grfarmer
2009-10-10, 21:07
I was in my yahoo email and AVG popped up I had a virus. It said it cleaned it, but now I keep getting popups and my Desktop is just a blue color. I downloaded Combofix and ran it. It seemed to have removed everything but in my TuneUp Utilities 2008 it still shows busuhepi and when I uncheck it as a startup, it rechecks itself.
Here is the log from Combofix
ComboFix 09-10-08.04 - Greg 10/10/2009 14:26.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.514 [GMT -4:00]
Running from: c:\documents and settings\Greg\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Yazzle1552OinUninstaller.exe
C:\VDM14F.tmp
C:\VDM150.tmp
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\rave
c:\windows\Downloaded Program Files\rave\avirexe.vdm
c:\windows\Downloaded Program Files\rave\avirscr.vdm
c:\windows\Downloaded Program Files\rave\base.vdm
c:\windows\Downloaded Program Files\rave\daily.vdm
c:\windows\Downloaded Program Files\rave\daily.vdt
c:\windows\Downloaded Program Files\rave\filters.vdm
c:\windows\Downloaded Program Files\rave\kernel.vdk
c:\windows\Downloaded Program Files\rave\keyring.vdk
c:\windows\Downloaded Program Files\rave\mapi_vdm.vdm
c:\windows\Downloaded Program Files\rave\modules.vdk
c:\windows\Downloaded Program Files\rave\rav8def.vdm
c:\windows\Downloaded Program Files\rave\rufs.vdm
c:\windows\Downloaded Program Files\rave\rufsplg.vdm
c:\windows\Downloaded Program Files\rave\unarch.vdm
c:\windows\Downloaded Program Files\rave\unmail.vdm
c:\windows\Downloaded Program Files\rave\unpack.vdm
c:\windows\Installer\117661f.msp
c:\windows\Installer\631e65.msp
c:\windows\Installer\631eab.msp
c:\windows\Installer\631ec3.msp
c:\windows\Installer\7b822.msp
c:\windows\patch.exe
c:\windows\system32\dhryxxsi.ini
c:\windows\system32\difemura.dll
c:\windows\system32\drivers\senekaobogmmrl.sys
c:\windows\system32\IhhknUtv.ini
c:\windows\system32\IhhknUtv.ini2
c:\windows\system32\sosafuji.dll
c:\windows\wiaserviv.log
c:\windows\wiaservv.log
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.
2009-10-10 18:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-10 18:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-10 17:14 . 2009-10-10 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-10-10 17:12 . 2009-10-10 17:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-10 17:02 . 2009-10-10 17:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-10 16:53 . 2009-10-10 16:53 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes
2009-10-10 16:51 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 16:51 . 2009-10-10 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 16:51 . 2009-10-10 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-10 16:51 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-10 16:28 . 2009-10-10 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\00382720
2009-10-09 22:08 . 2009-10-10 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\48197534
2009-10-09 11:48 . 2009-10-09 11:48 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\PCHealth
2009-10-09 04:40 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 04:34 . 2009-10-09 04:34 -------- d-----w- c:\program files\Windows Defender
2009-10-01 01:06 . 2009-10-01 01:06 -------- d-----w- c:\program files\iPod
2009-10-01 01:06 . 2009-10-01 01:08 -------- d-----w- c:\program files\iTunes
2009-10-01 01:06 . 2009-10-01 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 01:03 . 2009-10-01 01:04 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 17:01 . 2009-10-10 16:58 45104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 03:43 . 2008-10-26 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-01 02:34 . 2006-06-13 17:30 -------- d-----w- c:\documents and settings\Greg\Application Data\Apple Computer
2009-10-01 01:06 . 2007-12-25 06:40 -------- d-----w- c:\program files\Common Files\Apple
2009-09-09 23:47 . 2009-06-20 23:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-28 23:42 . 2009-06-27 22:46 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2007-12-25 06:40 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 01:55 . 2009-08-28 01:55 -------- d-----w- c:\program files\Electronic Cosmo
2009-08-28 01:40 . 2003-07-16 05:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 01:26 . 2009-08-28 01:26 -------- d-----w- c:\documents and settings\Greg\Application Data\AVS4YOU
2009-08-28 01:26 . 2009-08-28 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-28 01:25 . 2009-08-28 01:24 -------- d-----w- c:\program files\AVS4YOU
2009-08-28 01:25 . 2009-08-28 01:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-28 01:23 . 2009-08-28 01:16 -------- d-----w- c:\program files\MoviePlay
2009-08-25 22:25 . 2009-08-25 22:25 -------- d-----w- c:\documents and settings\Greg\Application Data\GrabIt
2009-08-17 22:44 . 2008-05-31 00:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 22:44 . 2008-05-31 00:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 22:44 . 2006-12-27 22:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 19:05 . 2003-07-19 19:29 45104 ----a-w- c:\documents and settings\Greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 23:24 . 2004-08-16 15:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-16 15:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-16 15:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2002-08-29 10:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2002-08-29 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-16 15:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-08-21 20:04 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2002-08-29 10:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2003-09-13 01:22 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 03:28 . 2009-07-09 03:28 60928 --sha-w- c:\windows\SYSTEM32\basotudo.dll
2009-07-09 22:07 . 2009-07-09 22:07 50688 --sha-w- c:\windows\SYSTEM32\fagonifa.dll
2009-07-09 03:28 . 2009-07-09 03:28 83968 --sha-w- c:\windows\SYSTEM32\jebojope.dll
2009-07-10 16:27 . 2009-07-10 16:27 1011119 --sha-w- c:\windows\SYSTEM32\sajekeye.exe
2009-07-09 22:08 . 2009-07-09 22:08 50688 --sha-w- c:\windows\SYSTEM32\vikikeme.dll
2009-07-09 22:07 . 2009-07-09 22:07 88576 --sha-w- c:\windows\SYSTEM32\wafiguvu.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9286622-1606-4709-b40a-d2529a2c6c4b}]
2009-07-09 22:08 50688 --sha-w- c:\windows\SYSTEM32\vikikeme.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-09 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-04 2023704]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-16 151597]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-09 03:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 22:44 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"=c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
"YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"jezinifat"=Rundll32.exe "c:\windows\system32\difemura.dll",a
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.1.1.6739-to-2.1.2.6803-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/30/2008 8:37 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/30/2008 8:37 PM 108552]
R1 hwinterface;hwinterface;c:\windows\SYSTEM32\DRIVERS\hwinterface.sys [6/15/2006 2:15 AM 3026]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 5:18 PM 297752]
R2 DLPORTIO;DLPORTIO;c:\windows\Dlportio.sys [3/1/2008 3:09 AM 3584]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 vzruzhs;vzruzhs;\??\c:\documents and settings\Greg\My Documents\vzruzhs.sys --> c:\documents and settings\Greg\My Documents\vzruzhs.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-10-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-03-07 13:09]
2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-10-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\ysggs6sz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.switch.threshold - 650000
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-jezinifat - c:\windows\system32\difemura.dll
HKLM-Run-degakopova - busuhepi.dll
SharedTaskScheduler-{a41db325-ea17-4064-be0b-e4c4fc238980} - (no file)
SharedTaskScheduler-{8d280415-53fb-4b73-a3bf-5edd28d79163} - c:\windows\system32\difemura.dll
SSODL-tamiligul-{a41db325-ea17-4064-be0b-e4c4fc238980} - (no file)
SSODL-kolejigas-{8d280415-53fb-4b73-a3bf-5edd28d79163} - c:\windows\system32\difemura.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 14:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2280757543-3111120185-3684255025-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Æ*`*k%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\vikikeme.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Illustrate\dBpowerAMP\dBShell.dll
c:\windows\system32\wmpshell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\Nero\Nero8\Nero BackItUp\NBShell.dll
c:\program files\WinRAR\rarext.dll
c:\progra~1\TUNEUP~2\SDShelEx-win32.dll
c:\program files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
c:\program files\Common Files\Nero\Shared\NL3\ShellManager3.dll
c:\program files\Nero\Nero8\Nero CoverDesigner\CoverEdCtrl.ocx
c:\program files\Common Files\Nero\Lib\MediaLibraryNSE.dll
c:\progra~1\MICROS~2\Wcesview.dll
c:\progra~1\MICROS~2\pegconv.dll
c:\windows\system32\CEUTIL.dll
c:\windows\system32\RAPI.dll
c:\program files\Creative\Creative MuVo NX-TX\CTMvns.dll
c:\program files\Creative\Creative MuVo NX-TX\CTIntrfc.dll
c:\program files\Creative\Creative MuVo NX-TX\CTMVNSRS.DLL
c:\program files\Creative\Creative MuVo NX-TX\CTConfig.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-10-10 14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-10 18:47
Pre-Run: 6,696,296,448 bytes free
Post-Run: 6,734,528,512 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
322 --- E O F --- 2009-09-09 23:06
Thanks for any help in getting this off my computer.
Here is the log from Combofix
ComboFix 09-10-08.04 - Greg 10/10/2009 14:26.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.514 [GMT -4:00]
Running from: c:\documents and settings\Greg\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Yazzle1552OinUninstaller.exe
C:\VDM14F.tmp
C:\VDM150.tmp
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\rave
c:\windows\Downloaded Program Files\rave\avirexe.vdm
c:\windows\Downloaded Program Files\rave\avirscr.vdm
c:\windows\Downloaded Program Files\rave\base.vdm
c:\windows\Downloaded Program Files\rave\daily.vdm
c:\windows\Downloaded Program Files\rave\daily.vdt
c:\windows\Downloaded Program Files\rave\filters.vdm
c:\windows\Downloaded Program Files\rave\kernel.vdk
c:\windows\Downloaded Program Files\rave\keyring.vdk
c:\windows\Downloaded Program Files\rave\mapi_vdm.vdm
c:\windows\Downloaded Program Files\rave\modules.vdk
c:\windows\Downloaded Program Files\rave\rav8def.vdm
c:\windows\Downloaded Program Files\rave\rufs.vdm
c:\windows\Downloaded Program Files\rave\rufsplg.vdm
c:\windows\Downloaded Program Files\rave\unarch.vdm
c:\windows\Downloaded Program Files\rave\unmail.vdm
c:\windows\Downloaded Program Files\rave\unpack.vdm
c:\windows\Installer\117661f.msp
c:\windows\Installer\631e65.msp
c:\windows\Installer\631eab.msp
c:\windows\Installer\631ec3.msp
c:\windows\Installer\7b822.msp
c:\windows\patch.exe
c:\windows\system32\dhryxxsi.ini
c:\windows\system32\difemura.dll
c:\windows\system32\drivers\senekaobogmmrl.sys
c:\windows\system32\IhhknUtv.ini
c:\windows\system32\IhhknUtv.ini2
c:\windows\system32\sosafuji.dll
c:\windows\wiaserviv.log
c:\windows\wiaservv.log
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.
2009-10-10 18:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-10 18:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-10 17:14 . 2009-10-10 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-10-10 17:12 . 2009-10-10 17:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-10 17:02 . 2009-10-10 17:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-10 16:53 . 2009-10-10 16:53 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes
2009-10-10 16:51 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 16:51 . 2009-10-10 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 16:51 . 2009-10-10 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-10 16:51 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-10 16:28 . 2009-10-10 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\00382720
2009-10-09 22:08 . 2009-10-10 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\48197534
2009-10-09 11:48 . 2009-10-09 11:48 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\PCHealth
2009-10-09 04:40 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 04:34 . 2009-10-09 04:34 -------- d-----w- c:\program files\Windows Defender
2009-10-01 01:06 . 2009-10-01 01:06 -------- d-----w- c:\program files\iPod
2009-10-01 01:06 . 2009-10-01 01:08 -------- d-----w- c:\program files\iTunes
2009-10-01 01:06 . 2009-10-01 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 01:03 . 2009-10-01 01:04 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 17:01 . 2009-10-10 16:58 45104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 03:43 . 2008-10-26 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-01 02:34 . 2006-06-13 17:30 -------- d-----w- c:\documents and settings\Greg\Application Data\Apple Computer
2009-10-01 01:06 . 2007-12-25 06:40 -------- d-----w- c:\program files\Common Files\Apple
2009-09-09 23:47 . 2009-06-20 23:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-28 23:42 . 2009-06-27 22:46 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2007-12-25 06:40 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 01:55 . 2009-08-28 01:55 -------- d-----w- c:\program files\Electronic Cosmo
2009-08-28 01:40 . 2003-07-16 05:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 01:26 . 2009-08-28 01:26 -------- d-----w- c:\documents and settings\Greg\Application Data\AVS4YOU
2009-08-28 01:26 . 2009-08-28 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-28 01:25 . 2009-08-28 01:24 -------- d-----w- c:\program files\AVS4YOU
2009-08-28 01:25 . 2009-08-28 01:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-28 01:23 . 2009-08-28 01:16 -------- d-----w- c:\program files\MoviePlay
2009-08-25 22:25 . 2009-08-25 22:25 -------- d-----w- c:\documents and settings\Greg\Application Data\GrabIt
2009-08-17 22:44 . 2008-05-31 00:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 22:44 . 2008-05-31 00:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 22:44 . 2006-12-27 22:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 19:05 . 2003-07-19 19:29 45104 ----a-w- c:\documents and settings\Greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 23:24 . 2004-08-16 15:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-16 15:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-16 15:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2002-08-29 10:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2002-08-29 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-16 15:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-08-21 20:04 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2002-08-29 10:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2003-09-13 01:22 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 03:28 . 2009-07-09 03:28 60928 --sha-w- c:\windows\SYSTEM32\basotudo.dll
2009-07-09 22:07 . 2009-07-09 22:07 50688 --sha-w- c:\windows\SYSTEM32\fagonifa.dll
2009-07-09 03:28 . 2009-07-09 03:28 83968 --sha-w- c:\windows\SYSTEM32\jebojope.dll
2009-07-10 16:27 . 2009-07-10 16:27 1011119 --sha-w- c:\windows\SYSTEM32\sajekeye.exe
2009-07-09 22:08 . 2009-07-09 22:08 50688 --sha-w- c:\windows\SYSTEM32\vikikeme.dll
2009-07-09 22:07 . 2009-07-09 22:07 88576 --sha-w- c:\windows\SYSTEM32\wafiguvu.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9286622-1606-4709-b40a-d2529a2c6c4b}]
2009-07-09 22:08 50688 --sha-w- c:\windows\SYSTEM32\vikikeme.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-09 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-04 2023704]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-16 151597]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-09 03:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 22:44 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"=c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
"YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"jezinifat"=Rundll32.exe "c:\windows\system32\difemura.dll",a
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.1.1.6739-to-2.1.2.6803-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/30/2008 8:37 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/30/2008 8:37 PM 108552]
R1 hwinterface;hwinterface;c:\windows\SYSTEM32\DRIVERS\hwinterface.sys [6/15/2006 2:15 AM 3026]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 5:18 PM 297752]
R2 DLPORTIO;DLPORTIO;c:\windows\Dlportio.sys [3/1/2008 3:09 AM 3584]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 vzruzhs;vzruzhs;\??\c:\documents and settings\Greg\My Documents\vzruzhs.sys --> c:\documents and settings\Greg\My Documents\vzruzhs.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-10-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-03-07 13:09]
2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-10-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\ysggs6sz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.switch.threshold - 650000
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-jezinifat - c:\windows\system32\difemura.dll
HKLM-Run-degakopova - busuhepi.dll
SharedTaskScheduler-{a41db325-ea17-4064-be0b-e4c4fc238980} - (no file)
SharedTaskScheduler-{8d280415-53fb-4b73-a3bf-5edd28d79163} - c:\windows\system32\difemura.dll
SSODL-tamiligul-{a41db325-ea17-4064-be0b-e4c4fc238980} - (no file)
SSODL-kolejigas-{8d280415-53fb-4b73-a3bf-5edd28d79163} - c:\windows\system32\difemura.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 14:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2280757543-3111120185-3684255025-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Æ*`*k%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\vikikeme.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Illustrate\dBpowerAMP\dBShell.dll
c:\windows\system32\wmpshell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\Nero\Nero8\Nero BackItUp\NBShell.dll
c:\program files\WinRAR\rarext.dll
c:\progra~1\TUNEUP~2\SDShelEx-win32.dll
c:\program files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
c:\program files\Common Files\Nero\Shared\NL3\ShellManager3.dll
c:\program files\Nero\Nero8\Nero CoverDesigner\CoverEdCtrl.ocx
c:\program files\Common Files\Nero\Lib\MediaLibraryNSE.dll
c:\progra~1\MICROS~2\Wcesview.dll
c:\progra~1\MICROS~2\pegconv.dll
c:\windows\system32\CEUTIL.dll
c:\windows\system32\RAPI.dll
c:\program files\Creative\Creative MuVo NX-TX\CTMvns.dll
c:\program files\Creative\Creative MuVo NX-TX\CTIntrfc.dll
c:\program files\Creative\Creative MuVo NX-TX\CTMVNSRS.DLL
c:\program files\Creative\Creative MuVo NX-TX\CTConfig.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-10-10 14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-10 18:47
Pre-Run: 6,696,296,448 bytes free
Post-Run: 6,734,528,512 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
322 --- E O F --- 2009-09-09 23:06
Thanks for any help in getting this off my computer.