hilary

DDS (Ver_10-03-17.01) - NTFSx86 Run by ajlondo at 12:26:56.51 on Sat 05/08/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1439 [GMT -5:00] AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\ajlondo\Application Data\B2B03DA8798062EC861CC0515AFCFD93\gotnewupdate000.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\WINDOWS\system32\userinit.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Documents and Settings\ajlondo\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070601 uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Tbisanubi] rundll32.exe "c:\windows\isqacf.dll",Startup uRun: [gotnewupdate000.exe] c:\documents and settings\ajlondo\application data\b2b03da8798062ec861cc0515afcfd93\gotnewupdate000.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181168155390 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181168103546 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: yitajodik - {1a62bcef-25f2-4f0a-aca5-66ea21a6e227} - c:\windows\system32\rijosebe.dll SSODL: lebirupeh - {0991ca5d-762e-4c71-bb8a-a1d8451fddc7} - c:\windows\system32\watitatu.dll STS: gahurihor: {1a62bcef-25f2-4f0a-aca5-66ea21a6e227} - c:\windows\system32\rijosebe.dll STS: mujuzedij: {0991ca5d-762e-4c71-bb8a-a1d8451fddc7} - c:\windows\system32\watitatu.dll LSA: Notification Packages = scecli pulasiya.dll Hosts: 91.212.127.226 winguard2009.microsoft.com Hosts: 91.212.127.226 winguard-2009.com Hosts: 91.212.127.226 www.winguard-2009.com ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100506.005\naveng.sys [2010-5-6 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100506.005\navex15.sys [2010-5-6 1324720] S0 winxwjov;winxwjov;c:\windows\system32\drivers\oeneyo.sys --> c:\windows\system32\drivers\oeneyo.sys [?] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464] S3 usbxbox;usbxbox;c:\windows\system32\usbxbox.sys [2004-8-11 2304] =============== Created Last 30 ================ 2010-05-08 17:19:40 0 ----a-w- c:\documents and settings\ajlondo\defogger_reenable 2010-05-08 00:33:30 50990 ----a-w- c:\windows\system32\mpprkfpgcdnqno.exe 2010-05-08 00:33:29 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-05-08 00:33:29 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-05-08 00:33:09 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-05-08 00:33:09 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2010-05-08 00:32:39 0 d-----w- c:\docume~1\ajlondo\applic~1\B2B03DA8798062EC861CC0515AFCFD93 2010-05-08 00:32:33 176640 ----a-w- c:\windows\Fmirub.exe 2010-05-04 18:58:20 164352 ----a-w- c:\windows\Fmirua.exe 2010-04-20 20:25:05 0 d-----w- c:\program files\Amazon ==================== Find3M ==================== 2010-05-03 02:45:33 119955 ----a-w- c:\windows\system32\nvModes.dat 2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-14 16:08:11 17518 ----a-w- c:\program files\common files\ykaf._sy 2009-10-14 16:08:11 12305 ----a-w- c:\program files\common files\kyve.bat 2009-10-14 16:08:11 11331 ----a-w- c:\program files\common files\iwymipuv.bat 2007-06-29 20:04:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007062920070630\index.dat ============= FINISH: 12:27:23.89 =============== ark.txt Attach.txt

Thanks..... will do!!!

FIRST LOG Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4076 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 5/8/2010 8:32:26 AM mbam-log-2010-05-08 (08-32-26).txt Scan type: Full scan (C:\|) Objects scanned: 187146 Time elapsed: 26 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 3 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ce72eac4-b826-0dd2-a0a0-b919b62dd763} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce72eac4-b826-0dd2-a0a0-b919b62dd763} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce72eac4-b826-0dd2-a0a0-b919b62dd763} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xjfpkocc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xjfpkocc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.164,93.188.161.250 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{006e102f-14f3-4c4c-9d19-baa11cd693eb}\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.164,93.188.161.250 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a68c3e3d-8ad0-49cc-a3aa-412d5a4b4643}\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.164,93.188.161.250 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d8b3e128-008e-44e9-8b91-6bff9b8773f7}\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.164,93.188.161.250 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\pdijhtecbxbqu.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\spool\prtprocs\w32x86\b0000183e.dll (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\spool\prtprocs\w32x86\b00005c3a.dll (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\ajlondo\Local Settings\Temp\Ftg.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\ajlondo\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\ajlondo\Local Settings\Application Data\bbbfhpfph\vaipqiptssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\ajlondo\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\ajlondo\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. SECOND LOG Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4076 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 5/8/2010 11:52:01 AM mbam-log-2010-05-08 (11-52-01).txt Scan type: Full scan (C:\|) Objects scanned: 187127 Time elapsed: 27 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

I had the infection of antimalware doctor. Took 3 runs with malware bytes and still is not removed. Also can not connect to internet from infected machine. Please help!!! Hilary