cant install mbam, cant run root repeal, process explorer finds nothing

[xanderx831]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:31:01 AM, on 10/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

F:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

F:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.150.33.92:8080

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {649ca339-9a3a-4f70-ad97-749aa9f420ee} - duwiwuse.dll (file missing)

O2 - BHO: (no name) - {78370C39-26AF-4D3B-825B-720706D0C5F6} - C:\WINDOWS\System32\jkhhf.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\OLDCOM~1\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Track-It! Deploy\Client\PTClient.exe" /Subscriber

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Ms\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: EMBARQ Help.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Monitor.lnk = F:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

O4 - Global Startup: NaturalColorLoad.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - F:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\OLD Computer\Program Files\AIM95\aim.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alexander\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted IP range: 64.127.104.144

O16 - DPF: ESPNJavaUtilsCab - http://espn.go.com/livedraft/ESPNJavaUtils.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212523393671

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: qunbgw.dll mhuutj.dll c:\windows\system32\pezetodi.dll podoposi.dll c:\windows\system32\nihenemi.dll

O20 - Winlogon Notify: qoMeFVPf - qoMeFVPf.dll (file missing)

O21 - SSODL: lehogepan - {afcf2575-4fd8-4e41-b9e4-867d2cfe875a} - c:\windows\system32\pezetodi.dll (file missing)

O21 - SSODL: tusayugot - {f0089ff8-3507-40ff-b3de-9a3200d74324} - c:\windows\system32\nihenemi.dll

O22 - SharedTaskScheduler: mujuzedij - {afcf2575-4fd8-4e41-b9e4-867d2cfe875a} - c:\windows\system32\pezetodi.dll (file missing)

O22 - SharedTaskScheduler: kupuhivus - {f0089ff8-3507-40ff-b3de-9a3200d74324} - c:\windows\system32\nihenemi.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Channel Deployer - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Google Update Service (gupdate1c9a646b65445ac) (gupdate1c9a646b65445ac) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 13871 bytes

[miekiemoes]

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, then please update your mbam (update tab > check for update), rescan and post the log in your next reply together with a new HijackThis log.

Then I'll take a look.

[xanderx831]

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, then please update your mbam (update tab > check for update), rescan and post the log in your next reply together with a new HijackThis log.

Then I'll take a look.

MBAM SCAN LOG

Malwarebytes' Anti-Malware 1.41

Database version: 2967

Windows 5.1.2600 Service Pack 3

10/16/2009 11:36:31 AM

mbam-log-2009-10-16 (11-36-31).txt

Scan type: Full Scan (C:\|D:\|F:\|)

Objects scanned: 284032

Time elapsed: 1 hour(s), 37 minute(s), 55 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

C:\Documents and Settings\All Users\Application Data\66620323\66620323.exe (Rogue.SystemSecurity) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fefijefiso (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\66620323 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\All Users\Application Data\66620323\66620323.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nazesuna.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wiheledo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:39:34 PM, on 10/16/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

F:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

F:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.150.33.92:8080

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {649ca339-9a3a-4f70-ad97-749aa9f420ee} - fujudofi.dll (file missing)

O2 - BHO: (no name) - {78370C39-26AF-4D3B-825B-720706D0C5F6} - C:\WINDOWS\System32\jkhhf.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\OLDCOM~1\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Track-It! Deploy\Client\PTClient.exe" /Subscriber

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Ms\tryit.exe" /runcleanupscript

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [fefijefiso] Rundll32.exe "zuseyubu.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [fefijefiso] Rundll32.exe "zuseyubu.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Monitor.lnk = F:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

O4 - Global Startup: NaturalColorLoad.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - F:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\OLD Computer\Program Files\AIM95\aim.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alexander\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted IP range: 64.127.104.144

O16 - DPF: ESPNJavaUtilsCab - http://espn.go.com/livedraft/ESPNJavaUtils.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212523393671

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: dorugeba.dll c:\windows\system32\nimusige.dll

O20 - Winlogon Notify: qoMeFVPf - qoMeFVPf.dll (file missing)

O21 - SSODL: lehogepan - {afcf2575-4fd8-4e41-b9e4-867d2cfe875a} - c:\windows\system32\pezetodi.dll (file missing)

O21 - SSODL: tilifozop - {4586d1fd-ff0f-4373-8b59-e724d648adbe} - c:\windows\system32\nimusige.dll

O22 - SharedTaskScheduler: mujuzedij - {afcf2575-4fd8-4e41-b9e4-867d2cfe875a} - c:\windows\system32\pezetodi.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {4586d1fd-ff0f-4373-8b59-e724d648adbe} - c:\windows\system32\nimusige.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Channel Deployer - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Google Update Service (gupdate1c9a646b65445ac) (gupdate1c9a646b65445ac) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 13708 bytes

[miekiemoes]

Hi,

First of all, we need to uninstall some real Outdated programs here and 1 non recommended one.

The outdated ones are:

* Ewido

* Microsoft AntiSpyware

Also, your Spysweeper also looks like an older version? If so, please uninstall it as well.

Also, I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  

REBOOT.

After reboot,

Then...

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.150.33.92:8080 <== check this if you have not set this proxyserver

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - {649ca339-9a3a-4f70-ad97-749aa9f420ee} - fujudofi.dll (file missing)

O2 - BHO: (no name) - {78370C39-26AF-4D3B-825B-720706D0C5F6} - C:\WINDOWS\System32\jkhhf.dll (file missing)

O4 - HKUS\S-1-5-19\..\Run: [fefijefiso] Rundll32.exe "zuseyubu.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [fefijefiso] Rundll32.exe "zuseyubu.dll",s (User 'NETWORK SERVICE')

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - F:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O15 - Trusted IP range: 64.127.104.144 <== check this if you didn't set this to your trusted zones in IE

O20 - AppInit_DLLs: dorugeba.dll c:\windows\system32\nimusige.dll

O20 - Winlogon Notify: qoMeFVPf - qoMeFVPf.dll (file missing)

O21 - SSODL: lehogepan - {afcf2575-4fd8-4e41-b9e4-867d2cfe875a} - c:\windows\system32\pezetodi.dll (file missing)

O21 - SSODL: tilifozop - {4586d1fd-ff0f-4373-8b59-e724d648adbe} - c:\windows\system32\nimusige.dll

O22 - SharedTaskScheduler: mujuzedij - {afcf2575-4fd8-4e41-b9e4-867d2cfe875a} - c:\windows\system32\pezetodi.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {4586d1fd-ff0f-4373-8b59-e724d648adbe} - c:\windows\system32\nimusige.dll

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot and post a new HijackThislog in your next reply.

[xanderx831]

removed all things you mentioned except spysweeper which does get updated, fixed all the hijack this things you mentioned as well. here is new log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:17:48 PM, on 10/19/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

F:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

F:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\OLDCOM~1\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Track-It! Deploy\Client\PTClient.exe" /Subscriber

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Ms\tryit.exe" /runcleanupscript

O4 - HKLM\..\Run: [minilayej] Rundll32.exe "c:\windows\system32\lubonipe.dll",a

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [97864135] C:\DOCUME~1\ALLUSE~1\APPLIC~1\97864135\97864135.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [fefijefiso] Rundll32.exe "zuseyubu.dll",s (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Monitor.lnk = F:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

O4 - Global Startup: NaturalColorLoad.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\OLD Computer\Program Files\AIM95\aim.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alexander\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ESPNJavaUtilsCab - http://espn.go.com/livedraft/ESPNJavaUtils.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212523393671

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: dorugeba.dll c:\windows\system32\lubonipe.dll

O21 - SSODL: muwakenal - {35019b46-671b-4f14-9924-a1908e5fff1a} - c:\windows\system32\lubonipe.dll

O22 - SharedTaskScheduler: kupuhivus - {35019b46-671b-4f14-9924-a1908e5fff1a} - c:\windows\system32\lubonipe.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Channel Deployer - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O23 - Service: Google Update Service (gupdate1c9a646b65445ac) (gupdate1c9a646b65445ac) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--

End of file - 12285 bytes

[miekiemoes]

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

[xanderx831]

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

ComboFix 09-10-18.06 - Alexander 10/19/2009 15:50.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.462 [GMT -4:00]

Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\68726837

c:\documents and settings\All Users\Application Data\68726837\68726837.exe

C:\lswmv.ini

c:\program files\Common Files\uninstall information

c:\recycler\NPROTECT

c:\temp\brr

c:\windows\Installer\1055fa6d.msp

c:\windows\Installer\107735.msp

c:\windows\Installer\12525e02.msp

c:\windows\Installer\12eee924.msp

c:\windows\Installer\1778aec7.msp

c:\windows\Installer\18158385.msp

c:\windows\Installer\18269b1.msp

c:\windows\Installer\18af262.msp

c:\windows\Installer\197c77a.msp

c:\windows\Installer\20033c7.msp

c:\windows\Installer\205ee64.msp

c:\windows\Installer\2299b.msp

c:\windows\Installer\229a1.msp

c:\windows\Installer\2df51c2.msp

c:\windows\Installer\30475d1.msp

c:\windows\Installer\31cfde8.msp

c:\windows\Installer\3205b4b.msp

c:\windows\Installer\34a10c9.msp

c:\windows\Installer\36bea31.msp

c:\windows\Installer\37bd449.msp

c:\windows\Installer\3f985a8.msp

c:\windows\Installer\42a8868.msp

c:\windows\Installer\4346a51.msp

c:\windows\Installer\4b51865.msp

c:\windows\Installer\51bc2fc.msp

c:\windows\Installer\51f2458.msp

c:\windows\Installer\51f4fbd.msp

c:\windows\Installer\51ff5a2.msp

c:\windows\Installer\5208ea6.msp

c:\windows\Installer\805b65d.msp

c:\windows\Installer\847348a.msp

c:\windows\Installer\871b120.msp

c:\windows\Installer\8a24940.msp

c:\windows\Installer\95a40c5.msp

c:\windows\Installer\a4235c0.msp

c:\windows\Installer\b2f7a5a.msp

c:\windows\Installer\c6a092.msp

c:\windows\Installer\d2bd583.msp

c:\windows\Installer\dc860c5.msp

c:\windows\Installer\e3059d.msp

c:\windows\system32\_003953_.tmp.dll

c:\windows\system32\_004117_.tmp.dll

c:\windows\system32\_004118_.tmp.dll

c:\windows\system32\_004119_.tmp.dll

c:\windows\system32\_004120_.tmp.dll

c:\windows\system32\bajatige.dll

c:\windows\system32\begopena.exe

c:\windows\system32\bipibunu.dll.tmp

c:\windows\system32\ciqsqxuk.ini

c:\windows\system32\clrviddc.dll

c:\windows\system32\curity~1

c:\windows\system32\deleyunu.dll.tmp

c:\windows\System32\dorugeba.dll

c:\windows\system32\duniwolu.dll

c:\windows\system32\fajugofu.dll

c:\windows\system32\flhxjmyv.ini

c:\windows\system32\fujudofi.dll

c:\windows\system32\giluhabu.dll

c:\windows\system32\gutefura.exe

c:\windows\system32\hekajezo.dll

c:\windows\system32\hobidewa.dll

c:\windows\system32\juyijovi.dll

c:\windows\system32\kejimile.dll

c:\windows\system32\kelarozo.dll

c:\windows\system32\livohawa.dll

c:\windows\system32\lplueyky.ini

c:\windows\system32\lubonipe.dll

c:\windows\system32\mevuleyi.dll

c:\windows\system32\nimusige.dll

c:\windows\system32\ottvacww.ini

c:\windows\system32\pefejopa.dll

c:\windows\system32\pivetupa.dll

c:\windows\system32\ramasoyi.dll

c:\windows\system32\rojulipu.dll

c:\windows\system32\sagaveka.dll

c:\windows\system32\sahimuya.dll.tmp

c:\windows\system32\sizagadi.exe

c:\windows\system32\tjlpqxyi.ini

c:\windows\system32\tuposuru.dll.tmp

c:\windows\system32\vazelesi.dll

c:\windows\system32\vonowiya.exe

c:\windows\system32\vupunila.dll

c:\windows\system32\vurevile.dll

c:\windows\system32\wikezaho.dll.tmp

c:\windows\system32\wtssvtr.exe

c:\windows\system32\ydnwpfqm.ini

c:\windows\system32\yejewusi.dll.tmp

c:\windows\system32\yejudeko.dll

c:\windows\system32\yevalofa.dll

c:\windows\system32\zuseyubu.dll

c:\windows\wiaserviv.log

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IESPRT

((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))

.

2009-10-13 04:57 . 2009-10-13 04:57 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\AIM

2009-10-08 13:14 . 2009-10-10 15:32 -------- d-----w- c:\program files\Ms

2009-10-08 12:43 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-08 12:43 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-19 20:05 . 2007-04-24 04:26 -------- d-----w- c:\program files\Symantec AntiVirus

2009-10-19 17:33 . 2004-07-05 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-10-19 17:33 . 2005-06-08 23:58 -------- d-----w- c:\program files\Microsoft AntiSpyware

2009-10-18 20:02 . 2009-03-16 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-10-17 23:30 . 2009-08-28 13:48 -------- d-----w- c:\documents and settings\Alexander\Application Data\Skype

2009-10-17 20:01 . 2009-08-28 14:09 -------- d-----w- c:\documents and settings\Alexander\Application Data\skypePM

2009-10-10 14:53 . 2004-06-26 12:28 102400 ----a-w- c:\windows\DUMPc18a.tmp

2009-10-08 13:03 . 2009-08-28 13:47 -------- d-----r- c:\program files\Skype

2009-10-08 12:43 . 2009-01-26 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-25 20:48 . 2004-07-17 04:03 -------- d-----w- c:\program files\Cool2000

2009-09-25 20:34 . 2005-03-30 15:03 -------- d-----w- c:\documents and settings\Alexander\Application Data\Digidesign

2009-09-01 00:50 . 2009-09-01 00:30 -------- d-----w- c:\program files\Virtual Assistant

2009-09-01 00:31 . 2009-09-01 00:30 -------- d-----w- c:\program files\Motive

2009-09-01 00:24 . 2009-09-01 00:20 -------- d-----w- c:\program files\EMBARQ

2009-09-01 00:20 . 2009-09-01 00:19 -------- d-----w- c:\program files\Common Files\Motive

2009-09-01 00:20 . 2009-09-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

2009-08-28 14:09 . 2009-08-28 14:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-08-28 13:47 . 2009-08-28 13:47 -------- d-----w- c:\program files\Common Files\Skype

2009-08-28 13:47 . 2009-08-28 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-08-05 09:01 . 2007-07-28 13:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-18 02:59 . 2009-07-18 02:59 1115125 --sha-w- c:\windows\system32\bayopebe.exe

2009-07-18 15:00 . 2009-07-18 15:00 1114518 --sha-w- c:\windows\system32\jowayore.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]

"DeadAIM"="d:\oldcom~1\PROGRA~1\AIM95\\DeadAIM.ocm" [2004-02-28 144896]

"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]

"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2004-03-31 45056]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2006-01-25 3405312]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-05 185896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]

"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2006-04-21 438359]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Ms\tryit.exe" [2009-09-10 1312080]

"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-03-04 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-03-31 263824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-2-5 450560]

Monitor.lnk - f:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2007-1-1 110592]

NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2006-8-9 155715]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"DisallowRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIDI2"=diomidi.dll

"wave1"=Digi32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0cgxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AUtHorizedapplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\OLD Computer\\Program Files\\AIM95\\aim.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"f:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"f:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFi~1.sys [3/30/2005 2:22 PM 20992]

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [10/10/2002 1:31 PM 84529]

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [8/6/2006 9:57 AM 78336]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/9/2009 8:13 PM 102448]

S0 ati0cgxx;ati0cgxx;c:\windows\system32\Drivers\ati0cgxx.sys --> c:\windows\system32\Drivers\ati0cgxx.sys [?]

S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [3/30/2005 11:00 AM 73216]

.

Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-10-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-12 15:08]

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 14:51]

2009-10-19 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-06-26 21:32]

2009-10-19 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 02:18]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Alexander\Start Menu\Programs\IMVU\Run IMVU.lnk

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: ESPNJavaUtilsCab - hxxp://espn.go.com/livedraft/ESPNJavaUtils.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\c6q3eg3x.default\

FF - plugin: c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\c6q3eg3x.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\documents and settings\Alexander\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll

FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: f:\program files\kSolo\npAVX.dll

.

- - - - ORPHANS REMOVED - - - -

BHO-{649ca339-9a3a-4f70-ad97-749aa9f420ee} - fujudofi.dll

HKCU-Run-LDM - \Program\BackWeb-8876480.exe

HKCU-Run-QuickCamPro.exe - (no file)

HKLM-Run-Prism Deploy Client - c:\program files\Track-It! Deploy\Client\PTClient.exe

HKLM-Run-minilayej - c:\windows\system32\lubonipe.dll

HKLM-Run-fefijefiso - zuseyubu.dll

HKU-Default-Run-97864135 - c:\docume~1\ALLUSE~1\APPLIC~1\97864135\97864135.exe

HKU-Default-Run-fefijefiso - zuseyubu.dll

SharedTaskScheduler-{35019b46-671b-4f14-9924-a1908e5fff1a} - c:\windows\system32\lubonipe.dll

ShellExecuteHooks-{C8FA078F-C575-41C4-A848-923AAD50F659} - c:\windows\1089042678.dll

SSODL-muwakenal-{35019b46-671b-4f14-9924-a1908e5fff1a} - c:\windows\system32\lubonipe.dll

AddRemove-buffy6ss.zip - c:\progra~1\FILESU~1\buffy6ss.zip\UNWISE.EXE

AddRemove-START BORE DUMB - c:\docume~1\ALEXAN~1\APPLIC~1\elsedale\WaveDvdDart.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-19 16:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(4452)

c:\windows\system32\WININET.dll

c:\progra~1\VIRTUA~1\SMARTB~1\SBHook.dll

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Intuit\Track-It!\ChannelDeploy.sys

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\combofix\CF24960.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE

c:\program files\Logitech\Video\FxSvr2.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\AIM6\aolsoftware.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\windows\SoftwareDistribution\Download\521f6da728839b8f5adae08abddc50f0\update\update.exe

.

**************************************************************************

.

Completion time: 2009-10-19 16:31 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-19 20:30

Pre-Run: 3,079,024,640 bytes free

Post-Run: 3,925,581,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - E0AABEB24B43026AACA37871452A75F9

[miekiemoes]

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\system32\bayopebe.exe

c:\windows\system32\jowayore.exe

Driver::

ati0cgxx

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0cgxx.sys]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[xanderx831]

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

ComboFix 09-10-19.01 - Alexander 10/19/2009 17:38.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.453 [GMT -4:00]

Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Alexander\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::

"c:\windows\system32\bayopebe.exe"

"c:\windows\system32\jowayore.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\bayopebe.exe

c:\windows\system32\jowayore.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ati0cgxx

((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))

.

2009-10-13 04:57 . 2009-10-13 04:57 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\AIM

2009-10-08 13:14 . 2009-10-10 15:32 -------- d-----w- c:\program files\Ms

2009-10-08 12:43 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-08 12:43 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-19 21:53 . 2007-04-24 04:26 -------- d-----w- c:\program files\Symantec AntiVirus

2009-10-19 21:03 . 2009-03-16 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-10-19 17:33 . 2004-07-05 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-10-19 17:33 . 2005-06-08 23:58 -------- d-----w- c:\program files\Microsoft AntiSpyware

2009-10-17 23:30 . 2009-08-28 13:48 -------- d-----w- c:\documents and settings\Alexander\Application Data\Skype

2009-10-17 20:01 . 2009-08-28 14:09 -------- d-----w- c:\documents and settings\Alexander\Application Data\skypePM

2009-10-10 14:53 . 2004-06-26 12:28 102400 ----a-w- c:\windows\DUMPc18a.tmp

2009-10-08 13:03 . 2009-08-28 13:47 -------- d-----r- c:\program files\Skype

2009-10-08 12:43 . 2009-01-26 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-25 20:48 . 2004-07-17 04:03 -------- d-----w- c:\program files\Cool2000

2009-09-25 20:34 . 2005-03-30 15:03 -------- d-----w- c:\documents and settings\Alexander\Application Data\Digidesign

2009-09-01 00:50 . 2009-09-01 00:30 -------- d-----w- c:\program files\Virtual Assistant

2009-09-01 00:31 . 2009-09-01 00:30 -------- d-----w- c:\program files\Motive

2009-09-01 00:24 . 2009-09-01 00:20 -------- d-----w- c:\program files\EMBARQ

2009-09-01 00:20 . 2009-09-01 00:19 -------- d-----w- c:\program files\Common Files\Motive

2009-09-01 00:20 . 2009-09-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

2009-08-28 14:09 . 2009-08-28 14:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-08-28 13:47 . 2009-08-28 13:47 -------- d-----w- c:\program files\Common Files\Skype

2009-08-28 13:47 . 2009-08-28 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-08-05 09:01 . 2007-07-28 13:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-10-19_20.09.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-19 21:56 . 2009-10-19 21:56 16384 c:\windows\temp\Perflib_Perfdata_7b0.dat

+ 2004-06-26 16:43 . 2009-10-19 20:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2004-06-26 16:43 . 2009-10-19 18:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"LDM"="\Program\BackWeb-8876480.exe" [bU]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]

"DeadAIM"="d:\oldcom~1\PROGRA~1\AIM95\\DeadAIM.ocm" [2004-02-28 144896]

"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]

"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2004-03-31 45056]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-05 185896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]

"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2006-04-21 438359]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Ms\tryit.exe" [2009-09-10 1312080]

"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-03-04 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-03-31 263824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-2-5 450560]

Monitor.lnk - f:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2007-1-1 110592]

NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2006-8-9 155715]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"DisallowRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIDI2"=diomidi.dll

"wave1"=Digi32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AUtHorizedapplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\OLD Computer\\Program Files\\AIM95\\aim.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"f:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"f:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFi~1.sys [3/30/2005 2:22 PM 20992]

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [10/10/2002 1:31 PM 84529]

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [8/6/2006 9:57 AM 78336]

R2 Channel Deployer;Channel Deployer;c:\program files\Common Files\Intuit\Track-It!\ChannelDeploy.sys [3/10/2005 12:04 AM 65536]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/9/2009 8:13 PM 102448]

S2 gupdate1c9a646b65445ac;Google Update Service (gupdate1c9a646b65445ac);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 10:51 AM 133104]

S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [3/30/2005 11:00 AM 73216]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]

S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [6/27/2004 12:21 AM 72576]

.

Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-10-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-12 15:08]

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 14:51]

2009-10-19 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-06-26 21:32]

2009-10-19 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 02:18]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Alexander\Start Menu\Programs\IMVU\Run IMVU.lnk

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: ESPNJavaUtilsCab - hxxp://espn.go.com/livedraft/ESPNJavaUtils.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\c6q3eg3x.default\

FF - plugin: c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\c6q3eg3x.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\documents and settings\Alexander\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll

FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: f:\program files\kSolo\npAVX.dll

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-19 17:56

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(2700)

c:\windows\system32\WININET.dll

c:\progra~1\VIRTUA~1\SMARTB~1\SBHook.dll

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Intuit\Track-It!\ChannelDeploy.sys

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\combofix\CF14403.exe

c:\program files\Photodex\ProShowGold\scsiaccess.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe

c:\program files\Logitech\Video\FxSvr2.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

**************************************************************************

.

Completion time: 2009-10-19 18:06 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-19 22:05

ComboFix2.txt 2009-10-19 20:31

Pre-Run: 3,892,977,664 bytes free

Post-Run: 3,873,959,936 bytes free

- - End Of File - - 3C55360E2B6E89F443424A56DB8C3243

[miekiemoes]

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

[xanderx831]

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

have been using it all day and had no problems at all! thank you so much!! what a huge help! thanks!!

[miekiemoes]

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.