -------- d-----w- c:\program files\Google 2009-08-20 20:19 . 2008-08-29 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 23:47 . 2007-09-07 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-29 12:47 . 2007-09-07 22:42 -------- d-----w- c:\program files\Apple Software Update 2009-07-18 05:15 . 2008-08-04 02:52 -------- d-----w- c:\program files\Safari 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\program files\iTunes 2009-07-18 05:13 . 2009-07-18 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-18 05:12 . 2006-11-23 23:01 -------- d-----w- c:\program files\iPod 2009-07-18 05:12 . 2007-09-07 22:41 -------- d-----w- c:\program files\Common Files\Apple 2009-07-18 05:10 . 2009-07-18 05:09 -------- d-----w- c:\program files\QuickTime 2009-07-18 05:02 . 2009-07-18 05:02 -------- d-----w- c:\program files\Bonjour 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-04 10:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 17:16 . 2009-07-18 05:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 17:16 . 2007-09-07 22:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-06-29 16:12 . 2004-08-04 10:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 10:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\gamibuyo.dll 2009-06-06 22:34 . 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\hemokelu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b219a14-89a5-4576-8f2c-5ffa67034341}] 2009-06-06 22:34 50176 --sha-w- c:\windows\SYSTEM32\gamibuyo.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968] "igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-01 290816] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-31 135168] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-31 53248] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "newahisore"="c:\windows\system32\hemokelu.dll" [2009-06-06 50176] "dedafonin"="c:\windows\system32\visefiti.dll" [2009-09-07 88576] "P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928] c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-6-9 2355200] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] I-News.lnk - c:\program files\Common Files\I-News\TrueWeather.exe [2005-5-5 5785600] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-12-12 229376] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{08d28c3b-63e2-4167-b1c8-151e82f69af4}"= "c:\windows\system32\visefiti.dll" [2009-09-07 88576] "{de03c493-f3c9-4354-9748-6c87929343cd}"= "c:\windows\system32\visefiti.dll" [2009-09-07 88576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "nuwapazef"= {08d28c3b-63e2-4167-b1c8-151e82f69af4} - c:\windows\system32\visefiti.dll [2009-09-07 88576] "muhelivuy"= {de03c493-f3c9-4354-9748-6c87929343cd} - c:\windows\system32\visefiti.dll [2009-09-07 88576] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\I-News\\TrueWeather.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"= "c:\\WINDOWS\\explorer.exe"= R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\SYSTEM32\DRIVERS\ScreamingBAudio.sys [3/27/2009 2:23 PM 23064] S2 erazdbv;erazdbv;c:\windows\system32\drivers\brgpnhwn.sys --> c:\windows\system32\drivers\brgpnhwn.sys [?] S2 oislzu;oislzu;c:\windows\system32\drivers\ixqjpuj.sys --> c:\windows\system32\drivers\ixqjpuj.sys [?] S2 wscxjko;wscxjko;c:\windows\system32\drivers\dgbiczy.sys --> c:\windows\system32\drivers\dgbiczy.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-09-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: turbotax.com . - - - - ORPHANS REMOVED - - - - HKLM-Run-net - c:\windows\system32\net.net HKLM-Run-11091564 - c:\documents and settings\All Users\Application Data\11091564\11091564.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-09 18:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3404) c:\windows\system32\WININET.dll c:\windows\system32\hemokelu.dll c:\windows\system32\visefiti.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\ati2evxx.exe c:\windows\SYSTEM32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\SYSTEM32\BAsfIpM.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\SYSTEM32\CTSVCCDA.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\SYSTEM32\MsPMSPSv.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Java\jre1.5.0_08\bin\jucheck.exe . ************************************************************************** . Completion time: 2009-09-09 18:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-09 23:36 Pre-Run: 83,791,810,560 bytes free Post-Run: 85,529,587,712 bytes free 273 --- E O F --- 2009-09-02 02:53

It started with the Security Center pop ups. (I wasn't smart enough to clean or research) Then the computer started locking up, more pop ups. It is a Dell desktop with Windows XP. I attempted to reload a new version of Mcafee (thinking the old one was out of date and the new install would take care of the problem). It allowed the process to remove the old version, then knocked the pc offline and rebooted. It has gottem progressively worse since. Normal starts lock up immediately. I can run in Safe mode. I have attempted to install Malware, Avira and HiJack both to the machine and to a flash. The virus stops the download. I changed the load file to a different name, with no luck. I am able to run sysinternals.exe (loaded as winlogon.exe) from a flash. There is a file "ctfmon.exe" that loads. If i kill this file I am able to work longer in safe, think this is part of the virus. In time it will lock up the machine regardless if that file is running. During the last attempt to load Hijack I noticed when it locked up the machine a file "net.exe" loaded momentarily, knocked the inernet off and locked the machine up. By running sysinternals and killing the ctfmon.exe file I was able to get Malware to load by naming the .exe file a different name. It rain for 3 seconds and stopped. Now the file is blocked. I reloaded using the same method and a different .exe name with the same results. I can get to the internet in Safe mode and using sysinternals, just can't do much. I have no log files as I can't get anything loaded or running. Any help is appreciated. I am on a different PC now.