Tech Support Forum banner
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
23 Posts
Discussion Starter · #1 · (Edited)
I hope I did the right thing. I was a little confused. :p

Anyway, my computer's mostly been redirecting my Google searches to completely different things (on occasion), telling me that normal sites [such as Hot Topic's website, Amazon, Jinx.com, paypal, eBay, etc.) have a 'Secure Connection Fail'.
They usually let me into the site anyway, but the page gets all basic and everything but the text and a few images won't show up.

Whatever I have also disabled Malwarebytes, but I fixed that by renaming parts of the file. However, Malwarebytes still doesn't seem able to remove/completely remove anything. It'll find 8-12 malicious files every time I run a scan, but it'll just be back the next time I run it.

The virus/malware also causes popups to come up every 20-50 pages or so, and asks me to install Adobe Flash Player.


So anyway.
Here's my DDS log:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Victoria Roach at 18:38:49.07 on Sun 01/02/2005
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.217 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Victoria Roach\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [<NO NAME>]
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [dumivasoz] Rundll32.exe "c:\windows\system32\rezatovu.dll",a
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\explorer.exe" /runcleanupscript
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: mimihahu.dll c:\windows\system32\rezatovu.dll
SSODL: fuvivuyek - {d0e7a2c3-d567-4431-92c1-fabdba76acbc} - No File
SSODL: gajiwalez - {8eec73d2-1b63-4a5b-9905-2de292e8dafe} - c:\windows\system32\rezatovu.dll
STS: {d0e7a2c3-d567-4431-92c1-fabdba76acbc} - No File
STS: tokatiluy: {8eec73d2-1b63-4a5b-9905-2de292e8dafe} - c:\windows\system32\rezatovu.dll
LSA: Notification Packages = scecli vozoyimi.dll sofifowo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\victor~1\applic~1\mozilla\firefox\profiles\wgriybhr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - component: c:\documents and settings\victoria roach\application data\mozilla\firefox\profiles\wgriybhr.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-7-8 98984]

