Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't access spyware/adware removal sites


  • Please log in to reply

#1
Mike125

Mike125

    New Member

  • Member
  • Pip
  • 5 posts
I tried downloading numerous spyware/ad-ware remover software but I can never access the site. I tried downloading superantispyware, but it can't even update itself(I got the download from cnet. If I try going to their main site, I keep getting an error). I tried going to http://www.malwarebytes.org/, but it's not working either. Can anyone help me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:28 AM, on 2/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {82498d50-c006-4b01-ba0e-100ae5f5e54c} - yuwehosu.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [eujelxpu] C:\Documents and Settings\Laura\Local Settings\Application Data\oaqehh\xdsasysguard.exe
O4 - HKLM\..\Run: [jufilofiz] Rundll32.exe "c:\windows\system32\pododome.dll",a
O4 - HKLM\..\Run: [jogegovepu] Rundll32.exe "wumomara.dll",s
O4 - HKLM\..\Run: [combofix] "C:\Combo-Fix\CF19235.cfxxe" /c "C:\Combo-Fix\C.bat"
O4 - HKLM\..\RunOnce: [combofix] "C:\Combo-Fix\CF19235.cfxxe" /c "C:\Combo-Fix\C.bat"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B90C6B9-A1E3-4306-9A87-E8FA64175813}: NameServer = 85.255.112.110;85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9C5DAC-B7B1-4C7B-8A0F-23A520460CBE}: NameServer = 85.255.112.110;85.255.112.172
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: gajujufej - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\PROGRA~1\McAfee\MPS\mps.exe (file missing)
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10154 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:28 AM, on 2/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {82498d50-c006-4b01-ba0e-100ae5f5e54c} - yuwehosu.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [eujelxpu] C:\Documents and Settings\Laura\Local Settings\Application Data\oaqehh\xdsasysguard.exe
O4 - HKLM\..\Run: [jufilofiz] Rundll32.exe "c:\windows\system32\pododome.dll",a
O4 - HKLM\..\Run: [jogegovepu] Rundll32.exe "wumomara.dll",s
O4 - HKLM\..\Run: [combofix] "C:\Combo-Fix\CF19235.cfxxe" /c "C:\Combo-Fix\C.bat"
O4 - HKLM\..\RunOnce: [combofix] "C:\Combo-Fix\CF19235.cfxxe" /c "C:\Combo-Fix\C.bat"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B90C6B9-A1E3-4306-9A87-E8FA64175813}: NameServer = 85.255.112.110;85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9C5DAC-B7B1-4C7B-8A0F-23A520460CBE}: NameServer = 85.255.112.110;85.255.112.172
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: gajujufej - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\PROGRA~1\McAfee\MPS\mps.exe (file missing)
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10154 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:28 AM, on 2/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {82498d50-c006-4b01-ba0e-100ae5f5e54c} - yuwehosu.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [eujelxpu] C:\Documents and Settings\Laura\Local Settings\Application Data\oaqehh\xdsasysguard.exe
O4 - HKLM\..\Run: [jufilofiz] Rundll32.exe "c:\windows\system32\pododome.dll",a
O4 - HKLM\..\Run: [jogegovepu] Rundll32.exe "wumomara.dll",s
O4 - HKLM\..\Run: [combofix] "C:\Combo-Fix\CF19235.cfxxe" /c "C:\Combo-Fix\C.bat"
O4 - HKLM\..\RunOnce: [combofix] "C:\Combo-Fix\CF19235.cfxxe" /c "C:\Combo-Fix\C.bat"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B90C6B9-A1E3-4306-9A87-E8FA64175813}: NameServer = 85.255.112.110;85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9C5DAC-B7B1-4C7B-8A0F-23A520460CBE}: NameServer = 85.255.112.110;85.255.112.172
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: gajujufej - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\PROGRA~1\McAfee\MPS\mps.exe (file missing)
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10154 bytes


I also ran combfix and I got this:
system32\drivers\UACbowioyHew.sys
system32\UACcmejwswwved.dll
system32\UAcesiqwgkyn.dll
system32\UACrrsdfxiqub.dll
system32\UACInprtqureds.dll
and 2 other .dll files starting with UAC.I tried searching for it, but window explorer would crash. I tried going to the system32 folder, and I don't even see it.

