Nasty virus and malware issue got me locked down![RESOLVED]

deocder

By deocder,
in Malware Removal

 Share Followers 0

Recommended Posts

deocder

deocder

Posted
Posted

Wow, I can usually clean things out myself, but I need some help on this one!

I ran Combofix and then HiJackThis and then the uninstall_list.txt. All logs are as follows:

ComboFix 09-11-18.06 - Customer 11/18/2009 22:45.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1216 [GMT -5:00]

Running from: c:\documents and settings\Customer\My Documents\Downloads\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

.

ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0020\~dec142.tmp

c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0020\~df394b.tmp

c:\documents and settings\Customer\Application Data\inst.exe

c:\documents and settings\Customer\Desktop\Security Tool.lnk

c:\documents and settings\Customer\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0020\~dec142.tmp

c:\documents and settings\Customer\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0020\~df394b.tmp

c:\documents and settings\Customer\Start Menu\Programs\Security Tool.lnk

c:\windows\system32\AutoRun.inf

c:\windows\system32\duyasuwi.dll

c:\windows\system32\fiworize.dll

c:\windows\system32\hivotugu.dll

c:\windows\system32\jalopeya.exe

c:\windows\system32\kamukufo.dll

c:\windows\system32\likulida.dll

c:\windows\system32\nuzadayi.dll

c:\windows\system32\pipibuju.dll

c:\windows\system32\rumapabo.dll

c:\windows\system32\siwipuyo.dll

c:\windows\system32\subadeji.dll

c:\windows\system32\vetuyija.dll

c:\windows\system32\vikewami.dll

c:\windows\system32\yabonoke.dll

c:\windows\system32\zetojusu.dll

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://82.98.231.102

.

((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))

.

2009-11-19 02:48 . 2009-11-19 02:48 -------- d-----w- c:\program files\Trend Micro

2009-11-18 05:11 . 2009-11-18 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-18 05:11 . 2009-11-18 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-17 04:49 . 2009-11-17 04:49 -------- d-----w- C:\VundoFix Backups

2009-11-17 04:45 . 2009-11-17 04:45 79488 ----a-w- c:\documents and settings\Customer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-17 02:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-17 02:35 . 2009-11-17 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-17 02:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-17 02:35 . 2009-11-17 02:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-16 05:27 . 2009-11-16 05:27 -------- d-----w- c:\documents and settings\Customer\Application Data\Malwarebytes

2009-11-15 22:41 . 2007-11-26 15:38 238848 ----a-w- c:\windows\UNBOC.EXE

2009-11-15 22:41 . 2007-05-08 22:01 208896 ----a-w- c:\windows\CMDLIC.DLL

2009-11-15 22:41 . 2009-11-15 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BOC425

2009-11-15 22:41 . 2009-11-15 22:41 -------- d-----w- c:\program files\Comodo

2009-11-15 22:39 . 2009-11-15 22:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2009-11-15 22:36 . 2009-11-15 22:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-11-15 22:09 . 2008-04-14 04:13 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2009-11-15 22:09 . 2004-08-04 11:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe

2009-11-15 22:09 . 2004-08-04 11:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe

2009-11-15 22:09 . 2004-08-04 11:00 33792 -c--a-w- c:\windows\system32\dllcache\controt.dll

2009-11-15 22:09 . 2004-08-04 11:00 20480 -c--a-w- c:\windows\system32\dllcache\counters.dll

2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\windows\system32\xircom

2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\windows\system32\wbem\snmp

2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\program files\microsoft frontpage

2009-11-15 22:07 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-11-15 22:05 . 2008-04-14 11:41 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll

2009-11-15 22:05 . 2008-04-14 11:41 7168 ----a-w- c:\windows\system32\bitsprx4.dll

2009-11-15 21:44 . 2008-04-14 03:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys

2009-11-15 21:36 . 2004-08-04 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-11-15 21:36 . 2004-08-04 11:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-11-15 21:34 . 2009-11-15 21:34 -------- d-s---w- c:\windows\system32\config\systemprofile\History

2009-11-15 16:32 . 2009-11-15 16:32 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0

2009-11-15 16:32 . 2009-11-15 16:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0

2009-11-15 16:16 . 2009-11-15 22:04 -------- d-----w- c:\windows\system32\oobe

2009-11-15 16:16 . 2009-11-15 16:26 -------- d-----w- c:\windows\L2Schemas

2009-11-15 16:16 . 2009-11-15 16:26 -------- d-----w- c:\windows\system32\scripting

2009-11-10 02:09 . 2009-11-10 02:16 -------- d-----w- c:\program files\CrackUtil

2009-11-09 01:50 . 2009-11-09 01:50 53248 ----a-r- c:\documents and settings\Customer\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe

2009-11-08 04:18 . 2009-11-08 04:38 -------- d-----w- c:\windows\system32\Adobe

2009-11-04 15:30 . 2009-11-04 15:30 16384 ----a-w- c:\documents and settings\Customer\Application Data\blank.exe

