ashkel

Thank you for looking into my problems. Attached is the requested log file


ComboFix 08-12-06.03 - Administrator 2008-12-06 11:14:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.284 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\amiritip.ini
c:\windows\system32\awefulit.ini
c:\windows\system32\drivers\fad.sys
c:\windows\system32\erikatih.ini
c:\windows\system32\feyavezi.dll
c:\windows\system32\fikitiku.dll
c:\windows\system32\gitalobo.dll
c:\windows\system32\hirisaki.dll
c:\windows\system32\hukodare.dll
c:\windows\system32\irukajuk.ini
c:\windows\system32\isabegif.ini
c:\windows\system32\izevayef.ini
c:\windows\system32\jedevihi.dll
c:\windows\system32\kesibahi.dll
c:\windows\system32\muvetuvo.dll
c:\windows\system32\obeyisak.ini
c:\windows\system32\ovutevum.ini
c:\windows\system32\pirabumo.dll
c:\windows\system32\pitirima.dll
c:\windows\system32\povisema.dll
c:\windows\system32\radayogu.dll
c:\windows\system32\sapayuse.dll
c:\windows\system32\sikizela.dll
c:\windows\system32\tozujozo.dll
c:\windows\system32\ugoyadar.ini
c:\windows\system32\ukitikif.ini
c:\windows\system32\vadihihe.dll
c:\windows\system32\wilubore.dll
c:\windows\system32\worukehe.dll
c:\windows\system32\wuwijaba.dll
c:\windows\system32\zenimoru.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-04 21:18 . 2008-12-04 21:27 250 --a------ c:\windows\gmer.ini
2008-11-30 00:42 . 2008-11-30 00:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
2008-11-29 02:07 . 2008-11-30 10:32 <DIR> d-------- c:\program files\FixTunes
2008-11-29 01:45 . 2008-11-29 01:45 <DIR> d-------- c:\program files\Google
2008-11-29 01:45 . 2008-11-30 10:32 <DIR> d-------- c:\program files\FlashGet
2008-11-28 16:54 . 2008-11-30 00:23 <DIR> d-------- c:\program files\Zortam Mp3 Media Studio
2008-11-28 16:19 . 2008-11-28 16:19 <DIR> d-------- c:\program files\TagScanner
2008-11-27 13:23 . 2008-11-27 13:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-27 13:22 . 2008-11-27 13:22 <DIR> d-------- c:\program files\iTunes
2008-11-27 13:22 . 2008-11-27 13:22 <DIR> d-------- c:\program files\iPod
2008-11-27 13:22 . 2008-11-27 13:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 13:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-27 13:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-27 13:21 . 2008-11-27 13:21 <DIR> d-------- c:\program files\Bonjour
2008-11-27 13:20 . 2008-11-27 13:22 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-27 13:20 . 2008-11-27 13:21 <DIR> d-------- c:\program files\QuickTime
2008-11-27 13:20 . 2008-11-27 13:20 <DIR> d-------- c:\program files\Apple Software Update
2008-11-27 13:20 . 2008-11-27 13:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-27 13:19 . 2008-11-27 13:22 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-27 13:19 . 2008-11-27 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-24 23:20 . 2008-11-24 23:39 <DIR> d-------- c:\program files\MemoriesOnTV4
2008-11-24 23:20 . 2006-10-02 12:38 10,368 --a------ c:\windows\system32\drivers\pfc.sys
2008-11-12 09:50 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 09:49 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 19:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2008-12-06 19:20 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-06 18:55 --------- d-----w c:\documents and settings\Administrator\Application Data\U3
2008-12-06 17:42 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2008-11-30 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-30 07:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-13 05:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-10 21:23 --------- d-----w c:\documents and settings\Administrator\Application Data\ZoomBrowser EX
2008-11-04 02:43 --------- d-----w c:\program files\Alwil Software
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 16:48 --------- d-----w c:\documents and settings\NetworkService\Application Data\Skype
2008-10-23 00:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-23 00:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 17:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-19 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom
2008-10-19 17:25 --------- d-----w c:\program files\TomTom HOME 2
2008-10-19 17:21 --------- d-----w c:\documents and settings\Administrator\Application Data\TomTom
2008-10-18 22:16 --------- d-----w c:\program files\Windows Defender
2008-10-17 20:25 --------- d-----w c:\documents and settings\NetworkService\Application Data\AdobeUM
2008-10-17 08:01 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-10-17 08:00 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-17 06:51 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-17 06:50 --------- d-----w c:\program files\Lavasoft
2008-10-17 06:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-29 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-06-19 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-09-01 221184]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-09-07 434176]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-09-07 05:39 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-08-15 42168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-08-15 25214]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-08-16 1528880]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-03 111184]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-08-15 58048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-03 20560]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b28aae7-9e02-11dd-8e47-000874b6ea95}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-30 c:\windows\Tasks\At1.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-03 c:\windows\Tasks\At10.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-06 c:\windows\Tasks\At11.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-06 c:\windows\Tasks\At12.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-03 c:\windows\Tasks\At13.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-03 c:\windows\Tasks\At14.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-03 c:\windows\Tasks\At15.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-04 c:\windows\Tasks\At16.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-04 c:\windows\Tasks\At17.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-04 c:\windows\Tasks\At18.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-04 c:\windows\Tasks\At19.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-11-30 c:\windows\Tasks\At2.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-06 c:\windows\Tasks\At20.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-06 c:\windows\Tasks\At21.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-06 c:\windows\Tasks\At22.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-06 c:\windows\Tasks\At23.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-06 c:\windows\Tasks\At24.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-11-29 c:\windows\Tasks\At3.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-10-17 c:\windows\Tasks\At4.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-10-17 c:\windows\Tasks\At5.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-10-17 c:\windows\Tasks\At6.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-10-17 c:\windows\Tasks\At7.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-05 c:\windows\Tasks\At8.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-05 c:\windows\Tasks\At9.job
- c:\windows\system32\7Jv5vJhh.exe []

2008-12-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{d513cef2-7fe9-44a6-bc7c-56ba4a5a15f7} - c:\windows\system32\zenimoru.dll
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 11:20:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(7900)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2008-12-06 11:25:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 19:25:24

Pre-Run: 456,126,844,928 bytes free
Post-Run: 456,690,311,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

270 --- E O F --- 2008-11-27 17:20:32

Attached Files

log.txt (15.5 KB, 1 views)