Jump to content

shiki-fuujin

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. shiki-fuujin
    The Log that i had posted was before,i had resolved the problem,but now i have another one i cannot change my wallpaper,I mean the "your system is infected" file is gone <but the wallpaper options is still gray.
  2. shiki-fuujin
    Thanks for the help but i think,No I'm sure i got rid of it 2 days ago.The security tool logo is gone.my avast and malwarebyte are working i scanned and everything came up clean.so again thank you for the help.
  3. shiki-fuujin
    I saw it,it was funny
  4. shiki-fuujin
    ok here is the combo fix log. ComboFix 09-10-04.01 - Marrero 09/04/2009 17:32.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.639 [GMT -4:00] Running from: c:\documents and settings\Marrero\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\aIx2F.tmp c:\documents and settings\All Users\Application Data\aryqek.bat c:\documents and settings\All Users\Application Data\azysyz.ban c:\documents and settings\All Users\Application Data\equw.ban c:\documents and settings\All Users\Application Data\faci.lib c:\documents and settings\All Users\Application Data\guwymu._dl c:\documents and settings\All Users\Application Data\hunilezugu._sy c:\documents and settings\All Users\Application Data\jubiqyw.com c:\documents and settings\All Users\Application Data\kawefywan.dl c:\documents and settings\All Users\Application Data\lanagy.scr c:\documents and settings\All Users\Application Data\nybityhu.dl c:\documents and settings\All Users\Application Data\xoxos.lib c:\documents and settings\All Users\Application Data\ynir._dl c:\documents and settings\All Users\Application Data\ypoferavur.sys c:\documents and settings\All Users\Application Data\yrytozegef.reg c:\documents and settings\All Users\Application Data\ytegapan.pif c:\documents and settings\All Users\Documents\bipoji.com c:\documents and settings\All Users\Documents\gegisyg.inf c:\documents and settings\All Users\Documents\ijava.inf c:\documents and settings\All Users\Documents\inyne._dl c:\documents and settings\All Users\Documents\izopimuv.dll c:\documents and settings\All Users\Documents\nago.bin c:\documents and settings\All Users\Documents\ocyk.scr c:\documents and settings\All Users\Documents\ojesy.pif c:\documents and settings\All Users\Documents\qyfevi._dl c:\documents and settings\All Users\Documents\sovivyhub.pif c:\documents and settings\All Users\Documents\ubec._dl c:\documents and settings\All Users\Documents\udokoqiv.exe c:\documents and settings\All Users\Documents\ukuzi.dl c:\documents and settings\All Users\Documents\ykuxyme.bat c:\documents and settings\Guest User\Application Data\axypigop.inf c:\documents and settings\Guest User\Application Data\elep.scr c:\documents and settings\Guest User\Application Data\lizkavd.exe c:\documents and settings\Guest User\Application Data\megy.pif c:\documents and settings\Guest User\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\Guest User\Application Data\seres.exe c:\documents and settings\Guest User\Application Data\sodyjik.com c:\documents and settings\Guest User\Application Data\svcst.exe c:\documents and settings\Guest User\Application Data\time.vbs c:\documents and settings\Guest User\Application Data\ukakywosaj._dl c:\documents and settings\Guest User\Application Data\xojoxyjy.lib c:\documents and settings\Guest User\Application Data\yjaxovok.dll c:\documents and settings\Guest User\Application Data\yrybe.vbs c:\documents and settings\Guest User\Application Data\zyheg.lib c:\documents and settings\Guest User\Application Data\zytiqumuja._dl c:\documents and settings\Guest User\Cookies\duwybyjod.ban c:\documents and settings\Guest User\Cookies\egazyzo.sys c:\documents and settings\Guest User\Cookies\ohyr.pif