Jump to content

shamrocka

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey Rosty, I've tried to run combofix from my command prompt and it won't work. Application Error. I don't understand what happened. It seemed like all was fixed after I ran combofix the first time. But after that next code my computer started acting up. It must have been somthing in that 2nd code. I don't understand what went wrong. Please help me. Can I open this question up to the entire forum yet so that we can get more help. I'm trying to hold on to my hope as long as I can but its reallyy hard right now.
  2. It is definitely worth the try. I'll get back to you and let you know what happens. Thank you!
  3. Hey Rosty, Please let me know when and if you feel that you don't have a solution to this. Then I will open up a topic and put it out there for orther folks to chime in on. I dont' want to put another topic out there until you feel like you have exhausted all possibilities. I don't want to insult or offend you by undercutting your efforts. Thanks so much!!
  4. Hi Rosty, I think I am not being clear. I don't have access to my desktop. I can only access files through the c: prompt. Through the c: prompt, I tried to run combofix and it will not run. It is among the long list of applications that will not run. Error message: combofix.exe Application error. Application failed to initialize... On a brighter note, my computer does recognize my hard drive. So while you figure this part out, I will be figuring out how to copy all of my files to my harddrive using the c: prompt. Thanks for all of your help Rosty.
  5. Hey Rosty, Just a quick update. I was able to log in to safe mode with command prompt. The interesting thing is that some programs can be opened such as excel, word, powerpoint. Dreamweaver. Pinball. Solitare. I don't know why. But thought that id share that tid bit of info in case it helps you in figuring out my problem. If I find out anything else. I'll post it. Until then I'll keep an eye out for you here.
  6. Thanks Rosty. I'll be checking in via my cellphone. MUAH!
  7. OK. I'm freaking out here. I rebooted my machine and there is nothing on my desktop. Not only that, but I can't launch the internet explorer nor firefox or any other software (besides task manager) for that matter. I get this error message. "Application failed to initialze properly". Pleae tell me this is fixable. I can't even launch the recovery console that I set up when I first ran combo fix. It seemed like my computer was fixed before I ran the second phase. PLEASE HELP!
  8. Hey Rosty, Thanks for your help thus far. I ran the combofix again with the text you provided. The log is below. However, I do not have Hijack this. Also when you new code started run, it told me there was a problem with my recovery console. But maybe you'll see all of that in this log below. Standing by for the next move.... ***************************************** ComboFix 09-10-27.04 - First Last 10/27/2009 22:49.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.218 [GMT -4:00] Running from: c:\documents and settings\First Last\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\First Last\Desktop\CFScript.txt FILE :: "c:\documents and settings\First Last\Application Data\cypetazosy.dat" "c:\documents and settings\First Last\Application Data\pidisa.dat" "c:\documents and settings\First Last\Application Data\qatuqok.dat" "c:\documents and settings\First Last\Application Data\yzozibozuh.dat" "c:\windows\qozilekiz.com" "c:\windows\system32\21c3fb.dll" "c:\windows\SYSTEM32\fatatezu.dll" "c:\windows\system32\fomy.dat" "c:\windows\SYSTEM32\kahaneni.exe" "c:\windows\SYSTEM32\kiyupufu.dll" "c:\windows\SYSTEM32\kowevije.dll" "c:\windows\SYSTEM32\lazimidi.dll" "c:\windows\SYSTEM32\lifozasa.dll" "c:\windows\SYSTEM32\lomugowi.dll" "c:\windows\SYSTEM32\lovegogi.dll" "c:\windows\SYSTEM32\lupojuki.dll" "c:\windows\SYSTEM32\mumefufa.dll" "c:\windows\SYSTEM32\muzowulu.dll" "c:\windows\SYSTEM32\nejayiwu.dll" "c:\windows\SYSTEM32\nugoruhe.dll" "c:\windows\SYSTEM32\oleaut32.dll" "c:\windows\SYSTEM32\olepro32.dll" "c:\windows\SYSTEM32\pajoyuso.dll" "c:\windows\SYSTEM32\piyosigu.dll" "c:\windows\SYSTEM32\pojozaku.dll" "c:\windows\SYSTEM32\rehufoge.exe" "c:\windows\SYSTEM32\rurozohu.dll" "c:\windows\SYSTEM32\sofoteko.dll" "c:\windows\SYSTEM32\tovikisu.exe" "c:\windows\SYSTEM32\vebuzabo.dll" "c:\windows\SYSTEM32\vugigama.dll" "c:\windows\SYSTEM32\vulogijo.dll" "c:\windows\SYSTEM32\wezavova.dll" "c:\windows\SYSTEM32\wotafute.dll" "c:\windows\system32\wze.exe" "c:\windows\SYSTEM32\yamizavi.dll" "c:\windows\SYSTEM32\yedejoru.dll" "c:\windows\SYSTEM32\yilagewu.dll" "c:\windows\SYSTEM32\yodupani.exe" "c:\windows\SYSTEM32\yofematu.dll" "c:\windows\SYSTEM32\zahopaso.dll" "c:\windows\SYSTEM32\zobudome.dll" "c:\windows\SYSTEM32\zogevumu.exe" "c:\windows\SYSTEM32\zudovase.dll" "c:\windows\wp3.dat" "c:\windows\wp4.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\First Last\Application Data\cypetazosy.dat c:\documents and settings\First Last\Application Data\pidisa.dat c:\documents and settings\First Last\Application Data\qatuqok.dat c:\documents and settings\First Last\Application Data\yzozibozuh.dat c:\program files\Viewpoint c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Viewpoint\Common\VistaBoot.sdll c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\MTS3Reader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe c:\program files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\Cursors.