2009-10-31 22:04 . 2009-11-09 01:45 256 ----a-w- c:\documents and settings\Customer\pool.bin

2009-10-31 21:39 . 2009-11-09 02:54 256 ----a-w- c:\windows\system32\pool.bin

2009-10-31 21:39 . 2009-10-31 21:39 -------- d-----w- c:\documents and settings\Customer\Application Data\Research In Motion

2009-10-31 21:22 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys

2009-10-31 21:21 . 2009-11-09 01:50 -------- d-----w- c:\program files\Common Files\Research In Motion

2009-10-31 21:20 . 2009-10-31 21:20 -------- d-----w- c:\program files\Research In Motion

2009-10-29 03:08 . 2009-10-29 03:08 -------- d-----w- c:\program files\Rosetta Stone

2009-10-29 03:07 . 2009-10-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RosettaStoneLtdBackup

2009-10-29 02:57 . 2009-10-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2009-10-29 02:56 . 2009-10-29 02:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2009-10-29 02:55 . 2009-10-29 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone

2009-10-23 16:55 . 2009-10-23 16:56 -------- d-----w- c:\documents and settings\Customer\tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-19 04:22 . 2009-05-30 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp

2009-11-15 22:36 . 2007-03-03 06:36 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-15 22:21 . 2007-03-08 23:32 109304 ----a-w- c:\documents and settings\Customer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-15 22:02 . 2007-03-03 06:33 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-12 00:33 . 2007-03-03 00:15 102400 ----a-w- c:\windows\DUMP66b8.tmp

2009-11-10 01:50 . 2007-03-04 00:16 -------- d-----w- c:\documents and settings\Customer\Application Data\uTorrent

2009-11-08 06:31 . 2008-06-23 17:03 -------- d-----w- c:\documents and settings\Customer\Application Data\dvdcss

2009-11-04 16:16 . 2009-11-04 16:16 4527419 ----a-w- c:\documents and settings\Customer\Application Data\Black Eyed Peas - Meet Me Halfway.zip

2009-09-24 15:09 . 2009-10-01 01:22 3858432 ----a-w- c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\extensions\[email protected]\plugins\npRACtrl.dll

2009-08-30 13:44 . 2009-08-30 13:44 507904 ----a-r- c:\windows\system32\btwapi.dll

2009-08-27 04:01 . 2009-08-27 04:01 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE

2009-08-27 04:01 . 2009-08-27 04:01 30720 ---h--r- c:\windows\CdaC13BA.EXE

2009-08-27 04:01 . 2009-08-27 04:01 112128 ---h--r- c:\windows\CdaC14BA.DLL

2009-08-27 04:01 . 2009-08-27 04:01 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS

2009-08-27 02:59 . 2009-08-27 02:59 152576 ----a-w- c:\documents and settings\Customer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2001-09-28 21:00 . 2007-08-31 17:56 164864 ----a-w- c:\program files\UNWISE.EXE

2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll

2003-05-01 14:36 . 2003-05-01 14:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll

2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll

2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll

2008-02-28 18:30 . 2008-07-13 04:36 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll

2008-02-28 18:33 . 2008-07-13 04:36 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll

2009-08-10 14:44 . 2009-08-10 14:44 3 --sha-w- c:\windows\system32\dadozive.dll

2009-08-17 02:23 . 2009-08-17 02:23 6144 --sha-w- c:\windows\system32\domasuro.dll

2009-08-11 03:41 . 2009-08-11 03:41 3 --sha-w- c:\windows\system32\johuvuki.dll

2009-08-10 15:07 . 2009-08-10 15:07 3 --sha-w- c:\windows\system32\kemukoma.dll

2009-08-10 14:44 . 2009-08-10 14:44 3 --sha-w- c:\windows\system32\kuyijovi.dll

2009-08-11 03:41 . 2009-08-11 03:41 3 --sha-w- c:\windows\system32\legimizu.dll

2009-08-11 03:41 . 2009-08-11 03:41 3 --sha-w- c:\windows\system32\mibedoja.dll

2009-08-10 14:44 . 2009-08-10 14:44 3 --sha-w- c:\windows\system32\yitebuza.dll

2009-08-10 15:07 . 2009-08-10 15:07 3 --sha-w- c:\windows\system32\zasiyove.dll

2009-08-10 15:07 . 2009-08-10 15:07 3 --sha-w- c:\windows\system32\zufihuno.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

"Google Update"="c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-27 133104]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]

"EPSON Stylus Photo R340 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-26 98304]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-12 949376]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"RetroExpress"="c:\progra~1\IOMEGA~1\RETROS~1\RetroExpress.exe" [2008-12-11 9499928]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-20 77824]

"BOC-425"="c:\progra~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 342272]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\UHSPyXdvY.exe" [2009-11-17 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840]

c:\documents and settings\Customer\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2006-7-19 192512]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-6-17 114688]

