Jump to content

Malwarebytes

security tool help

- - - - -
Started by erica, Oct 19 2009 12:50 PM

31 replies to this topic

#1
erica
Posted 19 October 2009 - 12:50 PM

    New Member

  • Members
  • Pip
  • 24 posts
I think I might have posted this originally in the wrong spot but am thinking this might be the right spot now.

I too have the security tool virus. I got up to running malwarebytes but it says:

unable to execute file
create process failed code 2
system cannont find file specified


Thanks in advance!

#2
Blade81
Posted 22 October 2009 - 06:10 AM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#3
erica
Posted 22 October 2009 - 11:05 AM

    New Member

  • Members
  • Pip
  • 24 posts
Thank you. I hope this isn't a stupid question but what is script blocker and how would I turn that off before following your steps?



View PostBlade81, on Oct 22 2009, 02:10 AM, said:

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

#4
Blade81
Posted 22 October 2009 - 01:21 PM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Hi,

Quite often there's nothing needed to be turned off. If DDS logs aren't generated then it's possible that there's script blocker present.

See if you're able to get the logs created :lol:
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#5
erica
Posted 22 October 2009 - 05:03 PM

    New Member

  • Members
  • Pip
  • 24 posts
Thanks! I was able to do it and have all the logs. The only thing I am not sure of is how you want me to post te attach.txt... I should use the attachment button on here and upload it? I will hold off on posting that one but here are the others. I have the other one done, just wanted to make sure I am doing it right with how to post it. Thank you so much for your patience and help!

DDS Log:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Ericas at 8:36:29.61 on Thu 10/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.136 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ericas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_12\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [<NO NAME>]
mRun: [ReminderApp] c:\program files\nova development\scrapbook factory deluxe 4.0\ReminderApp.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [30450618] c:\docume~1\alluse~1\applic~1\30450618\30450618.exe
mRun: [12596528] c:\docume~1\alluse~1\applic~1\12596528\12596528.exe
mRun: [03297728] c:\docume~1\alluse~1\applic~1\03297728\03297728.exe
mRun: [53090926] c:\documents and settings\all users\application data\53090926\53090926.exe
mRun: [lumeveyuy] Rundll32.exe "c:\windows\system32\wopowupa.dll",a
StartupFolder: c:\docume~1\ericas\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: plaxo.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxp://www.winkflash.com/photo/loaders/SAXFile.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://auctiva.com/hostedimages/activex/xupload/XUpload.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: diyorinu.dll c:\windows\system32\wopowupa.dll
SSODL: mejurinul - {6ae283dd-afa6-4b00-91d9-76b9392d554f} - c:\windows\system32\wopowupa.dll
STS: mujuzedij: {6ae283dd-afa6-4b00-91d9-76b9392d554f} - c:\windows\system32\wopowupa.dll
LSA: Notification Packages = scecli sekamuva.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ericas\applic~1\mozilla\firefox\profiles\dlj2gb2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\siteranker\firefox\components\siterank.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-21 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-21 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-31 297752]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-3-27 165160]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 sysrest.sys;sysrest.sys;\??\c:\windows\system32\sysrest.sys --> c:\windows\system32\sysrest.sys [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-10-21 10:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\53090926
2009-10-20 08:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\03297728
2009-10-19 14:20 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 14:20 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-19 14:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\74523930
2009-10-18 18:04 <DIR> --d----- c:\windows\pss
2009-10-18 10:46 3,550,592 a------- C:\explorer.exe
2009-10-17 07:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\30450618
2009-10-16 19:36 <DIR> --d----- c:\docume~1\ericas\applic~1\AVG8
2009-10-09 07:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12596528
2009-10-01 13:59 <DIR> --d----- c:\docume~1\ericas\applic~1\SiteRanker
2009-10-01 13:57 <DIR> --d----- c:\program files\SiteRanker

==================== Find3M ====================

2009-10-18 19:48 7,310 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-23 11:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-23 11:36 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2006-05-29 20:18 104 -c-shr-- c:\windows\system32\011EF8728B.sys
2007-07-19 18:09 56 -c-shr-- c:\windows\system32\64D9EF434C.sys
2009-07-17 07:29 1,114,831 a--sh--- c:\windows\system32\bajawupo.exe
2009-07-18 19:06 38,400 a--sh--- c:\windows\system32\dagenoja.dll
2009-07-21 10:29 51,712 a--sh--- c:\windows\system32\diyorinu.dll
2009-07-16 19:31 90,112 a--sh--- c:\windows\system32\fofufenu.dll
2009-07-21 10:28 51,712 a--sh--- c:\windows\system32\giviminu.dll
2009-07-18 07:06 38,400 a--sh--- c:\windows\system32\jitabine.dll
2009-07-19 07:07 38,400 a--sh--- c:\windows\system32\jotumumu.dll
2009-07-20 22:28 1,050,658 a--sh--- c:\windows\system32\kavutiro.exe
2009-07-18 07:06 38,400 a--sh--- c:\windows\system32\kevinoji.dll
2009-07-16 19:31 169,984 a--sh--- c:\windows\system32\kivifivu.dll
2009-07-20 08:04 39,424 a--sh--- c:\windows\system32\mijinube.dll
2009-07-22 06:48 1,051,682 a--sh--- c:\windows\system32\mokomaru.exe
2009-07-22 06:48 38,912 a--sh--- c:\windows\system32\muhoyawa.dll
2009-07-19 20:03 39,424 a--sh--- c:\windows\system32\nebawalo.dll
2009-07-18 07:06 1,115,189 a--sh--- c:\windows\system32\nekoneto.exe
2009-07-21 10:28 38,400 a--sh--- c:\windows\system32\nowikuje.dll
2009-07-09 07:22 60,928 a--sh--- c:\windows\system32\pafigewi.dll
2009-07-19 07:07 1,011,347 a--sh--- c:\windows\system32\piwagali.exe
2009-07-21 10:28 1,050,658 a--sh--- c:\windows\system32\pofuzema.exe
2009-07-20 22:28 38,400 a--sh--- c:\windows\system32\pujadoli.dll
2009-07-21 10:29 51,712 a--sh--- c:\windows\system32\sekamuva.dll
2009-07-18 07:05 1,115,189 a--sh--- c:\windows\system32\tavuhefo.exe
2009-07-19 20:03 1,011,367 a--sh--- c:\windows\system32\tijevufi.exe
2009-07-17 07:29 38,400 a--sh--- c:\windows\system32\towoyila.dll
2009-07-09 07:21 1,011,208 a--sh--- c:\windows\system32\vewalimu.exe
2009-07-09 07:21 175,104 a--sh--- c:\windows\system32\vigalefe.dll
2009-07-16 19:31 52,224 a--sh--- c:\windows\system32\vororeni.dll
2009-07-17 07:29 89,088 a--sh--- c:\windows\system32\wijuyira.dll
2009-07-22 06:48 90,112 a--sh--- c:\windows\system32\wopowupa.dll
2009-07-18 19:06 1,011,235 a--sh--- c:\windows\system32\wudepuve.exe
2009-07-21 10:29 51,712 a--sh--- c:\windows\system32\yugutoyi.dll
2009-07-09 07:21 82,944 a--sh--- c:\windows\system32\zafufovi.dll
2009-07-21 10:28 90,112 a--sh--- c:\windows\system32\zakawuli.dll
2009-07-18 07:06 89,088 a--sh--- c:\windows\system32\zevawitu.dll
2009-07-20 08:04 1,011,209 a--sh--- c:\windows\system32\zezowawi.exe
2009-07-16 19:31 1,111,915 a--sh--- c:\windows\system32\ziresula.exe

============= FINISH: 8:37:37.02 ===============



GMER Scan:



GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-22 12:42:47
Windows 5.1.2600 Service Pack 2
Running: nyxne5n0.exe; Driver: C:\DOCUME~1\Ericas\LOCALS~1\Temp\uxtdapog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 100026D2 c:\windows\system32\wopowupa.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10002DD0 c:\windows\system32\wopowupa.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 100026D2 c:\windows\system32\wopowupa.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4636] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DD0 c:\windows\system32\wopowupa.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 00EC26D2 c:\windows\system32\wopowupa.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5568] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00EC2DD0 c:\windows\system32\wopowupa.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D32F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D32CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D32D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D32CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [016E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02832F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02832CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02832D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02832CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[2836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[2836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[2836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[2836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Documents and Settings\Ericas\Desktop\nyxne5n0.exe[5932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Ericas\Desktop\nyxne5n0.exe[5932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Ericas\Desktop\nyxne5n0.exe[5932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Ericas\Desktop\nyxne5n0.exe[5932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\notepad.exe[6900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\notepad.exe[6900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\notepad.exe[6900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\notepad.exe[6900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\notepad.exe[6904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\notepad.exe[6904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\notepad.exe[6904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\notepad.exe[6904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat F100AC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#6
Blade81
Posted 22 October 2009 - 05:07 PM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
You may paste attach.txt contents to your reply :lol:

Time for next set of instructions.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.


  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#7
erica
Posted 22 October 2009 - 05:10 PM

    New Member

  • Members
  • Pip
  • 24 posts
[quote name='Blade81' date='Oct 22 2009, 01:07 PM' post='147147']
You may paste attach.txt contents to your reply :lol:

Here is my attch.txt I will go do the next set of instructions now. Thank you! thank you! thank you!



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/10/2006 4:03:20 PM
System Uptime: 10/22/2009 6:59:02 AM (2 hours ago)

Motherboard: Dell Computer Corporation | | 0X8957
Processor: Intel® Celeron® M processor 1.40GHz | Microprocessor | 1398/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 34 GiB total, 9.652 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP216: 7/30/2009 5:10:07 PM - Software Distribution Service 3.0
RP217: 8/6/2009 3:25:15 PM - System Checkpoint
RP218: 8/8/2009 8:18:05 AM - System Checkpoint
RP219: 8/9/2009 9:35:22 AM - System Checkpoint
RP220: 8/10/2009 8:05:59 AM - Installed Seagate Manager Installer
RP221: 8/11/2009 10:00:35 AM - System Checkpoint
RP222: 8/11/2009 9:03:02 PM - Software Distribution Service 3.0
RP223: 8/13/2009 6:03:19 AM - Software Distribution Service 3.0
RP224: 8/14/2009 10:37:18 PM - Software Distribution Service 3.0
RP225: 8/15/2009 8:05:53 PM - Avg8 Update
RP226: 8/17/2009 7:37:00 AM - System Checkpoint
RP227: 8/17/2009 8:18:22 AM - Installed Windows Internet Explorer 8.
RP228: 8/17/2009 8:19:36 AM - Software Distribution Service 3.0
RP229: 8/18/2009 8:55:13 AM - System Checkpoint
RP230: 8/19/2009 8:57:17 AM - System Checkpoint
RP231: 8/20/2009 9:52:19 AM - Avg8 Update
RP232: 8/22/2009 4:24:42 PM - System Checkpoint
RP233: 8/23/2009 11:34:48 AM - Avg8 Update
RP234: 8/23/2009 11:37:28 AM - Avg8 Update
RP235: 8/26/2009 9:17:12 AM - System Checkpoint
RP236: 8/26/2009 8:17:44 PM - Software Distribution Service 3.0
RP237: 8/28/2009 10:01:27 AM - System Checkpoint
RP238: 8/30/2009 10:57:56 AM - System Checkpoint
RP239: 9/1/2009 4:46:30 PM - System Checkpoint
RP240: 9/2/2009 7:36:45 PM - System Checkpoint
RP241: 9/4/2009 8:13:11 AM - System Checkpoint
RP242: 9/5/2009 8:49:18 AM - System Checkpoint
RP243: 9/6/2009 9:54:46 AM - System Checkpoint
RP244: 9/7/2009 10:17:11 AM - System Checkpoint
RP245: 9/8/2009 2:26:43 PM - System Checkpoint
RP246: 9/9/2009 7:30:43 PM - Software Distribution Service 3.0
RP247: 9/11/2009 8:31:42 AM - System Checkpoint
RP248: 9/12/2009 1:43:09 PM - System Checkpoint
RP249: 9/13/2009 5:12:36 PM - System Checkpoint
RP250: 9/15/2009 2:50:01 PM - System Checkpoint
RP251: 9/17/2009 11:27:13 AM - System Checkpoint
RP252: 9/18/2009 4:16:28 PM - System Checkpoint
RP253: 9/21/2009 4:34:02 PM - System Checkpoint
RP254: 9/22/2009 6:06:29 PM - System Checkpoint
RP255: 9/24/2009 6:24:23 AM - System Checkpoint
RP256: 9/25/2009 9:35:45 AM - System Checkpoint
RP257: 9/26/2009 2:58:30 PM - System Checkpoint
RP258: 9/27/2009 5:48:38 PM - System Checkpoint
RP259: 9/29/2009 7:03:52 PM - System Checkpoint
RP260: 9/30/2009 7:20:32 PM - System Checkpoint
RP261: 10/2/2009 7:29:59 PM - System Checkpoint
RP262: 10/5/2009 2:14:29 PM - System Checkpoint
RP263: 10/6/2009 10:25:21 AM - Avg8 Update
RP264: 10/6/2009 10:27:07 AM - Avg8 Update
RP265: 10/7/2009 8:51:30 AM - Avg8 Update
RP266: 10/8/2009 1:53:45 PM - System Checkpoint
RP267: 10/16/2009 7:33:51 PM - Avg8 Update
RP268: 10/20/2009 4:20:20 PM - System Checkpoint
RP269: 10/21/2009 8:04:15 AM - Avg8 Update

==== Installed Programs ======================

AbiWord 2.6.3
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AOLIcon
Apple Software Update
ArcSoft Camera Suite
ArcSoft Collage Creator
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 8.5
Broadcom Management Programs 2
Brother HL-5170DN
Brother Peer to Peer Print (NetBIOS) 1.16
BUM
Conexant D480 MDC V.9x Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Corel Photo Album Additional Content
Coupon Printer for Windows
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support Center
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
Disney's Toontown Online
ELIcon
Google
HijackThis 2.0.2
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Internal Network Card Power Management
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 12
Java 2 Runtime Environment, SE v1.4.2_03
KODAK EASYSHARE Gallery Easy Upload, v2.0
Logitech QuickCam
Logitech QuickCam Driver Package
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.0.13)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
MyPublisher BookMaker
NetWaiting
NetZeroInstallers
Photo Click
PHOTORECOVERY® Limited Edition 3.0
PowerDVD 5.5
QuickSet
QuickTime
RawShooter essentials 2005
RealPlayer Basic
Scrapbook Factory Deluxe 4.0
Seagate Manager Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiteRanker
Smilebox
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Ulead Photo Explorer 8.0 SE Basic
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Winkflash Transporter
WinZip 11.1
WordPerfect Office 12
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/22/2009 8:26:36 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
10/18/2009 8:29:18 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/18/2009 7:16:28 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
10/18/2009 7:08:11 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file taskmgr.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
10/18/2009 7:05:27 AM, error: SCardSvr [610] - Smart Card Reader 'O2Micro PCMCIA Reader 0' rejected IOCTL GET_STATE: The device has been removed.
10/18/2009 7:05:25 AM, error: O2SCBUS [0] -
10/18/2009 7:05:24 AM, error: SCardSvr [616] - Reader monitor 'O2Micro PCMCIA Reader 0' received uncaught error code: The requested resource is in use.
10/18/2009 7:05:24 AM, error: SCardSvr [612] - Reader insertion monitor error retry threshold reached: The requested resource is in use.
10/18/2009 7:05:24 AM, error: SCardSvr [610] - Smart Card Reader 'O2Micro PCMCIA Reader 0' rejected IOCTL POWER: A device attached to the system is not functioning.
10/18/2009 7:05:09 AM, error: SCardSvr [610] - Smart Card Reader 'O2Micro PCMCIA Reader 0' rejected IOCTL POWER: The smart card is not responding to a reset.
10/18/2009 5:13:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/18/2009 5:10:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV AvgLdx86 AvgMfx86 Fips intelppm
10/18/2009 4:47:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/18/2009 4:47:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/18/2009 4:45:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/18/2009 4:45:08 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2009 4:45:08 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2009 4:45:08 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2009 4:45:08 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2009 10:19:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
10/18/2009 10:19:45 AM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/16/2009 11:51:23 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/16/2009 11:51:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/16/2009 11:50:01 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgtray.exe.old' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/16/2009 10:56:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service.

==== End Of File ===========================

#8
erica
Posted 22 October 2009 - 06:22 PM

    New Member

  • Members
  • Pip
  • 24 posts
I can't figure out how to temporarily close down avg free version like it says to do before using combofix. I disabled the resident shield thing but am not sure if that is enough.

#9
Blade81
Posted 22 October 2009 - 08:30 PM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Disabling resident shield should be enough :lol:
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#10
erica
Posted 22 October 2009 - 09:00 PM

    New Member

  • Members
  • Pip
  • 24 posts

View PostBlade81, on Oct 22 2009, 04:30 PM, said:

Disabling resident shield should be enough :lol:

I do hope I didn't screw up. I wasn't sure and was afraid to run combofix not knowing so I removed avg altogether and then got an awful feeling in my stomach that maybe I shouldn't have changed anything from when I started all the scans. Oh gosh... I do hope I am not back to step 1 just because I got quick to delete. After I had already done it is when I saw in the combofix guide that disabling resident shield was how to do it. I am currently running combofix on the computer (I am typing now from a different one).

#11
Blade81
Posted 22 October 2009 - 09:04 PM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
You may reinstall AVG (or some alternative antivirus program) when we're ready :lol:
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#12
erica
Posted 22 October 2009 - 09:27 PM

    New Member

  • Members
  • Pip
  • 24 posts

View PostBlade81, on Oct 22 2009, 05:04 PM, said:

You may reinstall AVG (or some alternative antivirus program) when we're ready :lol:

Phew! I just didn't know if it would throw stuff off having changed something from how it was. Thank you!!

Here is the combofix Log

ComboFix 09-10-21.02 - Ericas 10/22/2009 16:53.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.221 [GMT -4:00]
Running from: c:\documents and settings\Ericas\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\03297728
c:\documents and settings\All Users\Application Data\03297728\03297728.exe
c:\documents and settings\All Users\Application Data\53090926
c:\documents and settings\All Users\Application Data\53090926\53090926.bat
c:\documents and settings\All Users\Application Data\53090926\53090926.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Ericas\Application Data\02000000b627f0c1C.manifest
c:\documents and settings\Ericas\Application Data\02000000b627f0c1O.manifest
c:\documents and settings\Ericas\Application Data\02000000b627f0c1P.manifest
c:\documents and settings\Ericas\Application Data\02000000b627f0c1R.manifest
c:\documents and settings\Ericas\Application Data\02000000b627f0c1S.manifest
c:\documents and settings\Ericas\Desktop\Security Tool.lnk
c:\documents and settings\Ericas\Start Menu\Programs\Security Tool.lnk
C:\explorer.exe
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\bajawupo.exe
c:\windows\system32\BSTIeprintctl1.dll
c:\windows\system32\dagenoja.dll
c:\windows\system32\diyorinu.dll
c:\windows\system32\duyagawe.dll.tmp
c:\windows\system32\fofufenu.dll
c:\windows\system32\fuzuwigi.dll.tmp
c:\windows\system32\giviminu.dll
c:\windows\system32\iexplore.exe
c:\windows\system32\jitabine.dll
c:\windows\system32\jotumumu.dll
c:\windows\system32\kevinoji.dll
c:\windows\system32\kivifivu.dll
c:\windows\system32\mijinube.dll
c:\windows\system32\muhoyawa.dll
c:\windows\system32\nebawalo.dll
c:\windows\system32\nekoneto.exe
c:\windows\system32\nowikuje.dll
c:\windows\system32\pafigewi.dll
c:\windows\system32\piwagali.exe
c:\windows\system32\pujadoli.dll
c:\windows\system32\ranuvozo.dll.tmp
c:\windows\system32\sekamuva.dll
c:\windows\system32\tavuhefo.exe
c:\windows\system32\tijevufi.exe
c:\windows\system32\towoyila.dll
c:\windows\system32\vewalimu.exe
c:\windows\system32\vigalefe.dll
c:\windows\system32\vororeni.dll
c:\windows\system32\wijuyira.dll
c:\windows\system32\wopowupa.dll
c:\windows\system32\wudepuve.exe
c:\windows\system32\yugutoyi.dll
c:\windows\system32\zafufovi.dll
c:\windows\system32\zevawitu.dll
c:\windows\system32\zezowawi.exe
c:\windows\system32\ziresula.exe
C:\xcrashdump.dat

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-21 02:28 . 2009-10-21 02:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SiteRanker
2009-10-19 13:57 . 2009-10-19 13:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-18 23:07 . 2009-10-19 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\74523930
2009-10-18 22:17 . 2009-10-18 23:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 11:29 . 2009-10-19 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\30450618
2009-10-16 23:36 . 2009-10-16 23:36 -------- d-----w- c:\documents and settings\Ericas\Application Data\AVG8
2009-10-09 11:22 . 2009-10-16 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\12596528
2009-10-08 17:15 . 2009-10-08 17:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-01 17:59 . 2009-10-01 17:59 -------- d-----w- c:\documents and settings\Ericas\Application Data\SiteRanker
2009-10-01 17:57 . 2009-10-01 17:57 -------- d-----w- c:\program files\SiteRanker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 20:21 . 2008-08-22 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-21 12:28 . 2006-03-19 19:22 -------- d-----w- c:\documents and settings\Ericas\Application Data\AdobeUM
2009-10-20 21:42 . 2006-02-28 02:21 -------- d-----w- c:\program files\Trend Micro
2009-10-18 23:48 . 2006-03-10 21:26 7310 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-18 21:15 . 2006-02-28 02:05 -------- d-----w- c:\program files\NetWaiting
2009-10-18 21:15 . 2006-02-28 02:05 -------- d-----w- c:\program files\Modem Helper
2009-10-18 21:15 . 2006-02-28 01:47 -------- d-----w- c:\program files\Apoint
2009-10-06 17:58 . 2008-07-04 17:45 -------- d-----w- c:\program files\Coupons
2009-08-06 23:24 . 2004-08-10 19:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-10 19:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-10 19:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-10 19:02 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 18:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-10 19:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-10 19:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2006-05-30 00:18 . 2006-03-10 21:26 104 -csh--r- c:\windows\system32\011EF8728B.sys
2007-07-19 22:09 . 2007-07-19 22:09 56 -csh--r- c:\windows\system32\64D9EF434C.sys
2009-07-21 02:28 . 2009-07-21 02:28 1050658 --sha-w- c:\windows\system32\kavutiro.exe
2009-07-22 10:48 . 2009-07-22 10:48 1051682 --sha-w- c:\windows\system32\mokomaru.exe
2009-07-21 14:28 . 2009-07-21 14:28 1050658 --sha-w- c:\windows\system32\pofuzema.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2009-08-10 10:39 311808 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-02-28 26112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ReminderApp"="c:\program files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe" [2007-06-08 161864]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2009-08-10 273920]

c:\documents and settings\Ericas\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-6-7 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-2-27 24576]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 3:54 PM 165160]
.
Contents of the 'Scheduled Tasks' folder

2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 21:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: plaxo.com\www
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
FF - ProfilePath - c:\documents and settings\Ericas\Application Data\Mozilla\Firefox\Profiles\dlj2gb2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\SiteRanker\firefox\components\siterank.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{669eebef-8e2b-4fc0-9117-c8f37f3cc349} - yugutoyi.dll
HKLM-Run-30450618 - c:\docume~1\ALLUSE~1\APPLIC~1\30450618\30450618.exe
HKLM-Run-12596528 - c:\docume~1\ALLUSE~1\APPLIC~1\12596528\12596528.exe
HKLM-Run-03297728 - c:\docume~1\ALLUSE~1\APPLIC~1\03297728\03297728.exe
HKLM-Run-53090926 - c:\documents and settings\All Users\Application Data\53090926\53090926.exe
HKLM-Run-lumeveyuy - c:\windows\system32\wopowupa.dll
HKLM-Run-jehijimovi - sekamuva.dll
SharedTaskScheduler-{6ae283dd-afa6-4b00-91d9-76b9392d554f} - c:\windows\system32\wopowupa.dll
SSODL-mejurinul-{6ae283dd-afa6-4b00-91d9-76b9392d554f} - c:\windows\system32\wopowupa.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 17:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\combofix\CF26935.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\program files\Apoint\HidFind.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Java\jre1.5.0_12\bin\jucheck.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-22 21:18

Pre-Run: 10,298,597,376 bytes free
Post-Run: 14,286,057,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 95E0C5D0659D5017724D332FD3AC9084

#13
Blade81
Posted 23 October 2009 - 07:52 AM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Please post a fresh dds.txt log too :lol:
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#14
erica
Posted 23 October 2009 - 10:49 AM

    New Member

  • Members
  • Pip
  • 24 posts

View PostBlade81, on Oct 23 2009, 03:52 AM, said:

Please post a fresh dds.txt log too :lol:

Here is a fresh dds.txt log :lol:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Ericas at 6:50:49.78 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.148 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ericas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_12\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ReminderApp] c:\program files\nova development\scrapbook factory deluxe 4.0\ReminderApp.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
StartupFolder: c:\docume~1\ericas\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: plaxo.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxp://www.winkflash.com/photo/loaders/SAXFile.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://auctiva.com/hostedimages/activex/xupload/XUpload.ocx
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ericas\applic~1\mozilla\firefox\profiles\dlj2gb2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-3-27 165160]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

=============== Created Last 30 ================

2009-10-22 16:46 <DIR> a-dshr-- C:\cmdcons
2009-10-22 16:44 236,544 a------- c:\windows\PEV.exe
2009-10-22 16:44 161,792 a------- c:\windows\SWREG.exe
2009-10-22 16:44 98,816 a------- c:\windows\sed.exe
2009-10-18 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\74523930
2009-10-18 18:04 <DIR> --d----- c:\windows\pss
2009-10-17 07:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\30450618
2009-10-16 19:36 <DIR> --d----- c:\docume~1\ericas\applic~1\AVG8
2009-10-09 07:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12596528
2009-10-01 13:59 <DIR> --d----- c:\docume~1\ericas\applic~1\SiteRanker
2009-10-01 13:57 <DIR> --d----- c:\program files\SiteRanker

==================== Find3M ====================

2009-10-18 19:48 7,310 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-09-11 10:03 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 10:03 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 16:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 04:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 04:16 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 08:51 2,185,984 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 08:51 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 08:49 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 08:02 2,062,976 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:02 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 08:02 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2006-05-29 20:18 104 -c-shr-- c:\windows\system32\011EF8728B.sys
2007-07-19 18:09 56 -c-shr-- c:\windows\system32\64D9EF434C.sys
2009-07-20 22:28 1,050,658 a--sh--- c:\windows\system32\kavutiro.exe
2009-07-22 06:48 1,051,682 a--sh--- c:\windows\system32\mokomaru.exe
2009-07-21 10:28 1,050,658 a--sh--- c:\windows\system32\pofuzema.exe

============= FINISH: 6:51:35.68 ===============

#15
Blade81
Posted 23 October 2009 - 03:25 PM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

http://www.malwarebytes.org/forums/index.php?showtopic=28258
Suspect::
c:\windows\system32\011EF8728B.sys
c:\windows\system32\64D9EF434C.sys
Collect::
c:\windows\system32\kavutiro.exe
c:\windows\system32\mokomaru.exe
c:\windows\system32\pofuzema.exe
DDS::
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
Folder::
c:\docume~1\alluse~1\applic~1\74523930
c:\docume~1\alluse~1\applic~1\30450618
c:\docume~1\alluse~1\applic~1\12596528


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. Have system connected to internet so samples can be submited (you should be shown a dialog related to this).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.

  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


* Go here to run an online scanner from ESET.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#16
erica
Posted 23 October 2009 - 07:03 PM

    New Member

  • Members
  • Pip
  • 24 posts
Still on the first step... I put the script into combofix and ran it and it came up saying there is a new edition of combofix do I want to update it? Should I click yes on this? (I am writing from a different computer)

Thanks! :lol:

#17
Blade81
Posted 23 October 2009 - 07:10 PM

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,230 posts
  • Gender:Male
  • Location:Finland
  • Interests:Floorball, football, music, computers..
Yes, let it update :lol:
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

#18
erica
Posted 23 October 2009 - 07:32 PM

    New Member

  • Members
  • Pip
  • 24 posts

View PostBlade81, on Oct 23 2009, 03:10 PM, said:

Yes, let it update :lol:

All it says in the log is that the upload was successful. Is that all the log should be for that?

#19
erica
Posted 23 October 2009 - 09:25 PM

    New Member

  • Members
  • Pip
  • 24 posts
I hope it was ok that I moved on figuring that it was ok to even though the only log I got from combofix said upload successful...

but when I try to download Java Runtime Environment JRE 6 update 16, I get the following message:



Transmission Error
A transmission problem has prevented your transaction from being processed. The administrator has been notified by the system. Please try again later.

If this problem persists, please send us feedback to report this problem.

Thank you,

sun.com

#20
erica
Posted 23 October 2009 - 09:52 PM

    New Member

  • Members
  • Pip
  • 24 posts
Ok, tried again after trying a few times and it now working and for some reason now I got... off to try to fix up the java :lol:



View Posterica, on Oct 23 2009, 05:25 PM, said:

I hope it was ok that I moved on figuring that it was ok to even though the only log I got from combofix said upload successful...

but when I try to download Java Runtime Environment JRE 6 update 16, I get the following message:



Transmission Error
A transmission problem has prevented your transaction from being processed. The administrator has been notified by the system. Please try again later.

If this problem persists, please send us feedback to report this problem.

Thank you,

sun.com

Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us