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\Mts3Reader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VETScriptInterpreter.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPSpeech.dll c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPVideo2.dll c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt c:\program files\Viewpoint\Viewpoint Manager\CPtask.xml c:\program files\Viewpoint\Viewpoint Manager\NotifyData\header.gif c:\program files\Viewpoint\Viewpoint Manager\NotifyData\no.gif c:\program files\Viewpoint\Viewpoint Manager\NotifyData\options.ini c:\program files\Viewpoint\Viewpoint Manager\NotifyData\updates.html c:\program files\Viewpoint\Viewpoint Manager\NotifyData\yes.gif c:\program files\Viewpoint\Viewpoint Manager\Read_Me.txt c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html c:\program files\Viewpoint\Viewpoint Manager\ViewCPexe.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt c:\program files\Viewpoint\Viewpoint Media Player\Components\atmosphere.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf c:\program files\Viewpoint\Viewpoint Media Player\Components\BlueStreak.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg c:\program files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\LensFlares.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts2Reader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\ObjectMovie.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\ServiceComponent.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VectorView.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\ZoomView.dll c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AtmoHWConfig.txt c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AvatarsDefault.prf c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\BookmarksDefault.prf c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultAvatarIcon.jpg c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultWorldIcon.jpg c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\InternetChatHelp.url c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AtmoHWConfig.txt c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AvatarsDefault.prf c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\BookmarksDefault.prf c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultAvatarIcon.jpg c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultWorldIcon.jpg c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\InternetChatHelp.url c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt c:\windows\qozilekiz.com c:\windows\system32\21c3fb.dll c:\windows\SYSTEM32\fatatezu.dll c:\windows\system32\fomy.dat c:\windows\SYSTEM32\kahaneni.exe c:\windows\system32\kiyupufu.dll c:\windows\SYSTEM32\kowevije.dll c:\windows\SYSTEM32\lazimidi.dll c:\windows\SYSTEM32\lifozasa.dll c:\windows\SYSTEM32\lomugowi.dll c:\windows\SYSTEM32\lovegogi.dll c:\windows\system32\lupojuki.dll c:\windows\system32\mumefufa.dll c:\windows\SYSTEM32\muzowulu.dll c:\windows\SYSTEM32\nejayiwu.dll c:\windows\system32\nugoruhe.dll c:\windows\system32\pajoyuso.dll c:\windows\SYSTEM32\piyosigu.dll c:\windows\SYSTEM32\pojozaku.dll c:\windows\SYSTEM32\rehufoge.exe c:\windows\SYSTEM32\rurozohu.dll c:\windows\system32\sofoteko.dll c:\windows\SYSTEM32\tovikisu.exe c:\windows\SYSTEM32\vebuzabo.dll c:\windows\SYSTEM32\vugigama.dll c:\windows\system32\vulogijo.dll c:\windows\system32\wezavova.dll c:\windows\SYSTEM32\wotafute.dll c:\windows\system32\wze.exe c:\windows\SYSTEM32\yamizavi.dll c:\windows\SYSTEM32\yedejoru.dll c:\windows\system32\yilagewu.dll c:\windows\SYSTEM32\yodupani.exe c:\windows\SYSTEM32\yofematu.dll c:\windows\SYSTEM32\zahopaso.dll c:\windows\system32\zobudome.dll c:\windows\SYSTEM32\zogevumu.exe c:\windows\SYSTEM32\zudovase.dll c:\windows\wp3.dat c:\windows\wp4.dat . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 ))))))))))))))))))))))))))))))) . 2009-10-27 11:52 . 2009-10-27 11:52 -------- dc----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder 2009-10-27 03:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-27 03:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-25 20:34 . 2009-10-25 20:34 34816 ----a-w- c:\windows\system32\drivers\rootrepeal[2].sys 2009-10-25 20:33 . 2009-10-25 20:33 34816 ----a-w- c:\windows\system32\drivers\tatert~1.scr.sys 2009-10-25 20:28 . 2009-10-25 20:32 34816 ----a-w- c:\windows\system32\drivers\tatertots.scr.sys 2009-10-25 20:24 . 2009-10-25 20:24 0 --sha-w- C:\ntuser.dll 2009-10-19 00:13 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 00:13 . 2009-10-19 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-19 00:13 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-18 17:33 . 2009-10-18 17:33 13241 ----a-w- c:\documents and settings\First Last\Local Settings\Application Data\exed.dat 2009-10-18 17:29 . 2009-10-27 03:38 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-18 08:18 . 2009-10-19 11:19 23582 ----a-w- c:\windows\system32\syslog.dat 2009-10-18 03:42 . 2009-10-18 03:42 18942 ----a-w- c:\documents and settings\First Last\Local Settings\Application Data\bosyroc.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-18 16:05 . 2005-02-04 18:14 -------- d-----w- c:\program files\Palm2 2009-10-18 16:05 . 2003-04-11 03:30 -------- d-----w- c:\program files\MSN Messenger 2009-10-15 07:11 . 