Jump to content

Wont let me install malware bytes


Recommended Posts

ok well i was able to get the dd bu everytime i ran the test my computer would restart

DDS (Ver_09-12-01.01) - NTFSx86

Run by DavidS at 18:56:37.68 on Sat 01/02/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.381 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\DOCUME~1\DavidS\LOCALS~1\Temp\p84j68.exe

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\DavidS\LOCALS~1\Temp\win16.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\DavidS\Application Data\CCenter\ccagent.exe

C:\Documents and Settings\DavidS\Desktop\ddr.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

uWindow Title = Windows Internet Explorer provided by Yahoo!

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mWinlogon: userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

uWinlogon: Shell=c:\documents and settings\davids\application data\ccenter\ccmain.exe

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: c:\windows\system32\c256bx.dll: {b45a4b16-23f2-41ad-f4e4-00aac39c0004} - c:\windows\system32\c256bx.dll

TB: Browser Toolbar: {2eef94df-75f6-42e9-b7fb-af5a170a6e2e} - c:\program files\webmediaviewer\browseul.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File

TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll

uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\ahead\data\xtras\mssysmgr.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background

uRun: [Twain] c:\program files\twain\Twain.exe

uRun: [Aim6]

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [qpisbnlh] c:\documents and settings\davids\local settings\application data\gpvwcl\kauhsysguard.exe

uRun: [calc] rundll32.exe c:\docume~1\networ~1\ntuser.dll,_IWMPEvents@0

uRun: [jsh87r3huiehf89esiudgd] c:\docume~1\davids\locals~1\temp\p84j68.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [agent.exe] c:\documents and settings\davids\application data\pc\agent.exe

uRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\docume~1\davids\locals~1\temp\win16.exe

uRun: [ccagent.exe] c:\documents and settings\davids\application data\ccenter\ccagent.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe

mRun: [CARPService] carpserv.exe

mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe

mRun: [smapp] c:\program files\analog devices\soundmax\Smtray.exe

mRun: [srmclean] c:\cpqs\scom\srmclean.exe

mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers

mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe

mRun: [AutoLogon]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [NWEReboot]

mRun: [DIGStream] c:\program files\digstream\digstream.exe

mRun: [wlqh] c:\windows\wlqh.exe

mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey

mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [searchSettings] c:\program files\search settings\SearchSettings.exe

mRun: [2864f699] rundll32.exe "c:\windows\system32\samafiwu.dll",b

mRun: [CPM2b57c505] Rundll32.exe "c:\windows\system32\jobaruse.dll",a

mRun: [yinopeteje] Rundll32.exe "c:\windows\system32\mopifobi.dll",s

mRun: [PerfectOptimizer] f:\program files\perfect optimizer\PerfectOptimizer.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [qpisbnlh] c:\documents and settings\davids\local settings\application data\gpvwcl\kauhsysguard.exe

mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0

mExplorerRun: [QuickTime Task] c:\program files\webmediaviewer\qttask.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - f:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - f:\program files\bodog poker\BPGame.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38200.4970833333

DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab

DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab

Notify: igfxcui - igfxsrvc.dll

Notify: rqRLfFUl - rqRLfFUl.dll

Notify: __c00B5AD9 - c:\windows\system32\__c00B5AD9.dat

AppInit_DLLs: gipidiwu.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jobaruse.dll

STS: behaves: {1f3dd9bf-1472-4a8b-b295-b596a597149b} - c:\windows\system32\gowqug.dll

STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jobaruse.dll

STS: c:\windows\system32\c256bx.dll: {b45a4b16-23f2-41ad-f4e4-00aac39c0004} - c:\windows\system32\c256bx.dll

SEH: {453f51e8-fef5-4c54-b136-944bf434360c} - c:\windows\system32\rqRLfFUl.dll

LSA: Notification Packages = scecli c:\windows\system32\kimuremo.dll goyevayo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davids\applic~1\mozilla\firefox\profiles\fjxo1x0z.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: f:\program files\divx\divx content uploader\npUpload.dll

FF - plugin: f:\program files\divx\divx player\npDivxPlayerPlugin.dll

FF - plugin: f:\program files\divx\divx web player\npdivx32.dll

FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [2002-7-8 84788]

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]

S2 E5F7B58DDC756A74;E5F7B58DDC756A74;\??\c:\documents and settings\davids\e5f7b58ddc756a74\e5f7b58ddc756a74 --> c:\documents and settings\davids\e5f7b58ddc756a74\E5F7B58DDC756A74 [?]

S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-18 359952]

S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-18 144704]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-8 24652]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-5-27 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-5-27 3072]

S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-18 606736]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-18 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-18 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-18 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-18 40552]

S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\mscmtsrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

=============== Created Last 30 ================

2010-01-02 23:54:38 0 d-----w- c:\docume~1\davids\applic~1\CCenter

2010-01-02 23:54:24 1970582 ----a-w- c:\windows\system32\__c00F49F1.exe

2010-01-01 22:47:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-01 22:46:59 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-01-01 22:46:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-01 21:35:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-31 23:45:44 1593960 ----a-w- c:\windows\system32\__c004155.exe

2009-12-31 23:19:42 0 d-----w- c:\docume~1\davids\applic~1\AVG8

2009-12-06 14:22:20 1603007 ----a-w- c:\windows\system32\__c00FB60.exe

2009-12-06 05:01:58 0 d-----w- c:\program files\Norton AntiVirus

==================== Find3M ====================

2010-01-02 23:54:37 35328 ----a-w- c:\windows\system32\__c00B5AD9.dat

2010-01-01 18:27:55 627 -c--a-w- C:\xcrashdump.dat

2009-12-03 00:30:10 1602385 ----a-w- c:\windows\system32\__c00EAD90.exe

2009-12-01 03:19:00 950272 ----a-w- c:\windows\system32\wscsvc32.exe

2009-12-01 03:17:25 15000 ----a-w- c:\windows\system32\c256bx.dll

2009-12-01 03:17:17 52736 -c--a-w- C:\imoliv.exe

2009-12-01 03:17:17 130560 -c--a-w- C:\cojpjy.exe

2009-12-01 03:17:15 46080 -c--a-w- C:\vbaaaah.exe

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll

2009-03-21 14:06:58 24064 --sha-w- c:\windows\system32\calc.dll

2009-09-01 03:17:25 52736 --sha-w- c:\windows\system32\gipidiwu.dll

2009-09-01 03:17:25 52736 --sha-w- c:\windows\system32\goyevayo.dll

2008-10-19 03:28:40 923421 --sha-w- c:\windows\system32\TvyFLkkj.ini2

2009-09-01 03:17:25 52736 --sha-w- c:\windows\system32\wogutopa.dll

2009-03-21 14:06:58 24064 --sha-w- c:\windows\system32\config\systemprofile\ntuser.dll

2008-08-08 03:57:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

2009-03-21 14:06:58 24064 --sha-w- c:\windows\system32\config\systemprofile\start menu\programs\startup\scandisk.dll

============= FINISH: 18:58:19.70 ===============

Link to post
Share on other sites

okay

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites

heres the combofix log...hijackthis will be coming up in a bit. also my google is now going to searchclick8

ComboFix 10-01-02.01 - DavidS 01/02/2010 23:46:22.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.530 [GMT -5:00]

Running from: c:\documents and settings\DavidS\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\DavidS\LOCALS~1\Temp\csrss.exe

c:\docume~1\DavidS\LOCALS~1\Temp\lsass.exe

c:\docume~1\DavidS\LOCALS~1\Temp\svchost.exe

c:\docume~1\DavidS\LOCALS~1\Temp\taskmgr.exe

c:\documents and settings\DavidS\Application Data\inst.exe

c:\documents and settings\DavidS\My Documents\My Documents.url

c:\documents and settings\DavidS\My Documents\My Music\My Music.url

c:\documents and settings\DavidS\My Documents\My Pictures\My Pictures.url

c:\documents and settings\DavidS\My Documents\My Videos\My Video.url

c:\documents and settings\DavidS\My Documents\registry010609.reg

c:\documents and settings\DavidS\ntuser.dll

c:\documents and settings\DavidS\Start Menu\Programs\Startup\scandisk.dll

c:\documents and settings\DavidS\Start Menu\Programs\Startup\scandisk.lnk

c:\documents and settings\FRED\My Documents\123109.reg

c:\documents and settings\FRED\ntuser.dll

c:\documents and settings\FRED\Start Menu\Programs\Startup\scandisk.dll

c:\documents and settings\FRED\Start Menu\Programs\Startup\scandisk.lnk

C:\ntldrs

c:\program files\AntiMalware

c:\program files\Common Files\fnts~1

c:\program files\Mjcore

c:\program files\Search Settings

c:\program files\Search Settings\kb127\SearchSettings.dll

c:\program files\Search Settings\kb127\SearchSettingsRes409.dll

c:\program files\Search Settings\SearchSettings.exe

c:\program files\webmediaviewer

c:\program files\WinBudget

c:\recycler\NPROTECT

c:\windows\BM2b57c505.txt

c:\windows\BM2b57c505.xml

c:\windows\EventSystem.log

c:\windows\INET.reg

c:\windows\system32\__c004155.exe

c:\windows\system32\__c00B5AD9.dat

c:\windows\system32\__c00EAD90.exe

c:\windows\system32\__c00F49F1.exe

c:\windows\system32\__c00FB60.exe

c:\windows\system32\bikusono.dll

c:\windows\system32\c256bx.dll

c:\windows\system32\calc.dll

c:\windows\system32\config\systemprofile\ntuser.dll

c:\windows\system32\drivers\H8SRTpxgsiphwbr.sys

c:\windows\system32\gipidiwu.dll

c:\windows\system32\goyevayo.dll

c:\windows\system32\H8SRTacmuwqoqbw.dll

c:\windows\system32\H8SRTnnvxtaxvho.dll

c:\windows\system32\H8SRTsibmbhlihg.dat

c:\windows\system32\H8SRTslxmofrxly.dll

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\mcrh.tmp

c:\windows\system32\pugohawu.dll

c:\windows\system32\TvyFLkkj.ini

c:\windows\system32\TvyFLkkj.ini2

c:\windows\system32\wogutopa.dll

c:\windows\system32\wscsvc32.exe

c:\windows\system32\yisiwusu.dll

c:\windows\Temp\0187961259799668mcinst.exe

C:\xcrashdump.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))

.

2010-01-03 01:43 . 2010-01-03 01:43 39424 --sh--w- c:\windows\system32\bodozanu.dll

2010-01-03 01:20 . 2010-01-03 01:20 -------- d-----w- c:\documents and settings\DavidS\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-03 01:20 . 2010-01-03 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1

2010-01-03 01:20 . 2010-01-03 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-03 00:26 . 2010-01-03 00:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-01-01 21:35 . 2010-01-03 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-01 00:54 . 2010-01-01 00:54 -------- dcsh--w- c:\documents and settings\FRED\PrivacIE

2010-01-01 00:54 . 2010-01-01 00:54 -------- dc----w- c:\documents and settings\FRED\Local Settings\Application Data\Apple Computer

2009-12-31 23:19 . 2009-12-31 23:19 -------- d-----w- c:\documents and settings\DavidS\Application Data\AVG8

2009-12-06 05:01 . 2009-12-31 23:41 -------- d-----w- c:\program files\Norton AntiVirus

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-03 04:45 . 2009-05-19 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\Common Files\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\McAfee

2010-01-03 01:10 . 2001-08-17 17:51 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys

2010-01-03 01:02 . 2010-01-03 01:02 96512 ----a-w- c:\windows\system32\drivers\OLD29.tmp

2010-01-03 00:36 . 2010-01-03 00:36 96512 ----a-w- c:\windows\system32\drivers\OLD1A.tmp

2010-01-01 18:19 . 2004-11-26 20:21 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-01 18:14 . 2008-10-18 22:38 -------- d-----w- c:\program files\AVG

2010-01-01 18:14 . 2008-10-18 22:38 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8

2009-12-31 23:41 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-31 23:35 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\DavidS\Application Data\Symantec

2009-12-01 03:17 . 2009-12-01 03:17 52736 -c--a-w- C:\imoliv.exe

2009-12-01 03:17 . 2009-12-01 03:17 130560 -c--a-w- C:\cojpjy.exe

2009-12-01 03:17 . 2009-12-01 03:17 46080 -c--a-w- C:\vbaaaah.exe

2009-03-21 14:06 . 2001-08-18 02:36 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2004-08-01 18:38 . 2001-07-24 21:34 36864 c:\cpqs\scom\bak\srmclean.exe

2006-03-30 21:45 . 2006-03-30 21:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

2004-08-01 18:35 . 2002-01-30 22:01 81920 c:\program files\Analog Devices\SoundMAX\bak\Smtray.exe

2003-10-07 14:48 . 2003-10-07 14:48 147514 c:\program files\Common Files\Network Associates\TalkBack\bak\tbmon.exe

2004-11-24 05:59 . 2004-11-24 05:59 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2003-10-14 15:22 . 2003-10-14 15:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

2004-08-01 18:35 . 2001-12-14 19:01 32768 c:\program files\COMPAQ\Easy Access Button Support\bak\StartEAK.exe

2007-08-07 06:05 . 2007-08-07 06:05 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe

2009-04-02 20:11 . 2009-04-02 20:11 342312 c:\program files\iTunes\iTunesHelper.exe

2007-05-14 02:53 . 2007-03-14 08:43 83608 c:\program files\Java\jre1.6.0_01\bin\bak\jusched.exe

2004-06-03 08:50 . 2004-06-03 08:50 204800 c:\program files\Microsoft IntelliPoint\bak\point32.exe

2004-06-03 08:51 . 2004-06-03 08:51 172032 c:\program files\Microsoft IntelliType Pro\bak\type32.exe

2000-07-13 16:00 . 2000-07-13 16:00 28739 c:\program files\Microsoft Works\bak\WkDetect.exe

2000-07-13 16:00 . 2000-07-13 16:00 311350 c:\program files\Microsoft Works\bak\WksSb.exe

2007-01-16 05:05 . 2004-08-06 08:50 139320 c:\program files\Network Associates\Common Framework\bak\UpdaterUI.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe

2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe

2004-04-14 20:04 . 2004-04-14 20:04 40960 c:\program files\ScanSoft\PaperPort\bak\IndexSearch.exe

2004-04-14 19:46 . 2004-04-14 19:46 57393 c:\program files\ScanSoft\PaperPort\bak\pptd40nt.exe

2007-06-08 14:59 . 2007-06-08 14:59 224248 c:\program files\Yahoo!\Search Protection\bak\SearchProtection.exe

2004-08-01 19:02 . 2004-08-04 07:56 15360 c:\windows\system32\bak\ctfmon.exe

2004-08-01 19:02 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

2003-12-15 04:07 . 2005-06-21 21:44 126976 c:\windows\system32\bak\hkcmd.exe

2003-12-15 04:20 . 2005-06-21 21:48 155648 c:\windows\system32\bak\igfxtray.exe

2004-11-27 01:50 . 2001-07-09 16:50 155648 c:\windows\system32\bak\NeroCheck.exe

2007-06-11 09:25 . 2007-06-11 09:25 6731312 f:\program files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [N/A]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]

"Aim6"="" [N/A]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"qpisbnlh"="c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe" [2009-12-01 324352]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"agent.exe"="c:\documents and settings\DavidS\Application Data\PC\agent.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CARPService"="carpserv.exe" [2002-07-08 4608]

"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [N/A]

"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [N/A]

"srmclean"="c:\cpqs\Scom\srmclean.exe" [N/A]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [N/A]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [N/A]

"AutoLogon"="" [N/A]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [N/A]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [N/A]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [N/A]

"NWEReboot"="" [N/A]

"DIGStream"="c:\program files\DIGStream\digstream.exe" [N/A]

"wlqh"="c:\windows\wlqh.exe" [N/A]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [N/A]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [N/A]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [N/A]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [N/A]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [N/A]

"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [N/A]

"2864f699"="c:\windows\system32\samafiwu.dll" [N/A]

"yinopeteje"="goyevayo.dll" [N/A]

"PerfectOptimizer"="f:\program files\Perfect Optimizer\PerfectOptimizer.exe" [N/A]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"qpisbnlh"="c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe" [2009-12-01 324352]

"fiwufakuk"="c:\windows\system32\pugohawu.dll" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Documents and Settings\\DavidS\\Local Settings\\Application Data\\Wildtangent\\Cdacache\\B4538D2C-E5CB-4449-9FA5-BB2D8FA18FFF\\game.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"f:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\StubInstaller.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\DavidS\\Desktop\\utorrent.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/8/2009 6:22 PM 24652]

R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [7/8/2002 5:32 PM 84788]

S2 E5F7B58DDC756A74;E5F7B58DDC756A74;\??\c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74 --> c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74 [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/27/2009 9:42 PM 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/27/2009 9:42 PM 3072]

S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {824B945A-0C74-46F0-A096-38748CF8185D} = 193.104.110.38,4.2.2.1,192.168.1.1

TCP: {C4CA9908-E2F6-403B-A796-B13A6C87FC2A} = 193.104.110.38,4.2.2.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\DavidS\Application Data\Mozilla\Firefox\Profiles\fjxo1x0z.default\

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: f:\program files\DivX\DivX Content Uploader\npUpload.dll

FF - plugin: f:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: f:\program files\DivX\DivX Web Player\npdivx32.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\npViewpoint.dll

.

- - - - ORPHANS REMOVED - - - -

BHO-{fdc5f1d3-5045-42b0-9027-1e3b068b125b} - wogutopa.dll

SharedTaskScheduler-{c31cfc4b-d6b1-45a6-9ab4-afa96bae21ef} - c:\windows\system32\pugohawu.dll

SSODL-kodafataf-{c31cfc4b-d6b1-45a6-9ab4-afa96bae21ef} - c:\windows\system32\pugohawu.dll

Notify-rqRLfFUl - rqRLfFUl.dll

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-AOL Uninstaller - c:\program files\Common Files\AOL\uninstaller.exe

AddRemove-HD Decrypter) (Option: Mobile) 5_is1 - c:\program files\DVDFab 5\unins000.exe

AddRemove-Move Networks Player_is1 - c:\documents and settings\DavidS\Application Data\Move Networks\ie_bin\unins000.exe

AddRemove-SetupPPUpdater - c:\progra~1\PESTPA~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-02 23:57

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\E5F7B58DDC756A74]

"ImagePath"="\??\c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2444)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

f:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Dell\Dell File Manager\CTDFM.DLL

c:\program files\Dell\Dell File Manager\DFMHK.dll

c:\program files\Dell\Dell File Manager\CTDFMRES.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\carpserv.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-01-03 00:04:57 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-03 05:04

Pre-Run: 216,474,005,504 bytes free

Post-Run: 221,892,800,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - FD66445D28FBBFEB97CB79334FD0184E

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:13:13 AM, on 1/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [wlqh] C:\WINDOWS\wlqh.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [2864f699] rundll32.exe "C:\WINDOWS\system32\samafiwu.dll",b

O4 - HKLM\..\Run: [yinopeteje] Rundll32.exe "goyevayo.dll",s

O4 - HKLM\..\Run: [PerfectOptimizer] F:\Program Files\Perfect Optimizer\PerfectOptimizer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [qpisbnlh] C:\Documents and Settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe

O4 - HKLM\..\Run: [fiwufakuk] Rundll32.exe "c:\windows\system32\pugohawu.dll",a

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [qpisbnlh] C:\Documents and Settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [agent.exe] C:\Documents and Settings\DavidS\Application Data\PC\agent.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - F:\Program Files\Bodog Poker\BPGame.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{824B945A-0C74-46F0-A096-38748CF8185D}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C4CA9908-E2F6-403B-A796-B13A6C87FC2A}: NameServer = 193.104.110.38,4.2.2.1

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8874 bytes

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Files::
c:\windows\system32\bodozanu.dll
C:\vbaaaah.exe
C:\cojpjy.exe
C:\imoliv.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
c:\windows\system32\epmntdrv.sys
c:\windows\system32\EuGdiDrv.sys
AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
c:\cpqs\scom\bak\srmclean.exe
c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
c:\program files\Analog Devices\SoundMAX\bak\Smtray.exe
c:\program files\Common Files\Network Associates\TalkBack\bak\tbmon.exe
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
c:\program files\COMPAQ\Easy Access Button Support\bak\StartEAK.exe
c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
c:\program files\Java\jre1.6.0_01\bin\bak\jusched.exe
c:\program files\Microsoft IntelliPoint\bak\point32.exe
c:\program files\Microsoft IntelliType Pro\bak\type32.exe
c:\program files\Microsoft Works\bak\WkDetect.exe
c:\program files\Microsoft Works\bak\WksSb.exe
c:\program files\Network Associates\Common Framework\bak\UpdaterUI.exe
c:\program files\ScanSoft\PaperPort\bak\IndexSearch.exe
c:\program files\ScanSoft\PaperPort\bak\pptd40nt.exe
c:\program files\Yahoo!\Search Protection\bak\SearchProtection.exe
c:\windows\system32\bak\hkcmd.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\bak\igfxtray.exe
c:\windows\system32\bak\NeroCheck.exe
f:\program files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe
Folder::
c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl
c:\documents and settings\DavidS\Application Data\PC
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qpisbnlh"=-
"agent.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2864f699"=-
"yinopeteje"=-
"PerfectOptimizer"=-
"qpisbnlh"=-
"fiwufakuk"=-
Driver::
EuGdiDrv
epmntdrv

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

here you go

ComboFix 10-01-03.03 - DavidS 01/03/2010 20:56:57.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.485 [GMT -5:00]

Running from: c:\documents and settings\DavidS\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\DavidS\Desktop\cfscript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl

c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe

c:\windows\system32\bodozanu.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_EPMNTDRV

-------\Legacy_EUGDIDRV

-------\Service_epmntdrv

-------\Service_EuGdiDrv

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))

.

2010-01-03 05:11 . 2010-01-03 05:11 -------- d-----w- c:\program files\Trend Micro

2010-01-03 01:20 . 2010-01-03 01:20 -------- d-----w- c:\documents and settings\DavidS\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-03 01:20 . 2010-01-03 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1

2010-01-03 01:20 . 2010-01-03 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-03 00:26 . 2010-01-03 00:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-01-01 21:35 . 2010-01-03 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-01 00:54 . 2010-01-01 00:54 -------- dcsh--w- c:\documents and settings\FRED\PrivacIE

2010-01-01 00:54 . 2010-01-01 00:54 -------- dc----w- c:\documents and settings\FRED\Local Settings\Application Data\Apple Computer

2009-12-31 23:19 . 2009-12-31 23:19 -------- d-----w- c:\documents and settings\DavidS\Application Data\AVG8

2009-12-06 05:01 . 2009-12-31 23:41 -------- d-----w- c:\program files\Norton AntiVirus

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-04 02:12 . 2005-08-26 17:45 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-01-04 02:12 . 2004-08-01 18:45 -------- d-----w- c:\program files\Microsoft Works

2010-01-04 02:12 . 2005-08-26 17:46 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-01-03 04:45 . 2009-05-19 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\Common Files\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\McAfee

2010-01-03 01:10 . 2001-08-17 17:51 96512 -c----w- c:\windows\system32\drivers\atapi.sys

2010-01-03 01:02 . 2010-01-03 01:02 96512 ----a-w- c:\windows\system32\drivers\OLD29.tmp

2010-01-03 00:36 . 2010-01-03 00:36 96512 ----a-w- c:\windows\system32\drivers\OLD1A.tmp

2010-01-01 18:19 . 2004-11-26 20:21 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-01 18:14 . 2008-10-18 22:38 -------- d-----w- c:\program files\AVG

2010-01-01 18:14 . 2008-10-18 22:38 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8

2009-12-31 23:41 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-31 23:35 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\DavidS\Application Data\Symantec

2009-12-01 03:17 . 2009-12-01 03:17 52736 -c--a-w- C:\imoliv.exe

2009-12-01 03:17 . 2009-12-01 03:17 130560 -c--a-w- C:\cojpjy.exe

2009-12-01 03:17 . 2009-12-01 03:17 46080 -c--a-w- C:\vbaaaah.exe

2009-10-29 07:45 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30 . 2004-08-01 19:08 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-01 19:08 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-01 19:08 79872 ----a-w- c:\windows\system32\raschap.dll

2009-03-21 14:06 . 2001-08-18 02:36 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe

2009-04-02 20:11 . 2009-04-02 20:11 342312 c:\program files\iTunes\iTunesHelper.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe

2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [N/A]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]

"Aim6"="" [N/A]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CARPService"="carpserv.exe" [2002-07-08 4608]

"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]

"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-01-30 81920]

"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]

"AutoLogon"="" [N/A]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-24 180269]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"NWEReboot"="" [N/A]

"DIGStream"="c:\program files\DIGStream\digstream.exe" [N/A]

"wlqh"="c:\windows\wlqh.exe" [N/A]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248]

"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [N/A]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Documents and Settings\\DavidS\\Local Settings\\Application Data\\Wildtangent\\Cdacache\\B4538D2C-E5CB-4449-9FA5-BB2D8FA18FFF\\game.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"f:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\StubInstaller.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\DavidS\\Desktop\\utorrent.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/8/2009 6:22 PM 24652]

R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [7/8/2002 5:32 PM 84788]

S2 E5F7B58DDC756A74;E5F7B58DDC756A74;\??\c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74 --> c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74 [?]

S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSCFG

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {824B945A-0C74-46F0-A096-38748CF8185D} = 193.104.110.38,4.2.2.1,192.168.1.1

TCP: {C4CA9908-E2F6-403B-A796-B13A6C87FC2A} = 193.104.110.38,4.2.2.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\DavidS\Application Data\Mozilla\Firefox\Profiles\fjxo1x0z.default\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-03 21:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\E5F7B58DDC756A74]

"ImagePath"="\??\c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1216)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

f:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Dell\Dell File Manager\CTDFM.DLL

c:\program files\Dell\Dell File Manager\DFMHK.dll

c:\program files\Dell\Dell File Manager\CTDFMRES.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\windows\System32\NMSSvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\carpserv.exe

c:\program files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

c:\program files\Compaq\Easy Access Button Support\CPQEADM.EXE

c:\compaq\EAKDRV\EAUSBKBD.EXE

c:\progra~1\Compaq\EASYAC~1\BttnServ.exe

c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-01-03 21:19:20 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-04 02:19

ComboFix2.txt 2010-01-03 05:04

Pre-Run: 221,769,269,248 bytes free

Post-Run: 221,754,023,936 bytes free

- - End Of File - - B26DACDA14CF54DB1094EAEB475189C9

Link to post
Share on other sites

Hopefully this will do the trick.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
C:\vbaaaah.exe
C:\cojpjy.exe
C:\imoliv.exe
Folder::
c:\documents and settings\DavidS\E5F7B58DDC756A74
AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"=-
"MsnMsgr"=-
"Aim6"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"=-
"AutoLogon"=-
"DIGStream"=-
"wlqh"=-
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"QuickTime Task"=-
Driver::
E5F7B58DDC756A74

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

alright heres the log

ComboFix 10-01-03.03 - DavidS 01/03/2010 22:00:13.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.479 [GMT -5:00]

Running from: c:\documents and settings\DavidS\Desktop\takdah.exe

Command switches used :: c:\documents and settings\DavidS\Desktop\cfscript2.txt

FILE ::

"C:\cojpjy.exe"

"C:\imoliv.exe"

"C:\vbaaaah.exe"

"c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\cojpjy.exe

c:\documents and settings\DavidS\E5F7B58DDC756A74

c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74.x86

C:\imoliv.exe

C:\vbaaaah.exe

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_E5F7B58DDC756A74

-------\Service_E5F7B58DDC756A74

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))

.

2010-01-03 05:11 . 2010-01-03 05:11 -------- d-----w- c:\program files\Trend Micro

2010-01-03 01:20 . 2010-01-03 01:20 -------- d-----w- c:\documents and settings\DavidS\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-03 01:20 . 2010-01-03 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1

2010-01-03 01:20 . 2010-01-03 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-03 00:26 . 2010-01-03 00:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-01-01 21:35 . 2010-01-03 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-01 00:54 . 2010-01-01 00:54 -------- dcsh--w- c:\documents and settings\FRED\PrivacIE

2010-01-01 00:54 . 2010-01-01 00:54 -------- dc----w- c:\documents and settings\FRED\Local Settings\Application Data\Apple Computer

2009-12-31 23:19 . 2009-12-31 23:19 -------- d-----w- c:\documents and settings\DavidS\Application Data\AVG8

2009-12-06 05:01 . 2009-12-31 23:41 -------- d-----w- c:\program files\Norton AntiVirus

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-04 02:12 . 2005-08-26 17:45 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-01-04 02:12 . 2004-08-01 18:45 -------- d-----w- c:\program files\Microsoft Works

2010-01-04 02:12 . 2005-08-26 17:46 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-01-03 04:45 . 2009-05-19 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\Common Files\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\McAfee

2010-01-03 01:10 . 2001-08-17 17:51 96512 -c----w- c:\windows\system32\drivers\atapi.sys

2010-01-03 01:02 . 2010-01-03 01:02 96512 ----a-w- c:\windows\system32\drivers\OLD29.tmp

2010-01-03 00:36 . 2010-01-03 00:36 96512 ----a-w- c:\windows\system32\drivers\OLD1A.tmp

2010-01-01 18:19 . 2004-11-26 20:21 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-01 18:14 . 2008-10-18 22:38 -------- d-----w- c:\program files\AVG

2010-01-01 18:14 . 2008-10-18 22:38 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8

2009-12-31 23:41 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-31 23:35 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\DavidS\Application Data\Symantec

2009-10-29 07:45 . 2004-02-06 23:05 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30 . 2004-08-01 19:08 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-01 19:08 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-01 19:08 79872 ----a-w- c:\windows\system32\raschap.dll

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe

2009-04-02 20:11 . 2009-04-02 20:11 342312 c:\program files\iTunes\iTunesHelper.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe

2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CARPService"="carpserv.exe" [2002-07-08 4608]

"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]

"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-01-30 81920]

"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-24 180269]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Documents and Settings\\DavidS\\Local Settings\\Application Data\\Wildtangent\\Cdacache\\B4538D2C-E5CB-4449-9FA5-BB2D8FA18FFF\\game.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"f:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\StubInstaller.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\DavidS\\Desktop\\utorrent.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/8/2009 6:22 PM 24652]

R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [7/8/2002 5:32 PM 84788]

S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSCFG

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {824B945A-0C74-46F0-A096-38748CF8185D} = 193.104.110.38,4.2.2.1,192.168.1.1

TCP: {C4CA9908-E2F6-403B-A796-B13A6C87FC2A} = 193.104.110.38,4.2.2.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\DavidS\Application Data\Mozilla\Firefox\Profiles\fjxo1x0z.default\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-03 22:18

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3072)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

f:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Dell\Dell File Manager\CTDFM.DLL

c:\program files\Dell\Dell File Manager\DFMHK.dll

c:\program files\Dell\Dell File Manager\CTDFMRES.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\windows\System32\NMSSvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\carpserv.exe

c:\program files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

c:\program files\Compaq\Easy Access Button Support\CPQEADM.EXE

c:\compaq\EAKDRV\EAUSBKBD.EXE

c:\progra~1\Compaq\EASYAC~1\BttnServ.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-01-03 22:23:33 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-04 03:23

ComboFix2.txt 2010-01-04 02:19

ComboFix3.txt 2010-01-03 05:04

Pre-Run: 221,742,096,384 bytes free

Post-Run: 221,726,351,360 bytes free

- - End Of File - - F707525A44E20B613226C1ECE9BF878A

Link to post
Share on other sites

wow thank you very much this seems to have worked!

Malwarebytes' Anti-Malware 1.43

Database version: 3490

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/3/2010 11:23:41 PM

mbam-log-2010-01-03 (23-23-36).txt

Scan type: Quick Scan

Objects scanned: 131912

Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 21

Registry Values Infected: 3

Registry Data Items Infected: 2

Folders Infected: 2

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.

HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> No action taken.

HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.dll (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\OINAnalytics.dll (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\testCPV6.dll (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{824b945a-0c74-46f0-a096-38748cf8185d}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.1.1 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4ca9908-e2f6-403b-a796-b13a6c87fc2a}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1 -> No action taken.

Folders Infected:

C:\Program Files\Twain (Trojan.Agent) -> No action taken.

C:\Program Files\Webtools (Trojan.Agent) -> No action taken.

Files Infected:

C:\Documents and Settings\DavidS\Favorites\Antivirus Scan.url (Rogue.Link) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> No action taken.

Link to post
Share on other sites

yes i did but for some reason it didnt show it in the previous log. Heres the second you asked for

Malwarebytes' Anti-Malware 1.43

Database version: 3493

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/4/2010 3:05:51 PM

mbam-log-2010-01-04 (15-05-51).txt

Scan type: Quick Scan

Objects scanned: 132351

Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.