c:\documents and settings\Guest User\Cookies\otonasu.reg c:\documents and settings\Guest User\Cookies\ukaw.lib c:\documents and settings\Guest User\Desktop\AntivirusPro_2010.lnk c:\documents and settings\Guest User\Local Settings\Application Data\aqusa._dl c:\documents and settings\Guest User\Local Settings\Application Data\aratary.bat c:\documents and settings\Guest User\Local Settings\Application Data\avuxi.reg c:\documents and settings\Guest User\Local Settings\Application Data\cavyfehygu.pif c:\documents and settings\Guest User\Local Settings\Application Data\cibezanutu.vbs c:\documents and settings\Guest User\Local Settings\Application Data\igomen.vbs c:\documents and settings\Guest User\Local Settings\Application Data\ilepigy.bin c:\documents and settings\Guest User\Local Settings\Application Data\jejapajasu.pif c:\documents and settings\Guest User\Local Settings\Application Data\yfuk.pif c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\bipaxovevi.db c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\colize.com c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\fozod.exe c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\huda.ban c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\iqakutuxa.exe c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\jilyxo.lib c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\kinib.dl c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\myxe.lib c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\nikez.inf c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\qelacupis.bat c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\sifu.sys c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\uzolarig._dl c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\ykofuvanu.bat c:\documents and settings\Guest User\Start Menu\Programs\AntivirusPro_2010 c:\documents and settings\Guest User\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk c:\documents and settings\Guest User\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk c:\documents and settings\Marrero\Application Data\adyn.bin c:\documents and settings\Marrero\Application Data\atyzonyk._dl c:\documents and settings\Marrero\Application Data\gogo.lib c:\documents and settings\Marrero\Application Data\pewijari.ban c:\documents and settings\Marrero\Application Data\umoles.pif c:\documents and settings\Marrero\Application Data\zopacule.lib c:\documents and settings\Marrero\Cookies\cavafovugo.ban c:\documents and settings\Marrero\Cookies\hanubon.ban c:\documents and settings\Marrero\Cookies\imohykexan.inf c:\documents and settings\Marrero\Cookies\nequkocu._dl c:\documents and settings\Marrero\Cookies\rojenu.ban c:\documents and settings\Marrero\Cookies\sumace.ban c:\documents and settings\Marrero\Cookies\zujivos.sys c:\documents and settings\Marrero\Local Settings\Application Data\wyvimefac.scr c:\documents and settings\Marrero\Local Settings\Application Data\yqycubema.sys c:\documents and settings\Marrero\Local Settings\Temporary Internet Files\udan.db c:\documents and settings\Marrero\Local Settings\Temporary Internet Files\vikihibo._dl C:\p2hhr.bat c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe c:\program files\Common Files\axexos.inf c:\program files\Common Files\bobofamimu.com c:\program files\Common Files\efyreh.exe c:\program files\Common Files\esepokecih.reg c:\program files\Common Files\evowedekat.pif c:\program files\Common Files\hipinu.bin c:\program files\Common Files\ikecynypo.bin c:\program files\Common Files\ilequzew.reg c:\program files\Common Files\naxaxa.exe c:\program files\Common Files\ocojuw._dl c:\program files\Common Files\pijyzy.dl c:\program files\Common Files\tolixuwo.reg c:\program files\Common Files\ubycisazuv.com c:\program files\Common Files\uqyr.scr c:\program files\Common Files\uwewewyx.ban c:\program files\Common Files\xybufuf.reg c:\program files\Common Files\xyze.ban c:\program files\Common Files\ycibu.sys c:\windows\ahyzafuxy.inf c:\windows\alowadiv.pif c:\windows\avucedafef.bat c:\windows\bevokawisu.reg c:\windows\boryvovaco.pif c:\windows\bujuxyd.pif c:\windows\davij.bin c:\windows\desktop c:\windows\dymybydo.dll c:\windows\ebijyjap.dl c:\windows\edavumamyn.bat c:\windows\exabatace.exe c:\windows\giwerydy.dll c:\windows\hevuhazuc.sys c:\windows\hicuma.scr c:\windows\ivenog.dll c:\windows\iweg.dl c:\windows\kb913800.exe c:\windows\lyhi.dll c:\windows\nesi.dl c:\windows\susir.scr c:\windows\svchast.exe c:\windows\system32\_scui.cpl c:\windows\system32\~.exe c:\windows\system32\41.exe c:\windows\system32\anilala.bat c:\windows\system32\AVR09.exe c:\windows\system32\bincd32.dat c:\windows\system32\bujokatu.exe c:\windows\system32\critical_warning.html c:\windows\system32\harizepu.dll c:\windows\system32\ijalipogi._dl c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\kedohugu.dll c:\windows\system32\lslvcpyi.ini c:\windows\system32\mehe.inf c:\windows\system32\muzupera.dll c:\windows\system32\natosykipu.dl c:\windows\system32\nezogeju.dll c:\windows\system32\niwaluyu.dll c:\windows\system32\nobajanu.dll c:\windows\system32\nupyt.sys c:\windows\system32\okad.sys c:\windows\system32\plUGie.dll c:\windows\system32\pojuno.bin c:\windows\system32\satevowa.dll c:\windows\system32\seyohale.dll c:\windows\system32\sonumiwo.dll c:\windows\system32\t88u30ar.dll c:\windows\system32\tDdMnnmp.ini c:\windows\system32\tDdMnnmp.ini2 c:\windows\system32\tejekuru.dll c:\windows\system32\tubakile.dll c:\windows\system32\ucybyres.bin c:\windows\system32\ulew.pif c:\windows\system32\vebuwazany.vbs c:\windows\system32\wbem\proquota.exe c:\windows\system32\wepanibe.dll c:\windows\system32\wimaxobor.pif c:\windows\system32\winhelper.dll c:\windows\system32\winupdate.exe c:\windows\system32\wispex.html c:\windows\system32\yhyr.ban c:\windows\system32\ysoma.reg c:\windows\system32\zabunego.dll c:\windows\system32\zipavagi.dll c:\windows\tekymadi.dl c:\windows\ukatamory.ban c:\windows\uwiqyk.scr c:\windows\uxag.vbs c:\windows\wiaserviv.log c:\windows\xapopos.vbs c:\windows\yxefybynyl.scr c:\windows\zefivicy.bin c:\windows\zivo._dl C:\xcrashdump.dat Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_AntiPol -------\Service_AntiPol ((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 ))))))))))))))))))))))))))))))) . 2009-10-04 05:39 . 2009-10-04 05:39 -------- d-----w- c:\documents and settings\Marrero\Application Data\4950769446 2009-10-03 19:30 . 2009-10-03 19:30 -------- d-----w- c:\documents and settings\Marrero\Application Data\SUPERAntiSpyware.com 2009-10-01 21:19 . 2009-10-01 21:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\8904351066 2009-10-01 02:38 . 2009-10-01 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\xv11070624 2009-09-30 21:59 . 2009-09-30 21:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software 2009-09-28 15:16 . 2009-09-28 15:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-04 20:50 . 2009-09-04 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Viewpoint 2009-09-04 20:50 . 2009-09-04 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL 2009-08-25 21:58 . 2009-08-25 21:58 -------- d-----w- c:\documents and settings\Marrero\Application Data\TuneUp Software 2009-08-20 23:17 . 2009-08-20 23:17 -------- d-----w- c:\documents and settings\Guest User\Application Data\Malwarebytes 2009-08-20 22:17 . 2009-08-20 22:17 -------- d-----w- c:\documents and settings\Marrero\Application Data\Malwarebytes 2009-08-20 22:17 . 2009-08-20 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-04 17:30 . 2006-10-25 23:31 -------- d-----w- c:\program files\Dl_cats 2009-10-04 17:22 . 2009-10-01 02:38 0 ----a-r- c:\windows\win32k.sys 2009-10-04 05:39 . 2009-10-04 05:39 -------- d-----w- c:\documents and settings\Marrero\Application Data\4950769446 2009-10-04 05:39 . 2009-07-04 05:38 1048099 --sha-w- c:\windows\system32\tikiyabu.exe 2009-10-04 01:39 . 2009-10-04 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malwarebb 2009-10-03 20:19 . 2009-10-03 20:19 16892 ----a-w- c:\windows\dygivogohy.com 2009-10-03 20:19 . 2009-10-03 20:19 12179 ----a-w- c:\program files\Common Files\temipaw._sy 2009-10-03 20:19 . 2009-10-03 20:19 11804 ----a-w- c:\program files\Common Files\xubuhanum._sy 2009-10-03 20:19 . 2009-10-03 20:19 11341 ----a-w- c:\documents and settings\Guest User\Application Data\omovo.dat 2009-10-03 20:06 . 2009-10-03 20:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-03 19:30 . 2009-10-03 19:30 -------- d-----w- c:\documents and settings\Marrero\Application Data\SUPERAntiSpyware.com 2009-10-03 18:57 . 2006-11-04 02:04 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-10-03 18:57 . 2006-11-04 02:04 88 --sh--r- c:\windows\system32\69ED63905D.sys 2009-10-03 03:28 . 2009-10-03 03:28 19443 ----a-w- c:\windows\dozanafato.dat 2009-10-03 03:28 . 2009-10-03 03:28 14298 ----a-w- c:\windows\lavy.dat 2009-10-03 03:19 . 2009-10-03 03:19 17030 ----a-w- c:\windows\dydap.dat 2009-10-03 01:28 . 2009-10-03 01:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Macromedia 2009-10-03 01:28 . 2009-10-03 01:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Adobe 2009-10-03 01:25 . 2009-10-02 15:38 58 ----a-w- c:\windows\wf4.dat 2009-10-03 01:25 . 2009-10-02 15:38 3 ----a-w- c:\windows\wf3.dat 2009-10-03 01:19 . 2009-10-02 15:46 131731 ----a-w- c:\windows\system32\dbsinit.exe 2009-10-03 00:34 . 2009-10-03 00:34 95856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-03 00:16 . 2009-10-03 00:16 18756 ----a-w- c:\windows\jisynuheko.dat 2009-10-03 00:16 . 2009-10-03 00:16 16637 ----a-w- c:\program files\Common Files\acuh.lib 2009-10-03 00:16 . 2009-10-03 00:16 15780 ----a-w- c:\documents and settings\All Users\Application Data\ceresa.dat 2009-10-03 00:16 . 2009-10-03 00:16 15133 ----a-w- c:\program files\Common Files\adumyfykib.lib 2009-10-02 15:42 . 2009-10-02 15:38 545792 ----a-w- c:\windows\system32\pump.exe 2009-10-02 15:38 . 2009-10-02 15:38 36 ----a-w- c:\windows\system32\skynet.dat 2009-10-02 00:27 . 2009-10-02 00:27 17592 ----a-w- c:\windows\ubukijobiq.com 2009-10-02 00:27 . 2009-10-02 00:27 16700 ----a-w- c:\windows\system32\hakypago.dat 2009-10-02 00:27 . 2009-10-02 00:27 14415 ----a-w- c:\program files\Common Files\obig.dat 2009-10-01 21:19 . 2009-07-01 21:19 51200 --sha-w- c:\windows\system32\defupabo.dll 2009-10-01 21:19 . 2009-10-01 21:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\8904351066 2009-10-01 21:19 . 2009-07-01 21:19 1048100 --sha-w- c:\windows\system32\hujepaka.exe 2009-10-01 02:38 . 2009-10-01 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\xv11070624 2009-10-01 02:38 . 2009-10-01 02:38 496164 ----a-w- C:\aIx2F.tmp.exe 2009-10-01 02:38 . 2009-10-01 02:38 52736 ----a-w- C:\afuqr.exe 2009-10-01 02:38 . 2009-10-01 02:38 19456 ----a-w- C:\ekffax.exe 2009-10-01 02:38 . 2009-10-01 02:38 17920 ----a-w- C:\qgferewy.exe 2009-10-01 02:38 . 2009-10-01 02:38 57856 ----a-w- C:\vklebc.exe 2009-10-01 02:38 . 2009-10-01 02:38 46592 ----a-w- C:\hrngen.exe 2009-10-01 02:38 . 2009-10-01 02:38 12288 ----a-w- C:\qtpjjuur.exe 2009-10-01 02:38 . 2009-10-01 02:38 6144 ----a-w- C:\avjelge.exe 2009-09-30 21:59 . 2009-09-30 21:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software 2009-09-30 20:17 . 2005-08-16 08:50 -------- d-s---w- c:\documents and settings\Administrator\Application Data\Microsoft 2009-09-28 15:16 . 2009-09-28 15:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-28 01:40 . 2009-09-28 01:40 5632 ----a-w- C:\rlswn.exe 2009-09-10 18:54 . 2009-10-03 20:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-10-03 20:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 00:59 . 2009-04-16 20:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 21:36 . 2009-10-03 19:30 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-04 21:36 . 2009-08-20 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-04 20:50 . 2009-09-04 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Viewpoint 2009-09-04 20:50 . 2009-09-04 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL 2009-09-04 20:30 . 2009-09-04 20:30 17614 ----a-w- c:\windows\ubik.com 2009-09-04 20:29 . 2009-01-31 16:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-03 04:33 . 2006-10-19 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime 2009-08-27 15:44 . 2009-05-28 22:44 -------- d-----w- c:\documents and settings\Guest User\Application Data\uTorrent 2009-08-25 21:58 . 2009-08-25 21:58 -------- d-----w- c:\documents and settings\Marrero\Application Data\TuneUp Software 2009-08-20 23:17 . 2009-08-20 23:17 -------- d-----w- c:\documents and settings\Guest User\Application Data\Malwarebytes 2009-08-20 22:17 . 2009-08-20 22:17 -------- d-----w- c:\documents and settings\Marrero\Application Data\Malwarebytes 2009-08-20 22:17 . 2009-08-20 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-20 19:50 . 2009-08-20 19:50 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-08-20 19:50 . 2009-08-20 19:50 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-08-20 19:49 . 2009-06-04 21:38 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-08-20 16:35 . 2009-08-20 16:35 18203 ----a-w- c:\windows\yrolyv.dat 2009-08-20 16:35 . 2009-08-20 16:35 18083 ----a-w- c:\documents and settings\Marrero\Local Settings\Application Data\xihemeq.dat 2009-08-19 21:15 . 2006-12-25 03:31 -------- d-----w- c:\program files\Morpheus 2009-08-05 09:01 . 2005-08-16 08:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 01:28 . 2006-10-26 21:14 -------- d-s---w- c:\documents and settings\Guest User\Application Data\Microsoft 2009-07-17 19:01 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 09:48 . 2009-08-20 19:50 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2009-07-13 14:08 . 2005-08-16 08:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 18:18 . 2006-10-25 23:20 -------- d-s---w- c:\documents and settings\Marrero\Application Data\Microsoft 2009-07-08 20:14 . 2006-10-26 21:14 133 ----a-w- c:\documents and settings\Guest User\Local Settings\Application Data\fusioncache.dat 2009-07-06 22:54 . 2006-10-29 14:18 95856 ----a-w- c:\documents and settings\Marrero\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-04 17:40 . 2009-07-04 17:40 1048099 --sha-w- c:\windows\system32\hetuyevo.exe 2009-07-03 17:09 . 2005-08-16 08:18 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2005-08-16 08:18 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-16 08:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-16 08:18 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-16 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2005-08-16 08:18 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2005-08-16 08:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2005-08-16 08:18 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2005-08-16 08:18 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2005-08-16 08:18 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2005-08-16 08:18 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2005-08-16 08:18 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2005-08-16 08:18 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2005-08-16 08:37 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2005-08-16 08:18 132096 ----a-w- c:\windows\system32\wkssvc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 430080] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "HostManager"="c:\program files\Common Files\AOL\1169773129\ee\AOLSoftware.exe" [2008-06-24 41824] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728] "4950769446"="c:\documents and settings\Marrero\Application Data\4950769446\4950769446.exe" [2009-10-04 1048099] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "c0d1d4a2"=rundll32.exe "c:\windows\system32\iypcvlsl.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\AOL\\RC\\regClient.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Common Files\\AOL\\1169773129\\ee\\aolsoftware.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\ehome\\ehtray.exe"= "c:\\WINDOWS\\system32\\TUProgSt.exe"= "c:\\WINDOWS\\system32\\verclsid.exe"= "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"= "c:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"= R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/20/2009 3:50 PM 604488] S2 iaufo4ohg7ai;Creative ALchemy AL1 Licensing Service;c:\windows\system32\soucyzyssar.exe --> c:\windows\system32\soucyzyssar.exe [?] S2 vberabertsog;vberabertsog;\??\c:\windows\system32\drivers\yladd.sys --> c:\windows\system32\drivers\yladd.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . Contents of the 'Scheduled Tasks' folder 2009-09-04 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54] 2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{EEDEE9C1-E241-40A9-9134-C869CB7EEF11}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - HKLM-Run-roromeney - c:\windows\system32\wepanibe.dll HKLM-Run-miledufoka - kedohugu.dll SharedTaskScheduler-{b1db276b-5679-4510-bbe6-f5ca89b1f203} - (no file) SharedTaskScheduler-{fde09a82-3c95-4ad8-8c84-fc70a7064d50} - (no file) SharedTaskScheduler-{6216e49e-5856-44df-96cd-03cd481564c9} - (no file) SharedTaskScheduler-{bebf7048-82ef-400d-bd11-7ebb238e491d} - (no file) SharedTaskScheduler-{49a2fc7b-17be-4ea8-99da-2a504a6ba3e5} - (no file) SharedTaskScheduler-{dc6f7cf8-9d32-49f3-ab70-5dd45fea139b} - (no file) SharedTaskScheduler-{e0e4a128-e93e-4974-8e1f-1ef70e9a3702} - (no file) SharedTaskScheduler-{f20cd60d-f789-43a4-9e37-f404e5d42bfe} - (no file) SharedTaskScheduler-{0f8d9d63-c1fc-4680-b7ab-05b0bfa63a06} - c:\windows\system32\wepanibe.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-04 17:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . ------------------------ Other Running Processes ------------------------ . c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\wanmpsvc.exe c:\windows\system32\fxssvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\rundll32.exe c:\combofix\hidec.exe c:\windows\system32\dllhost.exe c:\windows\system32\dlcccoms.exe c:\program files\Dell Support\DSAgnt.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe c:\combofix\Catchme.tmp . ************************************************************************** . Completion time: 2009-09-04 17:43 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-04 21:43 Pre-Run: 57,965,928,448 bytes free Post-Run: 58,714,570,752 bytes free 494 --- E O F --- 2009-09-09 18:52
  5. shiki-fuujin
    ok ill have the logs by 2
  6. shiki-fuujin
    Anyone?? please I'm seriously contemplating formatting the whole thing.
  7. shiki-fuujin
    So it stared about a week ago,my comp started slowing down,i didnt know why.Anyways for the past two days i have been trying to get rid of this thing i have literally spent more than 6 hours today alone!!! trying to fix my computer.My Avast,malwarebyte wont work i even tryed dowmloading superantisypware!!! and to no avail.!!! please help!!!! .I'll be on till about 12 ps...HI
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.