2008-08-25 00:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-15 02:10 . 2002-04-22 23:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-12 06:25 . 2003-02-16 20:27 267024 ----a-w- c:\documents and settings\First Last\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-07 00:31 . 2007-02-07 19:38 -------- d--h--w- c:\documents and settings\First Last\Application Data\Move Networks 2009-10-01 11:17 . 2004-06-25 17:24 -------- d-----w- c:\documents and settings\First Last\Application Data\BPFTP 2009-09-29 09:50 . 2009-08-09 21:00 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-09-29 07:16 . 2002-04-22 21:49 -------- d-----w- c:\program files\Microsoft Works 2009-09-27 04:54 . 2002-05-02 03:45 -------- d-----w- c:\documents and settings\First Last\Application Data\MSN6 2009-09-11 14:18 . 2001-08-18 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 07:19 . 2008-08-10 18:53 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 21:03 . 2001-08-18 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-02-06 22:05 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2001-08-18 11:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2004-06-24 20:19 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-06 23:24 . 2004-09-23 15:52 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-09-23 15:52 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-09-23 15:52 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-06-24 20:20 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-06-24 20:15 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-09-23 15:52 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2008-11-22 20:25 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 23:23 . 2008-11-22 20:25 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2004-06-24 20:20 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-06-24 20:17 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 00:44 . 1980-01-01 05:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 1980-01-01 05:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2007-09-20 04:43 . 2007-09-20 04:43 51422520 ----a-w- c:\program files\iTunes742Setup.exe 2006-09-18 15:18 . 2006-09-18 15:19 1512489 ----a-w- c:\program files\RADTools.exe 2002-08-02 17:38 . 2002-08-02 17:38 49152 --sha-w- c:\program files\Thumbs.db 2006-08-09 19:34 . 2005-05-21 02:43 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-08-09 19:34 . 2005-05-21 02:43 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-08-09 19:34 . 2005-05-21 02:43 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2001-08-18 11:00 . 2001-08-18 11:00 94784 --sh--w- c:\windows\TWAIN.DLL 2008-04-14 00:12 . 2001-08-18 11:00 50688 --sh--w- c:\windows\twain_32.dll 2008-04-14 00:11 . 2001-08-18 11:00 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll 2008-04-14 00:12 . 2001-08-18 11:00 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll 2008-04-14 00:12 . 2004-06-24 20:17 413696 --sha-w- c:\windows\SYSTEM32\msvcp60.dll 2008-04-14 00:12 . 2001-08-18 11:00 551936 --sh--w- c:\windows\SYSTEM32\oleaut32.dll 2008-04-14 00:12 . 2001-08-18 11:00 84992 --sha-w- c:\windows\SYSTEM32\olepro32.dll 2008-04-14 00:12 . 2001-08-18 11:00 11776 --sh--w- c:\windows\SYSTEM32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2002-02-27 75384] "DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840] "Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2002-05-18 327680] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-07 185896] "AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360] "RemoteControl"="h:\powerdvd\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="h:\powerdvd\Language\Language.exe" [2006-12-06 54832] "LGODDFU"="H:\fwupdate.exe" [2006-08-17 249856] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328] "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2009-05-26 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "Monitor"="h:\leapster\LeapFrog Connect\Monitor.exe" [2009-05-07 380928] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "LTWinModem1"="ltmsg.exe" - c:\windows\SYSTEM32\ltmsg.exe [2001-04-03 38912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\AOL Instant Messenger\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1141588480\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1141588480\\ee\\aim6.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "h:\\PowerDVD\\PowerDVD.exe"= "h:\\pinnacle12\\Programs\\RM.exe"= "h:\\pinnacle12\\Programs\\Studio.exe"= "h:\\pinnacle12\\Programs\\umi.exe"= "c:\\Program Files\\FTP Software\\BPFTP\\bpftp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\HPZipm12.