Any help would be appreciated!

Edited by Mike125, 12 February 2010 - 01:55 AM.

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Mike125

Welcome to G2Go. :)
=====================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED

  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.

  • 0

#3
Mike125

Mike125

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by at 11:26:56.56 on Fri 02/12/2010
Internet Explorer: 7.0.5730.11

============== Running Processes ===============

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\C\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
mWinlogon: System=kdppz.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {82498d50-c006-4b01-ba0e-100ae5f5e54c} - wivagoge.dll
BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [eujelxpu] c:\documents and settings\laura\local settings\application data\oaqehh\xdsasysguard.exe
mRun: [combofix] "c:\combo-fix\cf19235.cfxxe" /c "c:\combo-fix\C.bat"
mRun: [jogegovepu] Rundll32.exe "fenefezu.dll",s
mRun: [jufilofiz] Rundll32.exe "c:\windows\system32\yesigoju.dll",a
mRunOnce: [combofix] "c:\combo-fix\cf19235.cfxxe" /c "c:\combo-fix\C.bat"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {1B90C6B9-A1E3-4306-9A87-E8FA64175813} = 85.255.112.110;85.255.112.172
TCP: {9D9C5DAC-B7B1-4C7B-8A0F-23A520460CBE} = 85.255.112.110;85.255.112.172
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: gajujufej - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll
SSODL: baviyapan - {b2ce4de5-a892-48aa-b9ec-7659c415e204} - c:\windows\system32\yesigoju.dll
STS: tokatiluy: {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll
STS: tokatiluy: {b2ce4de5-a892-48aa-b9ec-7659c415e204} - c:\windows\system32\yesigoju.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli zegofuho.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\c\applic~1\mozilla\firefox\profiles\ynoazwnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? FXDRV;FXDRV
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? WinDefend;Windows Defender Service
S? AdobeActiveFileMonitor;Adobe Active File Monitor
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avg8wd;AVG Free8 WatchDog
S? avgio;avgio
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? avgntflt;avgntflt
S? AvgTdiX;AVG Free8 Network Redirector
S? Lbd;Lbd
S? McProxy;McAfee Proxy Service
S? McrdSvc;Media Center Extender Service
S? PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect

=============== Created Last 30 ================

2010-02-12 14:09:12 0 d-sh--w- C:\found.000
2010-02-12 07:21:34 0 d-----w- c:\program files\Trend Micro
2010-02-12 06:47:39 60416 ----a-w- c:\windows\system32\drivers\Combo-Fix.sys
2010-02-12 06:42:48 0 d-sha-r- C:\cmdcons
2010-02-12 06:40:47 98816 ----a-w- c:\windows\sed.exe
2010-02-12 06:40:47 77312 ----a-w- c:\windows\MBR.exe
2010-02-12 06:40:47 261632 ----a-w- c:\windows\PEV.exe
2010-02-12 06:40:47 161792 ----a-w- c:\windows\SWREG.exe
2010-02-12 06:40:18 0 d-s---w- C:\Combo-Fix
2010-02-12 06:26:08 0 d-----w- c:\docume~1\c\applic~1\AdwareBot
2010-02-12 05:42:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-12 05:41:09 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-12 05:40:47 0 d-----w- c:\program files\Lavasoft
2010-02-12 05:10:19 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-12 05:10:03 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-12 04:42:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx
2010-02-12 04:41:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2010-02-12 04:41:59 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2010-02-12 04:41:58 1435272 ----a-w- c:\windows\system32\Flash.ocx
2010-02-12 04:41:57 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx
2010-02-12 04:41:57 389120 ----a-w- c:\windows\system32\ACTSKN43.OCX
2010-02-12 04:41:57 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-12 04:41:56 11012 ----a-w- c:\windows\system32\threadapi.tlb

