PDA

View Full Version : Corrupted Spybot and Trojan.dropper


bwallen
2010-07-08, 15:10
I have (and probably still have) something on my PC. Here are the symptoms:

Spybot only scans about 900 items in about 5-10 seconds
I get a pop-up (not an ad) constantly about a Just-In-Time debugger
Can get to most pages, but not Windows Update
My automatic updates fail to install

Since Spybot wouldn't work I downloaded and ran Malware Bytes which got rid of a bunch of stuff. Some of the things it found are Trojan.SearchRedir.M, Trojan.Dropper, Malware.Trace and Backdoor.bot.

Here is my DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by brianw at 8:57:20.26 on Thu 07/08/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.285 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\brianw\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061117
mWinlogon: Taskman=c:\documents and settings\brianw\application data\xszry.exe
uWinlogon: Shell=explorer.exe,c:\documents and settings\brianw\application data\xszry.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~2.lnk - c:\ups\wstd\WSTDMessaging.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~1.lnk - c:\ups\wstd\wstdPldReminder.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://trinitysbs.trinity.local:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://trinitysbs.trinity.local:4343/officescan/console/html/AtxEnc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187913947343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213181443476
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.107 HP000D9D2AB6CD

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XUL Cache: {D2048A48-FDA4-4361-9D92-918C30FC28A5} - c:\documents and settings\dand\local settings\application data\{D2048A48-FDA4-4361-9D92-918C30FC28A5}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XUL Cache: {844CC53A-4A67-4B50-8C91-C98E16BA83B2} - c:\documents and settings\brianw\local settings\application data\{844CC53A-4A67-4B50-8C91-C98E16BA83B2}

============= SERVICES / DRIVERS ===============

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2006-12-15 6016]
S2 idsvcwltrysvc;Windows CardSpace idsvcwltrysvc;c:\windows\system32\ansiq.exe srv --> c:\windows\system32\ansiq.exe srv [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-11-7 174336]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-12-10 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-12-10 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-12-10 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-12-10 59520]
S4 gupdate1c9d8a0bd7611c5;Google Update Service (gupdate1c9d8a0bd7611c5);c:\program files\google\update\GoogleUpdate.exe [2009-5-19 133104]
S4 Sage.ServiceHost.Host.1.0;Sage Service Host v1.0;c:\program files\timberline office\shared\Sage.ServiceHost.Host.exe [2007-1-19 81920]

=============== Created Last 30 ================

2010-07-08 12:53:07 54016 ----a-w- c:\windows\system32\drivers\kwbm.sys
2010-07-06 18:47:03 2 ----a-w- c:\documents and settings\brianw\WSSEMAPHORES.dat
2010-07-06 17:59:00 0 d-----w- c:\docume~1\brianw\applic~1\Malwarebytes
2010-07-06 17:58:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 17:58:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-06 17:58:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-06 17:58:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 17:57:07 9121 ----a-w- c:\windows\ogijiwawanubilil.dll
2010-07-06 17:43:43 0 ----a-w- c:\program files\extra3.dat
2010-07-06 17:43:34 8860 ----a-w- c:\windows\ayuqotoli.dll
2010-07-06 17:43:13 467459 --sh--r- c:\docume~1\brianw\applic~1\xszry.exe
2010-07-06 17:38:19 8954 ----a-w- c:\windows\wpdsrn.dll
2010-07-06 17:34:36 8886 ----a-w- c:\windows\ixojamazekud.dll
2010-07-05 12:14:40 9813 ----a-w- c:\windows\vdmsr32.dll
2010-07-05 12:04:27 9837 ----a-w- c:\windows\ezaguzeleqayi.dll
2010-07-05 11:20:54 9911 ----a-w- c:\windows\lcedhfh.dll
2010-07-05 11:17:03 9897 ----a-w- c:\windows\iwilecolayizajo.dll
2010-07-05 11:15:13 100 --s-a-w- c:\windows\system32\528925384.dat
2010-07-02 16:41:06 9840 ----a-w- c:\windows\unazeyesog.dll
2010-07-02 15:39:05 9813 ----a-w- c:\windows\uvonemerokoni.dll
2010-07-02 14:37:15 10008 ----a-w- c:\windows\otabazob.dll
2010-07-01 16:43:07 9951 ----a-w- c:\windows\ikuruzifu.dll
2010-07-01 11:07:10 9888 ----a-w- c:\windows\mted432.dll
2010-07-01 11:03:25 9843 ----a-w- c:\windows\ejesuvaruk.dll
2010-06-30 16:35:52 9812 ----a-w- c:\windows\ecabuyutomo.dll
2010-06-30 13:12:08 9882 ----a-w- c:\windows\ejezesecoq.dll
2010-06-30 10:31:30 9828 ----a-w- c:\windows\WPowdlt8.dll
2010-06-30 10:28:06 9896 ----a-w- c:\windows\ixujitifefeqac.dll
2010-06-29 16:16:36 9996 ----a-w- c:\windows\oxedarexow.dll
2010-06-29 15:14:29 9976 ----a-w- c:\windows\esilizegosuli.dll
2010-06-29 14:12:30 9996 ----a-w- c:\windows\ivapetozu.dll
2010-06-29 13:00:09 9978 ----a-w- c:\windows\uxesuvar.dll
2010-06-29 11:17:26 9996 ----a-w- c:\windows\iziyevalan.dll
2010-06-29 10:21:28 9996 ----a-w- c:\windows\mptoasv.dll
2010-06-29 10:18:18 1721 ----a-w- c:\windows\ogifefelava.dll
2010-06-28 16:39:53 8437 ----a-w- c:\windows\HEB1350.dll
2010-06-28 13:07:45 9390 ----a-w- c:\windows\unuzuhovehu.dll
2010-06-28 11:41:54 9370 ----a-w- c:\windows\m07132.dll
2010-06-28 11:38:01 9370 ----a-w- c:\windows\udanugazixo.dll
2010-06-26 16:54:55 63106 ----a-w- c:\windows\KPLADSPD.dll
2010-06-26 16:50:14 51484 ----a-w- c:\windows\ohocinexil.dll
2010-06-26 14:47:35 59726 ----a-w- c:\windows\oqiqupalir.dll
2010-06-26 13:28:31 52683 ----a-w- c:\windows\lsvidon0.dll
2010-06-26 13:25:05 52683 ----a-w- c:\windows\avuqiyalo.dll
2010-06-26 11:20:15 0 ----a-w- c:\windows\sxpcr70.dll
2010-06-26 11:16:05 51443 ----a-w- c:\windows\ecufeworitulus.dll
2010-06-25 15:40:15 48856 ----a-w- c:\windows\igixuvedidaki.dll
2010-06-25 13:35:05 48889 ----a-w- c:\windows\akewitat.dll
2010-06-25 12:05:29 48852 ----a-w- c:\windows\ohoneyulexaheqim.dll
2010-06-25 10:25:45 49480 ----a-w- c:\windows\kipnerp.dll
2010-06-25 10:21:39 62446 ----a-w- c:\windows\uvijihafew.dll