Iomega StorCenter.lnk - c:\program files\Iomega StorCenter\sohoclient.exe [2009-5-30 1865040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=

"c:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\crack\\airserv-ng.exe"=

"c:\\Program Files\\SolarWinds\\Engineer's Toolset\\Config-Transfer.exe"=

"c:\\Program Files\\SolarWinds\\Engineer's Toolset\\SNMP-Brute-Force-Attack.exe"=

"c:\\Program Files\\Iomega StorCenter\\retrospect\\Retrospect.exe"=

"c:\\Program Files\\Iomega StorCenter\\retrospect\\retrorun.exe"=

"c:\\Documents and Settings\\Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2/15/2007 5:23 PM 15136]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [3/11/2008 10:24 PM 15424]

R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\program files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe [5/21/2008 12:04 PM 1327104]

R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [11/15/2009 5:41 PM 73472]

R2 Bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\BWCDRV.SYS [12/21/2003 3:21 AM 19840]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]

R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 AM 12696]

R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2/2/2007 9:36 AM 37376]

R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2/2/2007 9:37 AM 21504]

R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2/2/2007 10:55 AM 674304]

R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 AM 12696]

R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2/2/2007 10:57 AM 50688]

R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2/2/2007 9:37 AM 30208]

R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 11:18 AM 11552]

R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2/2/2007 9:38 AM 111616]

R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2/23/2007 10:25 AM 11552]

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [5/24/2008 11:34 PM 2368]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/25/2007 9:13 PM 24652]

R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2/21/2007 10:20 PM 11552]

R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2/21/2007 10:39 PM 11552]

R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2/25/2007 8:12 PM 11552]

S3 ATHER;Atheros AR5000 Based Wireless Network Adapter Service;c:\windows\system32\drivers\ar5210b.sys [5/28/2007 12:48 PM 276981]

S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [7/11/2005 12:46 AM 372480]

S3 DW90USB;DW90USB Device;c:\windows\system32\drivers\DW90USB.SYS [6/17/2007 6:50 AM 39096]

S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 10:18 AM 20256]

S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 11:40 AM 25888]

S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 11:43 AM 11552]

S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2/26/2007 12:40 PM 16672]

S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2/22/2007 6:18 PM 11552]

S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2/25/2007 8:12 PM 11552]

S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/23/2007 5:43 PM 11552]

S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2/23/2007 10:32 PM 11552]

S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/25/2007 7:13 PM 11552]

S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/25/2007 7:13 PM 11552]

S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2/22/2007 1:21 PM 11552]

S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 4:20 PM 11552]

S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2/24/2007 1:10 AM 11552]

S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2/25/2007 8:10 PM 11552]

S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [12/18/2006 12:55 PM 14464]

S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [12/18/2006 12:55 PM 151683]

S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2/22/2007 1:26 PM 11552]

S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2/23/2007 5:25 PM 11552]

S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2/15/2007 11:00 PM 11552]

S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2/15/2007 11:00 PM 11552]

S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2/23/2007 10:19 PM 11552]

S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 11:45 AM 20768]

S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [2/24/2007 4:19 AM 11552]

S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2/26/2007 4:31 PM 11552]

S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2/25/2007 7:11 PM 11552]

S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2/24/2007 12:17 AM 11552]

S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2/23/2007 10:05 PM 11552]

S3 nismbusk;nismbusk;c:\windows\system32\drivers\nismbusk.sys [2/22/2007 11:34 AM 86304]

S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2/26/2007 4:31 PM 11552]

S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2/23/2007 10:28 PM 11552]

S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/25/2007 7:13 PM 11552]

S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2/22/2007 8:17 PM 11552]

S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/23/2007 3:14 AM 11552]

S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2/23/2007 8:44 PM 11552]

S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/23/2007 3:54 PM 11552]

S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2/24/2007 12:09 AM 11552]

S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2/22/2007 10:42 AM 11552]

S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2/23/2007 10:25 AM 11552]

S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/25/2007 7:13 PM 11552]

S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/25/2007 7:13 PM 11552]

S3 nixsrkw;nixsrkw;c:\windows\system32\drivers\nixsrkw.sys [2/25/2007 7:13 PM 11552]

S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe [12/5/2007 8:58 AM 61440]

S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2/19/2008 10:01 PM 38016]

S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2/19/2008 9:56 PM 20096]

S3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.sys [2/25/2007 7:11 PM 27936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1284227242-839522115-1003Core.job

- c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 04:22]

2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1284227242-839522115-1003UA.job

- c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 04:22]

2009-11-19 c:\windows\Tasks\SDMsgUpdate (SD).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-03-18 12:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.daemonsearch.com/intl/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

Trusted Zone: aol.com\free

FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\extensions\[email protected]\plugins\npRACtrl.dll

FF - plugin: c:\documents and settings\Customer\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORPHANS REMOVED - - - -

BHO-{ae2fa5e1-9f3b-4347-b4d4-457c66f91400} - wedaleza.dll

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKLM-Run-hovagetab - c:\windows\system32\pipibuju.dll

HKLM-Run-geririzuje - likulida.dll

SharedTaskScheduler-{a5326c12-4dc1-4e68-825e-565914579a55} - c:\windows\system32\pipibuju.dll

SSODL-fufavomud-{a5326c12-4dc1-4e68-825e-565914579a55} - c:\windows\system32\pipibuju.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-18 23:21

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]

@Denied: (Full) (LocalSystem)

"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(704)

c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3740)

c:\program files\Stardock\ObjectDock\DockShellHook.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL

c:\windows\system32\wpdshserviceobj.dll

c:\program files\WinSCP3\DragExt.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Drivers\bwcsrv.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\FolderSize\FolderSizeSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lkcitdl.exe

c:\windows\system32\lkads.exe

c:\windows\system32\lktsrv.exe

c:\program files\National Instruments\MAX\nimxs.exe

c:\program files\National Instruments\Shared\Security\nidmsrv.exe

c:\windows\system32\nisvcloc.exe

c:\program files\National Instruments\Shared\Tagger\tagsrv.exe

c:\program files\Eset\nod32krn.exe

c:\windows\system32\HPZipm12.exe

c:\progra~1\IOMEGA~1\RETROS~1\retrorun.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\Ati2evxx.exe

c:\progra~1\IOMEGA~1\RETROS~1\retrospect.exe

c:\progra~1\MICROS~4\rapimgr.exe

c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001

.

**************************************************************************

.

Completion time: 2009-11-18 23:32 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-19 04:32

Pre-Run: 5,346,938,880 bytes free

Post-Run: 5,858,193,408 bytes free

- - End Of File - - D2B4EF27468E41704552B6D3EE1A90EF

_________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:06:03 AM, on 11/19/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe

C:\WINDOWS\system32\Drivers\bwcsrv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program Files\National Instruments\MAX\nimxs.exe

C:\WINDOWS\system32\nipalsm.exe

C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\nipalsm.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\FixCamera.exe

C:\Program Files\Eset\nod32kui.exe

C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\tsnpstd3.exe

C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

C:\PROGRA~1\IOMEGA~1\RETROS~1\retrospect.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\Iomega StorCenter\sohoclient.exe

C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\DOCUME~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\UHSPyXdvY.exe" /runcleanupscript

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - .DEFAULT Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Default user')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237771195828

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237771178421

O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe

O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe

O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 14053 bytes

_________________________________________________________________________________________________

µTorrent

Acrobat.com

Acrobat.com

Adobe AIR

Adobe AIR

Adobe Common File Installer

Adobe Flash Player 10 Plugin

Adobe Help Center 2.1

Adobe Photoshop Elements 5.0

Adobe Premiere Elements 3.0

Adobe Premiere Elements 3.0

Adobe Premiere Elements 3.0 Templates

Adobe Reader 9.1.3

Adobe Shockwave Player 11.5

ArcSoft VideoImpression 2

Arial CD Ripper v1.9.4

Atheros Wireless LAN MiniPCI card Driver

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

BlackBerry Desktop Software 4.5

BlackBerry Desktop Software 4.5

BlackBerry Device Software Updater

BOClean

CASHFLOW® THE E-GAME

CCleaner (remove only)

CD Wave Editor version 1.96.1

CD/DVD Drive Acoustic Silencer

Cda Product Service - shared component

CommView for WiFi

Conexant AC-Link Audio

COSMOSMotion 2007 SP0

COSMOSWorks 2007 SP0

CrackUtil

Creative Jukebox Driver

Creative Removable Disk Manager

Creative System Information

Creative Zen Micro

Diagram Designer

DWGeditor

DYNACAM Student Edition

Easy Mobile Soft

EDraw Flowchart 3

eDrawings 2007

EduTrader

EPSON Printer Software

EPSON TWAIN 5

eSignal

exPressit S.E. 2.2

Family Tree Maker 2006

ffdshow (remove only)

Folder Size for Windows

Forms Wizard

FOURBAR Student Edition

Foxit PDF Editor

GanttPV 0.7

GE MiniCam Pro

GlowingWorld 3.0

Google Talk Plugin

HijackThis 2.0.2

HP Deskjet Printer Driver Software 9.0

HP Image Zone 4.7

HP Photosmart, Officejet and Deskjet 7.0.A

HP PSC & OfficeJet 4.7

HP PSC & Officejet 4.7 Corporate Edition

ImTOO DVD Ripper Ultimate

Iomega StorCenter

IVI Shared Components

Java 6 Update 15

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

LAME V3.97 + RazorLame 1.1.5a (PfP)

Magic ISO Maker v5.5 (build 0265)

Malwarebytes' Anti-Malware

MathType 5

Memorex exPressit Label Design Studio

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5

Microsoft ActiveSync

Microsoft Money 2007

Microsoft Money Shared Libraries

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable

Motorola Driver Installation

Motorola Phone Tools

Mozilla Firefox (3.5.5)

My HP Games

National Instruments Software

Nero 8 Lite 8.3.6.0

NETGEAR Print Server Utility

Network Stumbler 0.4.0 (remove only)

NOD32 antivirus system

NOD32 FiX v2.1

NotePad++ 3.6

ObjectDock

Olympus Digital Wave Player

PDFCreator

Penguins!