==================== Find3M ====================

2009-11-28 13:29:28 19585 ----a-w- c:\windows\system32\uacinit.dll
2009-09-30 01:15:40 56 --sh--r- c:\windows\system32\2948E6ACDE.sys
2008-03-06 05:03:32 56 --sh--r- c:\windows\system32\4CF5CE6EC3.sys
2007-11-25 17:26:40 88 --sh--r- c:\windows\system32\C36ECEF54C.sys
1601-01-01 00:03:28 53760 --sha-w- c:\windows\system32\fabapufu.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\fenefezu.dll
2009-09-30 01:15:40 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
1601-01-01 00:03:28 61952 --sha-w- c:\windows\system32\popeyuwi.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\sonewibu.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\wivagoge.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\wiyatuto.dll
1601-01-01 00:03:28 92672 --sha-w- c:\windows\system32\yesigoju.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\zegofuho.dll
2008-08-26 15:52:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 11:29:50.01 ===============

DDS (Ver_09-12-01.01) - NTFSx86
Run by C at 11:26:56.56 on Fri 02/12/2010
Internet Explorer: 7.0.5730.11

============== Running Processes ===============

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\C\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
mWinlogon: System=kdppz.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {82498d50-c006-4b01-ba0e-100ae5f5e54c} - wivagoge.dll
BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [eujelxpu] c:\documents and settings\laura\local settings\application data\oaqehh\xdsasysguard.exe
mRun: [combofix] "c:\combo-fix\cf19235.cfxxe" /c "c:\combo-fix\C.bat"
mRun: [jogegovepu] Rundll32.exe "fenefezu.dll",s
mRun: [jufilofiz] Rundll32.exe "c:\windows\system32\yesigoju.dll",a
mRunOnce: [combofix] "c:\combo-fix\cf19235.cfxxe" /c "c:\combo-fix\C.bat"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {1B90C6B9-A1E3-4306-9A87-E8FA64175813} = 85.255.112.110;85.255.112.172
TCP: {9D9C5DAC-B7B1-4C7B-8A0F-23A520460CBE} = 85.255.112.110;85.255.112.172
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: gajujufej - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll
SSODL: baviyapan - {b2ce4de5-a892-48aa-b9ec-7659c415e204} - c:\windows\system32\yesigoju.dll
STS: tokatiluy: {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll
STS: tokatiluy: {b2ce4de5-a892-48aa-b9ec-7659c415e204} - c:\windows\system32\yesigoju.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli zegofuho.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\c\applic~1\mozilla\firefox\profiles\ynoazwnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? FXDRV;FXDRV
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? WinDefend;Windows Defender Service
S? AdobeActiveFileMonitor;Adobe Active File Monitor
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avg8wd;AVG Free8 WatchDog
S? avgio;avgio
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? avgntflt;avgntflt
S? AvgTdiX;AVG Free8 Network Redirector
S? Lbd;Lbd
S? McProxy;McAfee Proxy Service
S? McrdSvc;Media Center Extender Service
S? PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect

=============== Created Last 30 ================

2010-02-12 14:09:12 0 d-sh--w- C:\found.000
2010-02-12 07:21:34 0 d-----w- c:\program files\Trend Micro
2010-02-12 06:47:39 60416 ----a-w- c:\windows\system32\drivers\Combo-Fix.sys
2010-02-12 06:42:48 0 d-sha-r- C:\cmdcons
2010-02-12 06:40:47 98816 ----a-w- c:\windows\sed.exe
2010-02-12 06:40:47 77312 ----a-w- c:\windows\MBR.exe
2010-02-12 06:40:47 261632 ----a-w- c:\windows\PEV.exe
2010-02-12 06:40:47 161792 ----a-w- c:\windows\SWREG.exe
2010-02-12 06:40:18 0 d-s---w- C:\Combo-Fix
2010-02-12 06:26:08 0 d-----w- c:\docume~1\c\applic~1\AdwareBot
2010-02-12 05:42:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-12 05:41:09 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-12 05:40:47 0 d-----w- c:\program files\Lavasoft
2010-02-12 05:10:19 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-12 05:10:03 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-12 04:42:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx
2010-02-12 04:41:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2010-02-12 04:41:59 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2010-02-12 04:41:58 1435272 ----a-w- c:\windows\system32\Flash.ocx
2010-02-12 04:41:57 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx
2010-02-12 04:41:57 389120 ----a-w- c:\windows\system32\ACTSKN43.OCX
2010-02-12 04:41:57 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-12 04:41:56 11012 ----a-w- c:\windows\system32\threadapi.tlb

