Jump to content

MBAM wont run,also infected by antivirus 2010,security tool.


Recommended Posts

So it stared about a week ago,my comp started slowing down,i didnt know why.Anyways for the past two days i have been trying to get rid of this thing i have literally spent more than 6 hours today alone!!! trying to fix my computer.My Avast,malwarebyte wont work i even tryed dowmloading superantisypware!!! and to no avail.!!! please help!!!!

.I'll be on till about 12

ps...HI :blink:

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

ok ill have the logs by 2

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

ok here is the combo fix log.

ComboFix 09-10-04.01 - Marrero 09/04/2009 17:32.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.639 [GMT -4:00]

Running from: c:\documents and settings\Marrero\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\aIx2F.tmp

c:\documents and settings\All Users\Application Data\aryqek.bat

c:\documents and settings\All Users\Application Data\azysyz.ban

c:\documents and settings\All Users\Application Data\equw.ban

c:\documents and settings\All Users\Application Data\faci.lib

c:\documents and settings\All Users\Application Data\guwymu._dl

c:\documents and settings\All Users\Application Data\hunilezugu._sy

c:\documents and settings\All Users\Application Data\jubiqyw.com

c:\documents and settings\All Users\Application Data\kawefywan.dl

c:\documents and settings\All Users\Application Data\lanagy.scr

c:\documents and settings\All Users\Application Data\nybityhu.dl

c:\documents and settings\All Users\Application Data\xoxos.lib

c:\documents and settings\All Users\Application Data\ynir._dl

c:\documents and settings\All Users\Application Data\ypoferavur.sys

c:\documents and settings\All Users\Application Data\yrytozegef.reg

c:\documents and settings\All Users\Application Data\ytegapan.pif

c:\documents and settings\All Users\Documents\bipoji.com

c:\documents and settings\All Users\Documents\gegisyg.inf

c:\documents and settings\All Users\Documents\ijava.inf

c:\documents and settings\All Users\Documents\inyne._dl

c:\documents and settings\All Users\Documents\izopimuv.dll

c:\documents and settings\All Users\Documents\nago.bin

c:\documents and settings\All Users\Documents\ocyk.scr

c:\documents and settings\All Users\Documents\ojesy.pif

c:\documents and settings\All Users\Documents\qyfevi._dl

c:\documents and settings\All Users\Documents\sovivyhub.pif

c:\documents and settings\All Users\Documents\ubec._dl

c:\documents and settings\All Users\Documents\udokoqiv.exe

c:\documents and settings\All Users\Documents\ukuzi.dl

c:\documents and settings\All Users\Documents\ykuxyme.bat

c:\documents and settings\Guest User\Application Data\axypigop.inf

c:\documents and settings\Guest User\Application Data\elep.scr

c:\documents and settings\Guest User\Application Data\lizkavd.exe

c:\documents and settings\Guest User\Application Data\megy.pif

c:\documents and settings\Guest User\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk

c:\documents and settings\Guest User\Application Data\seres.exe

c:\documents and settings\Guest User\Application Data\sodyjik.com

c:\documents and settings\Guest User\Application Data\svcst.exe

c:\documents and settings\Guest User\Application Data\time.vbs

c:\documents and settings\Guest User\Application Data\ukakywosaj._dl

c:\documents and settings\Guest User\Application Data\xojoxyjy.lib

c:\documents and settings\Guest User\Application Data\yjaxovok.dll

c:\documents and settings\Guest User\Application Data\yrybe.vbs

c:\documents and settings\Guest User\Application Data\zyheg.lib

c:\documents and settings\Guest User\Application Data\zytiqumuja._dl

c:\documents and settings\Guest User\Cookies\duwybyjod.ban

c:\documents and settings\Guest User\Cookies\egazyzo.sys

c:\documents and settings\Guest User\Cookies\ohyr.pif

c:\documents and settings\Guest User\Cookies\otonasu.reg

c:\documents and settings\Guest User\Cookies\ukaw.lib

c:\documents and settings\Guest User\Desktop\AntivirusPro_2010.lnk

c:\documents and settings\Guest User\Local Settings\Application Data\aqusa._dl

c:\documents and settings\Guest User\Local Settings\Application Data\aratary.bat

c:\documents and settings\Guest User\Local Settings\Application Data\avuxi.reg

c:\documents and settings\Guest User\Local Settings\Application Data\cavyfehygu.pif

c:\documents and settings\Guest User\Local Settings\Application Data\cibezanutu.vbs

c:\documents and settings\Guest User\Local Settings\Application Data\igomen.vbs

c:\documents and settings\Guest User\Local Settings\Application Data\ilepigy.bin

c:\documents and settings\Guest User\Local Settings\Application Data\jejapajasu.pif

c:\documents and settings\Guest User\Local Settings\Application Data\yfuk.pif

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\bipaxovevi.db

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\colize.com

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\fozod.exe

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\huda.ban

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\iqakutuxa.exe

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\jilyxo.lib

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\kinib.dl

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\myxe.lib

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\nikez.inf

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\qelacupis.bat

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\sifu.sys

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\uzolarig._dl

c:\documents and settings\Guest User\Local Settings\Temporary Internet Files\ykofuvanu.bat

c:\documents and settings\Guest User\Start Menu\Programs\AntivirusPro_2010

c:\documents and settings\Guest User\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk

c:\documents and settings\Guest User\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk

c:\documents and settings\Marrero\Application Data\adyn.bin

c:\documents and settings\Marrero\Application Data\atyzonyk._dl

c:\documents and settings\Marrero\Application Data\gogo.lib

c:\documents and settings\Marrero\Application Data\pewijari.ban

c:\documents and settings\Marrero\Application Data\umoles.pif

c:\documents and settings\Marrero\Application Data\zopacule.lib

c:\documents and settings\Marrero\Cookies\cavafovugo.ban

c:\documents and settings\Marrero\Cookies\hanubon.ban

c:\documents and settings\Marrero\Cookies\imohykexan.inf

c:\documents and settings\Marrero\Cookies\nequkocu._dl

c:\documents and settings\Marrero\Cookies\rojenu.ban

c:\documents and settings\Marrero\Cookies\sumace.ban

c:\documents and settings\Marrero\Cookies\zujivos.sys

c:\documents and settings\Marrero\Local Settings\Application Data\wyvimefac.scr

c:\documents and settings\Marrero\Local Settings\Application Data\yqycubema.sys

c:\documents and settings\Marrero\Local Settings\Temporary Internet Files\udan.db

c:\documents and settings\Marrero\Local Settings\Temporary Internet Files\vikihibo._dl

C:\p2hhr.bat

c:\program files\AntivirusPro_2010

c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg

c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe

c:\program files\Common Files\axexos.inf

c:\program files\Common Files\bobofamimu.com

c:\program files\Common Files\efyreh.exe

c:\program files\Common Files\esepokecih.reg

c:\program files\Common Files\evowedekat.pif

c:\program files\Common Files\hipinu.bin

c:\program files\Common Files\ikecynypo.bin

c:\program files\Common Files\ilequzew.reg

c:\program files\Common Files\naxaxa.exe

c:\program files\Common Files\ocojuw._dl

c:\program files\Common Files\pijyzy.dl

c:\program files\Common Files\tolixuwo.reg

c:\program files\Common Files\ubycisazuv.com

c:\program files\Common Files\uqyr.scr

c:\program files\Common Files\uwewewyx.ban

c:\program files\Common Files\xybufuf.reg

c:\program files\Common Files\xyze.ban

c:\program files\Common Files\ycibu.sys

c:\windows\ahyzafuxy.inf

c:\windows\alowadiv.pif

c:\windows\avucedafef.bat

c:\windows\bevokawisu.reg

c:\windows\boryvovaco.pif

c:\windows\bujuxyd.pif

c:\windows\davij.bin

c:\windows\desktop

c:\windows\dymybydo.dll

c:\windows\ebijyjap.dl

c:\windows\edavumamyn.bat

c:\windows\exabatace.exe

c:\windows\giwerydy.dll

c:\windows\hevuhazuc.sys

c:\windows\hicuma.scr

c:\windows\ivenog.dll

c:\windows\iweg.dl

c:\windows\kb913800.exe

c:\windows\lyhi.dll

c:\windows\nesi.dl

c:\windows\susir.scr

c:\windows\svchast.exe

c:\windows\system32\_scui.cpl

c:\windows\system32\~.exe

c:\windows\system32\41.exe

c:\windows\system32\anilala.bat

c:\windows\system32\AVR09.exe

c:\windows\system32\bincd32.dat

c:\windows\system32\bujokatu.exe

c:\windows\system32\critical_warning.html

c:\windows\system32\harizepu.dll

c:\windows\system32\ijalipogi._dl

c:\windows\system32\images

c:\windows\system32\images\i1.gif

c:\windows\system32\images\i2.gif

c:\windows\system32\images\i3.gif

c:\windows\system32\images\j1.gif

c:\windows\system32\images\j2.gif

c:\windows\system32\images\j3.gif

c:\windows\system32\images\jj1.gif

c:\windows\system32\images\jj2.gif

c:\windows\system32\images\jj3.gif

c:\windows\system32\images\l1.gif

c:\windows\system32\images\l2.gif

c:\windows\system32\images\l3.gif

c:\windows\system32\images\pix.gif

c:\windows\system32\images\t1.gif

c:\windows\system32\images\t2.gif

c:\windows\system32\images\up1.gif

c:\windows\system32\images\up2.gif

c:\windows\system32\images\w1.gif

c:\windows\system32\images\w11.gif

c:\windows\system32\images\w2.gif

c:\windows\system32\images\w3.gif

c:\windows\system32\images\w3.jpg

c:\windows\system32\images\wt1.gif

c:\windows\system32\images\wt2.gif

c:\windows\system32\images\wt3.gif

c:\windows\system32\kedohugu.dll

c:\windows\system32\lslvcpyi.ini

c:\windows\system32\mehe.inf

c:\windows\system32\muzupera.dll

c:\windows\system32\natosykipu.dl

c:\windows\system32\nezogeju.dll

c:\windows\system32\niwaluyu.dll

c:\windows\system32\nobajanu.dll

c:\windows\system32\nupyt.sys

c:\windows\system32\okad.sys

c:\windows\system32\plUGie.dll

c:\windows\system32\pojuno.bin

c:\windows\system32\satevowa.dll

c:\windows\system32\seyohale.dll

c:\windows\system32\sonumiwo.dll

c:\windows\system32\t88u30ar.dll

c:\windows\system32\tDdMnnmp.ini

c:\windows\system32\tDdMnnmp.ini2

c:\windows\system32\tejekuru.dll

c:\windows\system32\tubakile.dll

c:\windows\system32\ucybyres.bin

c:\windows\system32\ulew.pif

c:\windows\system32\vebuwazany.vbs

c:\windows\system32\wbem\proquota.exe

c:\windows\system32\wepanibe.dll

c:\windows\system32\wimaxobor.pif

c:\windows\system32\winhelper.dll

c:\windows\system32\winupdate.exe

c:\windows\system32\wispex.html

c:\windows\system32\yhyr.ban

c:\windows\system32\ysoma.reg

c:\windows\system32\zabunego.dll

c:\windows\system32\zipavagi.dll

c:\windows\tekymadi.dl

c:\windows\ukatamory.ban

c:\windows\uwiqyk.scr

c:\windows\uxag.vbs

c:\windows\wiaserviv.log

c:\windows\xapopos.vbs

c:\windows\yxefybynyl.scr

c:\windows\zefivicy.bin

c:\windows\zivo._dl

C:\xcrashdump.dat

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_AntiPol

-------\Service_AntiPol

((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))

.

2009-10-04 05:39 . 2009-10-04 05:39 -------- d-----w- c:\documents and settings\Marrero\Application Data\4950769446

2009-10-03 19:30 . 2009-10-03 19:30 -------- d-----w- c:\documents and settings\Marrero\Application Data\SUPERAntiSpyware.com

2009-10-01 21:19 . 2009-10-01 21:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\8904351066

2009-10-01 02:38 . 2009-10-01 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\xv11070624

2009-09-30 21:59 . 2009-09-30 21:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software

2009-09-28 15:16 . 2009-09-28 15:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-04 20:50 . 2009-09-04 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Viewpoint

2009-09-04 20:50 . 2009-09-04 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL

2009-08-25 21:58 . 2009-08-25 21:58 -------- d-----w- c:\documents and settings\Marrero\Application Data\TuneUp Software

2009-08-20 23:17 . 2009-08-20 23:17 -------- d-----w- c:\documents and settings\Guest User\Application Data\Malwarebytes

2009-08-20 22:17 . 2009-08-20 22:17 -------- d-----w- c:\documents and settings\Marrero\Application Data\Malwarebytes

2009-08-20 22:17 . 2009-08-20 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-04 17:30 . 2006-10-25 23:31 -------- d-----w- c:\program files\Dl_cats

2009-10-04 17:22 . 2009-10-01 02:38 0 ----a-r- c:\windows\win32k.sys

2009-10-04 05:39 . 2009-10-04 05:39 -------- d-----w- c:\documents and settings\Marrero\Application Data\4950769446

2009-10-04 05:39 . 2009-07-04 05:38 1048099 --sha-w- c:\windows\system32\tikiyabu.exe

2009-10-04 01:39 . 2009-10-04 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malwarebb

2009-10-03 20:19 . 2009-10-03 20:19 16892 ----a-w- c:\windows\dygivogohy.com

2009-10-03 20:19 . 2009-10-03 20:19 12179 ----a-w- c:\program files\Common Files\temipaw._sy

2009-10-03 20:19 . 2009-10-03 20:19 11804 ----a-w- c:\program files\Common Files\xubuhanum._sy

2009-10-03 20:19 . 2009-10-03 20:19 11341 ----a-w- c:\documents and settings\Guest User\Application Data\omovo.dat

2009-10-03 20:06 . 2009-10-03 20:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-10-03 19:30 . 2009-10-03 19:30 -------- d-----w- c:\documents and settings\Marrero\Application Data\SUPERAntiSpyware.com

2009-10-03 18:57 . 2006-11-04 02:04 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-03 18:57 . 2006-11-04 02:04 88 --sh--r- c:\windows\system32\69ED63905D.sys

2009-10-03 03:28 . 2009-10-03 03:28 19443 ----a-w- c:\windows\dozanafato.dat

2009-10-03 03:28 . 2009-10-03 03:28 14298 ----a-w- c:\windows\lavy.dat

2009-10-03 03:19 . 2009-10-03 03:19 17030 ----a-w- c:\windows\dydap.dat

2009-10-03 01:28 . 2009-10-03 01:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Macromedia

2009-10-03 01:28 . 2009-10-03 01:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Adobe

2009-10-03 01:25 . 2009-10-02 15:38 58 ----a-w- c:\windows\wf4.dat

2009-10-03 01:25 . 2009-10-02 15:38 3 ----a-w- c:\windows\wf3.dat

2009-10-03 01:19 . 2009-10-02 15:46 131731 ----a-w- c:\windows\system32\dbsinit.exe

2009-10-03 00:34 . 2009-10-03 00:34 95856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-03 00:16 . 2009-10-03 00:16 18756 ----a-w- c:\windows\jisynuheko.dat

2009-10-03 00:16 . 2009-10-03 00:16 16637 ----a-w- c:\program files\Common Files\acuh.lib

2009-10-03 00:16 . 2009-10-03 00:16 15780 ----a-w- c:\documents and settings\All Users\Application Data\ceresa.dat

2009-10-03 00:16 . 2009-10-03 00:16 15133 ----a-w- c:\program files\Common Files\adumyfykib.lib

2009-10-02 15:42 . 2009-10-02 15:38 545792 ----a-w- c:\windows\system32\pump.exe

2009-10-02 15:38 . 2009-10-02 15:38 36 ----a-w- c:\windows\system32\skynet.dat

2009-10-02 00:27 . 2009-10-02 00:27 17592 ----a-w- c:\windows\ubukijobiq.com

2009-10-02 00:27 . 2009-10-02 00:27 16700 ----a-w- c:\windows\system32\hakypago.dat

2009-10-02 00:27 . 2009-10-02 00:27 14415 ----a-w- c:\program files\Common Files\obig.dat

2009-10-01 21:19 . 2009-07-01 21:19 51200 --sha-w- c:\windows\system32\defupabo.dll

2009-10-01 21:19 . 2009-10-01 21:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\8904351066

2009-10-01 21:19 . 2009-07-01 21:19 1048100 --sha-w- c:\windows\system32\hujepaka.exe

2009-10-01 02:38 . 2009-10-01 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\xv11070624

2009-10-01 02:38 . 2009-10-01 02:38 496164 ----a-w- C:\aIx2F.tmp.exe

2009-10-01 02:38 . 2009-10-01 02:38 52736 ----a-w- C:\afuqr.exe

2009-10-01 02:38 . 2009-10-01 02:38 19456 ----a-w- C:\ekffax.exe

2009-10-01 02:38 . 2009-10-01 02:38 17920 ----a-w- C:\qgferewy.exe

2009-10-01 02:38 . 2009-10-01 02:38 57856 ----a-w- C:\vklebc.exe

2009-10-01 02:38 . 2009-10-01 02:38 46592 ----a-w- C:\hrngen.exe

2009-10-01 02:38 . 2009-10-01 02:38 12288 ----a-w- C:\qtpjjuur.exe

2009-10-01 02:38 . 2009-10-01 02:38 6144 ----a-w- C:\avjelge.exe

2009-09-30 21:59 . 2009-09-30 21:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software

2009-09-30 20:17 . 2005-08-16 08:50 -------- d-s---w- c:\documents and settings\Administrator\Application Data\Microsoft

2009-09-28 15:16 . 2009-09-28 15:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-28 01:40 . 2009-09-28 01:40 5632 ----a-w- C:\rlswn.exe

2009-09-10 18:54 . 2009-10-03 20:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 18:53 . 2009-10-03 20:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 00:59 . 2009-04-16 20:28 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-04 21:36 . 2009-10-03 19:30 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-04 21:36 . 2009-08-20 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-04 20:50 . 2009-09-04 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Viewpoint

2009-09-04 20:50 . 2009-09-04 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL

2009-09-04 20:30 . 2009-09-04 20:30 17614 ----a-w- c:\windows\ubik.com

2009-09-04 20:29 . 2009-01-31 16:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-03 04:33 . 2006-10-19 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime

2009-08-27 15:44 . 2009-05-28 22:44 -------- d-----w- c:\documents and settings\Guest User\Application Data\uTorrent

2009-08-25 21:58 . 2009-08-25 21:58 -------- d-----w- c:\documents and settings\Marrero\Application Data\TuneUp Software

2009-08-20 23:17 . 2009-08-20 23:17 -------- d-----w- c:\documents and settings\Guest User\Application Data\Malwarebytes

2009-08-20 22:17 . 2009-08-20 22:17 -------- d-----w- c:\documents and settings\Marrero\Application Data\Malwarebytes

2009-08-20 22:17 . 2009-08-20 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-20 19:50 . 2009-08-20 19:50 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-08-20 19:50 . 2009-08-20 19:50 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-08-20 19:49 . 2009-06-04 21:38 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-08-20 16:35 . 2009-08-20 16:35 18203 ----a-w- c:\windows\yrolyv.dat

2009-08-20 16:35 . 2009-08-20 16:35 18083 ----a-w- c:\documents and settings\Marrero\Local Settings\Application Data\xihemeq.dat

2009-08-19 21:15 . 2006-12-25 03:31 -------- d-----w- c:\program files\Morpheus

2009-08-05 09:01 . 2005-08-16 08:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 01:28 . 2006-10-26 21:14 -------- d-s---w- c:\documents and settings\Guest User\Application Data\Microsoft

2009-07-17 19:01 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-15 09:48 . 2009-08-20 19:50 29000 ----a-w- c:\windows\system32\uxtuneup.dll

2009-07-13 14:08 . 2005-08-16 08:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-09 18:18 . 2006-10-25 23:20 -------- d-s---w- c:\documents and settings\Marrero\Application Data\Microsoft

2009-07-08 20:14 . 2006-10-26 21:14 133 ----a-w- c:\documents and settings\Guest User\Local Settings\Application Data\fusioncache.dat

2009-07-06 22:54 . 2006-10-29 14:18 95856 ----a-w- c:\documents and settings\Marrero\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-04 17:40 . 2009-07-04 17:40 1048099 --sha-w- c:\windows\system32\hetuyevo.exe

2009-07-03 17:09 . 2005-08-16 08:18 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:25 . 2005-08-16 08:18 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2005-08-16 08:18 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2005-08-16 08:18 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2005-08-16 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:25 . 2005-08-16 08:18 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2005-08-16 08:18 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2005-08-16 08:18 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2005-08-16 08:18 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:36 . 2005-08-16 08:18 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 12:31 . 2005-08-16 08:18 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2005-08-16 08:18 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2005-08-16 08:18 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 13:19 . 2005-08-16 08:37 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:14 . 2005-08-16 08:18 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 430080]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"HostManager"="c:\program files\Common Files\AOL\1169773129\ee\AOLSoftware.exe" [2008-06-24 41824]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]

"4950769446"="c:\documents and settings\Marrero\Application Data\4950769446\4950769446.exe" [2009-10-04 1048099]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"c0d1d4a2"=rundll32.exe "c:\windows\system32\iypcvlsl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\AOL\\RC\\regClient.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\1169773129\\ee\\aolsoftware.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\WINDOWS\\ehome\\ehtray.exe"=

"c:\\WINDOWS\\system32\\TUProgSt.exe"=

"c:\\WINDOWS\\system32\\verclsid.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=

"c:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"=

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/20/2009 3:50 PM 604488]

S2 iaufo4ohg7ai;Creative ALchemy AL1 Licensing Service;c:\windows\system32\soucyzyssar.exe --> c:\windows\system32\soucyzyssar.exe [?]

S2 vberabertsog;vberabertsog;\??\c:\windows\system32\drivers\yladd.sys --> c:\windows\system32\drivers\yladd.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{EEDEE9C1-E241-40A9-9134-C869CB7EEF11}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-roromeney - c:\windows\system32\wepanibe.dll

HKLM-Run-miledufoka - kedohugu.dll

SharedTaskScheduler-{b1db276b-5679-4510-bbe6-f5ca89b1f203} - (no file)

SharedTaskScheduler-{fde09a82-3c95-4ad8-8c84-fc70a7064d50} - (no file)

SharedTaskScheduler-{6216e49e-5856-44df-96cd-03cd481564c9} - (no file)

SharedTaskScheduler-{bebf7048-82ef-400d-bd11-7ebb238e491d} - (no file)

SharedTaskScheduler-{49a2fc7b-17be-4ea8-99da-2a504a6ba3e5} - (no file)

SharedTaskScheduler-{dc6f7cf8-9d32-49f3-ab70-5dd45fea139b} - (no file)

SharedTaskScheduler-{e0e4a128-e93e-4974-8e1f-1ef70e9a3702} - (no file)

SharedTaskScheduler-{f20cd60d-f789-43a4-9e37-f404e5d42bfe} - (no file)

SharedTaskScheduler-{0f8d9d63-c1fc-4680-b7ab-05b0bfa63a06} - c:\windows\system32\wepanibe.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-04 17:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\wanmpsvc.exe

c:\windows\system32\fxssvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\rundll32.exe

c:\combofix\hidec.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\dlcccoms.exe

c:\program files\Dell Support\DSAgnt.exe

c:\windows\system32\wscntfy.exe

c:\windows\ehome\ehmsas.exe

c:\combofix\Catchme.tmp

.

**************************************************************************

.

Completion time: 2009-09-04 17:43 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-04 21:43

Pre-Run: 57,965,928,448 bytes free

Post-Run: 58,714,570,752 bytes free

494 --- E O F --- 2009-09-09 18:52

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://www.malwarebytes.org/forums/index.php?showtopic=26686
Collect::
c:\windows\system32\tikiyabu.exe
c:\windows\dygivogohy.com
c:\program files\Common Files\temipaw._sy
c:\program files\Common Files\xubuhanum._sy
c:\documents and settings\Guest User\Application Data\omovo.dat
c:\windows\wf4.dat
c:\windows\wf3.dat
c:\windows\system32\dbsinit.exe
c:\windows\dozanafato.dat
c:\windows\lavy.dat
c:\windows\dydap.dat
c:\windows\jisynuheko.dat
c:\program files\Common Files\acuh.lib
c:\documents and settings\All Users\Application Data\ceresa.dat
c:\program files\Common Files\adumyfykib.lib
c:\windows\system32\pump.exe
c:\windows\system32\skynet.dat
c:\windows\ubukijobiq.com
c:\windows\system32\hakypago.dat
c:\program files\Common Files\obig.dat
c:\windows\system32\defupabo.dll
c:\windows\system32\hujepaka.exe
c:\windows\system32\iypcvlsl.dll
C:\aIx2F.tmp.exe
C:\afuqr.exe
C:\ekffax.exe
C:\qgferewy.exe
C:\vklebc.exe
C:\hrngen.exe
C:\qtpjjuur.exe
C:\avjelge.exe
C:\rlswn.exe
c:\windows\ubik.com
c:\windows\yrolyv.dat
c:\documents and settings\Marrero\Application Data\4950769446\4950769446.exe
c:\documents and settings\Marrero\Local Settings\Application Data\xihemeq.dat
c:\windows\system32\drivers\yladd.sys
Folder::
c:\documents and settings\Marrero\Application Data\4950769446
c:\windows\system32\config\systemprofile\Application Data\8904351066
c:\documents and settings\All Users\Application Data\xv11070624
KILLALL::
REGISTRY::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4950769446"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"c0d1d4a2"=-
DRIVER::
vberabertsog

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

-screen317

Link to post
Share on other sites

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://www.malwarebytes.org/forums/index.php?showtopic=26686
Collect::
c:\windows\system32\tikiyabu.exe
c:\windows\dygivogohy.com
c:\program files\Common Files\temipaw._sy
c:\program files\Common Files\xubuhanum._sy
c:\documents and settings\Guest User\Application Data\omovo.dat
c:\windows\wf4.dat
c:\windows\wf3.dat
c:\windows\system32\dbsinit.exe
c:\windows\dozanafato.dat
c:\windows\lavy.dat
c:\windows\dydap.dat
c:\windows\jisynuheko.dat
c:\program files\Common Files\acuh.lib
c:\documents and settings\All Users\Application Data\ceresa.dat
c:\program files\Common Files\adumyfykib.lib
c:\windows\system32\pump.exe
c:\windows\system32\skynet.dat
c:\windows\ubukijobiq.com
c:\windows\system32\hakypago.dat
c:\program files\Common Files\obig.dat
c:\windows\system32\defupabo.dll
c:\windows\system32\hujepaka.exe
c:\windows\system32\iypcvlsl.dll
C:\aIx2F.tmp.exe
C:\afuqr.exe
C:\ekffax.exe
C:\qgferewy.exe
C:\vklebc.exe
C:\hrngen.exe
C:\qtpjjuur.exe
C:\avjelge.exe
C:\rlswn.exe
c:\windows\ubik.com
c:\windows\yrolyv.dat
c:\documents and settings\Marrero\Application Data\4950769446\4950769446.exe
c:\documents and settings\Marrero\Local Settings\Application Data\xihemeq.dat
c:\windows\system32\drivers\yladd.sys
Folder::
c:\documents and settings\Marrero\Application Data\4950769446
c:\windows\system32\config\systemprofile\Application Data\8904351066
c:\documents and settings\All Users\Application Data\xv11070624
KILLALL::
REGISTRY::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4950769446"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"c0d1d4a2"=-
DRIVER::
vberabertsog

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

-screen317

Thanks for the help but i think,No I'm sure i got rid of it 2 days ago.The security tool logo is gone.my avast and malwarebyte are working i scanned and everything came up clean.so again thank you for the help.

Link to post
Share on other sites

I just listed 20 malware files that are still on your system.

Regardless of what lack of symptoms you're experiencing, you're still infected.

I implore you to run the script-- otherwise I wasted 5 minutes, which I could have devoted to someone else, writing it.

The Log that i had posted was before,i had resolved the problem,but now i have another one i cannot change my wallpaper,I mean the "your system is infected" file is gone <but the wallpaper options is still gray.

Link to post
Share on other sites

  • Staff

Hi,

but now i have another one i cannot change my wallpaper,I mean the "your system is infected" file is gone <but the wallpaper options is still gray.
Confirm that this is one of your computers that is infected.

On that computer, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.