PENTAX USB DISK Device

Personal Financial Statement

Picasa 3

PowerISO

Quicken 2009

QuickTime

RealPlayer

Retrospect Express HD 2.5

Rosetta Stone Version 3

RPM Life Planner

SIXBAR Student Edition

Skypeâ„¢ 4.1

SmartDraw 2008

SnagIt 8

SolarWinds Engineer's Toolset v9

SolidWorks 2007 SP0

SolidWorks Explorer 2007 sp0

SolidWorks Installation Manager

Spybot - Search & Destroy

Star Wars 3D Screensaver 1.3

Systems of Nonlinear Equations

The Rosetta Stone

TI Connect 1.6

TI NoteFolio Creator

TubeTilla Free

TurboTax 2008

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

Update for Outlook Junk Email Filter 2007 (KB924884)

USB Storage Adapter FX (MXO)

Vendedores Perros

VideoLAN VLC media player 0.8.6h

Viewpoint Media Player

Winamp

WinRAR archiver

WinSCP 3.8.2

Yamp v 2.3

Link to post
Share on other sites
Rorschach112

Rorschach112

Posted
Posted

you shouldn't run combofix yourself, it is a dangerous tool to use

Open notepad and copy/paste the text in the quotebox below into it:

Collect::

c:\windows\system32\pool.bin

c:\windows\system32\dadozive.dll

c:\windows\system32\domasuro.dll

c:\windows\system32\johuvuki.dll

c:\windows\system32\kemukoma.dll

c:\windows\system32\kuyijovi.dll

c:\windows\system32\legimizu.dll

c:\windows\system32\mibedoja.dll

c:\windows\system32\yitebuza.dll

c:\windows\system32\zasiyove.dll

c:\windows\system32\zufihuno.dll

Suspect::

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites
deocder

deocder

Posted
  • Author
Posted

Rorschach112, I have followed your directions. Thank you! Here is the output:

ComboFix 09-11-19.05 - Customer 11/19/2009 23:06.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1432 [GMT -5:00]

Running from: c:\documents and settings\Customer\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Customer\Desktop\CFScript.txt

file zipped: c:\windows\system32\dadozive.dll

file zipped: c:\windows\system32\domasuro.dll

file zipped: c:\windows\system32\johuvuki.dll

file zipped: c:\windows\system32\kemukoma.dll

file zipped: c:\windows\system32\kuyijovi.dll

file zipped: c:\windows\system32\legimizu.dll

file zipped: c:\windows\system32\mibedoja.dll

file zipped: c:\windows\system32\pool.bin

file zipped: c:\windows\system32\yitebuza.dll

file zipped: c:\windows\system32\zasiyove.dll

file zipped: c:\windows\system32\zufihuno.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0000\~dec142.tmp

c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp

c:\documents and settings\Customer\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0000\~dec142.tmp

c:\documents and settings\Customer\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp

c:\windows\system32\dadozive.dll

c:\windows\system32\domasuro.dll

c:\windows\system32\johuvuki.dll

c:\windows\system32\kemukoma.dll

c:\windows\system32\kuyijovi.dll

c:\windows\system32\legimizu.dll

c:\windows\system32\mibedoja.dll

c:\windows\system32\pool.bin

c:\windows\system32\yitebuza.dll

c:\windows\system32\zasiyove.dll

c:\windows\system32\zufihuno.dll

.

((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))

.

2009-11-19 02:48 . 2009-11-19 02:48 -------- d-----w- c:\program files\Trend Micro

2009-11-18 05:11 . 2009-11-18 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-18 05:11 . 2009-11-18 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-17 04:49 . 2009-11-17 04:49 -------- d-----w- C:\VundoFix Backups

2009-11-17 04:45 . 2009-11-17 04:45 79488 ----a-w- c:\documents and settings\Customer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-17 02:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-17 02:35 . 2009-11-17 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-17 02:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-17 02:35 . 2009-11-17 02:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-16 05:27 . 2009-11-16 05:27 -------- d-----w- c:\documents and settings\Customer\Application Data\Malwarebytes

2009-11-15 22:41 . 2007-11-26 15:38 238848 ----a-w- c:\windows\UNBOC.EXE

2009-11-15 22:41 . 2007-05-08 22:01 208896 ----a-w- c:\windows\CMDLIC.DLL

2009-11-15 22:41 . 2009-11-15 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BOC425

2009-11-15 22:41 . 2009-11-15 22:41 -------- d-----w- c:\program files\Comodo

2009-11-15 22:39 . 2009-11-15 22:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2009-11-15 22:36 . 2009-11-15 22:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-11-15 22:09 . 2008-04-14 04:13 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2009-11-15 22:09 . 2004-08-04 11:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe

2009-11-15 22:09 . 2004-08-04 11:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe

2009-11-15 22:09 . 2004-08-04 11:00 33792 -c--a-w- c:\windows\system32\dllcache\controt.dll

2009-11-15 22:09 . 2004-08-04 11:00 20480 -c--a-w- c:\windows\system32\dllcache\counters.dll

2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\windows\system32\xircom

2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\windows\system32\wbem\snmp

2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\program files\microsoft frontpage

2009-11-15 22:07 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-11-15 22:05 . 2008-04-14 11:41 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll

2009-11-15 22:05 . 2008-04-14 11:41 7168 ----a-w- c:\windows\system32\bitsprx4.dll

2009-11-15 21:44 . 2008-04-14 03:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys

2009-11-15 21:36 . 2004-08-04 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-11-15 21:36 . 2004-08-04 11:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-11-15 21:34 . 2009-11-15 21:34 -------- d-s---w- c:\windows\system32\config\systemprofile\History

2009-11-15 16:32 . 2009-11-15 16:32 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0

2009-11-15 16:32 . 2009-11-15 16:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0

2009-11-15 16:16 . 2009-11-15 22:04 -------- d-----w- c:\windows\system32\oobe

2009-11-15 16:16 . 2009-11-15 16:26 -------- d-----w- c:\windows\L2Schemas

2009-11-15 16:16 . 2009-11-15 16:26 -------- d-----w- c:\windows\system32\scripting

2009-11-10 02:09 . 2009-11-10 02:16 -------- d-----w- c:\program files\CrackUtil

2009-11-09 01:50 . 2009-11-09 01:50 53248 ----a-r- c:\documents and settings\Customer\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe

2009-11-08 04:18 . 2009-11-08 04:38 -------- d-----w- c:\windows\system32\Adobe

2009-11-04 15:30 . 2009-11-04 15:30 16384 ----a-w- c:\documents and settings\Customer\Application Data\blank.exe

2009-10-31 22:04 . 2009-11-09 01:45 256 ----a-w- c:\documents and settings\Customer\pool.bin

2009-10-31 21:39 . 2009-10-31 21:39 -------- d-----w- c:\documents and settings\Customer\Application Data\Research In Motion

2009-10-31 21:22 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys

2009-10-31 21:21 . 2009-11-09 01:50 -------- d-----w- c:\program files\Common Files\Research In Motion

2009-10-31 21:20 . 2009-10-31 21:20 -------- d-----w- c:\program files\Research In Motion

2009-10-29 03:08 . 2009-10-29 03:08 -------- d-----w- c:\program files\Rosetta Stone

2009-10-29 03:07 . 2009-10-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RosettaStoneLtdBackup

2009-10-29 02:57 . 2009-10-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2009-10-29 02:56 . 2009-10-29 02:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2009-10-29 02:55 . 2009-10-29 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone

2009-10-23 16:55 . 2009-10-23 16:56 -------- d-----w- c:\documents and settings\Customer\tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-20 04:22 . 2009-05-30 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp

2009-11-20 03:59 . 2007-03-04 00:25 -------- d-----w- c:\program files\ESET

2009-11-15 22:36 . 2007-03-03 06:36 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-15 22:21 . 2007-03-08 23:32 109304 ----a-w- c:\documents and settings\Customer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-15 22:02 . 2007-03-03 06:33 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-12 00:33 . 2007-03-03 00:15 102400 ----a-w- c:\windows\DUMP66b8.tmp

2009-11-10 01:50 . 2007-03-04 00:16 -------- d-----w- c:\documents and settings\Customer\Application Data\uTorrent

2009-11-08 06:31 . 2008-06-23 17:03 -------- d-----w- c:\documents and settings\Customer\Application Data\dvdcss

2009-11-04 16:16 . 2009-11-04 16:16 4527419 ----a-w- c:\documents and settings\Customer\Application Data\Black Eyed Peas - Meet Me Halfway.zip

2009-09-24 15:09 . 2009-10-01 01:22 3858432 ----a-w- c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\extensions\[email protected]\plugins\npRACtrl.dll

2009-08-30 13:44 . 2009-08-30 13:44 507904 ----a-r- c:\windows\system32\btwapi.dll

2009-08-27 04:01 . 2009-08-27 04:01 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE

2009-08-27 04:01 . 2009-08-27 04:01 30720 ---h--r- c:\windows\CdaC13BA.EXE

2009-08-27 04:01 . 2009-08-27 04:01 112128 ---h--r- c:\windows\CdaC14BA.DLL

2009-08-27 04:01 . 2009-08-27 04:01 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS

2009-08-27 02:59 . 2009-08-27 02:59 152576 ----a-w- c:\documents and settings\Customer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2001-09-28 21:00 . 2007-08-31 17:56 164864 ----a-w- c:\program files\UNWISE.EXE