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\acsd.exe"= "h:\\ADVWindowsClientService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 haepvuxq;haepvuxq;c:\windows\system32\drivers\haepvuxq.sys [x] R1 nbetgvai;nbetgvai;c:\windows\system32\drivers\nbetgvai.sys [x] R2 gupdate1ca0d5bf1e7a79a;Google Update Service (gupdate1ca0d5bf1e7a79a);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 133104] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x] R3 tatert~1.scr;tatert~1.scr;c:\windows\system32\drivers\tatert~1.scr.sys [2009-10-25 34816] R3 tatertots.exe.scr;tatertots.exe.scr;c:\windows\system32\drivers\tatertots.exe.scr.sys [x] R3 tatertots.scr;tatertots.scr;c:\windows\system32\drivers\tatertots.scr.sys [2009-10-25 34816] R3 VisorUsb;Handspring USB;c:\windows\system32\DRIVERS\VisorUsb.sys [2000-03-17 19968] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2006-09-08 10112] S2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-08-06 28672] S3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2000-10-03 6942] --- Other Services/Drivers In Memory --- *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] .Net CLR REG_MULTI_SZ .Net CLR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs BtwSrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 19:12] 2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 19:12] 2002-05-02 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2004-06-24 00:12] 2009-10-24 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NAVW32.exe [2002-05-30 15:28] 2002-05-17 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-04-23 16:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - hxxp://www.pulse3d.com/players/english/PulsePlayerAxWin.cab FF - ProfilePath - c:\documents and settings\First Last\Application Data\Mozilla\Firefox\Profiles\rov7gtmh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . - - - - ORPHANS REMOVED - - - - HKLM-Run-systeminfors - c:\windows\System32\wze.exe AddRemove-Viewpoint Manager - c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-27 23:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ImagePath"="\??\c:\windows\system32\drivers\rootrepeal [1].sys" "ImagePath"="\??\c:\windows\system32\drivers\rootrepeal [2].sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rootrepeal[1]] "ImagePath"="\??\c:\windows\system32\drivers\rootrepeal [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rootrepeal[2]] "ImagePath"="\??\c:\windows\system32\drivers\rootrepeal . Completion time: 2009-10-28 23:15 ComboFix-quarantined-files.txt 2009-10-28 03:13 ComboFix2.txt 2009-10-27 03:55 Pre-Run: 1,492,193,280 bytes free Post-Run: 1,435,439,104 bytes free - - End Of File - - 87DFD12229D26384B1AFEB9FF17DEE9B
  9. Thanks for reopening. And thank you all for your help. Below is my combofix log. Please note that I now have the recovery console in place. I had to do it afterwards due to a previous problem connecting to the internet. **************************************** ComboFix 09-10-26.03 - Shamika Cotton 10/26/2009 23:02.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.234 [GMT -4:00] Running from: c:\documents and settings\Shamika Cotton\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\agyzap.com c:\documents and settings\All Users\Application Data\akujyjovud.com c:\documents and settings\All Users\Application Data\ebotehap.ban c:\documents and settings\All Users\Application Data\ecebuhiqy.lib c:\documents and settings\All Users\Application Data\ituwunih.pif c:\documents and settings\All Users\Application Data\owazuxir._sy c:\documents and settings\All Users\Application Data\uludalom.vbs c:\documents and settings\All Users\Application Data\unevosaka.bin c:\documents and settings\All Users\Application Data\uvesifyha.ban c:\documents and settings\All Users\Application Data\vipes.lib c:\documents and settings\All Users\Application Data\xufat.com c:\documents and settings\All Users\Documents\anypemo.dll c:\documents and settings\All Users\Documents\atesuqomo.inf c:\documents and settings\All Users\Documents\byjapemu.ban c:\documents and settings\All Users\Documents\ejug.sys c:\documents and settings\All Users\Documents\hyxopaquz.bin c:\documents and settings\All Users\Documents\ogeve.inf c:\documents and settings\All Users\Documents\pyserez.dll c:\documents and settings\All Users\Documents\uxigeq.dl c:\documents and settings\All Users\Documents\yqaqema.dl c:\documents and settings\NetworkService\ntuser.dll c:\documents and settings\Shamika Cotton\Application Data\cyru.lib c:\documents and settings\Shamika Cotton\Application Data\dowa.pif c:\documents and settings\Shamika Cotton\Application Data\ehyfilomil.inf c:\documents and settings\Shamika Cotton\Application Data\ibubetu.dl c:\documents and settings\Shamika Cotton\Application Data\iwebik.com c:\documents and settings\Shamika Cotton\Application Data\jagun._sy c:\documents and settings\Shamika Cotton\Application Data\lidyxuxy.pif c:\documents and settings\Shamika Cotton\Application Data\pyjun._dl c:\documents and settings\Shamika Cotton\Application Data\qagofiwig._dl c:\documents and settings\Shamika Cotton\Application Data\ubucypigig.pif c:\documents and settings\Shamika Cotton\Application Data\uvygeleb.com c:\documents and settings\Shamika Cotton\Application Data\ycygajade._sy c:\documents and settings\Shamika Cotton\Application Data\yqedinyjod.vbs c:\documents and settings\Shamika Cotton\Cookies\exuq.dll c:\documents and settings\Shamika Cotton\Cookies\ifufocego.inf c:\documents and settings\Shamika Cotton\Cookies\pevigi.reg c:\documents and settings\Shamika Cotton\Cookies\uhyjef._sy c:\documents and settings\Shamika Cotton\Cookies\usawi._dl c:\documents and settings\Shamika Cotton\Local Settings\Application Data\avylad.dll c:\documents and settings\Shamika Cotton\Local Settings\Application Data\bibujunoh._dl c:\documents and settings\Shamika Cotton\Local Settings\Application Data\gelih.dl c:\documents and settings\Shamika Cotton\Local Settings\Application Data\haxepanibe.bin c:\documents and settings\Shamika Cotton\Local Settings\Application Data\idamat.pif c:\documents and settings\Shamika Cotton\Local Settings\Application Data\jobipi.dl c:\documents and settings\Shamika Cotton\Local