==================== Find3M ====================

2009-11-28 13:29:28 19585 ----a-w- c:\windows\system32\uacinit.dll
2009-09-30 01:15:40 56 --sh--r- c:\windows\system32\2948E6ACDE.sys
2008-03-06 05:03:32 56 --sh--r- c:\windows\system32\4CF5CE6EC3.sys
2007-11-25 17:26:40 88 --sh--r- c:\windows\system32\C36ECEF54C.sys
1601-01-01 00:03:28 53760 --sha-w- c:\windows\system32\fabapufu.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\fenefezu.dll
2009-09-30 01:15:40 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
1601-01-01 00:03:28 61952 --sha-w- c:\windows\system32\popeyuwi.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\sonewibu.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\wivagoge.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\wiyatuto.dll
1601-01-01 00:03:28 92672 --sha-w- c:\windows\system32\yesigoju.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\zegofuho.dll
2008-08-26 15:52:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 11:29:50.01 ===============

DDS (Ver_09-12-01.01) - NTFSx86
Run by C at 11:26:56.56 on Fri 02/12/2010
Internet Explorer: 7.0.5730.11

============== Running Processes ===============

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\C\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
mWinlogon: System=kdppz.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {82498d50-c006-4b01-ba0e-100ae5f5e54c} - wivagoge.dll
BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [eujelxpu] c:\documents and settings\laura\local settings\application data\oaqehh\xdsasysguard.exe
mRun: [combofix] "c:\combo-fix\cf19235.cfxxe" /c "c:\combo-fix\C.bat"
mRun: [jogegovepu] Rundll32.exe "fenefezu.dll",s
mRun: [jufilofiz] Rundll32.exe "c:\windows\system32\yesigoju.dll",a
mRunOnce: [combofix] "c:\combo-fix\cf19235.cfxxe" /c "c:\combo-fix\C.bat"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {1B90C6B9-A1E3-4306-9A87-E8FA64175813} = 85.255.112.110;85.255.112.172
TCP: {9D9C5DAC-B7B1-4C7B-8A0F-23A520460CBE} = 85.255.112.110;85.255.112.172
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: gajujufej - {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll
SSODL: baviyapan - {b2ce4de5-a892-48aa-b9ec-7659c415e204} - c:\windows\system32\yesigoju.dll
STS: tokatiluy: {9e41c47d-3a6f-43d6-a44c-330c4cd00bb5} - c:\windows\system32\pododome.dll
STS: tokatiluy: {b2ce4de5-a892-48aa-b9ec-7659c415e204} - c:\windows\system32\yesigoju.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli zegofuho.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\c\applic~1\mozilla\firefox\profiles\ynoazwnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? FXDRV;FXDRV
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? WinDefend;Windows Defender Service
S? AdobeActiveFileMonitor;Adobe Active File Monitor
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avg8wd;AVG Free8 WatchDog
S? avgio;avgio
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? avgntflt;avgntflt
S? AvgTdiX;AVG Free8 Network Redirector
S? Lbd;Lbd
S? McProxy;McAfee Proxy Service
S? McrdSvc;Media Center Extender Service
S? PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect

=============== Created Last 30 ================

2010-02-12 14:09:12 0 d-sh--w- C:\found.000
2010-02-12 07:21:34 0 d-----w- c:\program files\Trend Micro
2010-02-12 06:47:39 60416 ----a-w- c:\windows\system32\drivers\Combo-Fix.sys
2010-02-12 06:42:48 0 d-sha-r- C:\cmdcons
2010-02-12 06:40:47 98816 ----a-w- c:\windows\sed.exe
2010-02-12 06:40:47 77312 ----a-w- c:\windows\MBR.exe
2010-02-12 06:40:47 261632 ----a-w- c:\windows\PEV.exe
2010-02-12 06:40:47 161792 ----a-w- c:\windows\SWREG.exe
2010-02-12 06:40:18 0 d-s---w- C:\Combo-Fix
2010-02-12 06:26:08 0 d-----w- c:\docume~1\c\applic~1\AdwareBot
2010-02-12 05:42:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-12 05:41:09 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-12 05:40:47 0 d-----w- c:\program files\Lavasoft
2010-02-12 05:10:19 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-12 05:10:03 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-12 04:42:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx
2010-02-12 04:41:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2010-02-12 04:41:59 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2010-02-12 04:41:58 1435272 ----a-w- c:\windows\system32\Flash.ocx
2010-02-12 04:41:57 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx
2010-02-12 04:41:57 389120 ----a-w- c:\windows\system32\ACTSKN43.OCX
2010-02-12 04:41:57 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-12 04:41:56 11012 ----a-w- c:\windows\system32\threadapi.tlb

==================== Find3M ====================

2009-11-28 13:29:28 19585 ----a-w- c:\windows\system32\uacinit.dll
2009-09-30 01:15:40 56 --sh--r- c:\windows\system32\2948E6ACDE.sys
2008-03-06 05:03:32 56 --sh--r- c:\windows\system32\4CF5CE6EC3.sys
2007-11-25 17:26:40 88 --sh--r- c:\windows\system32\C36ECEF54C.sys
1601-01-01 00:03:28 53760 --sha-w- c:\windows\system32\fabapufu.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\fenefezu.dll
2009-09-30 01:15:40 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
1601-01-01 00:03:28 61952 --sha-w- c:\windows\system32\popeyuwi.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\sonewibu.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\wivagoge.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\wiyatuto.dll
1601-01-01 00:03:28 92672 --sha-w- c:\windows\system32\yesigoju.dll
1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\zegofuho.dll
2008-08-26 15:52:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 11:29:50.01 ===============


Attach

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop Elements 3.0
Adobe Reader 6.0.1
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AdwareBot
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
AVG Free 8.5
Avira AntiVir Personal - Free Antivirus
Broadcom Management Programs
Brother MFL-Pro Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Corel Painter Essentials 2
Corel Painter X
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellConnect
DellSupport
Digital Line Detect
DIGOpt
DIGReqEx
ERUNT 1.1j
FastStone Image Viewer 3.5
Free Video to Mp3 Converter version 3.1
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
LG USB Modem driver
Macromedia Flash Player
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.5.7)
mPfMgr
mPfWiz
mProSafe
MSN
MSN Encarta Plus Support Files
MSN Search Toolbar
mSSO
MSXML 4.0 SP2 (KB927978)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
nik Color Efex Pro 2.0 GE
PDF Settings
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
Security Advisor
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic Encoders
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vz In Home Agent
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Easy Transfer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-12 12:51:07
Windows 5.1.2600 Service Pack 3
Running: o8043c5e.exe; Driver: C:\WINDOWS\TEMP\uxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT F7B67726 ZwCreateKey
SSDT F7B6771C ZwCreateThread
SSDT F7B6772B ZwDeleteKey
SSDT F7B67735 ZwDeleteValueKey
SSDT F7B6773A ZwLoadKey
SSDT F7B67708 ZwOpenProcess
SSDT F7B6770D ZwOpenThread
SSDT F7B67744 ZwReplaceKey
SSDT F7B6773F ZwRestoreKey
SSDT F7B67730 ZwSetValueKey
SSDT F7B67717 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A8C54D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\wumomara.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1108] 0x10000000
Library C:\WINDOWS\system32\tuledagi.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1108] 0x00D40000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1


Edited by Mike125, 12 February 2010 - 12:58 PM.

  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    c:\windows\system32\uacinit.dll
    c:\windows\system32\fabapufu.dll
    c:\windows\system32\fenefezu.dll
    c:\windows\system32\popeyuwi.dll
    c:\windows\system32\sonewibu.dll
    c:\windows\system32\wivagoge.dll
    c:\windows\system32\wiyatuto.dll
    c:\windows\system32\yesigoju.dll
    c:\windows\system32\zegofuho.dll
    c:\documents and settings\laura\local settings\application data\oaqehh
    C:\WINDOWS\system32\wumomara.dll 
    C:\WINDOWS\system32\tuledagi.dll
    
    :Commands
    [emptytemp]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Edited by kahdah, 12 February 2010 - 05:38 PM.

  • 0

#5
Mike125

Mike125

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

All processes killed
Error: Unable to interpret <Files:> in the current context!
Error: Unable to interpret <c:\windows\system32\uacinit.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\fabapufu.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\fenefezu.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\popeyuwi.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\sonewibu.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\wivagoge.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\wiyatuto.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\yesigoju.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\zegofuho.dll> in the current context!
Error: Unable to interpret <c:\documents and settings\laura\local settings\application data\oaqehh> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\wumomara.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\tuledagi.dll> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User:
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1113067 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14339133 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33142 bytes
->FireFox cache emptied: 0 bytes

User: Laura
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 7673585 bytes
->Java cache emptied: 674324 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66206 bytes

User:
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 817143 bytes
->Java cache emptied: 7674 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9906229 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 33.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02122010_134143

Files moved on Reboot...
File move failed. C:\Documents and Settings\Laura\Local Settings\Temp\hsperfdata_Laura\2212 scheduled to be moved on reboot.

Registry entries deleted on Reboot...


I don't have Malwarebyte(I still can't go on the site) and superantispyware can't update itself, still.:)
Edit: Though, now I can run superantispyware and it's detecting numerous adwares and trojans. Including adwares such as Adware.Vundo. Before, I couldn't even open the application. So, this is a good start so far.

Edited by Mike125, 12 February 2010 - 01:24 PM.

  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please copy the script again in my last post I put the colon in the wrong place so it didn't work.
Then just post the OTM log it will produce on restart.
  • 0

#7
Mike125

Mike125

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well, after running superantispyware, I can got rid of all the trojans and adware. Now I can access the sites I couldn't before. Should I still run OTM?
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes.
  • 0

#9
Mike125

Mike125

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

All processes killed
========== FILES ==========
File/Folder c:\windows\system32\uacinit.dll not found.
File/Folder c:\windows\system32\fabapufu.dll not found.
File/Folder c:\windows\system32\fenefezu.dll not found.
File/Folder c:\windows\system32\popeyuwi.dll not found.
File/Folder c:\windows\system32\sonewibu.dll not found.
File/Folder c:\windows\system32\wivagoge.dll not found.
File/Folder c:\windows\system32\wiyatuto.dll not found.
File/Folder c:\windows\system32\yesigoju.dll not found.
File/Folder c:\windows\system32\zegofuho.dll not found.
c:\documents and settings\laura\local settings\application data\oaqehh folder moved successfully.
File/Folder C:\WINDOWS\system32\wumomara.dll not found.
File/Folder C:\WINDOWS\system32\tuledagi.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9586476 bytes
->Java cache emptied: 221949 bytes
->FireFox cache emptied: 34163736 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Laura
->Temp folder emptied: 37427160 bytes
->Temporary Internet Files folder emptied: 5676257 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70554993 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lorena
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13166855 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 163.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02132010_222255

Files moved on Reboot...

Registry entries deleted on Reboot...


Also, adware.vundo keeps coming back on this computer. Anyway to delete it permanently?

Edited by Mike125, 13 February 2010 - 11:02 PM.

  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Working on it.
===============
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP