View Full Version : virtumonde.prx?
marqiemark
2009-03-05, 11:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:22 AM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\MONSTER\Local Settings\Temp\CRF002\Audio\Drivers\COMMON\cthelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SYSTEM32\tbctray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TDS Internet Services
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {230a3c91-fd0d-faba-c204-9d46fbaf5d78} - {87d5fabf-64d9-402c-abaf-d0df19c3a032} - C:\WINDOWS\system32\zagwqs.dll
O2 - BHO: (no name) - {9d8db428-5e7f-4f66-b1df-4085b34ca59a} - C:\WINDOWS\system32\bonopefo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [WINDVDPatch] C:\Documents and Settings\MONSTER\Local Settings\Temp\CRF002\Audio\Drivers\COMMON\cthelper.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [tibalobali] Rundll32.exe "C:\WINDOWS\system32\liborazo.dll",s
O4 - HKLM\..\Run: [CPM247f20ea] Rundll32.exe "c:\windows\system32\rugalilu.dll",a
O4 - HKLM\..\Run: [274c1376] rundll32.exe "C:\WINDOWS\system32\jowukuyu.dll",b
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\SYSTEM32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://portal.tds.net/
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?2&6&04.00.04.03&unknown&unknown&http://www.scion.com/config/xb/viewpointzoom/cargo_org_full.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} - http://www.aerialsexpress.com/ecwplugins/ncs.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: cqsjgp.dll c:\windows\system32\lewokilo.dll c:\windows\system32\hafatipo.dll zagwqs.dll c:\windows\system32\rugalilu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rugalilu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rugalilu.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6404 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
marqiemark
2009-03-10, 08:44
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-02-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2003 7:19:40 PM
System Uptime: 3/10/2009 12:20:57 AM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | <P3B-F>
Processor: Intel Pentium III processor | SLOT 1 | 751/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (FAT32) - 8 GiB total, 0.323 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1101: 2/28/2009 5:16:15 PM - System Checkpoint
RP1102: 3/3/2009 5:35:07 AM - System Checkpoint
RP1103: 3/4/2009 2:58:12 PM - System Checkpoint
RP1104: 3/7/2009 10:45:06 PM - System Checkpoint
==== Installed Programs ======================
Ad-Aware
Adobe Flash Player ActiveX
ASUS Update V2.24
Canon i550
Coupon Printer for Windows
DriverAgent by eSupport.com
E-Color Indicator
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
RegCure 1.5.2.7
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
SMBus
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
TaxCut Premium 2006
Turtle Beach Santa Cruz Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
==== Event Viewer Messages From Past Week ========
3/4/2009 1:41:27 AM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/4/2009 1:41:27 AM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/4/2009 1:41:27 AM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.
3/4/2009 1:41:26 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
==== End Of File ===========================
marqiemark
2009-03-10, 08:45
DDS (Ver_09-02-01.01) - FAT32x86
Run by MONSTER at 0:30:23.47 on Tue 03/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.282 [GMT -6:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\imapi.exe
C:\Documents and Settings\MONSTER\Local Settings\Temp\CRF002\Audio\Drivers\COMMON\cthelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SYSTEM32\tbctray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MONSTER\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.altavista.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by TDS Internet Services
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {9d8db428-5e7f-4f66-b1df-4085b34ca59a} - c:\windows\system32\bonopefo.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: {a7118441-1d87-972b-ecf4-daefec41fa7c}: {c7af14ce-fead-4fce-b279-78d11448117a} - c:\windows\system32\ivrhzt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
mRun: [WINDVDPatch] c:\documents and settings\monster\local settings\temp\crf002\audio\drivers\common\cthelper.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SystemTray] SysTray.Exe
mRun: [nwiz] nwiz.exe /install
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [tibalobali] Rundll32.exe "c:\windows\system32\liborazo.dll",s
mRun: [274c1376] rundll32.exe "c:\windows\system32\nehamubu.dll",b
mRun: [CPM247f20ea] Rundll32.exe "c:\windows\system32\jimiwemo.dll",a
mRun: [TraySantaCruz] c:\windows\system32\tbctray.exe
uPolicies-explorer: <NO NAME> =
mPolicies-explorer: <NO NAME> =
dPolicies-explorer: <NO NAME> =
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?2&6&04.00.04.03&unknown&unknown&http://www.scion.com/config/xb/viewpointzoom/cargo_org_full.html
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} - hxxp://www.aerialsexpress.com/ecwplugins/ncs.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37975.9063310185
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: cqsjgp.dll c:\windows\system32\lewokilo.dll c:\windows\system32\hafatipo.dll ivrhzt.dll c:\windows\system32\jimiwemo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jimiwemo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jimiwemo.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-5 64160]
R1 SMBus;SMBus;c:\windows\system32\drivers\SMBus.sys [2003-12-3 73824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951120]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2004-12-12 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2004-12-12 545088]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2004-10-16 23856]
S3 USRTI;U.S. Robotics Faxmodem Driver TI;c:\windows\system32\drivers\USRTI.SYS [2003-8-22 765884]
S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2004-12-12 19232]
=============== Created Last 30 ================
2009-03-10 00:01 121 ---sh--- c:\windows\system32\ayifebub.ini
2009-03-10 00:01 142,336 a--sh--- c:\windows\system32\ivrhzt.dll
2009-03-10 00:01 142,336 a--sh--- c:\windows\system32\wabodezi.dll
2009-03-10 00:01 100,864 a--sh--- c:\windows\system32\bubefiya.dll
2009-03-09 11:20 1,808,094 ---sh--- c:\windows\system32\ubumahen.ini
2009-03-09 11:20 142,848 a--sh--- c:\windows\system32\hytrwk.dll
2009-03-09 11:20 142,848 a--sh--- c:\windows\system32\wasodoku.dll
2009-03-09 11:20 100,864 a--sh--- c:\windows\system32\nehamubu.dll
2009-03-09 11:20 107,520 a--sh--- c:\windows\system32\nepimari.dll
2009-03-08 12:09 1,808,081 ---sh--- c:\windows\system32\anopedej.ini
2009-03-08 12:09 140,288 a--sh--- c:\windows\system32\uhccre.dll
2009-03-08 12:09 140,288 a--sh--- c:\windows\system32\bobajitu.dll
2009-03-08 12:09 108,032 a--sh--- c:\windows\system32\pefeveli.dll
2009-03-07 21:41 141,824 a--sh--- c:\windows\system32\bgmdwz.dll
2009-03-07 21:41 1,808,094 ---sh--- c:\windows\system32\usigoyed.ini
2009-03-07 21:41 141,824 a--sh--- c:\windows\system32\mofawulo.dll
2009-03-07 21:41 107,008 a--sh--- c:\windows\system32\matihoji.dll
2009-03-06 22:56 142,336 a--sh--- c:\windows\system32\umefqd.dll
2009-03-06 22:56 1,808,112 ---sh--- c:\windows\system32\ujapagol.ini
2009-03-06 22:56 142,336 a--sh--- c:\windows\system32\vemusise.dll
2009-03-06 22:56 107,520 a--sh--- c:\windows\system32\pinofivu.dll
2009-03-06 02:13 1,808,094 ---sh--- c:\windows\system32\esuyapas.ini
2009-03-06 02:13 142,336 a--sh--- c:\windows\system32\qzpgei.dll
2009-03-06 02:13 142,336 a--sh--- c:\windows\system32\fofuhiza.dll
2009-03-06 02:13 107,520 a--sh--- c:\windows\system32\vazoguti.dll
2009-03-05 13:58 142,336 a--sh--- c:\windows\system32\kzpqty.dll
2009-03-05 13:58 1,812,867 ---sh--- c:\windows\system32\arirahom.ini
2009-03-05 13:58 142,336 a--sh--- c:\windows\system32\rusejafe.dll
2009-03-05 13:58 105,984 a--sh--- c:\windows\system32\wiyoyova.dll
2009-03-05 13:58 100,864 a--sh--- c:\windows\system32\moharira.dll
2009-03-05 02:56 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 02:43 1,800,536 ---sh--- c:\windows\system32\uyukuwoj.ini
2009-03-05 02:04 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-05 02:04 48 a---h--- C:\aaw7boot.cmd
2009-03-05 01:58 143,360 a--sh--- c:\windows\system32\zagwqs.dll
2009-03-05 01:58 143,360 a--sh--- c:\windows\system32\lenipuna.dll
2009-03-05 01:58 107,520 a--sh--- c:\windows\system32\rugalilu.dll
2009-03-05 01:23 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-05 01:19 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 01:18 <DIR> --d----- c:\program files\Lavasoft
2009-03-04 13:57 142,336 a--sh--- c:\windows\system32\knonww.dll
2009-03-04 13:57 142,336 a--sh--- c:\windows\system32\vataguhi.dll
2009-03-04 01:22 142,848 a--sh--- c:\windows\system32\izvrlp.dll
2009-03-04 01:22 142,848 a--sh--- c:\windows\system32\pojezija.dll
2009-03-03 02:23 144,896 a--sh--- c:\windows\system32\cqsjgp.dll
2009-03-03 02:23 144,896 a--sh--- c:\windows\system32\garopudu.dll
2009-03-03 02:23 108,544 a--sh--- c:\windows\system32\yuwelete.dll
2009-03-03 02:23 100,864 -------- c:\windows\system32\nopihizu.dll
2009-03-03 02:18 69,632 a--sh--- c:\windows\system32\liborazo.dll
2009-03-03 02:18 69,632 a--sh--- c:\windows\system32\bonopefo.dll
2009-03-03 02:18 6,456 a---h--- c:\windows\system32\nudepafe
==================== Find3M ====================
2006-04-18 14:26 65,112 a------- c:\docume~1\monster\applic~1\GDIPFONTCACHEV1.DAT
2005-11-02 01:10 26,958 a------- c:\program files\Movieland Terms.html
2002-02-21 00:41 23,357 a------- c:\program files\folder.htt
2002-02-21 00:41 271 ---sh--- c:\program files\desktop.ini
2004-05-28 12:26 2,569 a--sh--- c:\windows\fxdnj.dat
============= FINISH: 0:36:39.71 ===============
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
marqiemark
2009-03-11, 08:55
ComboFix 09-03-10.01 - MONSTER 2009-03-11 0:34:26.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.263 [GMT -6:00]
Running from: c:\documents and settings\MONSTER\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\MONSTER\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\MONSTER\LOCALS~1\Temp\tmp2.tmp
c:\program files\mediapipe
c:\program files\mediapipe\Agent.dll
c:\program files\mediapipe\altpayments_terms.txt
c:\program files\mediapipe\api.exe
c:\program files\mediapipe\insdl.dll
c:\program files\mediapipe\MediaPipe.ini
c:\program files\mediapipe\p2pinst.exe
c:\program files\mediapipe\p2pl.exe
c:\program files\mediapipe\register.dll
C:\secure32.html
c:\windows\start.exe
c:\windows\system32\bgmdwz.dll
c:\windows\system32\bobajitu.dll
c:\windows\system32\bodihovi.dll
c:\windows\system32\bonopefo.dll
c:\windows\system32\bubefiya.dll
c:\windows\system32\bxudzy.dll
c:\windows\system32\cqsjgp.dll
c:\windows\system32\famiyoba.dll
c:\windows\system32\fofuhiza.dll
c:\windows\system32\garopudu.dll
c:\windows\system32\hizidaku.dll
c:\windows\system32\hytrwk.dll
c:\windows\system32\ivrhzt.dll
c:\windows\system32\izvrlp.dll
c:\windows\system32\knonww.dll
c:\windows\system32\kzpqty.dll
c:\windows\system32\lenipuna.dll
c:\windows\system32\liborazo.dll
c:\windows\system32\matihoji.dll
c:\windows\system32\mofawulo.dll
c:\windows\system32\moharira.dll
c:\windows\system32\nepimari.dll
c:\windows\system32\nopihizu.dll
c:\windows\system32\pefeveli.dll
c:\windows\system32\pinofivu.dll
c:\windows\system32\pojezija.dll
c:\windows\system32\qzpgei.dll
c:\windows\system32\rugalilu.dll
c:\windows\system32\rusejafe.dll
c:\windows\system32\uhccre.dll
c:\windows\system32\umefqd.dll
c:\windows\system32\vataguhi.dll
c:\windows\system32\vazoguti.dll
c:\windows\system32\vemusise.dll
c:\windows\system32\wabodezi.dll
c:\windows\system32\wasodoku.dll
c:\windows\system32\windows.scr
c:\windows\system32\wiyoyova.dll
c:\windows\system32\yuwelete.dll
c:\windows\system32\zagwqs.dll
c:\windows\Web\default.htt
c:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.
2009-03-10 12:41 . 2009-03-11 00:24 1,808,103 ---hs---- c:\windows\SYSTEM32\ivohidob.ini
2009-03-10 00:01 . 2009-03-10 00:01 121 ---hs---- c:\windows\SYSTEM32\ayifebub.ini
2009-03-09 11:20 . 2009-03-10 00:50 1,808,094 ---hs---- c:\windows\SYSTEM32\ubumahen.ini
2009-03-08 12:09 . 2009-03-08 12:31 1,808,081 ---hs---- c:\windows\SYSTEM32\anopedej.ini
2009-03-07 21:41 . 2009-03-07 22:03 1,808,094 ---hs---- c:\windows\SYSTEM32\usigoyed.ini
2009-03-06 22:56 . 2009-03-07 00:20 1,808,112 ---hs---- c:\windows\SYSTEM32\ujapagol.ini
2009-03-06 02:13 . 2009-03-06 22:56 1,808,094 ---hs---- c:\windows\SYSTEM32\esuyapas.ini
2009-03-05 13:58 . 2009-03-05 14:24 1,812,867 ---hs---- c:\windows\SYSTEM32\arirahom.ini
2009-03-05 02:56 . 2009-03-05 02:56 <DIR> d-------- c:\program files\Trend Micro
2009-03-05 02:50 . 2009-03-05 02:50 <DIR> d-------- c:\program files\RegCure
2009-03-05 02:43 . 2009-03-05 03:04 1,800,536 ---hs---- c:\windows\SYSTEM32\uyukuwoj.ini
2009-03-05 02:04 . 2009-03-05 01:22 15,688 --a------ c:\windows\SYSTEM32\lsdelete.exe
2009-03-05 02:04 . 2009-03-05 02:04 48 --ah----- C:\aaw7boot.cmd
2009-03-05 01:23 . 2009-03-05 01:22 64,160 --a------ c:\windows\SYSTEM32\DRIVERS\Lbd.sys
2009-03-05 01:19 . 2009-03-05 01:19 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 01:18 . 2009-03-05 01:19 <DIR> d-------- c:\program files\Lavasoft
2009-03-05 01:18 . 2009-03-05 01:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-03 02:18 . 2009-03-11 00:38 6,456 --ah----- c:\windows\SYSTEM32\nudepafe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-04-18 20:26 65,112 ----a-w c:\documents and settings\MONSTER\Application Data\GDIPFONTCACHEV1.DAT
2005-11-02 07:10 26,958 ----a-w c:\program files\Movieland Terms.html
2002-02-21 06:41 271 --sh--w c:\program files\desktop.ini
2002-02-21 06:41 23,357 ----a-w c:\program files\folder.htt
2004-05-28 18:26 2,569 --sha-w c:\windows\fxdnj.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"TraySantaCruz"="c:\windows\SYSTEM32\tbctray.exe" [2002-04-17 290816]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\SYSTEM32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"VIDC.IV41"= ir41_32.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\windows\SYSTEM32\QTTASK.EXE" -atboottime
"Disc Detector"=c:\program files\Creative\ShareDLL\CtNotify.exe
"AudioHQ"=c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE
"NewsUpd"=c:\program files\Creative\News\NewsUpd.EXE /q
"CTAVTray"=c:\program files\CREATIVE\SBLIVE\PROGRAM\CTAvTray.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft IntelliPoint\\IPOINT.EXE"=
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2009-03-05 64160]
R1 SMBus;SMBus;c:\windows\SYSTEM32\DRIVERS\SMBus.sys [2003-12-03 73824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120]
R3 tbcspud;Santa Cruz Driver;c:\windows\SYSTEM32\DRIVERS\tbcspud.sys [2004-12-12 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\SYSTEM32\DRIVERS\tbcwdm.sys [2004-12-12 545088]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [2004-10-16 23856]
S3 USRTI;U.S. Robotics Faxmodem Driver TI;c:\windows\SYSTEM32\DRIVERS\USRTI.SYS [2003-08-22 765884]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2004-12-12 19232]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\UPDCRL.EXE -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2009-03-09 c:\windows\Tasks\PCHealth Scheduler for Data Collection.job
- c:\windows\PCHEALTH\SUPPORT\PCHSCHD.EXE []
2009-03-09 c:\windows\Tasks\Maintenance-Defragment programs.job
- c:\program files\Norton SystemWorks\Speed Disk\SDNTC.EXE []
2009-03-01 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\CLEANMGR.EXE []
2009-03-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-05 01:22]
2009-03-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 11:58]
2009-03-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 11:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{9d8db428-5e7f-4f66-b1df-4085b34ca59a} - c:\windows\system32\bonopefo.dll
BHO-{a23ba085-7be5-4d41-b24b-c4a27a393d81} - c:\windows\system32\bxudzy.dll
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKLM-Run-WINDVDPatch - c:\documents and settings\MONSTER\Local Settings\Temp\CRF002\Audio\Drivers\COMMON\cthelper.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-NetMeter - c:\program files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.altavista.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 00:40:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\program files\LAVASOFT\AD-AWARE\AAWTRAY.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Completion time: 2009-03-11 0:45:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-11 06:45:46
Pre-Run: 211,308,544 bytes free
Post-Run: 472,412,160 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout =3
default =multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /noguiboot
211 --- E O F --- 2008-09-10 10:14:15
Hi
Please run DDS again and post back dds.txt contents :)
Hi
What's the status here?
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.