Sign In
Create Account
1
I tried deleting files directly from HijackThis, but it would not let me. I'm pretty sure it's the "ruludoji.dll" file. Other times it will show up as jirubiru.dll or marenya.dll or as all three. (I cannot remember the exact spelling of the last one.)
I downloaded MBAM and it said it has gotten them. I have run another scan and it says my system is clean. HOWEVER, I have run HijackThis and the files are still here!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:22 PM, on 10/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\winlogin.exe
C:\Windows\System32\wsqmcons.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\winlogin.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [foduboyiv] Rundll32.exe "c:\progra~2\ruludoji\ruludoji.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5542 bytes
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1
10/11/2009 11:46:24 PM
mbam-log-2009-10-11 (23-46-24).txt
Scan type: Quick Scan
Objects scanned: 84637
Time elapsed: 8 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Back to top
#2
Posted 12 October 2009 - 05:49 AM
-
- Members
-
- 2 posts
New Member
Used combofix, log here:
ComboFix 09-10-11.01 - Erik 10/12/2009 0:19.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.207 [GMT -5:00]
Running from: c:\users\Erik\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1039909693-3276849548-4189819475-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3068332034-436849929-3007908837-500
c:\progra~2\ruludoji\ruludoji.dll
c:\programdata\meyilona\meyilona.dll
c:\programdata\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000001.regtrans-ms
c:\users\Erik\AppData\Roaming\Desktopicon
c:\users\Erik\AppData\Roaming\Desktopicon\eBayShortcuts.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.
2009-10-12 05:31 . 2009-10-12 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-12 04:03 . 2009-10-12 04:03 -------- d-----w- c:\users\Erik\AppData\Roaming\Malwarebytes
2009-10-12 04:03 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 04:03 . 2009-10-12 04:03 -------- d-----w- c:\programdata\Malwarebytes
2009-10-12 04:03 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-12 04:03 . 2009-10-12 04:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 03:58 . 2009-10-12 03:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-11 17:46 . 2009-10-12 05:30 -------- d-----w- c:\programdata\ruludoji
2009-10-11 17:46 . 2009-10-11 17:46 -------- d-----w- c:\programdata\yesileya
2009-10-11 17:46 . 2009-10-11 17:46 -------- d-----w- c:\programdata\peduliro
2009-10-11 08:04 . 2009-10-11 07:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-11 07:36 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-11 07:32 . 2009-10-11 07:32 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-11 07:31 . 2009-10-11 07:36 -------- d-----w- c:\programdata\Lavasoft
2009-10-11 07:31 . 2009-10-11 07:31 -------- d-----w- c:\program files\Lavasoft
2009-10-11 07:18 . 2009-10-11 07:18 -------- d-----w- c:\program files\Trend Micro
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\programdata\sahesebe
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\programdata\jerabidi
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\programdata\hujatoto
2009-10-10 17:45 . 2009-10-10 17:45 -------- d-----w- c:\programdata\vivorowu
2009-10-10 17:45 . 2009-10-10 17:45 -------- d-----w- c:\programdata\rubiyivu
2009-10-10 17:45 . 2009-10-10 17:45 -------- d-----w- c:\programdata\berujiri
2009-10-03 04:41 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-21 05:27 . 2009-09-21 05:27 -------- d-----w- c:\program files\Exact Audio Copy
2009-09-20 01:10 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-20 01:10 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-20 01:08 . 2008-05-30 19:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2009-09-20 01:07 . 2007-05-16 21:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-09-20 00:57 . 2009-09-20 01:02 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-20 00:56 . 2009-09-20 00:56 -------- d-----w- c:\program files\Telltale Games
2009-09-13 07:08 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-13 07:08 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-13 07:08 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-13 07:08 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-13 07:08 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-13 07:08 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-13 07:08 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-13 07:08 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-13 07:08 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-13 07:08 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-13 07:06 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-13 07:06 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-13 07:06 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-13 07:06 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-13 07:06 . 2008-01-19 07:36 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-13 07:06 . 2008-01-19 07:36 64512 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-13 07:06 . 2008-01-05 11:34 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-09-13 07:05 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 05:30 . 2009-10-10 05:46 -------- d-----w- c:\programdata\meyilona
2009-10-12 03:30 . 2007-08-24 22:44 -------- d-----w- c:\users\Erik\AppData\Roaming\Azureus
2009-10-11 18:02 . 2007-10-31 02:25 -------- d-----w- c:\users\Erik\AppData\Roaming\dvdcss
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-11 17:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-11 09:15 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-10-11 09:15 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-10-11 08:31 . 2007-07-28 12:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 08:28 . 2006-12-01 00:46 -------- d-----w- c:\program files\Java
2009-10-10 05:46 . 2009-10-10 05:46 -------- d-----w- c:\programdata\zoporawo
2009-10-10 05:46 . 2009-10-10 05:46 -------- d-----w- c:\programdata\barikuge
2009-10-10 05:46 . 2009-10-09 17:39 -------- d-----w- c:\programdata\tesejufa
2009-10-10 05:46 . 2009-10-09 17:39 -------- d-----w- c:\programdata\rihuzuno
2009-10-10 05:46 . 2009-10-09 17:39 -------- d-----w- c:\programdata\janapeko
2009-10-10 05:45 . 2009-10-10 05:45 -------- d-----w- c:\programdata\noruwuse
2009-10-10 05:45 . 2009-10-10 05:45 -------- d-----w- c:\programdata\yeniferi
2009-10-10 05:45 . 2009-10-10 05:45 -------- d-----w- c:\programdata\sefesoso
2009-10-10 05:45 . 2009-10-10 05:45 -------- d-----w- c:\programdata\nepawegu
2009-10-09 17:45 . 2009-10-09 17:45 -------- d-----w- c:\programdata\jihulara
2009-10-09 17:45 . 2009-10-09 17:45 -------- d-----w- c:\programdata\suyegoto
2009-10-09 17:45 . 2009-10-09 17:45 -------- d-----w- c:\programdata\logedawo
2009-10-09 17:45 . 2009-10-09 17:45 -------- d-----w- c:\programdata\kurulofi
2009-10-04 23:26 . 2009-05-26 22:53 -------- d-----w- c:\program files\PeerGuardian2
2009-10-04 23:25 . 2008-07-15 17:26 -------- d-----w- c:\program files\Common Files\Real
2009-09-21 05:59 . 2008-06-20 16:24 -------- d-----w- c:\users\Erik\AppData\Roaming\foobar2000
2009-09-21 05:27 . 2008-09-08 19:09 -------- d-----w- c:\users\Erik\AppData\Roaming\AccurateRip
2009-09-21 05:08 . 2008-06-20 16:24 -------- d-----w- c:\program files\foobar2000
2009-09-04 22:44 . 2009-09-20 01:09 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 22:29 . 2009-09-20 01:09 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 22:29 . 2009-09-20 01:09 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 22:29 . 2009-09-20 01:09 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 22:29 . 2009-09-20 01:09 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 22:29 . 2009-09-20 01:09 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-28 12:39 . 2009-09-03 04:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 04:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-07-25 10:23 . 2009-07-29 07:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:06 . 2009-07-29 17:35 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 17:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 17:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 06:00 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 05:59 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 05:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 05:59 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 05:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-13 142104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-13 138008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\winlogin.exe" [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{050977D3-6A41-49BC-A608-2541FDF959B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{857733AA-B286-4A8D-89AE-FCEFBD98D4E1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7735F209-BF06-422F-94CC-3D9C533510D6}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{77DCD99E-D6D7-43E6-A0CD-A68B061EA5F8}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{DD15F0C7-22B1-42F1-84DB-8B8C130BD467}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"TCP Query User{C5CB8A56-471C-440C-8F6A-5A6F5B11F59C}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= UDP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
"UDP Query User{42945B3E-3B19-49EE-A13B-4C6566541950}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= TCP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
"TCP Query User{890C7478-3F9E-4E94-B6A6-FA91232E9A09}c:\\program files\\ea games\\command and conquer generals\\game.dat"= UDP:c:\program files\ea games\command and conquer generals\game.dat:game.dat
"UDP Query User{0DA8A347-61CC-4A88-8F85-BCF9316DDFAA}c:\\program files\\ea games\\command and conquer generals\\game.dat"= TCP:c:\program files\ea games\command and conquer generals\game.dat:game.dat
