PDA

View Full Version : So many problems



FanyFany
2010-03-25, 23:19
So I must have some viruses. I tried running spybot and there were many infections that i could not remove from my computer. Whatever it is, it wont even let me use/run malware as well as downloading certain tools on the internet. Here is the log file. I am new to the forums, so please let me know if there are other things I need to provide. Thank you.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:10:42 PM, on 3/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Documents and Settings\TChun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TChun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {73dadf0b-8f5d-4010-9a84-7a8d59491dcd} - lofuwogi.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [zugohiditu] Rundll32.exe "wegagolu.dll",s
O4 - HKLM\..\Run: [diduhonat] Rundll32.exe "c:\windows\system32\sohibesi.dll",a
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267597692000
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\fuweyuni.dll fatenuva.dll c:\windows\system32\sohibesi.dll
O21 - SSODL: piyosujag - {f4eba353-5f39-4f86-aa9f-048a2452fcc3} - c:\windows\system32\buzalevu.dll (file missing)
O21 - SSODL: yibumadot - {fad0b6f3-db5c-4efc-8a93-95d9d89d73ed} - c:\windows\system32\fuweyuni.dll (file missing)
O21 - SSODL: rugawosob - {3890ddbf-c482-4d3b-9640-0dd6ae6c6fa3} - c:\windows\system32\sohibesi.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: gahurihor - {f4eba353-5f39-4f86-aa9f-048a2452fcc3} - c:\windows\system32\buzalevu.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {fad0b6f3-db5c-4efc-8a93-95d9d89d73ed} - c:\windows\system32\fuweyuni.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {3890ddbf-c482-4d3b-9640-0dd6ae6c6fa3} - c:\windows\system32\sohibesi.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QBCFMonitorService - Intuit - c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8540 bytes
----------------------------
Ok so i have tried to use VundoFix and Spybot S&D, and i just cant seem to get rid of this Virtumonde virus. It just seems to keep popping back up. Is there anything else I could do or try?
----------------------------

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Please do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806 ) ;)

Blade81
2010-03-29, 22:55
Hi FanyFany,

Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

FanyFany
2010-03-30, 03:05
Here are the files as requested.


DDS (Ver_10-03-17.01) - NTFSx86
Run by TChun at 16:58:59.75 on Mon 03/29/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.631 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\TChun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TChun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TChun\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TChun\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {73dadf0b-8f5d-4010-9a84-7a8d59491dcd} - lofuwogi.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [zugohiditu] Rundll32.exe "wegagolu.dll",s
mRun: [diduhonat] Rundll32.exe "c:\windows\system32\dinibafi.dll",a
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267597692000
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\fuweyuni.dll fatenuva.dll c:\windows\system32\sohibesi.dll c:\windows\system32\davagadu.dll c:\windows\system32\yerofata.dll c:\windows\system32\temekatu.dll c:\windows\system32\duvabova.dll c:\windows\system32\dinibafi.dll
SSODL: piyosujag - {f4eba353-5f39-4f86-aa9f-048a2452fcc3} - c:\windows\system32\buzalevu.dll
SSODL: yibumadot - {fad0b6f3-db5c-4efc-8a93-95d9d89d73ed} - c:\windows\system32\fuweyuni.dll
SSODL: rugawosob - {3890ddbf-c482-4d3b-9640-0dd6ae6c6fa3} - c:\windows\system32\sohibesi.dll
SSODL: heguhisen - {657edd7f-a078-4764-97be-7b517af605fd} - c:\windows\system32\davagadu.dll
SSODL: yuliwudor - {c04311f7-c0bc-4c21-9b75-d437fdc9f139} - c:\windows\system32\duvabova.dll
SSODL: lomonaweh - {6122665b-9edf-4ca4-8800-d8d5ae73d1ba} - c:\windows\system32\dinibafi.dll
STS: gahurihor: {f4eba353-5f39-4f86-aa9f-048a2452fcc3} - c:\windows\system32\buzalevu.dll
STS: gahurihor: {fad0b6f3-db5c-4efc-8a93-95d9d89d73ed} - c:\windows\system32\fuweyuni.dll
STS: kupuhivus: {3890ddbf-c482-4d3b-9640-0dd6ae6c6fa3} - c:\windows\system32\sohibesi.dll
STS: mujuzedij: {657edd7f-a078-4764-97be-7b517af605fd} - c:\windows\system32\davagadu.dll
STS: kupuhivus: {c04311f7-c0bc-4c21-9b75-d437fdc9f139} - c:\windows\system32\duvabova.dll
STS: jugezatag: {6122665b-9edf-4ca4-8800-d8d5ae73d1ba} - c:\windows\system32\dinibafi.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli fatenuva.dll
IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe
IFEO: msseces.exe - c:\windows\system32\svchost.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tchun\applic~1\mozilla\firefox\profiles\iq6elor7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\tchun\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2010-3-2 636502]

=============== Created Last 30 ================

2010-03-28 16:19:41 0 d-----w- c:\program files\Heroes of Newerth
2010-03-28 15:32:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 15:32:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:21:24 0 d-----w- c:\program files\Malwarebytes
2010-03-28 09:17:37 0 d-----w- c:\program files\PostgreSQL
2010-03-28 09:12:18 0 d-----w- c:\program files\PokerTracker 3
2010-03-26 06:57:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-26 04:30:50 0 d-----w- C:\VundoFix Backups
2010-03-25 21:09:50 0 d-----w- c:\program files\TrendMicro
2010-03-25 03:36:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-24 21:17:20 0 d-----w- c:\docume~1\tchun\applic~1\Malwarebytes
2010-03-24 07:35:22 269 ----a-w- c:\windows\wininit.ini
2010-03-22 01:24:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-22 01:24:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-14 04:26:21 0 d-----w- c:\program files\PokerStars
2010-03-14 04:21:33 0 d-----w- c:\program files\Full Tilt Poker
2010-03-13 02:03:44 60236 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-09 19:20:13 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-09 19:20:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-06 20:54:45 0 d-----w- c:\program files\Glary Utilities
2010-03-06 10:52:26 0 d-----w- c:\program files\YouTube Downloader
2010-03-06 09:24:34 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-06 09:24:34 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-06 09:23:24 0 d-----w- c:\program files\iPod
2010-03-06 09:23:19 0 d-----w- c:\program files\iTunes
2010-03-06 09:23:19 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-06 09:22:51 0 d-----w- c:\program files\Bonjour
2010-03-06 09:21:25 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-03-06 09:21:25 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-05 11:02:53 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-03-05 11:01:10 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-03-04 06:55:07 0 d-----w- c:\program files\VideoLAN
2010-03-04 06:35:31 4194304 ----a-w- c:\windows\system32\cdintf400.dll
2010-03-04 06:31:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Nuance
2010-03-04 06:31:44 0 d-----w- c:\program files\Intuit
2010-03-04 06:31:44 0 d-----w- c:\program files\common files\Intuit
2010-03-04 06:31:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-03-04 06:31:17 95 ----a-w- c:\windows\QBChanUtil_Trigger.ini
2010-03-04 06:31:17 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11
2010-03-04 06:31:16 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES
2010-03-04 06:30:55 0 d-----w- c:\program files\MSXML 4.0
2010-03-04 06:29:19 0 d-----w- c:\windows\Intuit
2010-03-04 04:20:48 0 d-----w- C:\2ae9d8e224de2cb54cc802
2010-03-04 04:12:45 0 d-----w- C:\c335879bead0a27ea811d34e
2010-03-04 00:37:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-04 00:36:13 0 d-----r- c:\program files\Skype
2010-03-03 21:42:15 0 d-----w- c:\windows\system32\js
2010-03-03 21:42:15 0 d-----w- c:\windows\system32\images
2010-03-03 21:42:15 0 d-----w- c:\windows\system32\html
2010-03-03 21:42:15 0 d-----w- c:\windows\system32\css
2010-03-03 21:42:15 0 d-----w- c:\program files\Business Objects
2010-03-03 21:31:39 0 d-----w- c:\program files\MSXML 6.0
2010-03-03 21:24:53 0 d-----w- c:\program files\Microsoft SQL Server
2010-03-03 21:24:11 0 d-----w- c:\program files\Microsoft Device Emulator
2010-03-03 21:22:26 0 d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2010-03-03 21:21:10 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-03-03 21:21:09 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-03 21:10:55 0 d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2010-03-03 21:00:48 0 d-----w- c:\program files\HTML Help Workshop
2010-03-03 21:00:48 0 d-----w- c:\program files\common files\Merge Modules
2010-03-03 21:00:47 0 d-----w- c:\program files\CE Remote Tools
2010-03-03 20:59:24 0 d-----w- c:\program files\Microsoft Web Designer Tools
2010-03-03 20:19:05 0 d-----w- c:\windows\SHELLNEW
2010-03-03 19:35:34 0 d-----w- c:\docume~1\tchun\applic~1\Office Genuine Advantage
2010-03-03 16:43:23 3243 ----a-w- c:\windows\system32\wbem\Outlook_01cabaf0a39471d4.mof
2010-03-03 11:39:46 490088 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-03 09:50:19 124376 ----a-w- c:\windows\system32\nvapps.nvb
2010-03-03 09:50:14 490088 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-03 09:50:14 23127 ----a-w- c:\windows\system32\nvdisp.nvu
2010-03-03 09:50:14 0 d-----w- c:\windows\nview
2010-03-03 09:49:08 0 d-----w- c:\windows\system32\ReinstallBackups
2010-03-03 09:47:42 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-03 09:34:11 0 d-----w- c:\program files\WPF Toolkit
2010-03-03 09:32:51 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-03-03 09:28:29 0 d-----w- c:\program files\Microsoft Expression
2010-03-03 09:19:18 0 d-----w- c:\program files\PeerGuardian2
2010-03-03 09:18:15 0 d-----w- c:\program files\uTorrent
2010-03-03 09:17:57 0 d-----w- c:\docume~1\tchun\applic~1\uTorrent
2010-03-03 09:10:12 0 d-----w- c:\windows\pss
2010-03-03 09:08:55 0 d-----w- c:\windows\system32\XPSViewer
2010-03-03 09:08:03 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-03 09:08:03 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-03 09:08:03 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-03 09:08:03 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-03 09:08:03 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-03 09:08:03 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-03 09:08:03 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-03 09:08:02 0 d-----w- C:\11fefd96113ff83c85ae
2010-03-03 08:53:11 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2010-03-03 08:53:03 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-03-03 08:53:03 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-03 08:51:57 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2010-03-03 08:51:43 0 d-----w- c:\program files\Analog Devices
2010-03-03 08:21:38 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-03-03 08:11:43 61440 ----a-w- c:\windows\system32\EL2K_CPP.dll
2010-03-03 08:11:42 147328 ----a-w- c:\windows\system32\drivers\EL2K_XP.sys
2010-03-03 08:04:09 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-03-03 08:04:09 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-03-03 07:36:50 0 d-----w- c:\program files\common files\Macrovision Shared
2010-03-03 07:29:42 0 d-----w- c:\program files\CCleaner
2010-03-03 06:53:52 0 d-----w- c:\docume~1\tchun\applic~1\Digsby
2010-03-03 06:53:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Digsby
2010-03-03 06:52:31 0 d-----w- c:\program files\Digsby
2010-03-03 06:47:47 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-03 06:47:47 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-03-03 06:40:13 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-03-03 06:40:13 0 d-----w- c:\program files\MagicDisc
2010-03-03 06:16:16 306 ----a-w- c:\windows\ODBC.INI
2010-03-03 06:13:58 30568 ----a-w- c:\windows\system32\mdimon.dll
2010-03-03 06:13:45 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-03 06:09:05 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-03 06:05:50 0 d-----w- c:\program files\MagicISO
2010-03-03 06:04:12 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-03 06:02:26 0 d-----w- C:\Installs
2010-03-03 06:02:00 81920 ----a-w- c:\docume~1\tchun\applic~1\ezpinst.exe
2010-03-03 06:02:00 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-03 06:02:00 47360 ----a-w- c:\docume~1\tchun\applic~1\pcouffin.sys
2010-03-03 06:01:54 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-03 06:01:54 314368 ----a-w- c:\windows\system32\avisynth.dll
2010-03-03 06:01:52 0 d-----w- c:\program files\Magic Video Converter
2010-03-03 05:56:07 0 d-----w- c:\docume~1\tchun\applic~1\GlarySoft
2010-03-02 23:03:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-02 23:03:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-02 22:59:59 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-02 22:59:59 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-02 22:59:57 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-02 22:59:40 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-02 22:57:06 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-02 13:43:58 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-02 13:43:58 0 d-----w- c:\windows\system32\PreInstall
2010-03-02 13:43:56 0 d--h--w- c:\windows\$hf_mig$
2010-03-02 13:22:32 0 d-----w- c:\docume~1\tchun\applic~1\Dropbox
2010-03-02 12:59:47 0 d-----w- c:\windows\system32\appmgmt
2010-03-02 12:56:45 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-03-02 12:22:45 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-03-02 12:22:45 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-03-02 12:22:45 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-03-02 12:22:44 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-03-02 12:22:43 0 d-----w- c:\windows\Logs
2010-03-02 12:13:22 0 d-----w- c:\program files\Yahoo!
2010-03-02 11:55:04 0 d-s---w- c:\documents and settings\tchun\UserData
2010-03-02 11:53:09 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-03-02 11:53:07 13646 ----a-w- c:\windows\system32\wpa.bak
2010-03-02 11:51:34 636502 ----a-r- c:\windows\system32\drivers\PRISMUSB.sys
2010-03-02 11:05:16 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-03-02 11:04:36 0 d-----w- c:\program files\NVIDIA Corporation
2010-03-02 11:03:53 0 d-----w- C:\NVIDIA
2010-03-02 11:01:11 0 d-s---w- c:\windows\system32\Microsoft
2010-03-02 11:00:31 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-03-02 10:55:42 0 d-sh--w- c:\documents and settings\all users\DRM
2010-03-02 10:55:19 0 d--h--w- c:\program files\WindowsUpdate
2010-03-02 10:54:39 0 d-----w- c:\program files\common files\MSSoap
2010-03-02 10:53:00 0 d-----w- c:\program files\Online Services
2010-03-02 10:52:53 0 d-----w- c:\program files\Messenger
2010-03-02 10:52:50 0 d-----w- c:\program files\MSN Gaming Zone
2010-03-02 10:52:17 0 d-----w- c:\program files\Windows NT
2010-03-02 02:45:25 0 d-----w- c:\program files\common files\ODBC
2010-03-02 02:45:22 0 d-----w- c:\program files\common files\SpeechEngines
2010-03-02 02:44:50 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-02 10:53:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat
1601-01-01 00:03:28 100352 --sha-w- c:\windows\system32\dinibafi.dll
1601-01-01 00:03:28 47616 --sha-w- c:\windows\system32\kepikemi.dll
1601-01-01 00:03:28 47616 --sha-w- c:\windows\system32\soletemo.dll

============= FINISH: 16:59:24.78 ===============

Blade81
2010-03-30, 13:51
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Blade81
2010-04-06, 16:56
Hi,

Do you still need help?

Blade81
2010-04-12, 20:13
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.