Settings\Application Data\lefah.exe c:\documents and settings\Shamika Cotton\Local Settings\Application Data\oliwokan.scr c:\documents and settings\Shamika Cotton\Local Settings\Application Data\olotuput.pif c:\documents and settings\Shamika Cotton\Local Settings\Application Data\pyridywugo.scr c:\documents and settings\Shamika Cotton\Local Settings\Application Data\tikusox.bat c:\documents and settings\Shamika Cotton\Local Settings\Application Data\tonosuhoba.exe c:\documents and settings\Shamika Cotton\Local Settings\Application Data\wysuvety.exe c:\documents and settings\Shamika Cotton\Local Settings\Application Data\ygajovo.bat c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\ahepisab.ban c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\bycelasiv.lib c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\epom.db c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\fonoj.db c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\gutiho.db c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\igyjaduw.scr c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\jokixutiwy._dl c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\lyfad.dl c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\omodasy.inf c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\suhulu.sys c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\tepilaboka.reg c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\wuquwative.scr c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\wyweb.pif c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\xahyj._dl c:\documents and settings\Shamika Cotton\Local Settings\Temporary Internet Files\yralat.com c:\program files\Xilisoft\Audio Converter\lang\_desktop.ini c:\program files\Xilisoft\Audio Converter\Plugins\_desktop.ini c:\program files\Xilisoft\Audio Converter\skin\Default\_desktop.ini c:\windows\adadanohyn._dl c:\windows\afabi.exe c:\windows\bemuloj.reg c:\windows\Downloaded Program Files\CONFLICT.1\RdXIe.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\Downloaded Program Files\RdxIE.dll c:\windows\edagujise._sy c:\windows\gewofijizi.scr c:\windows\hisogum.dl c:\windows\hojyv.dl c:\windows\ihyraj.pif c:\windows\Install.txt c:\windows\junipaco.scr c:\windows\ojoti.reg c:\windows\olebihiki.ban c:\windows\patch.exe c:\windows\pumarur.pif c:\windows\qaxe.reg c:\windows\qowetivy._sy c:\windows\SYSTEM32\42631.dll c:\windows\system32\4F3X c:\windows\system32\amagdn.dll c:\windows\system32\bigupavi.exe c:\windows\system32\ccdyos.dll c:\windows\system32\djwoxb.dll c:\windows\system32\fanudugu.dll c:\windows\system32\galemo.reg c:\windows\system32\Install.txt c:\windows\system32\iswmdn.dll c:\windows\system32\jeruwuke.exe c:\windows\system32\jodokono.exe c:\windows\system32\kewiwizo.dll c:\windows\system32\kihinuga.dll c:\windows\system32\kjkipx.dll c:\windows\system32\logs c:\windows\system32\lokuyola.dll c:\windows\system32\lopedeza.exe c:\windows\system32\muluniba.exe c:\windows\system32\mupitera.exe c:\windows\system32\nayazezi.dll c:\windows\system32\niraaj.dll c:\windows\system32\nirubiko.dll c:\windows\system32\omydikug.sys c:\windows\system32\piuhws.dll c:\windows\system32\rikojine.dll c:\windows\system32\rqqicd.dll c:\windows\system32\schtml c:\windows\system32\schtml\dbsinit.exe c:\windows\system32\schtml\images\i1.gif c:\windows\system32\schtml\images\i2.gif c:\windows\system32\schtml\images\i3.gif c:\windows\system32\schtml\images\j1.gif c:\windows\system32\schtml\images\j2.gif c:\windows\system32\schtml\images\j3.gif c:\windows\system32\schtml\images\jj1.gif c:\windows\system32\schtml\images\jj2.gif c:\windows\system32\schtml\images\jj3.gif c:\windows\system32\schtml\images\l1.gif c:\windows\system32\schtml\images\l2.gif c:\windows\system32\schtml\images\l3.gif c:\windows\system32\schtml\images\pix.gif c:\windows\system32\schtml\images\t1.gif c:\windows\system32\schtml\images\t2.gif c:\windows\system32\schtml\images\up1.gif c:\windows\system32\schtml\images\up2.gif c:\windows\system32\schtml\images\w1.gif c:\windows\system32\schtml\images\w11.gif c:\windows\system32\schtml\images\w2.gif c:\windows\system32\schtml\images\w3.gif c:\windows\system32\schtml\images\w3.jpg c:\windows\system32\schtml\images\word.doc c:\windows\system32\schtml\images\wt1.gif c:\windows\system32\schtml\images\wt2.gif c:\windows\system32\schtml\images\wt3.gif c:\windows\system32\schtml\wispex.html c:\windows\system32\soletemo.exe c:\windows\system32\tofa.scr c:\windows\system32\uuohsb.dll c:\windows\system32\wadomoze.dll c:\windows\system32\wajegoru.exe c:\windows\system32\yebizopo.exe c:\windows\system32\yokiip.dll c:\windows\system32\yuworowe.dll c:\windows\ukow._dl c:\windows\ulalatiwo.dll c:\windows\yqygodeqox.dll c:\windows\ysehyb.ban c:\windows\ywegikecyr.reg c:\windows\zovaxi.bat C:\xcrashdump.dat H:\Autorun.inf c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_.NET_CLR -------\Legacy_6TO4 -------\Legacy_IAS -------\Legacy_IPRIP -------\Legacy_MNDISK -------\Service_NETSVCS_0x0 ((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 ))))))))))))))))))))))))))))))) . 2009-10-27 03:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-27 03:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-25 20:34 . 2009-10-25 20:34 34816 ----a-w- c:\windows\system32\drivers\rootrepeal[2].sys 2009-10-25 20:33 . 2009-10-25 20:33 34816 ----a-w- c:\windows\system32\drivers\tatert~1.scr.sys 2009-10-25 20:28 . 