"TCP Query User{78A33C24-3BCA-4C10-9F9D-BE9EFC8CD4BB}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= UDP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
"UDP Query User{27D2DACA-6C0A-4084-A64B-D088DE75C2C5}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= TCP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
"TCP Query User{6847DC36-CBFE-4757-9618-672DC6CE256C}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"UDP Query User{EA55DA20-A6C2-48D5-80A6-274D0A27C5FE}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B7778DB7-1FF9-43D8-BDA6-612B3C3EF8EC}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"UDP Query User{F923931D-AEE9-4072-9DA8-D16E44A88CF0}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"{DB5455E7-0061-4117-B2FC-99CAA5A6D1A5}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{853C91A1-3BC3-4361-A6F4-6B6068F424F8}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{0C6A1121-3D4F-42B2-A8D2-305E25B25B57}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{18B734D9-69A5-44A4-9803-B32F0050E344}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{C752B732-3531-4F70-88B9-7F8C7F858220}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{896C07B6-E162-47C0-AC5A-6E39018D2908}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8C3EF7AB-03FF-4B66-B456-1201A522D3F3}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{EB9491AA-E499-4473-8514-4744EC9802C0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{545AA49F-80D8-46DA-9B37-19099CAA6E6D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{34CF3759-4642-45C8-800C-1E32A7234D8C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FEAFAE2E-C6BF-4811-AE65-D1B99053F309}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{745512F9-58CD-472F-A56A-CEBD085B7568}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{9BF7785E-8BEE-4BC0-A0C6-9561A5882C23}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{A8D1E79D-B7A3-48CB-A019-71584363A2E0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0A8FED0E-C948-4673-A1C3-5E601588C671}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C641726F-7E34-405F-ADDF-207E75557D0E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7A30798A-8EEF-4579-8B96-18699A8EEAD3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8D765EB6-3CD7-4D0D-98B1-7969C0DE1EF1}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DAA2942D-EA02-4CC0-BA88-99E006D39294}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{86532612-1DE2-4BE9-A7EA-585FA4D80257}c:\\users\\erik\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\erik\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{7A5DA76E-28E8-4149-B870-FDDAF0D12A65}c:\\users\\erik\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\erik\appdata\local\google\chrome\application\chrome.exe:chrome.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/11/2009 2:36 AM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\System32\drivers\xusb20.sys [10/13/2006 5:48 PM 50048]
.
Contents of the 'Scheduled Tasks' folder
2009-10-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 07:35]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039909693-3276849548-4189819475-1000Core.job
- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:03]
2009-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039909693-3276849548-4189819475-1000UA.job
- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:03]
2009-07-11 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-01 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\j9vamy3y.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Erik\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-moyenozeve - c:\programdata\meyilona\meyilona.dll
HKCU-Run-foduboyiv - c:\progra~2\ruludoji\ruludoji.dll
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll
AddRemove-WOLAPI - c:\westwood\Internet\UnstllAP.EXE
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1039909693-3276849548-4189819475-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:04,10,a2,79,b0,c2,14,d3,f2,d2,c8,ae,e5,89,7b,88,fc,3e,17,ed,59,02,b7,
ee,70,03,ae,eb,eb,78,08,4d,0b,d0,5f,63,42,f3,1d,18,2e,cb,f6,a5,fc,08,c5,5e,\
"??"=hex:f3,a5,df,6f,74,f6,ad,04,fc,c8,3a,96,d6,ca,c5,7d
[HKEY_USERS\S-1-5-21-1039909693-3276849548-4189819475-1000\Software\SecuROM\License information*]
"datasecu"=hex:c0,fe,5d,6f,13,0b,fd,0a,90,e7,ba,b2,b1,dc,f2,7e,4a,2c,64,09,64,
4d,d9,50,c1,26,2b,37,65,ef,01,fe,45,9c,af,cf,6f,60,6b,6b,6c,e1,d3,96,c1,23,\
"rkeysecu"=hex:87,4f,e2,d5,a2,39,ad,18,31,cb,7e,53,ba,bd,3a,a4
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\PresentationSettings.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2009-10-12 0:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 05:44
Pre-Run: 6,569,902,080 bytes free
Post-Run: 6,521,540,608 bytes free
280 --- E O F --- 2009-10-11 09:26
Now my computer is saying "Illegal Operation attempted on registry key that is marked for deletion"? What is going on? I know there were a couple of programs running, however, I could not shut them down. I didn't even have McAfee installed anywhere on my computer!
ComboFix 09-10-11.01 - Erik 10/12/2009 0:19.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.207 [GMT -5:00]
Running from: c:\users\Erik\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1039909693-3276849548-4189819475-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3068332034-436849929-3007908837-500
c:\progra~2\ruludoji\ruludoji.dll
c:\programdata\meyilona\meyilona.dll
c:\programdata\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000001.regtrans-ms
c:\users\Erik\AppData\Roaming\Desktopicon
c:\users\Erik\AppData\Roaming\Desktopicon\eBayShortcuts.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.
2009-10-12 05:31 . 2009-10-12 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-12 04:03 . 2009-10-12 04:03 -------- d-----w- c:\users\Erik\AppData\Roaming\Malwarebytes
2009-10-12 04:03 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 04:03 . 2009-10-12 04:03 -------- d-----w- c:\programdata\Malwarebytes
2009-10-12 04:03 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-12 04:03 . 2009-10-12 04:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 03:58 . 2009-10-12 03:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-11 17:46 . 2009-10-12 05:30 -------- d-----w- c:\programdata\ruludoji
2009-10-11 17:46 . 2009-10-11 17:46 -------- d-----w- c:\programdata\yesileya
2009-10-11 17:46 . 2009-10-11 17:46 -------- d-----w- c:\programdata\peduliro
2009-10-11 08:04 . 2009-10-11 07:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-11 07:36 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-11 07:32 . 2009-10-11 07:32 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-11 07:31 . 2009-10-11 07:36 -------- d-----w- c:\programdata\Lavasoft
2009-10-11 07:31 . 2009-10-11 07:31 -------- d-----w- c:\program files\Lavasoft
2009-10-11 07:18 . 2009-10-11 07:18 -------- d-----w- c:\program files\Trend Micro
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\programdata\sahesebe
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\programdata\jerabidi
2009-10-11 05:45 . 2009-10-11 05:45 -------- d-----w- c:\programdata\hujatoto
2009-10-10 17:45 . 2009-10-10 17:45 -------- d-----w- c:\programdata\vivorowu
2009-10-10 17:45 . 2009-10-10 17:45 -------- d-----w- c:\programdata\rubiyivu
2009-10-10 17:45 . 2009-10-10 17:45 -------- d-----w- c:\programdata\berujiri
2009-10-03 04:41 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-21 05:27 . 2009-09-21 05:27 -------- d-----w- c:\program files\Exact Audio Copy
2009-09-20 01:10 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-20 01:10 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-20 01:08 . 2008-05-30 19:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2009-09-20 01:07 . 2007-05-16 21:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-09-20 00:57 . 2009-09-20 01:02 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-20 00:56 . 2009-09-20 00:56 -------- d-----w- c:\program files\Telltale Games
2009-09-13 07:08 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-13 07:08 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-13 07:08 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-13 07:08 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-13 07:08 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-13 07:08 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-13 07:08 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-13 07:08 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-13 07:08 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-13 07:08 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-13 07:06 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-13 07:06 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-13 07:06 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-13 07:06 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-13 07:06 . 2008-01-19 07:36 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-13 07:06 . 2008-01-19 07:36 64512 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-13 07:06 . 2008-01-05 11:34 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-09-13 07:05 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 05:30 . 2009-10-10 05:46 -------- d-----w- c:\programdata\meyilona
2009-10-12 03:30 . 2007-08-24 22:44 -------- d-----w- c:\users\Erik\AppData\Roaming\Azureus
2009-10-11 18:02 . 2007-10-31 02:25 -------- d-----w- c:\users\Erik\AppData\Roaming\dvdcss
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-11 17:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-11 17:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-11 09:15 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-10-11 09:15 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-10-11 08:31 . 2007-07-28 12:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 08:28 . 2006-12-01 00:46 -------- d-----w- c:\program files\Java
2009-10-10 05:46 . 2009-10-10 05:46 -------- d-----w- c:\programdata\zoporawo
2009-10-10 05:46 . 2009-10-10 05:46 -------- d-----w- c:\programdata\barikuge
2009-10-10 05:46 . 2009-10-09 17:39 -------- d-----w- c:\programdata\tesejufa
2009-10-10 05:46 . 2009-10-09 17:39 -------- d-----w- c:\programdata\rihuzuno
2009-10-10 05:46 . 2009-10-09 17:39 -------- d-----w- c:\programdata\janapeko
2009-10-10 05:45 . 2009-10-10 05:45 -------- d-----w- c:\programdata\noruwuse
2009-10-10 05:45 . 2009-10-10 05:45 -------- d-----w- c:\programdata\yeniferi
2009-10-10 05:45 . 2009-10-10 05:45 -------- d-----w- c:\programdata\sefesoso
2009-10-10 05:45 . 2009-10-10 05:45 -------- d-----w- c:\programdata\nepawegu
2009-10-09 17:45 . 2009-10-09 17:45 -------- d-----w- c:\programdata\jihulara
2009-10-09 17:45 . 2009-10-09 17:45 -------- d-----w- c:\programdata\suyegoto
2009-10-09 17:45 . 2009-10-09 17:45 -------- d-----w- c:\programdata\logedawo
2009-10-09 17:45 . 2009-10-09 17:45 -------- d-----w- c:\programdata\kurulofi
2009-10-04 23:26 . 2009-05-26 22:53 -------- d-----w- c:\program files\PeerGuardian2
2009-10-04 23:25 . 2008-07-15 17:26 -------- d-----w- c:\program files\Common Files\Real
2009-09-21 05:59 . 2008-06-20 16:24 -------- d-----w- c:\users\Erik\AppData\Roaming\foobar2000
2009-09-21 05:27 . 2008-09-08 19:09 -------- d-----w- c:\users\Erik\AppData\Roaming\AccurateRip
2009-09-21 05:08 . 2008-06-20 16:24 -------- d-----w- c:\program files\foobar2000
2009-09-04 22:44 . 2009-09-20 01:09 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 22:29 . 2009-09-20 01:09 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 22:29 . 2009-09-20 01:09 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 22:29 . 2009-09-20 01:09 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 22:29 . 2009-09-20 01:09 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 22:29 . 2009-09-20 01:09 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-28 12:39 . 2009-09-03 04:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 04:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-07-25 10:23 . 2009-07-29 07:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:06 . 2009-07-29 17:35 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 17:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 17:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 06:00 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 05:59 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 05:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 05:59 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 05:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-13 142104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-13 138008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\winlogin.exe" [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{050977D3-6A41-49BC-A608-2541FDF959B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{857733AA-B286-4A8D-89AE-FCEFBD98D4E1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7735F209-BF06-422F-94CC-3D9C533510D6}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{77DCD99E-D6D7-43E6-A0CD-A68B061EA5F8}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{DD15F0C7-22B1-42F1-84DB-8B8C130BD467}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"TCP Query User{C5CB8A56-471C-440C-8F6A-5A6F5B11F59C}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= UDP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
"UDP Query User{42945B3E-3B19-49EE-A13B-4C6566541950}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= TCP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
"TCP Query User{890C7478-3F9E-4E94-B6A6-FA91232E9A09}c:\\program files\\ea games\\command and conquer generals\\game.dat"= UDP:c:\program files\ea games\command and conquer generals\game.dat:game.dat
"UDP Query User{0DA8A347-61CC-4A88-8F85-BCF9316DDFAA}c:\\program files\\ea games\\command and conquer generals\\game.dat"= TCP:c:\program files\ea games\command and conquer generals\game.dat:game.dat
"TCP Query User{78A33C24-3BCA-4C10-9F9D-BE9EFC8CD4BB}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= UDP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
"UDP Query User{27D2DACA-6C0A-4084-A64B-D088DE75C2C5}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= TCP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
"TCP Query User{6847DC36-CBFE-4757-9618-672DC6CE256C}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"UDP Query User{EA55DA20-A6C2-48D5-80A6-274D0A27C5FE}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B7778DB7-1FF9-43D8-BDA6-612B3C3EF8EC}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"UDP Query User{F923931D-AEE9-4072-9DA8-D16E44A88CF0}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"{DB5455E7-0061-4117-B2FC-99CAA5A6D1A5}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{853C91A1-3BC3-4361-A6F4-6B6068F424F8}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{0C6A1121-3D4F-42B2-A8D2-305E25B25B57}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{18B734D9-69A5-44A4-9803-B32F0050E344}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{C752B732-3531-4F70-88B9-7F8C7F858220}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{896C07B6-E162-47C0-AC5A-6E39018D2908}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8C3EF7AB-03FF-4B66-B456-1201A522D3F3}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{EB9491AA-E499-4473-8514-4744EC9802C0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{545AA49F-80D8-46DA-9B37-19099CAA6E6D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{34CF3759-4642-45C8-800C-1E32A7234D8C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FEAFAE2E-C6BF-4811-AE65-D1B99053F309}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{745512F9-58CD-472F-A56A-CEBD085B7568}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{9BF7785E-8BEE-4BC0-A0C6-9561A5882C23}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{A8D1E79D-B7A3-48CB-A019-71584363A2E0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0A8FED0E-C948-4673-A1C3-5E601588C671}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C641726F-7E34-405F-ADDF-207E75557D0E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7A30798A-8EEF-4579-8B96-18699A8EEAD3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8D765EB6-3CD7-4D0D-98B1-7969C0DE1EF1}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DAA2942D-EA02-4CC0-BA88-99E006D39294}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{86532612-1DE2-4BE9-A7EA-585FA4D80257}c:\\users\\erik\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\erik\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{7A5DA76E-28E8-4149-B870-FDDAF0D12A65}c:\\users\\erik\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\erik\appdata\local\google\chrome\application\chrome.exe:chrome.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/11/2009 2:36 AM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\System32\drivers\xusb20.sys [10/13/2006 5:48 PM 50048]
.
Contents of the 'Scheduled Tasks' folder
2009-10-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 07:35]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039909693-3276849548-4189819475-1000Core.job
- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:03]
2009-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039909693-3276849548-4189819475-1000UA.job
- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:03]
2009-07-11 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-01 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\j9vamy3y.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Erik\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-moyenozeve - c:\programdata\meyilona\meyilona.dll
HKCU-Run-foduboyiv - c:\progra~2\ruludoji\ruludoji.dll
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll
AddRemove-WOLAPI - c:\westwood\Internet\UnstllAP.EXE
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1039909693-3276849548-4189819475-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:04,10,a2,79,b0,c2,14,d3,f2,d2,c8,ae,e5,89,7b,88,fc,3e,17,ed,59,02,b7,
ee,70,03,ae,eb,eb,78,08,4d,0b,d0,5f,63,42,f3,1d,18,2e,cb,f6,a5,fc,08,c5,5e,\
"??"=hex:f3,a5,df,6f,74,f6,ad,04,fc,c8,3a,96,d6,ca,c5,7d
[HKEY_USERS\S-1-5-21-1039909693-3276849548-4189819475-1000\Software\SecuROM\License information*]
"datasecu"=hex:c0,fe,5d,6f,13,0b,fd,0a,90,e7,ba,b2,b1,dc,f2,7e,4a,2c,64,09,64,
4d,d9,50,c1,26,2b,37,65,ef,01,fe,45,9c,af,cf,6f,60,6b,6b,6c,e1,d3,96,c1,23,\
"rkeysecu"=hex:87,4f,e2,d5,a2,39,ad,18,31,cb,7e,53,ba,bd,3a,a4
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\PresentationSettings.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2009-10-12 0:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 05:44
Pre-Run: 6,569,902,080 bytes free
Post-Run: 6,521,540,608 bytes free
280 --- E O F --- 2009-10-11 09:26
Now my computer is saying "Illegal Operation attempted on registry key that is marked for deletion"? What is going on? I know there were a couple of programs running, however, I could not shut them down. I didn't even have McAfee installed anywhere on my computer!
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