2010-06-24 13:06:29 48783 ----a-w- c:\windows\equgaxelayotevok.dll
2010-06-24 12:04:28 57587 ----a-w- c:\windows\oqajidif.dll
2010-06-24 11:08:31 47571 ----a-w- c:\windows\lfsaz132.dll
2010-06-24 11:05:16 53201 ----a-w- c:\windows\ufesitefesufiyas.dll
2010-06-23 13:46:43 54960 ----a-w- c:\windows\arupohebafide.dll
2010-06-23 10:10:18 54959 ----a-w- c:\windows\icoeWiv.dll
2010-06-23 10:06:21 50593 ----a-w- c:\windows\imazurowov.dll
2010-06-22 17:05:25 50561 ----a-w- c:\windows\uteniwareheguri.dll
2010-06-22 14:21:00 44867 ----a-w- c:\windows\hpitalex.dll
2010-06-22 14:17:43 46142 ----a-w- c:\windows\umugesav.dll
2010-06-22 12:45:15 58564 ----a-w- c:\windows\msxsnsre.dll
2010-06-22 12:41:49 58550 ----a-w- c:\windows\epuyetofiw.dll
2010-06-21 16:37:31 54890 ----a-w- c:\windows\ilijemil.dll
2010-06-21 14:43:29 54894 ----a-w- c:\windows\ezaziyemamer.dll
2010-06-21 11:53:11 46433 ----a-w- c:\windows\mgx2n13g.dll
2010-06-21 10:57:18 58454 ----a-w- c:\windows\azequfiraw.dll
2010-06-18 12:56:28 9252 ----a-w- c:\windows\eqakigeji.dll
2010-06-18 09:57:31 8319 ----a-w- c:\windows\uvosrac.dll
2010-06-17 10:24:20 9144 ----a-w- c:\windows\uvoxuxuv.dll
2010-06-16 15:59:52 9733 ----a-w- c:\windows\uxumihud.dll
2010-06-16 14:17:37 9310 ----a-w- c:\windows\eramomigobaba.dll
2010-06-16 13:15:42 9280 ----a-w- c:\windows\akihisiquyic.dll
2010-06-16 11:16:41 9327 ----a-w- c:\windows\ozagoqoralosu.dll
2010-06-16 10:01:38 9701 ----a-w- c:\windows\rsonbjg.dll
2010-06-16 09:57:59 9633 ----a-w- c:\windows\olijegozuxe.dll
2010-06-15 15:21:44 8395 ----a-w- c:\windows\ozodiwox.dll
2010-06-15 13:39:51 9327 ----a-w- c:\windows\prtigsrv.dll
2010-06-15 13:36:53 9327 ----a-w- c:\windows\abadujugerudane.dll
2010-06-15 12:04:39 1026 ----a-w- c:\windows\izuyixus.dll
2010-06-14 16:27:35 9737 ----a-w- c:\windows\oxenerul.dll
2010-06-14 15:31:45 9318 ----a-w- c:\windows\L712xmsc.dll
2010-06-11 16:41:29 9327 ----a-w- c:\windows\ezibofepohe.dll
2010-06-11 14:18:46 9246 ----a-w- c:\windows\emabituy.dll
2010-06-11 13:41:57 9327 ----a-w- c:\windows\met3212n.dll
2010-06-11 13:38:13 9247 ----a-w- c:\windows\anahigusudiho.dll
2010-06-11 13:22:25 9245 ----a-w- c:\windows\asoqutunagecag.dll
2010-06-11 11:58:02 9721 ----a-w- c:\windows\lgcermdy.dll
2010-06-11 11:54:36 9319 ----a-w- c:\windows\alijegoz.dll
2010-06-10 16:14:48 9720 ----a-w- c:\windows\ayucacepepa.dll
2010-06-10 12:39:12 9160 ----a-w- c:\windows\olisifadujuge.dll
2010-06-10 11:37:09 9326 ----a-w- c:\windows\adoyulex.dll
2010-06-10 10:35:11 9326 ----a-w- c:\windows\ebemavesazuy.dll
2010-06-10 09:39:26 9160 ----a-w- c:\windows\bdagap.dll
2010-06-10 09:35:33 9326 ----a-w- c:\windows\irevihegozavohi.dll
2010-06-09 16:36:53 9327 ----a-w- c:\windows\elevazom.dll
2010-06-09 14:02:19 9040 ----a-w- c:\windows\iyapapoxulodi.dll
2010-06-09 13:06:37 9698 ----a-w- c:\windows\rdlfgp.dll
2010-06-09 13:02:44 9326 ----a-w- c:\windows\asayuxoxot.dll
2010-06-09 12:03:01 9318 ----a-w- c:\windows\agewosafu.dll
2010-06-09 11:07:00 9040 ----a-w- c:\windows\acvbar2.dll
2010-06-09 11:03:18 9317 ----a-w- c:\windows\ibuqumofut.dll
2010-06-08 13:51:31 9249 ----a-w- c:\windows\lskcpn.dll
2010-06-08 13:47:44 9196 ----a-w- c:\windows\icanomozolo.dll

==================== Find3M ====================

2010-07-06 17:32:11 9198 ----a-w- c:\windows\Nsobil.dat
2010-07-02 11:27:34 9883 ----a-w- c:\windows\uwizufaz.dll
2010-06-28 16:36:27 8457 ----a-w- c:\windows\iwecuguv.dll
2010-06-14 15:28:12 9185 ----a-w- c:\windows\ogecofir.dll
2010-06-08 09:27:28 9227 ----a-w- c:\windows\MTPDehd.dll
2010-06-08 09:23:37 9304 ----a-w- c:\windows\icibewav.dll
2010-06-07 15:51:31 9201 ----a-w- c:\windows\ebazozawufilelu.dll
2010-06-07 14:55:51 9280 ----a-w- c:\windows\ive35071.dll
2010-06-07 14:52:18 9219 ----a-w- c:\windows\oluqavivame.dll
2010-06-07 09:41:53 9235 ----a-w- c:\windows\pxsduf12.dll
2010-06-07 09:38:03 9277 ----a-w- c:\windows\oluqujar.dll
2010-06-06 15:19:05 9245 ----a-w- c:\windows\okopidurayape.dll
2010-06-06 14:23:06 9166 ----a-w- c:\windows\futuial.dll
2010-06-06 14:19:21 9246 ----a-w- c:\windows\arijuqum.dll
2010-06-06 11:24:54 9209 ----a-w- c:\windows\asevakulejar.dll
2010-06-06 10:29:04 9165 ----a-w- c:\windows\MVADEAG4.dll
2010-06-06 10:25:20 9265 ----a-w- c:\windows\iganekul.dll
2010-06-05 20:31:10 9244 ----a-w- c:\windows\uyurozilizodow.dll
2010-06-05 19:29:11 9244 ----a-w- c:\windows\ixilapelepix.dll
2010-06-05 18:33:37 9165 ----a-w- c:\windows\sarvems.dll
2010-06-05 18:29:51 9165 ----a-w- c:\windows\iqawepazu.dll
2010-06-05 17:55:53 9244 ----a-w- c:\windows\Colbots.dll
2010-06-05 17:51:33 9245 ----a-w- c:\windows\ihecotezivanomo.dll
2010-06-05 13:54:50 9249 ----a-w- c:\windows\uzayajasuqeb.dll
2010-06-05 12:58:48 9267 ----a-w- c:\windows\msvcpa.dll
2010-06-05 12:55:11 9205 ----a-w- c:\windows\ogoqixatesuxid.dll
2010-06-05 11:07:22 9255 ----a-w- c:\windows\WMPLR70.dll
2010-06-05 11:03:44 9241 ----a-w- c:\windows\ulosafuza.dll
2010-06-04 16:40:16 9640 ----a-w- c:\windows\msdrfsc.dll
2010-06-04 16:18:29 9676 ----a-w- c:\windows\ifilolacihirew.dll
2010-06-04 13:45:08 9598 ----a-w- c:\windows\ijivadazaderirif.dll
2010-06-04 10:36:04 9752 ----a-w- c:\windows\ilalefarizazowe.dll
2010-06-04 09:40:03 9752 ----a-w- c:\windows\pictet.dll
2010-06-04 09:36:17 9677 ----a-w- c:\windows\apilabefogufagel.dll
2010-06-03 17:35:54 9767 ----a-w- c:\windows\bdvdfxt.dll
2010-06-03 17:32:07 9741 ----a-w- c:\windows\ebocopologoce.dll
2010-06-03 11:39:24 9766 ----a-w- c:\windows\mshcap.dll
2010-06-03 11:35:47 9670 ----a-w- c:\windows\inufunavi.dll
2010-06-03 10:04:03 9778 ----a-w- c:\windows\ckbgrde.dll
2010-06-03 10:00:04 9763 ----a-w- c:\windows\ayogicabenuwiq.dll
2010-06-02 17:00:54 9672 ----a-w- c:\windows\asayuyevevamiw.dll
2010-06-02 15:59:39 9742 ----a-w- c:\windows\oriyibewe.dll
2010-06-02 15:02:40 9672 ----a-w- c:\windows\WEGtsd.dll
2010-06-02 14:58:50 9770 ----a-w- c:\windows\avazasaza.dll
2010-06-02 12:43:12 9674 ----a-w- c:\windows\otoxamec.dll
2010-06-02 11:41:21 9761 ----a-w- c:\windows\esafiyasomiz.dll
2010-06-02 10:45:06 9761 ----a-w- c:\windows\wzisr0.dll
2010-06-02 10:41:17 9754 ----a-w- c:\windows\izitequwezanonul.dll
2010-06-01 17:35:28 9649 ----a-w- c:\windows\dcpgsv.dll
2010-06-01 17:31:57 9619 ----a-w- c:\windows\uzijihafewoqan.dll
2010-06-01 14:37:04 9646 ----a-w- c:\windows\ojajekafiyaciko.dll
2010-06-01 13:41:00 9648 ----a-w- c:\windows\idoc4Sv.dll
2010-06-01 13:37:17 9647 ----a-w- c:\windows\ekesiqas.dll
2010-06-01 12:09:00 9648 ----a-w- c:\windows\efucifal.dll
2010-06-01 11:12:57 9648 ----a-w- c:\windows\PRARALON.dll
2010-06-01 11:09:15 9731 ----a-w- c:\windows\alosafuzawosa.dll
2010-05-29 15:41:51 9754 ----a-w- c:\windows\uqudupap.dll
2010-05-29 13:39:51 9529 ----a-w- c:\windows\wmesui.dll
2010-05-29 13:36:09 9781 ----a-w- c:\windows\iqanugaz.dll
2010-05-29 10:31:39 9545 ----a-w- c:\windows\bibcedct.dll
2010-05-29 10:27:59 9532 ----a-w- c:\windows\iyunesey.dll
2010-05-28 14:03:29 9686 ----a-w- c:\windows\coyrsk.dll
2010-05-28 13:59:40 9721 ----a-w- c:\windows\osujonafaz.dll
2010-05-26 14:10:50 9624 ----a-w- c:\windows\dsgndp.dll
2010-05-26 14:06:56 13414 ----a-w- c:\windows\umijaxesa.dll
2010-05-25 16:14:56 13278 ----a-w- c:\windows\ugewevev.dll
2010-05-25 15:18:49 9612 ----a-w- c:\windows\wureconu.dll
2010-05-25 15:15:16 13091 ----a-w- c:\windows\ejitubalikoqa.dll
2010-05-24 09:53:54 9652 ----a-w- c:\windows\hd1ulfi.dll
2010-05-24 09:50:08 9654 ----a-w- c:\windows\akuqazefij.dll
2010-05-22 12:51:15 13092 ----a-w- c:\windows\ipulufujuf.dll
2010-05-22 11:23:22 9668 ----a-w- c:\windows\egfmacf.dll
2010-05-22 11:19:41 13210 ----a-w- c:\windows\aqanugazixo.dll
2010-05-21 16:40:41 9679 ----a-w- c:\windows\cfiet32.dll
2010-05-21 16:36:49 9677 ----a-w- c:\windows\igaxagawoy.dll
2010-05-21 13:48:02 9614 ----a-w- c:\windows\alewepewapafiqe.dll
2010-05-21 12:51:55 13121 ----a-w- c:\windows\mqeti35.dll
2010-05-21 12:48:12 9680 ----a-w- c:\windows\iwovagifobawutil.dll
2010-05-21 10:53:33 13122 ----a-w- c:\windows\oyuvakad.dll
2010-05-20 17:02:13 8681 ----a-w- c:\windows\moegifl.dll
2010-05-20 16:58:31 12347 ----a-w- c:\windows\olesifizi.dll
2010-05-20 11:05:23 13121 ----a-w- c:\windows\mqsnac.dll
2010-05-20 11:01:28 13211 ----a-w- c:\windows\idosafuz.dll
2010-05-19 17:10:27 9612 ----a-w- c:\windows\avofovavox.dll
2010-05-19 16:14:18 9613 ----a-w- c:\windows\Poic160.dll
2010-05-19 10:27:49 9613 ----a-w- c:\windows\MFCPCUs.dll
2010-05-19 10:23:42 13174 ----a-w- c:\windows\onawicoz.dll
2010-05-18 13:49:24 12925 ----a-w- c:\windows\ocbcnt.dll
2010-05-18 13:45:52 13243 ----a-w- c:\windows\imufotiz.dll
2010-05-18 10:50:17 12925 ----a-w- c:\windows\aqodovugiyarikom.dll
2010-05-17 15:42:30 11993 ----a-w- c:\windows\hetapi.dll
2010-05-17 15:38:27 11993 ----a-w- c:\windows\ogipiqowaliy.dll
2010-05-17 11:13:13 12925 ----a-w- c:\windows\utozodul.dll
2010-05-17 09:54:00 13246 ----a-w- c:\windows\rfshestn.dll
2010-05-17 09:50:11 13275 ----a-w- c:\windows\atahejozugi.dll
2010-05-15 13:32:51 12960 -c--a-w- c:\windows\ubetogolo.dll
2010-05-15 12:30:45 12960 -c--a-w- c:\windows\odisebiweyif.dll
2010-05-15 11:28:44 13306 ----a-w- c:\windows\ubexitigokidonot.dll
2010-05-14 16:35:04 13359 -c--a-w- c:\windows\esocirojik.dll
2010-05-14 14:13:47 9608 -c--a-w- c:\windows\opifafawiwifa.dll
2004-08-04 11:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll
2007-02-16 15:44:48 88 --sh--r- c:\windows\system32\6AC1ECF4CE.sys
2007-02-16 15:45:04 3296 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
2009-03-12 11:42:05 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031220090313\index.dat

============= FINISH: 8:59:08.33 ===============
ken545
2010-07-13, 13:26
:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.




Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ken545
2010-07-20, 03:10
Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.