=============== Created Last 30 ================

2009-11-15 12:15:03 0 d-----w- c:\program files\Gamevance
2009-11-05 13:59:41 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-11-05 13:59:41 92160 ----a-w- c:\windows\system32\fuusd.dll
2009-10-31 15:32:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 15:32:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 15:32:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 15:05:45 0 d-----w- c:\program files\a-squared Free
2009-10-25 07:00:45 0 d-----w- c:\program files\MSXML 4.0
2009-10-23 23:13:27 256 ----a-w- c:\windows\system32\pool.bin
2009-10-23 23:13:24 0 d-----w- c:\docume~1\victor~1\applic~1\Research In Motion
2009-10-23 23:01:05 0 d-----w- c:\program files\common files\Sonic Shared
2009-10-23 23:01:03 0 d-----w- c:\program files\Roxio
2009-10-23 22:53:57 0 d-----w- c:\windows\RegisteredPackages
2009-10-23 22:52:09 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-10-23 22:50:17 0 d-----w- c:\program files\common files\Research In Motion
2009-10-23 22:50:10 0 d-----w- c:\program files\Research In Motion
2009-10-23 22:43:50 0 d-sh--w- c:\windows\ftpcache
2009-09-27 23:20:04 420456 ----a-w- c:\windows\system32\nvcpl.cpl
2009-09-27 23:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 23:20:00 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 21:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-18 09:53:24 239 ----a-w- c:\windows\Trellian.ini
2009-09-18 07:44:34 0 d-----w- c:\docume~1\victor~1\applic~1\Trellian
2009-09-11 09:38:55 0 d-s---w- c:\documents and settings\victoria roach\UserData
2009-09-11 09:24:46 0 ----a-w- c:\windows\SETUP32.INI
2009-09-02 03:22:22 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-09-02 03:22:22 99328 ----a-w- c:\windows\system32\srusd.dll
2009-09-02 03:22:12 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-09-02 03:22:12 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-09-02 03:22:09 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2009-09-02 03:22:09 71680 ----a-w- c:\windows\system32\fnfilter.dll
2009-08-22 01:59:56 0 d-----w- c:\windows\system32\Adobe
2009-08-19 13:55:19 91648 --sha-w- c:\windows\system32\podovovi.dll
2009-08-19 13:55:19 38400 --sha-w- c:\windows\system32\lapoyepe.dll
2009-08-19 01:55:45 52224 --sha-w- c:\windows\system32\voyutepu.dll
2009-08-19 01:55:45 52224 --sha-w- c:\windows\system32\sofifowo.dll
2009-08-19 01:55:45 52224 --sha-w- c:\windows\system32\mimihahu.dll
2009-08-19 01:55:13 45568 --sha-w- c:\windows\system32\hedizeji.dll
2009-08-19 01:55:12 52224 --sha-w- c:\windows\system32\jidizone.dll
2009-08-19 01:55:12 38912 --sha-w- c:\windows\system32\huremili.dll
2009-08-18 13:55:32 52736 --sha-w- c:\windows\system32\yuzubayi.dll.tmp
2009-08-18 13:55:32 52736 --sha-w- c:\windows\system32\nipuwoku.dll.tmp
2009-08-18 13:55:32 52736 --sha-w- c:\windows\system32\holusifo.dll.tmp
2009-08-18 13:54:56 91648 --sha-w- c:\windows\system32\keveyate.dll
2009-08-18 13:54:56 52736 --sha-w- c:\windows\system32\kalesere.dll
2009-08-18 13:54:56 38400 --sha-w- c:\windows\system32\bodawusi.dll
2009-08-18 01:54:43 91136 --sha-w- c:\windows\system32\bufufodu.dll
2009-08-18 01:54:43 37888 --sha-w- c:\windows\system32\dafamupu.dll
2009-08-17 13:54:22 91136 --sha-w- c:\windows\system32\poliwape.dll
2009-08-17 13:54:22 38400 --sha-w- c:\windows\system32\ludiyofu.dll
2009-08-17 01:54:08 38400 --sha-w- c:\windows\system32\bayunivu.dll
2009-08-16 13:53:56 37888 --sha-w- c:\windows\system32\gofozinu.dll
2009-08-16 01:53:31 38400 --sha-w- c:\windows\system32\nalejida.dll
2009-08-15 13:21:26 38400 --sha-w- c:\windows\system32\retileba.dll
2009-08-15 01:21:07 37888 --sha-w- c:\windows\system32\fogayopo.dll
2009-08-14 13:20:48 89600 --sha-w- c:\windows\system32\puguyehi.dll
2009-08-14 13:20:48 37888 --sha-w- c:\windows\system32\zahasila.dll
2009-08-14 01:20:26 89600 --sha-w- c:\windows\system32\zukumuha.dll
2009-08-14 01:20:26 38400 --sha-w- c:\windows\system32\wosesara.dll
2009-08-13 18:57:18 39424 --sha-w- c:\windows\system32\rubolezo.dll
2009-08-13 18:56:07 61440 --sha-w- c:\windows\system32\kopurege.dll
2009-08-13 18:56:07 39424 --sha-w- c:\windows\system32\wiyoyova.dll
2009-08-13 17:57:14 51200 --sha-w- c:\windows\system32\lusanuwo.dll.tmp
2009-08-13 17:57:14 51200 --sha-w- c:\windows\system32\karozeza.dll.tmp
2009-08-13 17:57:14 51200 --sha-w- c:\windows\system32\hebebubo.dll.tmp
2009-08-13 17:56:37 89600 --sha-w- c:\windows\system32\pukepoda.dll
2009-08-13 17:56:37 51200 --sha-w- c:\windows\system32\hunazazi.dll
2009-08-13 17:56:37 39424 --sha-w- c:\windows\system32\vigodite.dll
2009-08-13 17:11:30 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-13 17:11:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-13 17:10:58 0 d-----w- c:\program files\iPod
2009-08-13 17:10:53 0 d-----w- c:\program files\iTunes
2009-08-13 17:10:53 0 d-----w- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-13 17:10:27 0 d-----w- c:\program files\Bonjour
2009-08-13 17:08:48 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-13 17:08:48 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-13 13:20:03 89600 --sha-w- c:\windows\system32\lewiyidi.dll
2009-08-13 13:20:03 37888 --sha-w- c:\windows\system32\makezimu.dll
2009-08-10 05:04:31 89088 --sha-w- c:\windows\system32\fiyusuka.dll
2009-08-10 05:04:31 51712 --sha-w- c:\windows\system32\sibinogo.dll
2009-08-10 05:04:31 37888 --sha-w- c:\windows\system32\vomeduse.dll
2009-08-09 17:03:59 51712 --sha-w- c:\windows\system32\pinayeze.dll
2009-08-09 17:03:59 37888 --sha-w- c:\windows\system32\jisideso.dll
2009-08-08 17:03:11 37888 --sha-w- c:\windows\system32\wojifoge.dll
2009-08-08 05:02:56 38912 --sha-w- c:\windows\system32\vesefaha.dll
2009-08-07 17:02:38 90112 --sha-w- c:\windows\system32\sosavojo.dll
2009-08-07 17:02:38 38912 --sha-w- c:\windows\system32\tafenugo.dll
2009-08-07 05:02:21 90112 --sha-w- c:\windows\system32\kunuteva.dll
2009-08-07 05:02:21 37888 --sha-w- c:\windows\system32\weduriwi.dll
2009-08-06 17:01:59 89088 --sha-w- c:\windows\system32\yigosoku.dll
2009-08-06 17:01:59 38912 --sha-w- c:\windows\system32\wokowizi.dll
2009-08-06 05:01:45 38912 --sha-w- c:\windows\system32\huhovodi.dll
2009-08-05 17:01:37 37888 --sha-w- c:\windows\system32\givufipa.dll
2009-08-05 05:01:19 89088 --sha-w- c:\windows\system32\mirekona.dll
2009-08-05 05:01:19 38400 --sha-w- c:\windows\system32\tohazite.dll
2009-08-04 17:01:41 51200 --sha-w- c:\windows\system32\zahatahe.dll.tmp
2009-08-04 17:01:41 51200 --sha-w- c:\windows\system32\hivotugu.dll.tmp
2009-08-04 17:01:06 51200 --sha-w- c:\windows\system32\lazahuji.dll
2009-08-04 02:00:10 37888 --sha-w- c:\windows\system32\wovahuzo.dll
2009-08-04 02:00:05 51200 --sha-w- c:\windows\system32\luwuwuti.dll.tmp
2009-08-04 02:00:05 51200 --sha-w- c:\windows\system32\hitoremi.dll.tmp
2009-08-03 17:43:30 0 d-----w- c:\program files\common files\DivX Shared
2009-08-03 17:43:28 0 d-----w- c:\program files\DivX
2009-08-01 11:18:05 0 d-----w- c:\windows\system32\NtmsData
2009-07-31 18:57:58 88064 --sha-w- c:\windows\system32\bitanazo.dll
2009-07-31 06:57:23 86016 --sha-w- c:\windows\system32\witasoda.dll
2009-07-31 06:52:07 6456 ---ha-w- c:\windows\system32\laduhopa
2009-07-30 07:02:13 4512 ----a-w- c:\windows\imsins.BAK
2009-07-24 10:28:17 0 d-----w- c:\documents and settings\victoria roach\AbiSuite
2009-07-24 10:27:56 0 d-----w- c:\program files\AbiSuite2
2009-07-14 10:09:39 0 d-----w- c:\docume~1\victor~1\applic~1\Malwarebytes
2009-07-14 10:09:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-14 09:59:46 0 d-----w- c:\program files\MSXML 6.0
2009-07-13 12:20:10 0 d-----w- c:\program files\Winnydows
2009-07-13 12:01:47 0 d-----w- c:\windows\system32\XPSViewer
2009-07-13 11:59:47 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-13 10:34:51 0 d-----w- c:\docume~1\victor~1\applic~1\Red Kawa
2009-07-13 10:33:40 0 d-----w- c:\program files\AviSynth 2.5
2009-07-13 10:33:29 0 d-----w- c:\program files\Red Kawa
2009-07-13 06:53:56 0 d-----w- c:\docume~1\victor~1\applic~1\Desktopicon
2009-07-13 06:53:50 0 d-----w- c:\program files\Unlocker
2009-07-13 06:35:54 0 d-----w- c:\docume~1\victor~1\applic~1\Jasc
2009-07-11 22:06:38 0 d-----w- c:\windows\system32\CatRoot_bak
2009-07-11 07:19:27 0 d-----w- c:\program files\Sherlock Software
2009-07-10 07:14:47 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-10 06:52:25 0 d-----w- c:\program files\CCleaner
2009-07-10 06:39:27 0 d-----w- c:\program files\common files\Adobe Systems Shared
2009-07-09 18:56:55 0 d-----w- c:\docume~1\victor~1\applic~1\LimeWire
2009-07-09 18:54:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-07-09 18:54:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 18:52:15 0 d-----w- c:\program files\LimeWire
2009-07-09 15:31:36 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-09 07:26:50 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-09 07:26:50 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-09 07:17:31 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-09 07:17:30 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-09 07:17:29 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-09 07:17:29 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-09 07:00:30 0 d-----w- c:\windows\system32\PreInstall
2009-07-09 07:00:29 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-09 07:00:28 0 d--h--w- c:\windows\$hf_mig$
2009-07-09 05:25:09 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-09 05:25:06 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-08 15:31:28 0 d-----w- c:\documents and settings\all users\Lx_cats
2009-07-08 15:30:48 0 d-----w- C:\logs
2009-07-08 15:30:20 40960 ----a-w- c:\windows\system32\lxdnvs.dll
2009-07-08 15:30:18 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2009-07-08 15:30:11 77304 ----a-w- c:\windows\system32\lxdnprpr.chm
2009-07-08 15:29:26 0 d-----w- c:\program files\Lexmark Toolbar
2009-07-08 15:29:04 0 d-----w- c:\program files\Lexmark 2600 Series
2009-07-08 15:00:44 176128 ------w- c:\windows\system32\nvuide.exe
2009-07-08 15:00:44 1537 ------w- c:\windows\system32\nvide.nvu
2009-07-08 15:00:25 3632 ----a-w- c:\windows\system32\nvnrm.nvu
2009-07-08 15:00:25 176128 ----a-w- c:\windows\system32\nvunrm.exe
2009-07-08 15:00:25 100480 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2009-07-08 15:00:24 176128 ----a-w- c:\windows\system32\nvusmb.exe
2009-07-08 15:00:24 1391 ----a-w- c:\windows\system32\nvsmb.nvu
2009-07-08 15:00:07 0 d-----w- c:\windows\system32\ReinstallBackups
2009-07-08 14:59:58 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 14:58:23 0 d-----w- C:\cabs
2009-07-08 13:16:13 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-07-08 12:59:30 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-07-08 12:51:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-08 12:51:51 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-08 12:51:45 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-08 12:51:43 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-08 12:50:36 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-07-08 12:50:34 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-07-08 12:50:34 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-07-08 12:44:01 60 ----a-w- c:\windows\system32\SYSDRV.DAT
2009-07-08 12:43:20 359936 ----a-w- c:\windows\system32\wzcsvc.dll
2009-07-08 12:43:19 51712 ----a-w- c:\windows\system32\wzcsapi.dll
2009-07-08 12:43:14 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2009-07-08 12:43:07 3200 ----a-w- c:\windows\system32\wowfax.dll
2009-07-08 12:41:58 323641 ----a-w- c:\windows\system32\usrdtea.dll
2009-07-08 12:41:54 77890 ----a-w- c:\windows\system32\usrdpa.dll
2009-07-08 12:41:51 69699 ----a-w- c:\windows\system32\usrcoina.dll
2009-07-08 12:41:47 61500 ----a-w- c:\windows\system32\usrcntra.dll
2009-07-08 12:41:45 74240 ----a-w- c:\windows\system32\usbui.dll
2009-07-08 12:41:40 8192 ----a-w- c:\windows\system32\tsbyuv.dll
2009-07-08 12:41:35 8192 ----a-w- c:\windows\system32\streamci.dll
2009-07-08 12:41:34 74752 ----a-w- c:\windows\system32\storprop.dll
2009-07-08 12:41:30 72192 ----a-w- c:\windows\system32\sprio800.dll
2009-07-08 12:41:26 70656 ----a-w- c:\windows\system32\sprio600.dll
2009-07-08 12:41:19 69632 ----a-w- c:\windows\system32\spnike.dll
2009-07-08 12:41:02 35328 ----a-w- c:\windows\system32\pid.dll
2009-07-08 12:41:02 15360 ----a-w- c:\windows\system32\pjlmon.dll
2009-07-08 12:40:54 157696 ----a-w- c:\windows\system32\paqsp.dll
2009-07-08 12:40:36 5900416 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2009-07-08 12:40:36 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-08 12:40:34 2056832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-08 12:40:27 17408 ----a-w- c:\windows\system32\msyuv.dll
2009-07-08 12:40:14 294912 ----a-w- c:\windows\system32\msh263.drv
2009-07-08 12:40:03 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2009-07-08 12:38:59 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2009-07-08 12:36:19 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2009-07-08 12:34:12 0 d-----w- c:\windows\SMINST
2009-07-08 12:32:59 9728 -c--a-w- c:\windows\system32\dllcache\reset.exe
2009-07-08 12:31:55 9581 -c--a-w- c:\windows\system32\dllcache\MSMSGS.CAT
2009-07-08 12:30:32 983552 -c--a-w- c:\windows\system32\dllcache\kernel32.dll
2009-07-08 12:29:15 83456 -c--a-w- c:\windows\system32\dllcache\dpvsetup.exe
2009-07-08 12:28:59 540160 -c--a-w- c:\windows\system32\dllcache\comuid.dll
2009-07-08 12:21:54 0 d-----w- C:\My Backup -- 09-07-08 0521AM
2009-07-08 08:20:12 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-07-08 08:20:12 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-08 08:20:09 82944 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2009-07-08 08:20:09 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-07-08 08:20:04 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2009-07-08 08:20:04 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-07-08 08:20:01 40960 ----a-w- c:\windows\system32\ChCfg.exe
2009-07-08 08:19:19 0 d-----w- c:\program files\Realtek Sound Manager
2009-07-08 08:19:14 0 d-----w- c:\program files\AvRack
2009-07-08 08:19:06 0 d-----w- c:\program files\Realtek AC97
2009-07-08 08:18:59 141016 ----a-w- c:\windows\system32\alsndmgr.wav
2009-07-08 08:18:59 10476032 ----a-w- c:\windows\system32\RTLCPL.exe
2009-07-08 08:18:55 577536 ----a-w- c:\windows\soundman.exe
2009-07-08 08:18:55 3842560 ----a-w- c:\windows\system32\drivers\alcxwdm.sys
2009-07-08 08:18:55 307200 ----a-w- c:\windows\alcupd.exe
2009-07-08 08:18:55 217088 ----a-w- c:\windows\Alcrmv.exe
2009-07-08 08:18:55 18776064 ----a-w- c:\windows\system32\alsndmgr.cpl
2009-07-08 08:18:55 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-07-08 08:17:40 23127 ----a-w- c:\windows\system32\nvdisp.nvu
2009-07-08 08:17:40 0 d-----w- c:\windows\nview
2009-07-08 08:17:39 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-08 08:03:48 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-05-26 21:18:34 90112 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 21:18:34 57344 ----a-w- c:\windows\system32\QuickTime.qts
2009-05-13 21:54:56 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54:52 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54:52 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54:52 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54:52 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54:52 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54:52 685056 ----a-w- c:\windows\system32\DivX.dll
2008-12-12 15:18:16 87336 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-12 15:11:46 61440 ----a-w- c:\windows\system32\dnssd.dll
2008-10-16 18:09:40 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2008-10-16 18:07:46 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2008-10-16 18:07:44 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2008-10-16 18:07:14 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2008-09-30 20:43:34 1286152 ----a-w- c:\windows\system32\msxml4.dll
2008-08-30 00:06:44 1350664 ----a-w- c:\windows\system32\msxml6.dll
2008-07-30 01:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-30 01:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-30 01:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 00:35:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2008-07-29 23:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-29 23:59:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2008-07-29 23:59:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-29 23:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 23:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-29 23:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-29 23:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-29 23:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 09:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 15:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 15:16:58 282112 ----a-w- c:\windows\system32\mscoree.dll
2008-07-25 15:16:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 15:16:46 96760 ----a-w- c:\windows\system32\dfshim.dll
2008-06-30 07:02:32 0 d-----w- c:\program files\Jasc Software Inc
2007-09-04 16:04:56 113136 ----a-w- c:\windows\system32\cdrtc.dll
2007-09-04 16:04:56 100848 ----a-w- c:\windows\system32\cdral.dll
2007-05-01 20:48:40 120056 ----a-w- c:\windows\system32\pxcpyi64.exe
2007-05-01 20:48:38 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2007-05-01 20:48:34 68344 ----a-w- c:\windows\system32\drvins64.exe
2007-05-01 07:00:00 43528 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2007-04-04 21:08:56 158456 ----a-w- c:\windows\system32\pxwma.dll
2007-02-02 08:00:00 9464 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2007-02-02 08:00:00 9336 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2006-10-24 16:30:20 412160 ------w- c:\windows\system32\photometadatahandler.dll
2006-10-24 16:30:06 716288 ------w- c:\windows\system32\WindowsCodecs.dll
2006-10-24 16:30:00 276992 ------w- c:\windows\system32\WMPhoto.dll
2006-10-24 16:29:50 352256 ------w- c:\windows\system32\WindowsCodecsExt.dll
2006-10-21 01:30:06 1980704 ----a-w- c:\windows\system32\milcore.dll
2006-10-15 00:22:00 1676288 -c--a-w- c:\windows\system32\dllcache\xpssvcs.dll
2006-10-15 00:22:00 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2006-10-15 00:21:58 575488 -c--a-w- c:\windows\system32\dllcache\xpsshhdr.dll
2006-10-15 00:21:58 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2006-10-14 20:44:44 597504 -c--a-w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2006-10-14 20:43:38 117760 ----a-w- c:\windows\system32\prntvpt.dll
2006-10-14 20:43:18 89088 -c--a-w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2006-10-09 06:07:22 499712 ----a-w- c:\windows\system32\MSVCP71.DLL
2006-09-11 08:39:40 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2006-08-24 20:15:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2006-07-19 14:55:18 86728 ----a-w- c:\windows\system32\msxml6r.dll
2006-06-01 18:47:07 27648 -c----w- c:\windows\system32\dllcache\jgpl400.dll
2006-06-01 18:47:07 163840 -c----w- c:\windows\system32\dllcache\jgdw400.dll
2006-05-05 09:41:45 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2006-03-17 00:38:01 28672 ------w- c:\windows\system32\verclsid.exe
2006-02-03 07:00:00 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2005-09-23 11:28:56 32768 ----a-w- c:\windows\system32\netfxperf.dll
2005-08-13 13:19:30 89600 --sha-w- c:\windows\system32\gokegubo.dll
2005-08-13 13:19:30 37888 --sha-w- c:\windows\system32\habodotu.dll
2005-08-12 20:31:12 98432 ----a-w- c:\windows\system32\drivers\nvata.sys
2005-08-12 20:31:12 290304 ----a-w- c:\windows\system32\idecoi.dll
2005-08-03 20:52:08 33280 ----a-w- c:\windows\system32\NVCOI.DLL
2005-07-29 23:11:04 12928 ----a-w- c:\windows\system32\drivers\nvnetbus.sys
2005-07-29 23:11:02 34048 ----a-w- c:\windows\system32\drivers\NVENETFD.sys
2005-07-29 23:10:46 301312 ----a-w- c:\windows\system32\drivers\nvnrm.sys
2005-07-29 23:10:32 221824 ----a-w- c:\windows\system32\drivers\nvsnpu.sys
2005-07-29 23:09:58 202240 ----a-w- c:\windows\system32\fdco1ins.dll
2005-07-29 23:09:58 202240 ----a-w- c:\windows\system32\fdco1.dll
2005-07-29 23:09:46 9728 ----a-w- c:\windows\system32\bdco1ins.dll
2005-07-29 23:09:46 9728 ----a-w- c:\windows\system32\bdco1.dll
2005-07-29 06:25:32 33280 ----a-w- c:\windows\system32\nvconrm.dll
2005-07-20 01:40:47 0 d-----r- C:\Program Files
2005-07-20 01:40:25 0 d-----r- c:\documents and settings\all users\Documents
2005-07-20 01:39:52 0 d-----r- c:\windows\Offline Web Pages
2005-07-20 01:34:58 0 dcsh--r- c:\windows\system32\dllcache
2005-01-03 17:51:09 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2005-01-03 17:50:28 0 d-----w- c:\program files\NVIDIA Corporation
2005-01-03 17:47:54 0 d-----w- C:\NVIDIA
2005-01-01 05:01:31 39424 --sh--w- c:\windows\system32\nazurugu.dll

==================== Find3M ====================

2009-09-27 23:19:52 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 23:19:50 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 23:19:48 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 23:19:48 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 23:19:48 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 23:19:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 23:19:46 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 23:19:46 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 23:19:46 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 23:19:46 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 23:19:40 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 21:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 21:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 21:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 21:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-04 14:00:46 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-05 07:35:25 50244 ----a-r- c:\windows\fonts\Death_Note_L__s_Font_by_JackieLLefty-1.ttf
2009-06-05 04:39:40 105772 ----a-w- c:\windows\fonts\DEATH_FONT.TTF
2009-06-05 04:39:30 19360 ----a-w- c:\windows\fonts\death_note.ttf
2009-06-05 04:39:17 34580 ----a-w- c:\windows\fonts\Pic0 1.100.ttf
2009-06-05 04:39:03 33696 ----a-w- c:\windows\fonts\offthedrugs.ttf
2009-06-05 04:38:46 40236 ----a-w- c:\windows\fonts\vaille01.ttf
2009-06-05 04:38:46 31968 ----a-w- c:\windows\fonts\vaille02.ttf
2009-06-05 04:38:46 23332 ----a-w- c:\windows\fonts\vaille03.ttf
2009-06-05 04:38:03 85804 ----a-w- c:\windows\fonts\OldNewspaperTypes.ttf
2009-05-09 18:20:19 23212 ----a-w- c:\windows\fonts\lion_king.ttf
2008-12-13 23:16:32 40548 ----a-w- c:\windows\fonts\stnicholas.ttf
2008-12-13 23:09:47 50792 ----a-w- c:\windows\fonts\CHRIC___.TTF
2008-10-11 23:16:12 21300 ----a-w- c:\windows\fonts\mulan.ttf
2008-10-11 23:16:03 30772 ----a-w- c:\windows\fonts\Bookworm_062308.ttf
2008-10-11 23:15:52 9328 ----a-w- c:\windows\fonts\Picopixel.ttf
2008-10-11 23:15:24 696756 ----a-w- c:\windows\fonts\la_fraktouille.ttf
2008-10-11 23:15:14 17996 ----a-w- c:\windows\fonts\Handwritten_Crystal_v2.ttf
2008-10-11 23:15:03 24880 ----a-w- c:\windows\fonts\Hrawolam.otf
2008-09-01 01:06:39 46628 ----a-w- c:\windows\fonts\AG-Stencil.ttf
2008-09-01 01:06:25 34628 ----a-w- c:\windows\fonts\GOODDC__.TTF
2008-09-01 01:06:25 31668 ----a-w- c:\windows\fonts\GOODDP__.TTF
2008-09-01 01:06:15 50784 ----a-w- c:\windows\fonts\Cookies.ttf
2008-09-01 01:05:57 37988 ----a-w- c:\windows\fonts\lazy_dog.ttf
2008-09-01 01:05:45 25876 ----a-w- c:\windows\fonts\JustAnotherFont.TTF
2008-09-01 01:05:32 32124 ----a-w- c:\windows\fonts\EnchantedPrairieDog.TTF
2008-09-01 01:05:32 31436 ----a-w- c:\windows\fonts\MoreEnchanted.TTF
2008-09-01 01:05:19 46352 ----a-w- c:\windows\fonts\HEARTBRE.TTF
2008-08-11 19:59:36 48104 ----a-w- c:\windows\fonts\OPN BitFUUL.ttf
2008-08-11 19:59:28 38440 ----a-w- c:\windows\fonts\mizufalp.ttf
2008-08-11 19:04:07 423208 ----a-w- c:\windows\fonts\clementine sketch.ttf
2008-08-11 19:03:52 374332 ----a-w- c:\windows\fonts\SNIPER__.ttf
2008-08-11 19:03:37 25000 ----a-w- c:\windows\fonts\King Cool KC.ttf
2008-08-11 18:59:14 21648 ----a-w- c:\windows\fonts\INVADER.TTF
2008-07-24 18:11:19 39680 ----a-w- c:\windows\fonts\KAIREE.TTF
2008-07-24 18:11:15 17072 ----a-w- c:\windows\fonts\h5bitjun.ttf
2008-07-09 17:07:35 16544 ----a-r- c:\windows\fonts\Twilight.ttf
2008-07-09 16:44:06 21852 ----a-w- c:\windows\fonts\Loved by the King.ttf
2008-07-09 16:43:59 37388 ----a-w- c:\windows\fonts\visitor2.ttf
2008-07-09 16:43:59 3520 ----a-w- c:\windows\fonts\VISITOR.FON
2008-07-09 16:43:59 27552 ----a-w- c:\windows\fonts\visitor1.ttf
2008-07-09 16:43:52 44560 ----a-w- c:\windows\fonts\PORCELAI.FON
2008-07-09 16:43:46 48972 ----a-w- c:\windows\fonts\JaneAust.ttf
2008-07-09 16:43:40 13488 ----a-w- c:\windows\fonts\Complete in Him.ttf
2008-07-09 16:43:33 37552 ----a-w- c:\windows\fonts\CHOPS___.TTF
2008-07-09 16:43:24 82072 ----a-w- c:\windows\fonts\SCRIPTIN.ttf
2008-07-09 16:43:24 11652 ----a-w- c:\windows\fonts\SCRIPALT.ttf
2008-07-07 03:48:49 193528 ----a-w- c:\windows\fonts\the_King__26_Queen_font.ttf
2008-07-07 03:47:49 525436 ----a-w- c:\windows\fonts\GREENPIL.TTF
2008-07-07 03:47:36 323352 ----a-w- c:\windows\fonts\Jellyka_Castle _s_Queen.ttf
2008-06-27 08:12:11 19492 ----a-w- c:\windows\fonts\04B_03__.TTF
2008-02-27 23:07:28 320168 ----a-w- c:\windows\system32\lxdnih.exe
2008-02-27 23:07:26 594600 ----a-w- c:\windows\system32\lxdncoms.exe
2008-02-27 23:07:23 365224 ----a-w- c:\windows\system32\lxdncfg.exe
2008-02-27 23:07:12 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
2008-02-07 20:22:40 106496 ----a-w- c:\windows\system32\lxdninsr.dll
2008-02-07 20:22:34 36864 ----a-w- c:\windows\system32\lxdncur.dll
2008-02-07 20:22:08 147456 ----a-w- c:\windows\system32\lxdnjswr.dll
2008-02-07 20:19:50 200704 ----a-w- c:\windows\system32\lxdninsb.dll
2008-02-07 20:19:46 90112 ----a-w- c:\windows\system32\lxdncub.dll
2008-02-07 20:16:51 77824 ----a-w- c:\windows\system32\lxdncu.dll
2008-02-07 20:16:49 176128 ----a-w- c:\windows\system32\lxdnins.dll
2008-02-07 20:14:44 524288 ----a-w- c:\windows\system32\lxdnutil.dll
2008-02-07 20:13:51 208896 ----a-w- c:\windows\system32\lxdngrd.dll
2007-11-28 23:19:08 647168 ----a-w- c:\windows\system32\lxdnpmui.dll
2007-11-28 23:16:04 1101824 ----a-w- c:\windows\system32\lxdnserv.dll
2007-11-28 23:13:37 569344 ----a-w- c:\windows\system32\lxdnlmpm.dll
2007-11-28 23:13:30 339968 ----a-w- c:\windows\system32\lxdniesc.dll
2007-11-28 23:13:22 376832 ----a-w- c:\windows\system32\lxdncomm.dll
2007-11-28 23:12:26 663552 ----a-w- c:\windows\system32\lxdnhbn3.dll
2007-11-28 23:12:07 843776 ----a-w- c:\windows\system32\lxdnusb1.dll
2007-11-28 23:11:47 851968 ----a-w- c:\windows\system32\lxdncomc.dll
2007-11-28 23:10:51 53248 ----a-w- c:\windows\system32\lxdnprox.dll
2007-11-28 23:09:32 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
2007-11-28 23:09:27 348160 ----a-w- c:\windows\system32\LXDNinst.dll
2007-11-28 23:09:17 364544 ----a-w- c:\windows\system32\lxdninpa.dll
2007-11-21 14:39:49 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
2007-11-21 00:02:39 782336 ----a-w- c:\windows\system32\lxdndrs.dll
2007-11-20 23:44:48 81920 ----a-w- c:\windows\system32\lxdncaps.dll
2007-11-05 14:32:33 77906 ----a-w- c:\windows\system32\LXDNcfg.dll
2007-10-04 09:31:21 983121 ----a-w- c:\windows\system32\lxdngf.dll
2007-10-02 22:51:09 69632 ----a-w- c:\windows\system32\lxdncnv4.dll
2006-06-29 18:58:52 30808 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2006-06-29 18:53:56 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
1601-01-01 00:03:28 37888 --sha-w- c:\windows\system32\fekabota.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\futuvoba.dll
1601-01-01 00:03:28 92672 --sha-w- c:\windows\system32\gofelibo.dll
1601-01-01 00:03:28 92160 --sha-w- c:\windows\system32\hifejavi.dll
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\hihuzeno.dll
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\lovegogi.dll
1601-01-01 00:03:28 52224 --sha-w- c:\windows\system32\sofapohe.dll
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\vulojedu.dll
1601-01-01 00:03:28 89600 --sha-w- c:\windows\system32\wijuhalu.dll
1601-01-01 00:03:28 91648 --sha-w- c:\windows\system32\zojuzimu.dll

============= FINISH: 18:39:31.73 ===============


I ran Gmer, but when it was finished it told me that nothing had been found. Did I not do it correctly?
 

Attachments

·
TSF-Emeritus
Joined
·
8,956 Posts
Hi,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 

·
Registered
Joined
·
23 Posts
Discussion Starter · #3 ·
I wasn't sure whether the log that popped up was the ComboFix text or not. :p

So I'll post the log I got and attach the text document, I guess?

ComboFix 09-11-22.08 - Victoria Roach 01/01/2005 19:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.277 [GMT -5:00]
Running from: c:\documents and settings\Victoria Roach\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Victoria Roach\Application Data\Desktopicon
c:\documents and settings\Victoria Roach\Local Settings\Application Data\hlwhti
c:\documents and settings\Victoria Roach\Local Settings\Application Data\hlwhti\fvetsysguard.exe
c:\program files\gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvtl.dll
c:\recycler\S-1-5-21-1042078821-2011015370-2822402435-1003
c:\windows\system32\bayunivu.dll
c:\windows\system32\bitanazo.dll
c:\windows\system32\bodawusi.dll
c:\windows\system32\bufufodu.dll
c:\windows\system32\dafamupu.dll
c:\windows\system32\fekabota.dll
c:\windows\system32\fihimemo.dll
c:\windows\system32\fiyusuka.dll
c:\windows\system32\fogayopo.dll
c:\windows\system32\futuvoba.dll
c:\windows\system32\garavebu.dll
c:\windows\system32\givufipa.dll
c:\windows\system32\gofozinu.dll
c:\windows\system32\gokegubo.dll
c:\windows\system32\habodotu.dll
c:\windows\system32\hakobudu.dll
c:\windows\system32\hebebubo.dll.tmp
c:\windows\system32\hedizeji.dll
c:\windows\system32\hihuzeno.dll
c:\windows\system32\hitoremi.dll.tmp
c:\windows\system32\hivotugu.dll.tmp
c:\windows\system32\holusifo.dll.tmp
c:\windows\system32\huhovodi.dll
c:\windows\system32\hunazazi.dll
c:\windows\system32\huremili.dll
c:\windows\system32\jidizone.dll
c:\windows\system32\jilijiyo.dll
c:\windows\system32\jisideso.dll
c:\windows\system32\kalesere.dll
c:\windows\system32\karozeza.dll.tmp
c:\windows\system32\keveyate.dll
c:\windows\system32\kopurege.dll
c:\windows\system32\kunuteva.dll
c:\windows\system32\lapoyepe.dll
c:\windows\system32\lazahuji.dll
c:\windows\system32\lewiyidi.dll
c:\windows\system32\lovegogi.dll
c:\windows\system32\ludiyofu.dll
c:\windows\system32\lusanuwo.dll.tmp
c:\windows\system32\luwuwuti.dll.tmp
c:\windows\system32\makezimu.dll
c:\windows\system32\mimihahu.dll
c:\windows\system32\mirekona.dll
c:\windows\system32\mojuwaga.dll
c:\windows\system32\nalejida.dll
c:\windows\system32\nazurugu.dll
c:\windows\system32\nipuwoku.dll.tmp
c:\windows\system32\pinayeze.dll
c:\windows\system32\podovovi.dll
c:\windows\system32\poliwape.dll
c:\windows\system32\puguyehi.dll
c:\windows\system32\pukepoda.dll
c:\windows\system32\retileba.dll
c:\windows\system32\rubolezo.dll
c:\windows\system32\sibinogo.dll
c:\windows\system32\sofifowo.dll
c:\windows\system32\sosavojo.dll
c:\windows\system32\tafenugo.dll
c:\windows\system32\tohazite.dll
c:\windows\system32\vesefaha.dll
c:\windows\system32\vigodite.dll
c:\windows\system32\vomeduse.dll
c:\windows\system32\voyutepu.dll
c:\windows\system32\vulojedu.dll
c:\windows\system32\weduriwi.dll
c:\windows\system32\wijuhalu.dll
c:\windows\system32\witasoda.dll
c:\windows\system32\wiyoyova.dll
c:\windows\system32\wojifoge.dll
c:\windows\system32\wokowizi.dll
c:\windows\system32\wosesara.dll
c:\windows\system32\wovahuzo.dll
c:\windows\system32\yigosoku.dll
c:\windows\system32\yuzubayi.dll.tmp
c:\windows\system32\zahasila.dll
c:\windows\system32\zahatahe.dll.tmp
c:\windows\system32\zedomuju.dll
c:\windows\system32\zukumuha.dll
c:\windows\Tasks\gznzsjjx.job
c:\windows\Tasks\rwhqqukt.job
c:\windows\Tasks\sjjflzmd.job

Infected copy of c:\windows\system32\ntoskrnl.exe was found and disinfected
Restored copy from - c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

.
((((((((((((((((((((((((( Files Created from 2004-12-02 to 2005-01-02 )))))))))))))))))))))))))))))))
.

2009-11-16 15:48 . 2009-02-07 12:43 24576 ----a-w- c:\documents and settings\Victoria Roach\Application Data\Mozilla\Firefox\Profiles\wgriybhr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-11-16 03:00 . 2009-11-16 03:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-16 03:00 . 2009-11-16 03:00 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Roxio
2009-11-15 12:15 . 2005-01-02 00:27 -------- d-----w- c:\program files\Gamevance
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\documents and settings\Safe\Local Settings\Application Data\Apple
2009-11-05 13:59 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-11-05 13:59 . 2001-08-18 03:36 92160 ----a-w- c:\windows\system32\fuusd.dll
2009-11-02 00:14 . 2009-11-02 00:14 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\InstallShield
2009-10-31 15:32 . 2009-10-31 15:32 -------- d-----w- c:\documents and settings\Safe\Application Data\Malwarebytes
2009-10-31 15:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 15:32 . 2009-10-31 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 15:32 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 15:29 . 2009-10-31 15:29 -------- d-----w- c:\documents and settings\Safe\Local Settings\Application Data\Mozilla
2009-10-31 15:29 . 2009-10-31 15:29 -------- d-----w- c:\documents and settings\Safe\Local Settings\Application Data\Apple Computer
2009-10-31 15:05 . 2009-10-31 15:12 -------- d-----w- c:\program files\a-squared Free
2009-10-30 22:05 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 22:05 . 2009-08-06 23:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-25 07:00 . 2009-10-25 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-10-23 23:13 . 2009-10-23 23:41 256 ----a-w- c:\windows\system32\pool.bin
2009-10-23 23:13 . 2009-10-23 23:13 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Research In Motion
2009-10-23 23:05 . 2009-10-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-10-23 23:05 . 2009-10-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-23 23:01 . 2009-10-23 23:01 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-23 23:01 . 2009-10-23 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-10-23 23:01 . 2009-10-23 23:02 -------- d-----w- c:\program files\Roxio
2009-10-23 23:00 . 2009-10-23 23:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-23 22:52 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-10-23 22:50 . 2009-10-23 22:50 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-23 22:50 . 2009-10-23 22:50 -------- d-----w- c:\program files\Research In Motion
2009-10-23 22:43 . 2009-10-23 22:43 -------- d-sh--w- c:\windows\ftpcache
2009-10-13 05:12 . 2009-10-13 05:12 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\DivX
2009-10-08 22:15 . 2009-10-08 22:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-09-27 23:20 . 2009-09-27 23:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 23:20 . 2009-09-27 23:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 23:19 . 2009-09-27 23:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 23:19 . 2009-09-27 23:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 23:19 . 2009-09-27 23:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 23:19 . 2009-09-27 23:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 23:19 . 2009-09-27 23:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 23:19 . 2009-09-27 23:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 23:19 . 2009-09-27 23:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 23:19 . 2009-09-27 23:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 23:19 . 2009-09-27 23:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 23:19 . 2009-09-27 23:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 23:19 . 2009-09-27 23:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 21:12 . 2009-09-27 21:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-18 07:44 . 2009-09-18 09:53 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Trellian
2009-09-18 07:44 . 2009-09-18 09:53 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\WebPage
2009-09-11 09:38 . 2009-09-11 09:38 -------- d-s---w- c:\documents and settings\Victoria Roach\UserData
2009-09-02 03:22 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-09-02 03:22 . 2001-08-18 02:36 99328 ----a-w- c:\windows\system32\srusd.dll
2009-09-02 03:22 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-09-02 03:22 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-09-02 03:22 . 2001-08-18 02:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2009-09-02 03:22 . 2001-08-18 02:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2009-08-22 01:59 . 2009-08-23 03:16 -------- d-----w- c:\windows\system32\Adobe
2009-08-13 17:11 . 2009-10-01 00:09 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Apple Computer
2009-08-13 17:08 . 2009-08-13 17:10 -------- d-----w- c:\program files\Common Files\Apple
2009-08-13 17:08 . 2009-08-13 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-13 17:06 . 2009-08-13 17:11 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Apple Computer
2009-08-12 07:01 . 2009-08-12 07:01 -------- d-----w- c:\windows\ServicePackFiles
2009-08-10 21:05 . 2009-08-10 21:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-03 17:44 . 2009-08-03 17:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-03 17:43 . 2009-08-03 17:48 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Google
2009-08-03 17:43 . 2009-08-14 07:04 -------- d-----w- c:\program files\Google
2009-08-03 17:43 . 2009-08-03 17:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-03 17:43 . 2009-08-22 20:09 -------- d-----w- c:\program files\DivX
2009-08-01 11:18 . 2009-08-02 15:13 -------- d-----w- c:\windows\system32\NtmsData
2009-07-24 10:28 . 2009-07-24 10:28 -------- d-----w- c:\documents and settings\Victoria Roach\AbiSuite
2009-07-24 10:27 . 2009-07-24 10:28 -------- d-----w- c:\program files\AbiSuite2
2009-07-19 01:39 . 2009-07-19 01:39 -------- d-----w- c:\windows\Sun
2009-07-14 10:09 . 2009-07-14 10:09 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Malwarebytes
2009-07-14 10:09 . 2009-07-14 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-14 09:59 . 2009-07-14 09:59 -------- d-----w- c:\program files\MSXML 6.0
2009-07-13 18:22 . 2009-07-13 18:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 12:20 . 2009-07-13 12:35 -------- d-----w- c:\program files\Winnydows
2009-07-13 12:06 . 2009-07-13 12:06 -------- d-----w- c:\program files\MSBuild
2009-07-13 12:01 . 2009-08-16 07:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-13 12:00 . 2009-07-13 12:00 -------- d-----w- c:\program files\Reference Assemblies
2009-07-13 11:59 . 2006-06-29 17:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-13 10:34 . 2009-07-13 10:34 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Red Kawa
2009-07-13 10:33 . 2009-07-13 10:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-13 10:33 . 2009-07-13 10:33 -------- d-----w- c:\program files\Red Kawa
2009-07-13 08:30 . 2009-07-13 08:30 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Identities
2009-07-13 06:53 . 2009-11-02 23:41 -------- d-----w- c:\program files\Unlocker
2009-07-13 06:35 . 2009-07-13 06:35 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Jasc
2009-07-13 04:48 . 2009-07-13 04:48 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Help
2009-07-11 22:06 . 2009-07-13 13:03 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-11 07:19 . 2009-07-18 00:20 -------- d-----w- c:\program files\Sherlock Software
2009-07-10 07:14 . 2004-08-04 19:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-10 06:52 . 2009-07-10 06:52 -------- d-----w- c:\program files\CCleaner
2009-07-10 06:48 . 2009-07-10 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-07-10 06:39 . 2009-07-10 06:39 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-07-09 21:34 . 2009-07-27 03:21 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\AdobeUM
2009-07-09 21:34 . 2009-07-10 06:46 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Adobe
2009-07-09 18:56 . 2009-11-14 01:47 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\LimeWire
2009-07-09 18:54 . 2009-07-09 18:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 18:53 . 2009-07-09 18:53 -------- d-----w- c:\program files\Java
2009-07-09 18:53 . 2009-07-09 18:53 152576 ----a-w- c:\documents and settings\Victoria Roach\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-07-09 18:52 . 2009-07-29 18:44 -------- d-----w- c:\program files\LimeWire
2009-07-09 16:20 . 2005-01-01 08:02 -------- d-----w- c:\program files\Trillian
2009-07-09 15:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-09 15:01 . 2009-10-31 14:47 47264 ----a-w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 07:26 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-09 07:26 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-09 07:17 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-09 07:17 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-09 07:17 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-09 07:00 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-09 07:00 . 2009-10-16 07:01 -------- d--h--w- c:\windows\$hf_mig$
2009-07-09 05:25 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-09 05:25 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-08 15:31 . 2009-11-02 23:40 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2009-07-08 15:30 . 2009-07-08 15:30 -------- d-----w- C:\logs
2009-07-08 15:30 . 2007-11-28 17:51 40960 ----a-w- c:\windows\system32\lxdnvs.dll
2009-07-08 15:30 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2009-07-08 15:00 . 2005-09-09 17:51 176128 ------w- c:\windows\system32\nvuide.exe
2009-07-08 15:00 . 2005-09-09 17:51 176128 ----a-w- c:\windows\system32\nvunrm.exe
2009-07-08 15:00 . 2005-07-29 23:10 100480 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2009-07-08 15:00 . 2005-09-09 19:51 176128 ----a-w- c:\windows\system32\nvusmb.exe
2009-07-08 14:59 . 2009-09-24 14:24 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 14:59 . 2009-10-23 23:01 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 21:12 . 2009-07-08 12:39 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 21:12 . 2005-09-18 12:32 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 21:12 . 2005-09-18 12:32 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 21:12 . 2005-09-18 12:32 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2005-09-18 12:32 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-10 16:07 . 2009-09-10 16:07 1383383 ----a-w- c:\documents and settings\All Users\SPL3AEA.tmp
2009-08-31 05:53 . 2009-08-31 05:53 2057652 ----a-w- c:\documents and settings\All Users\SPL432E.tmp
2009-08-13 17:11 . 2009-08-13 17:10 -------- d-----w- c:\program files\iTunes
2009-08-13 17:11 . 2009-08-13 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-13 17:10 . 2009-08-13 17:10 -------- d-----w- c:\program files\iPod
2009-08-13 17:10 . 2009-08-13 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-13 17:10 . 2009-08-13 17:10 -------- d-----w- c:\program files\Bonjour
2009-08-13 17:10 . 2009-08-13 17:09 -------- d-----w- c:\program files\QuickTime
2009-08-13 17:09 . 2009-08-13 17:09 -------- d-----w- c:\program files\Apple Software Update
2009-07-29 14:46 . 2009-07-29 14:46 1056589 ----a-w- c:\documents and settings\All Users\SPL402.tmp
2009-07-28 02:41 . 2009-07-28 02:41 335255 ----a-w- c:\documents and settings\All Users\SPL98D.tmp
2009-07-09 16:16 . 2009-08-13 17:08 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 16:16 . 2009-08-13 17:08 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-08 15:39 . 2009-07-08 15:39 733541 ----a-w- c:\documents and settings\All Users\SPLD9.tmp
2009-07-08 15:38 . 2009-07-08 15:29 -------- d-----w- c:\program files\Lexmark 2600 Series
2006-06-14 08:47 . 2009-07-08 08:19 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2006-02-15 00:22 . 2009-07-08 08:19 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2005-07-28 17:38 . 2004-08-26 18:04 -------- d-----w- c:\program files\microsoft frontpage
2005-05-03 17:58 . 2009-07-08 12:31 15360 ----a-w- c:\windows\system32\msisip.dll
2005-05-03 17:58 . 2009-07-08 12:31 884736 ----a-w- c:\windows\system32\msimsg.dll
2005-05-03 17:58 . 2009-07-08 12:31 78848 ----a-w- c:\windows\system32\msiexec.exe
2005-05-03 17:58 . 2009-07-08 12:31 2890240 ----a-w- c:\windows\system32\msi.dll
2005-05-03 17:58 . 2009-07-08 12:31 271360 ----a-w- c:\windows\system32\msihnd.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
1601-01-01 00:03 . 1601-01-01 00:03 92672 --sha-w- c:\windows\system32\gofelibo.dll
1601-01-01 00:03 . 1601-01-01 00:03 92160 --sha-w- c:\windows\system32\hifejavi.dll
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\sofapohe.dll
1601-01-01 00:03 . 1601-01-01 00:03 91648 --sha-w- c:\windows\system32\zojuzimu.dll
.

------- Sigcheck -------

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-04 02:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\explorer.exe" [2009-10-31 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-12-15 577536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [7/8/2009 10:30 AM 98984]
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\documents and settings\Victoria Roach\Application Data\Mozilla\Firefox\Profiles\wgriybhr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - component: c:\documents and settings\Victoria Roach\Application Data\Mozilla\Firefox\Profiles\wgriybhr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{fafb6184-1e24-4d45-8c04-d43aa517b690} - voyutepu.dll
HKLM-Run-dumivasoz - c:\windows\system32\garavebu.dll
HKLM-Run-yupofukane - sofifowo.dll
SharedTaskScheduler-{d0e7a2c3-d567-4431-92c1-fabdba76acbc} - (no file)
SharedTaskScheduler-{ac1dbd9e-37cb-4553-8a88-f4a00e9af41b} - c:\windows\system32\garavebu.dll
SSODL-fuvivuyek-{d0e7a2c3-d567-4431-92c1-fabdba76acbc} - (no file)
SSODL-zevukipom-{ac1dbd9e-37cb-4553-8a88-f4a00e9af41b} - c:\windows\system32\garavebu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-01-01 19:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdncoms.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2005-01-01 19:41 - machine was rebooted
ComboFix-quarantined-files.txt 2005-01-02 00:41

Pre-Run: 20,088,881,152 bytes free
Post-Run: 19,992,690,688 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EA8EC821EC16A4AA5ED11030E49D9C02
 

Attachments

·
TSF-Emeritus
Joined
·
8,956 Posts
Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
http://www.techsupportforum.com/f284/end-of-my-rope-433963.html#post2457995

Collect::
c:\windows\system32\gofelibo.dll
c:\windows\system32\hifejavi.dll
c:\windows\system32\sofapohe.dll
c:\windows\system32\zojuzimu.dll

Folder::
c:\program files\Gamevance

File::
c:\documents and settings\All Users\SPL3AEA.tmp
c:\documents and settings\All Users\SPL432E.tmp
c:\documents and settings\All Users\SPL402.tmp
c:\documents and settings\All Users\SPL98D.tmp
c:\documents and settings\All Users\SPLD9.tmp

FCopy::
c:\windows\$NtUninstallKB900485$\aec.sys | c:\windows\system32\dllcache\aec.sys
c:\windows\$NtUninstallKB900485$\aec.sys | c:\windows\system32\drivers\aec.sys
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • ComboFix.log
  • MBAM Log
  • Kaspersky report
 

·
Registered
Joined
·
23 Posts
Discussion Starter · #5 ·
I tried over and over, but I couldn't get Kaspersky Online to run. I kept getting this message:

"Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.



Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: key file creation date is invalid. Check the system date]"

However, I did get the other two logs:

ComboFix 09-11-25.03 - Victoria Roach 01/04/2005 4:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.183 [GMT -5:00]
Running from: c:\documents and settings\Victoria Roach\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Victoria Roach\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\SPL3AEA.tmp"
"c:\documents and settings\All Users\SPL402.tmp"
"c:\documents and settings\All Users\SPL432E.tmp"
"c:\documents and settings\All Users\SPL98D.tmp"
"c:\documents and settings\All Users\SPLD9.tmp"

file zipped: c:\windows\system32\gofelibo.dll
file zipped: c:\windows\system32\hifejavi.dll
file zipped: c:\windows\system32\sofapohe.dll
file zipped: c:\windows\system32\zojuzimu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\SPL3AEA.tmp
c:\documents and settings\All Users\SPL402.tmp
c:\documents and settings\All Users\SPL432E.tmp
c:\documents and settings\All Users\SPL98D.tmp
c:\documents and settings\All Users\SPLD9.tmp
c:\program files\Gamevance
c:\program files\Gamevance\gamevance32.exe
c:\program files\Gamevance\gvun.exe
c:\program files\Gamevance\icon.ico
c:\windows\system32\gofelibo.dll
c:\windows\system32\hifejavi.dll
c:\windows\system32\sofapohe.dll
c:\windows\system32\zojuzimu.dll

.
--------------- FCopy ---------------

c:\windows\$NtUninstallKB900485$\aec.sys --> c:\windows\system32\dllcache\aec.sys
c:\windows\$NtUninstallKB900485$\aec.sys --> c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((( Files Created from 2004-12-04 to 2005-01-04 )))))))))))))))))))))))))))))))
.

2009-11-16 15:48 . 2009-02-07 12:43 24576 ----a-w- c:\documents and settings\Victoria Roach\Application Data\Mozilla\Firefox\Profiles\wgriybhr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-11-16 03:00 . 2009-11-16 03:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-16 03:00 . 2009-11-16 03:00 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Roxio
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\documents and settings\Safe\Local Settings\Application Data\Apple
2009-11-05 13:59 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-11-05 13:59 . 2001-08-18 03:36 92160 ----a-w- c:\windows\system32\fuusd.dll
2009-11-02 00:14 . 2009-11-02 00:14 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\InstallShield
2009-10-31 15:32 . 2009-10-31 15:32 -------- d-----w- c:\documents and settings\Safe\Application Data\Malwarebytes
2009-10-31 15:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 15:32 . 2009-10-31 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 15:32 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 15:29 . 2009-10-31 15:29 -------- d-----w- c:\documents and settings\Safe\Local Settings\Application Data\Mozilla
2009-10-31 15:29 . 2009-10-31 15:29 -------- d-----w- c:\documents and settings\Safe\Local Settings\Application Data\Apple Computer
2009-10-31 15:05 . 2009-10-31 15:12 -------- d-----w- c:\program files\a-squared Free
2009-10-30 22:05 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 22:05 . 2009-08-06 23:24 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2009-10-30 22:05 . 2009-08-06 23:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-25 07:00 . 2009-10-25 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-10-23 23:13 . 2009-10-23 23:41 256 ----a-w- c:\windows\system32\pool.bin
2009-10-23 23:13 . 2009-10-23 23:13 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Research In Motion
2009-10-23 23:05 . 2009-10-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-10-23 23:05 . 2009-10-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-23 23:01 . 2009-10-23 23:01 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-23 23:01 . 2009-10-23 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-10-23 23:01 . 2009-10-23 23:02 -------- d-----w- c:\program files\Roxio
2009-10-23 23:00 . 2009-10-23 23:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-23 22:52 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-10-23 22:50 . 2009-10-23 22:50 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-23 22:50 . 2009-10-23 22:50 -------- d-----w- c:\program files\Research In Motion
2009-10-23 22:43 . 2009-10-23 22:43 -------- d-sh--w- c:\windows\ftpcache
2009-10-13 05:12 . 2009-10-13 05:12 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\DivX
2009-10-08 22:15 . 2009-10-08 22:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-09-27 23:20 . 2009-09-27 23:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 23:20 . 2009-09-27 23:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 23:19 . 2009-09-27 23:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 23:19 . 2009-09-27 23:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 23:19 . 2009-09-27 23:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 23:19 . 2009-09-27 23:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 23:19 . 2009-09-27 23:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 23:19 . 2009-09-27 23:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 23:19 . 2009-09-27 23:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 23:19 . 2009-09-27 23:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 23:19 . 2009-09-27 23:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 23:19 . 2009-09-27 23:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 23:19 . 2009-09-27 23:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 21:12 . 2009-09-27 21:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-18 07:44 . 2009-09-18 09:53 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Trellian
2009-09-18 07:44 . 2009-09-18 09:53 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\WebPage
2009-09-11 09:38 . 2009-09-11 09:38 -------- d-s---w- c:\documents and settings\Victoria Roach\UserData
2009-09-02 03:22 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-09-02 03:22 . 2001-08-18 02:36 99328 ----a-w- c:\windows\system32\srusd.dll
2009-09-02 03:22 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-09-02 03:22 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-09-02 03:22 . 2001-08-18 02:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2009-09-02 03:22 . 2001-08-18 02:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2009-08-22 01:59 . 2009-08-23 03:16 -------- d-----w- c:\windows\system32\Adobe
2009-08-13 17:11 . 2009-10-01 00:09 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Apple Computer
2009-08-13 17:08 . 2009-08-13 17:10 -------- d-----w- c:\program files\Common Files\Apple
2009-08-13 17:08 . 2009-08-13 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-13 17:06 . 2009-08-13 17:11 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Apple Computer
2009-08-12 07:01 . 2009-08-12 07:01 -------- d-----w- c:\windows\ServicePackFiles
2009-08-10 21:05 . 2009-08-10 21:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-03 17:44 . 2009-08-03 17:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-03 17:43 . 2009-08-03 17:48 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Google
2009-08-03 17:43 . 2009-08-14 07:04 -------- d-----w- c:\program files\Google
2009-08-03 17:43 . 2009-08-03 17:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-03 17:43 . 2009-08-22 20:09 -------- d-----w- c:\program files\DivX
2009-08-01 11:18 . 2009-08-02 15:13 -------- d-----w- c:\windows\system32\NtmsData
2009-07-24 10:28 . 2009-07-24 10:28 -------- d-----w- c:\documents and settings\Victoria Roach\AbiSuite
2009-07-24 10:27 . 2009-07-24 10:28 -------- d-----w- c:\program files\AbiSuite2
2009-07-19 01:39 . 2009-07-19 01:39 -------- d-----w- c:\windows\Sun
2009-07-14 10:09 . 2009-07-14 10:09 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Malwarebytes
2009-07-14 10:09 . 2009-07-14 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-14 09:59 . 2009-07-14 09:59 -------- d-----w- c:\program files\MSXML 6.0
2009-07-13 18:22 . 2009-07-13 18:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 12:20 . 2009-07-13 12:35 -------- d-----w- c:\program files\Winnydows
2009-07-13 12:06 . 2009-07-13 12:06 -------- d-----w- c:\program files\MSBuild
2009-07-13 12:01 . 2009-08-16 07:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-13 12:00 . 2009-07-13 12:00 -------- d-----w- c:\program files\Reference Assemblies
2009-07-13 11:59 . 2006-06-29 17:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-13 10:34 . 2009-07-13 10:34 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Red Kawa
2009-07-13 10:33 . 2009-07-13 10:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-13 10:33 . 2009-07-13 10:33 -------- d-----w- c:\program files\Red Kawa
2009-07-13 08:30 . 2009-07-13 08:30 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Identities
2009-07-13 06:53 . 2009-11-02 23:41 -------- d-----w- c:\program files\Unlocker
2009-07-13 06:35 . 2009-07-13 06:35 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\Jasc
2009-07-13 04:48 . 2009-07-13 04:48 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Help
2009-07-11 22:06 . 2009-07-13 13:03 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-11 07:19 . 2009-07-18 00:20 -------- d-----w- c:\program files\Sherlock Software
2009-07-10 07:14 . 2004-08-04 19:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-10 06:52 . 2009-07-10 06:52 -------- d-----w- c:\program files\CCleaner
2009-07-10 06:48 . 2009-07-10 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-07-10 06:39 . 2009-07-10 06:39 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-07-09 21:34 . 2009-07-27 03:21 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\AdobeUM
2009-07-09 21:34 . 2009-07-10 06:46 -------- d-----w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\Adobe
2009-07-09 18:56 . 2009-11-14 01:47 -------- d-----w- c:\documents and settings\Victoria Roach\Application Data\LimeWire
2009-07-09 18:54 . 2009-07-09 18:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 18:53 . 2009-07-09 18:53 -------- d-----w- c:\program files\Java
2009-07-09 18:53 . 2009-07-09 18:53 152576 ----a-w- c:\documents and settings\Victoria Roach\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-07-09 18:52 . 2009-07-29 18:44 -------- d-----w- c:\program files\LimeWire
2009-07-09 16:20 . 2005-01-01 08:02 -------- d-----w- c:\program files\Trillian
2009-07-09 15:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-09 15:01 . 2009-10-31 14:47 47264 ----a-w- c:\documents and settings\Victoria Roach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 07:26 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-09 07:26 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-09 07:17 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-09 07:17 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-09 07:17 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-09 07:00 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-09 07:00 . 2009-10-16 07:01 -------- d--h--w- c:\windows\$hf_mig$
2009-07-09 05:25 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-09 05:25 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-08 15:31 . 2009-11-02 23:40 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2009-07-08 15:30 . 2009-07-08 15:30 -------- d-----w- C:\logs
2009-07-08 15:30 . 2007-11-28 17:51 40960 ----a-w- c:\windows\system32\lxdnvs.dll
2009-07-08 15:30 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2009-07-08 15:00 . 2005-09-09 17:51 176128 ------w- c:\windows\system32\nvuide.exe
2009-07-08 15:00 . 2005-09-09 17:51 176128 ----a-w- c:\windows\system32\nvunrm.exe
2009-07-08 15:00 . 2005-07-29 23:10 100480 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2009-07-08 15:00 . 2005-09-09 19:51 176128 ----a-w- c:\windows\system32\nvusmb.exe
2009-07-08 14:59 . 2009-09-24 14:24 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 14:59 . 2009-10-23 23:01 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 21:12 . 2009-07-08 12:39 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 21:12 . 2005-09-18 12:32 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 21:12 . 2005-09-18 12:32 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 21:12 . 2005-09-18 12:32 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2005-09-18 12:32 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-13 17:11 . 2009-08-13 17:10 -------- d-----w- c:\program files\iTunes
2009-08-13 17:11 . 2009-08-13 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-13 17:10 . 2009-08-13 17:10 -------- d-----w- c:\program files\iPod
2009-08-13 17:10 . 2009-08-13 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-13 17:10 . 2009-08-13 17:10 -------- d-----w- c:\program files\Bonjour
2009-08-13 17:10 . 2009-08-13 17:09 -------- d-----w- c:\program files\QuickTime
2009-08-13 17:09 . 2009-08-13 17:09 -------- d-----w- c:\program files\Apple Software Update
2009-07-09 16:16 . 2009-08-13 17:08 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 16:16 . 2009-08-13 17:08 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-08 15:38 . 2009-07-08 15:29 -------- d-----w- c:\program files\Lexmark 2600 Series
2006-06-14 08:47 . 2009-07-08 08:19 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2005-07-28 17:38 . 2004-08-26 18:04 -------- d-----w- c:\program files\microsoft frontpage
2005-05-03 17:58 . 2009-07-08 12:31 15360 ----a-w- c:\windows\system32\msisip.dll
2005-05-03 17:58 . 2009-07-08 12:31 884736 ----a-w- c:\windows\system32\msimsg.dll
2005-05-03 17:58 . 2009-07-08 12:31 78848 ----a-w- c:\windows\system32\msiexec.exe
2005-05-03 17:58 . 2009-07-08 12:31 2890240 ----a-w- c:\windows\system32\msi.dll
2005-05-03 17:58 . 2009-07-08 12:31 271360 ----a-w- c:\windows\system32\msihnd.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [email protected]_00.31.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-01-03 19:53 . 2005-01-03 19:53 16384 c:\windows\Temp\Perflib_Perfdata_660.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\explorer.exe" [2009-10-31 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-12-15 577536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [7/8/2009 10:30 AM 98984]
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\documents and settings\Victoria Roach\Application Data\Mozilla\Firefox\Profiles\wgriybhr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - component: c:\documents and settings\Victoria Roach\Application Data\Mozilla\Firefox\Profiles\wgriybhr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-01-04 04:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2005-01-04 04:29
ComboFix-quarantined-files.txt 2005-01-04 09:29
ComboFix2.txt 2005-01-02 00:41

Pre-Run: 19,933,446,144 bytes free
Post-Run: 19,899,244,544 bytes free

- - End Of File - - E8A742ADA2B4047D2A357A04F62008ED
Upload was successful

Malwarebytes' Anti-Malware 1.41
Database version: 3235
Windows 5.1.2600 Service Pack 2

1/4/2005 4:45:03 AM
mbam-log-2005-01-04 (04-45-03).txt

Scan type: Quick Scan
Objects scanned: 116770
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I don't know if that helps or not, though.
 

·
TSF-Emeritus
Joined
·
8,956 Posts
Hi,

try this scan instead:

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      icon on your desktop.
  4. Check
  5. Click the
    button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the
    button.
  13. Push
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top