2009-10-25 20:32 34816 ----a-w- c:\windows\system32\drivers\tatertots.scr.sys 2009-10-25 20:24 . 2009-10-25 20:24 0 --sha-w- C:\ntuser.dll 2009-10-19 01:38 . 2009-10-19 01:38 540389 ----a-w- c:\windows\system32\21c3fb.dll 2009-10-19 00:13 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 00:13 . 2009-10-19 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-19 00:13 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-18 17:33 . 2009-10-18 17:33 15658 ----a-w- c:\windows\system32\fomy.dat 2009-10-18 17:33 . 2009-10-18 17:33 13241 ----a-w- c:\documents and settings\Shamika Cotton\Local Settings\Application Data\exed.dat 2009-10-18 17:29 . 2009-10-27 03:38 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-18 08:18 . 2009-10-19 11:19 23582 ----a-w- c:\windows\system32\syslog.dat 2009-10-18 08:18 . 2009-10-18 08:18 26624 ----a-w- c:\windows\system32\wze.exe 2009-10-18 03:42 . 2009-10-18 03:42 18942 ----a-w- c:\documents and settings\Shamika Cotton\Local Settings\Application Data\bosyroc.dat 2009-10-18 03:33 . 2009-10-18 03:33 13830 ----a-w- c:\windows\qozilekiz.com 2009-10-17 22:49 . 2009-10-18 02:44 58 ----a-w- c:\windows\wp4.dat 2009-10-17 22:49 . 2009-10-18 02:44 2 ----a-w- c:\windows\wp3.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-18 17:33 . 2009-10-18 17:33 15805 ----a-w- c:\documents and settings\Shamika Cotton\Application Data\qatuqok.dat 2009-10-18 17:33 . 2009-10-18 17:33 16830 ----a-w- c:\documents and settings\Shamika Cotton\Application Data\cypetazosy.dat 2009-10-18 16:05 . 2005-02-04 18:14 -------- d-----w- c:\program files\Palm2 2009-10-18 16:05 . 2003-04-11 03:30 -------- d-----w- c:\program files\MSN Messenger 2009-10-18 04:03 . 2009-10-18 04:03 18437 ----a-w- c:\documents and settings\Shamika Cotton\Application Data\pidisa.dat 2009-10-18 03:33 . 2009-10-18 03:33 18864 ----a-w- c:\documents and settings\Shamika Cotton\Application Data\yzozibozuh.dat 2009-10-15 07:11 . 2008-08-25 00:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-15 02:10 . 2002-04-22 23:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-12 06:25 . 2003-02-16 20:27 267024 ----a-w- c:\documents and settings\Shamika Cotton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-07 00:31 . 2007-02-07 19:38 -------- d--h--w- c:\documents and settings\Shamika Cotton\Application Data\Move Networks 2009-10-01 11:17 . 2004-06-25 17:24 -------- d-----w- c:\documents and settings\Shamika Cotton\Application Data\BPFTP 2009-09-29 09:50 . 2009-08-09 21:00 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-09-29 07:16 . 2002-04-22 21:49 -------- d-----w- c:\program files\Microsoft Works 2009-09-27 04:54 . 2002-05-02 03:45 -------- d-----w- c:\documents and settings\Shamika Cotton\Application Data\MSN6 2009-09-11 14:18 . 2001-08-18 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 07:19 . 2008-08-10 18:53 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 21:03 . 2001-08-18 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-02-06 22:05 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2001-08-18 11:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2004-06-24 20:19 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-06 23:24 . 2004-09-23 15:52 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-09-23 15:52 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-09-23 15:52 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-06-24 20:20 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-06-24 20:15 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-09-23 15:52 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2008-11-22 20:25 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 23:23 . 2008-11-22 20:25 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2004-06-24 20:20 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-06-24 20:17 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 00:44 . 1980-01-01 05:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 1980-01-01 05:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2007-09-20 04:43 . 2007-09-20 04:43 51422520 ----a-w- c:\program files\iTunes742Setup.exe 2006-09-18 15:18 . 2006-09-18 15:19 1512489 ----a-w- c:\program files\RADTools.exe 2002-08-02 17:38 . 2002-08-02 17:38 49152 --sha-w- c:\program files\Thumbs.db 2006-08-09 19:34 . 2005-05-21 02:43 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-08-09 19:34 . 2005-05-21 02:43 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-08-09 19:34 . 2005-05-21 02:43 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2001-08-18 11:00 . 2001-08-18 11:00 94784 --sh--w- c:\windows\TWAIN.DLL 2008-04-14 00:12 . 2001-08-18 11:00 50688 --sh--w- c:\windows\twain_32.dll 2009-03-25 14:40 . 1601-01-01 00:12 94720 --sha-w- c:\windows\SYSTEM32\fatatezu.dll 2009-03-26 21:48 . 1601-01-01 00:12 61440 --sha-w- c:\windows\SYSTEM32\kahaneni.exe 2009-03-26 23:12 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\kiyupufu.dll 2009-03-26 20:53 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\kowevije.dll 2009-03-26 22:16 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\lazimidi.dll 2009-03-26 19:59 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\lifozasa.dll 2009-03-26 19:31 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\lomugowi.dll 2009-03-25 02:39 . 1601-01-01 00:12 94720 --sha-w- c:\windows\SYSTEM32\lovegogi.dll 2009-03-26 19:03 . 1601-01-01 00:12 90112 --sha-w- c:\windows\SYSTEM32\lupojuki.dll 2008-04-14 00:11 . 2001-08-18 11:00 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll 2008-04-14 00:12 . 2001-08-18 11:00 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll 2008-04-14 00:12 . 2004-06-24 20:17 413696 --sha-w- c:\windows\SYSTEM32\msvcp60.dll 2008-04-14 00:12 . 2004-06-24 20:17 343040 --sha-w- c:\windows\SYSTEM32\msvcrt.dll 2009-03-26 20:53 . 1601-01-01 00:12 90112 --sha-w- c:\windows\SYSTEM32\mumefufa.dll 2009-03-24 02:39 . 1601-01-01 00:12 96256 --sha-w- c:\windows\SYSTEM32\muzowulu.dll 2009-03-26 23:12 . 1601-01-01 00:12 90112 --sha-w- c:\windows\SYSTEM32\nejayiwu.dll 2009-03-23 14:39 . 1601-01-01 00:12 94208 --sha-w- c:\windows\SYSTEM32\nugoruhe.dll 2008-04-14 00:12 . 2001-08-18 11:00 551936 --sh--w- c:\windows\SYSTEM32\oleaut32.dll 2008-04-14 00:12 . 2001-08-18 11:00 84992 --sha-w- c:\windows\SYSTEM32\olepro32.dll 2009-03-23 02:39 . 1601-01-01 00:12 128000 --sha-w- c:\windows\SYSTEM32\pajoyuso.dll 2009-03-24 14:39 . 1601-01-01 00:12 94208 --sha-w- c:\windows\SYSTEM32\piyosigu.dll 2009-03-26 20:26 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\pojozaku.dll 2008-04-14 00:12 . 2001-08-18 11:00 11776 --sh--w- c:\windows\SYSTEM32\regsvr32.exe 2009-03-26 22:44 . 1601-01-01 00:12 61440 --sha-w- c:\windows\SYSTEM32\rehufoge.exe 2009-03-26 19:31 . 1601-01-01 00:12 90112 --sha-w- c:\windows\SYSTEM32\rurozohu.dll 2009-03-26 21:48 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\sofoteko.dll 2009-03-26 22:16 . 1601-01-01 00:12 61440 --sha-w- c:\windows\SYSTEM32\tovikisu.exe 2009-03-25 14:40 . 1601-01-01 00:12 128512 --sha-w- c:\windows\SYSTEM32\vebuzabo.dll 2009-03-25 02:39 . 1601-01-01 00:12 128000 --sha-w- c:\windows\SYSTEM32\vugigama.dll 2009-03-22 02:38 . 1601-01-01 00:12 129024 --sha-w- c:\windows\SYSTEM32\vulogijo.dll 2009-03-28 06:20 . 1601-01-01 00:12 94720 --sha-w- c:\windows\SYSTEM32\wezavova.dll 2009-03-22 02:38 . 1601-01-01 00:12 95232 --sha-w- c:\windows\SYSTEM32\wotafute.dll 2009-03-26 22:44 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\yamizavi.dll 2009-03-26 02:40 . 1601-01-01 00:12 94720 --sha-w- c:\windows\SYSTEM32\yedejoru.dll 2009-03-26 19:03 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\yilagewu.dll 2009-03-26 23:12 . 1601-01-01 00:12 61440 --sha-w- c:\windows\SYSTEM32\yodupani.exe 2009-03-23 14:39 . 1601-01-01 00:12 128000 --sha-w- c:\windows\SYSTEM32\yofematu.dll 2009-03-26 21:21 . 1601-01-01 00:12 95744 --sha-w- c:\windows\SYSTEM32\zahopaso.dll 2009-03-23 02:39 . 1601-01-01 00:12 94208 --sha-w- c:\windows\SYSTEM32\zobudome.dll 2009-03-26 21:21 . 1601-01-01 00:12 61440 --sha-w- c:\windows\SYSTEM32\zogevumu.exe 2009-03-26 02:40 . 1601-01-01 00:12 128512 --sha-w- c:\windows\SYSTEM32\zudovase.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2002-02-27 75384] "DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840] "Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2002-05-18 327680] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-07 185896] "AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360] "RemoteControl"="h:\powerdvd\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="h:\powerdvd\Language\Language.exe" [2006-12-06 54832] "LGODDFU"="H:\fwupdate.exe" [2006-08-17 249856] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328] "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920] "systeminfors"="c:\windows\System32\wze.exe" [2009-10-18 26624] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2009-05-26 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "Monitor"="h:\leapster\LeapFrog Connect\Monitor.exe" [2009-05-07 380928] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "LTWinModem1"="ltmsg.exe" - c:\windows\SYSTEM32\ltmsg.exe [2001-04-03 38912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760] c:\documents and settings\Shamika Cotton\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\Palm2\hotsync.exe [2005-2-4 265728] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-5-14 98304] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-5-14 98304] Amazon Unbox.lnk - H:\ADVWindowsClientSystemTray.exe [2007-7-11 97320] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] HPAiODevice(hp officejet d series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-3-5 491582] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Qshelf.lnk - c:\program files\Microsoft Reference\Bookshelf 98\qshelf98.exe [2002-8-10 123904] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\AOL Instant Messenger\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1141588480\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1141588480\\ee\\aim6.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "h:\\PowerDVD\\PowerDVD.exe"= "h:\\pinnacle12\\Programs\\RM.exe"= "h:\\pinnacle12\\Programs\\Studio.exe"= "h:\\pinnacle12\\Programs\\umi.exe"= "c:\\Program Files\\FTP Software\\BPFTP\\bpftp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\HPZipm12.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\acsd.exe"= "h:\\ADVWindowsClientService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 haepvuxq;haepvuxq;c:\windows\system32\drivers\haepvuxq.sys [x] R1 nbetgvai;nbetgvai;c:\windows\system32\drivers\nbetgvai.sys [x] R2 gupdate1ca0d5bf1e7a79a;Google Update Service (gupdate1ca0d5bf1e7a79a);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 133104] R3 tatert~1.scr;tatert~1.scr;c:\windows\system32\drivers\tatert~1.scr.sys [2009-10-25 34816] R3 tatertots.exe.scr;tatertots.exe.scr;c:\windows\system32\drivers\tatertots.exe.scr.sys [x] R3 tatertots.scr;tatertots.scr;c:\windows\system32\drivers\tatertots.scr.sys [2009-10-25 34816] R3 VisorUsb;Handspring USB;c:\windows\system32\DRIVERS\VisorUsb.sys [2000-03-17 19968] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2006-09-08 10112] S2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-08-06 28672] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2000-10-03 6942] --- Other Services/Drivers In Memory --- *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] .Net CLR REG_MULTI_SZ .Net CLR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs BtwSrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 19:12] 2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 19:12] 2002-05-02 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2004-06-24 00:12] 2009-10-24 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NAVW32.exe [2002-05-30 15:28] 2002-05-17 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-04-23 16:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - hxxp://www.pulse3d.com/players/english/PulsePlayerAxWin.cab FF - ProfilePath - c:\documents and settings\Shamika Cotton\Application Data\Mozilla\Firefox\Profiles\rov7gtmh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . - - - - ORPHANS REMOVED - - - - BHO-{6ff00452-b787-4a36-8529-e0b3d2bde458} - rikojine.dll BHO-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\djix06g7pw.dll HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe HKLM-Run-pasobiguh - c:\windows\system32\nayazezi.dll HKLM-Run-biwakikoko - yuworowe.dll SharedTaskScheduler-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\djix06g7pw.dll SharedTaskScheduler-{6a5a616e-7380-4da4-93cd-06535e6515b3} - c:\windows\system32\bejutoko.dll SharedTaskScheduler-{e2073711-e381-4bac-961b-37dd2c515a62} - c:\windows\system32\zehehuze.dll SharedTaskScheduler-{a772cb7b-bd96-491e-a085-87ec2b3677f2} - c:\windows\system32\nayazezi.dll SSODL-gugeguzut-{6a5a616e-7380-4da4-93cd-06535e6515b3} - c:\windows\system32\bejutoko.dll SSODL-raretajiw-{e2073711-e381-4bac-961b-37dd2c515a62} - c:\windows\system32\zehehuze.dll SSODL-filebezub-{a772cb7b-bd96-491e-a085-87ec2b3677f2} - c:\windows\system32\nayazezi.dll AddRemove-Adobe Acrobat PDFWriter 3.03 - c:\acrobat3\DeIsL1.isu AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\uninstall_plugin.exe AddRemove-DIG Game Manager - c:\progra~1\Disney\DISNEY~1\DIGGAM~1\UNWISE.EXE AddRemove-Stitch's Blazing Lasers - c:\progra~1\Disney\DISNEY~1\STITCH~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-26 23:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ImagePath"="\??\c:\windows\system32\drivers\rootrepeal [1].sys" "ImagePath"="\??\c:\windows\system32\drivers\rootrepeal [2].sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rootrepeal[1]] "ImagePath"="\??\c:\windows\system32\drivers\rootrepeal [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rootrepeal[2]] "ImagePath"="\??\c:\windows\system32\drivers\rootrepeal . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1564) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . H:\ADVWindowsClientService.exe c:\progra~1\COMMON~1\AOL\ACS\acsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Norton AntiVirus\navapsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\combofix\CF29091.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Netropa\OSD.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-27 23:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-27 03:55 Pre-Run: 1,364,705,280 bytes free Post-Run: 1,557,135,360 bytes free - - End Of File - - E0B471363E25197BE66C4F8FD3B42594
  10. Hiya Yardbird, I was able to finally get Malwarebytes to run by hurrying up and copying the file it was being installed before the virus deletes it. I read that somewhere on here. But now, there is a file that will not delete when rebooted. Can you please help me. I've been advised to try combo fix. Should I?
  11. Hello, I have run the Malwarebytes full scan approximately 5 times already and my computer is still infected with redirecting malware. I have found that there is a file (nsrbdox.bak) that is scheduled to be deleted on reboot, however, it cannot be deleted. And then when I reboot, it replicates even more viruses. I have to run Malwarebytes everyday and disconnect my internet when I'm not using it. Somone told me to use Combofix, but I'm not sure. Can someone on here please help me. I would really appreciate it. moochezsmoochez, Shamrocka
  12. Wow you all are fast. I appreciate that. I do have a virus (I have the AntiVirus Pro 2010). I was trying to avoid downloading the Hijack, by just installing the mbam.exe file. I've read a lot of stuff that say to rename the mbam-setup.exe file, but that's not the problem. The setup is fine, but the very last thing is the mbam.exe file. Is there a way that I can just have someone send me the mbam.exe file (with the name changed) and then I can paste it into my malware folder rename it back to mbam.exe and then run it?
  13. Hey there everyone. Is there a way or a place where I can download just the mbam.exe file so that I can manually rename it. The setup gave me everything else but the mbam.exe file. If there is a place where I can just get the mbam.exe file so I can right click and change the name? THanks in advance for all of your help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.