2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll

2003-05-01 14:36 . 2003-05-01 14:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll

2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll

2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll

2008-02-28 18:30 . 2008-07-13 04:36 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll

2008-02-28 18:33 . 2008-07-13 04:36 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-11-19_04.21.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-20 04:20 . 2009-11-20 04:20 16384 c:\windows\Temp\Perflib_Perfdata_b8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

"Google Update"="c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-27 133104]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]

"EPSON Stylus Photo R340 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-26 98304]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"RetroExpress"="c:\progra~1\IOMEGA~1\RETROS~1\RetroExpress.exe" [2008-12-11 9499928]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-20 77824]

"BOC-425"="c:\progra~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 342272]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\UHSPyXdvY.exe" [2009-11-17 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840]

c:\documents and settings\Customer\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2006-7-19 192512]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-6-17 114688]

Iomega StorCenter.lnk - c:\program files\Iomega StorCenter\sohoclient.exe [2009-5-30 1865040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=

"c:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\crack\\airserv-ng.exe"=

"c:\\Program Files\\SolarWinds\\Engineer's Toolset\\Config-Transfer.exe"=

"c:\\Program Files\\SolarWinds\\Engineer's Toolset\\SNMP-Brute-Force-Attack.exe"=

"c:\\Program Files\\Iomega StorCenter\\retrospect\\Retrospect.exe"=

"c:\\Program Files\\Iomega StorCenter\\retrospect\\retrorun.exe"=

"c:\\Documents and Settings\\Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2/15/2007 5:23 PM 15136]

R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\program files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe [5/21/2008 12:04 PM 1327104]

R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [11/15/2009 5:41 PM 73472]

R2 Bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\BWCDRV.SYS [12/21/2003 3:21 AM 19840]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]

R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 AM 12696]

R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2/2/2007 9:36 AM 37376]

R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2/2/2007 9:37 AM 21504]

R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2/2/2007 10:55 AM 674304]

R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 AM 12696]

R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2/2/2007 10:57 AM 50688]

R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2/2/2007 9:37 AM 30208]

R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 11:18 AM 11552]

R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2/2/2007 9:38 AM 111616]

R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2/23/2007 10:25 AM 11552]

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [5/24/2008 11:34 PM 2368]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/25/2007 9:13 PM 24652]

R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2/21/2007 10:20 PM 11552]

R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2/21/2007 10:39 PM 11552]

R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2/25/2007 8:12 PM 11552]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/24/2007 8:13 PM 721904]

S3 ATHER;Atheros AR5000 Based Wireless Network Adapter Service;c:\windows\system32\drivers\ar5210b.sys [5/28/2007 12:48 PM 276981]

S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [7/11/2005 12:46 AM 372480]

S3 DW90USB;DW90USB Device;c:\windows\system32\drivers\DW90USB.SYS [6/17/2007 6:50 AM 39096]

S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 10:18 AM 20256]

S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 11:40 AM 25888]

S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 11:43 AM 11552]

S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2/26/2007 12:40 PM 16672]

S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2/22/2007 6:18 PM 11552]

S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2/25/2007 8:12 PM 11552]

S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/23/2007 5:43 PM 11552]

S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2/23/2007 10:32 PM 11552]

S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/25/2007 7:13 PM 11552]

S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/25/2007 7:13 PM 11552]

S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2/22/2007 1:21 PM 11552]

S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 4:20 PM 11552]

S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2/24/2007 1:10 AM 11552]

S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2/25/2007 8:10 PM 11552]

S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [12/18/2006 12:55 PM 14464]

S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [12/18/2006 12:55 PM 151683]

S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2/22/2007 1:26 PM 11552]

S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2/23/2007 5:25 PM 11552]

S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2/15/2007 11:00 PM 11552]

S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2/15/2007 11:00 PM 11552]

S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2/23/2007 10:19 PM 11552]

S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 11:45 AM 20768]

S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [2/24/2007 4:19 AM 11552]

S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2/26/2007 4:31 PM 11552]

S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2/25/2007 7:11 PM 11552]

S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2/24/2007 12:17 AM 11552]

S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2/23/2007 10:05 PM 11552]

S3 nismbusk;nismbusk;c:\windows\system32\drivers\nismbusk.sys [2/22/2007 11:34 AM 86304]

S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2/26/2007 4:31 PM 11552]

S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2/23/2007 10:28 PM 11552]

S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/25/2007 7:13 PM 11552]

S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2/22/2007 8:17 PM 11552]

S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/23/2007 3:14 AM 11552]

S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2/23/2007 8:44 PM 11552]

S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/23/2007 3:54 PM 11552]

S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2/24/2007 12:09 AM 11552]

S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2/22/2007 10:42 AM 11552]

S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2/23/2007 10:25 AM 11552]

S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/25/2007 7:13 PM 11552]

S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/25/2007 7:13 PM 11552]

S3 nixsrkw;nixsrkw;c:\windows\system32\drivers\nixsrkw.sys [2/25/2007 7:13 PM 11552]

S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe [12/5/2007 8:58 AM 61440]

S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2/19/2008 10:01 PM 38016]

S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2/19/2008 9:56 PM 20096]

S3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.sys [2/25/2007 7:11 PM 27936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK

.

Contents of the 'Scheduled Tasks' folder

2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1284227242-839522115-1003Core.job

- c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 04:22]

2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1284227242-839522115-1003UA.job

- c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 04:22]

2009-11-20 c:\windows\Tasks\SDMsgUpdate (SD).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-03-18 12:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.daemonsearch.com/intl/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: aol.com\free

FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\extensions\[email protected]\plugins\npRACtrl.dll

FF - plugin: c:\documents and settings\Customer\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-19 23:20

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]

@Denied: (Full) (LocalSystem)

"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2540)

c:\program files\Stardock\ObjectDock\DockShellHook.dll

c:\windows\system32\ieframe.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL

c:\windows\system32\wpdshserviceobj.dll

c:\program files\WinSCP3\DragExt.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Drivers\bwcsrv.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\FolderSize\FolderSizeSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lkcitdl.exe

c:\windows\system32\lkads.exe

c:\windows\system32\lktsrv.exe

c:\program files\National Instruments\MAX\nimxs.exe

c:\program files\National Instruments\Shared\Security\nidmsrv.exe

c:\windows\system32\nisvcloc.exe

c:\program files\National Instruments\Shared\Tagger\tagsrv.exe

c:\windows\system32\HPZipm12.exe

c:\progra~1\IOMEGA~1\RETROS~1\retrorun.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\IOMEGA~1\RETROS~1\retrospect.exe

c:\progra~1\MICROS~4\rapimgr.exe

c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001

.

**************************************************************************

.

Completion time: 2009-11-19 23:31 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-20 04:31

ComboFix2.txt 2009-11-19 04:32

Pre-Run: 5,930,323,968 bytes free

Post-Run: 5,891,457,024 bytes free

- - End Of File - - EA371C67F515C8D1B1F4AC7BB66A5FF3

Link to post
Share on other sites
Rorschach112

Rorschach112

Posted
Posted

hi

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Link to post
Share on other sites
deocder

deocder

Posted
  • Author
Posted

I followed your directions and here's what came out:

Malwarebytes' Anti-Malware 1.41

Database version: 3204

Windows 5.1.2600 Service Pack 3

11/20/2009 9:30:16 PM

mbam-log-2009-11-20 (21-30-16).txt

Scan type: Quick Scan

Objects scanned: 123226

Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, November 21, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, November 21, 2009 01:52:22

Records in database: 3252670

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Objects scanned: 170033

Threats found: 9

Infected objects found: 30

Suspicious objects found: 0

Scan duration: 04:06:35

File name / Threat / Threats count

C:\Qoobox\Quarantine\C\WINDOWS\system32\duyasuwi.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\kamukufo.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\likulida.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\nuzadayi.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\pipibuju.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\rumapabo.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\siwipuyo.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\vetuyija.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\vikewami.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\zetojusu.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000157.dll Infected: Trojan.Win32.Monder.cvau 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000158.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000159.dll Infected: Trojan.Win32.Genome.bnjd 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000169.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000309.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000313.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000314.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000315.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000316.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000317.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000318.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000320.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000321.dll Infected: Packed.Win32.TDSS.aa 1

C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000323.dll Infected: Packed.Win32.TDSS.aa 1

D:\PROGRAMS\Crossloop\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1

D:\PROGRAMS\Crossloop\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

D:\PROGRAMS\mbrfix\MbrFix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1

D:\PROGRAMS\ultravnc\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1

D:\PROGRAMS\vncserver\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1

D:\PROGRAMS\vncserver\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1

Selected area has been scanned.

Link to post
Share on other sites
Rorschach112

Rorschach112

Posted
Posted

hi

CLICK HERE to download the HijackThis Installer:

  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Link to post
Share on other sites
deocder

deocder

Posted
  • Author
Posted

Here is the Hijack This log file:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:52:11 AM, on 11/22/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe

C:\WINDOWS\system32\Drivers\bwcsrv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program Files\National Instruments\MAX\nimxs.exe

C:\WINDOWS\system32\nipalsm.exe

C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\nipalsm.exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\WINDOWS\FixCamera.exe

C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\tsnpstd3.exe

C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\IOMEGA~1\RETROS~1\retrospect.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\Iomega StorCenter\sohoclient.exe

C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001

C:\Program Files\Java\jre6\bin\java.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\UHSPyXdvY.exe" /runcleanupscript

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - .DEFAULT Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Default user')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237771195828

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237771178421

O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe

O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\IOMEGA~1\RETROS~1\rthlpsvc.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe

O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 14169 bytes

Link to post
Share on other sites
Rorschach112

Rorschach112

Posted
Posted

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :

http://www.adobe.com/products/acrobat/readstep2.html

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

    [*]Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing