|
Answer» i will get that log on here asap thank you so much. im downloading combofix right now. Yes my browsers are all working now.here is the CF log
ComboFix 09-04-29.03 - John 04/29/2009 22:22.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1013.215 [GMT -5:00]
Running from: c:\users\John\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *enabled*
FW: Norton 360 *enabled*
* Created a new restore point
.
ADS - Windows: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\tumuwaku\tumuwaku.dll
c:\windows\system32\x64
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.
2009-04-30 02:51 . 2009-04-30 02:51--------d-----wc:\program files\SUPERAntiSpyware
2009-04-30 02:50 . 2009-04-30 02:50--------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-04-29 04:06 . 2009-04-29 04:06--------d-----wc:\programdata\rodahope
2009-04-29 04:06 . 2009-04-29 04:06--------d-----wc:\users\All Users\rodahope
2009-04-29 03:08 . 2009-04-29 03:08--------d-----wc:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2009-04-29 03:08 . 2009-04-29 03:08--------d-----wc:\programdata\SUPERAntiSpyware.com
2009-04-29 03:08 . 2009-04-29 03:08--------d-----wc:\users\All Users\SUPERAntiSpyware.com
2009-04-28 03:47 . 2009-04-29 20:08--------d-----wc:\programdata\tosofove
2009-04-28 03:47 . 2009-04-30 03:25--------d-----wc:\programdata\tumuwaku
2009-04-28 03:47 . 2009-04-29 20:08--------d-----wc:\users\All Users\tosofove
2009-04-28 03:47 . 2009-04-30 03:25--------d-----wc:\users\All Users\tumuwaku
2009-04-27 15:47 . 2009-04-27 15:47--------d-----wc:\programdata\witiwegu
2009-04-27 15:47 . 2009-04-27 15:47--------d-----wc:\users\All Users\witiwegu
2009-04-27 15:47 . 2009-04-27 16:08--------d-----wc:\programdata\vasosunu
2009-04-27 15:47 . 2009-04-27 16:08--------d-----wc:\users\All Users\vasosunu
2009-04-27 15:47 . 2009-04-27 15:47--------d-----wc:\programdata\veyopiho
2009-04-27 15:47 . 2009-04-27 15:47--------d-----wc:\users\All Users\veyopiho
2009-04-27 03:47 . 2009-04-27 03:47--------d-----wc:\programdata\sebajuyo
2009-04-27 03:47 . 2009-04-27 03:47--------d-----wc:\users\All Users\sebajuyo
2009-04-27 03:47 . 2009-04-27 03:47--------d-----wc:\programdata\wayapego
2009-04-27 03:47 . 2009-04-27 03:47--------d-----wc:\users\All Users\wayapego
2009-04-27 03:47 . 2009-04-27 04:08--------d-----wc:\programdata\petonuho
2009-04-27 03:47 . 2009-04-27 04:08--------d-----wc:\users\All Users\petonuho
2009-04-26 15:46 . 2009-04-26 16:08--------d-----wc:\programdata\hatikefe
2009-04-26 15:46 . 2009-04-26 16:08--------d-----wc:\users\All Users\hatikefe
2009-04-26 15:46 . 2009-04-26 15:46--------d-----wc:\programdata\lamujoto
2009-04-26 15:46 . 2009-04-26 15:46--------d-----wc:\users\All Users\lamujoto
2009-04-26 15:46 . 2009-04-26 15:46--------d-----wc:\programdata\zahuzewi
2009-04-26 15:46 . 2009-04-26 15:46--------d-----wc:\users\All Users\zahuzewi
2009-04-26 03:46 . 2009-04-26 03:46--------d-----wc:\programdata\hikepohe
2009-04-26 03:46 . 2009-04-26 03:46--------d-----wc:\users\All Users\hikepohe
2009-04-26 03:46 . 2009-04-28 17:53--------d-----wc:\programdata\zezowawi
2009-04-26 03:46 . 2009-04-28 17:53--------d-----wc:\users\All Users\zezowawi
2009-04-26 03:46 . 2009-04-26 04:08--------d-----wc:\programdata\sekisahi
2009-04-26 03:46 . 2009-04-26 04:08--------d-----wc:\users\All Users\sekisahi
2009-04-25 15:47 . 2009-04-25 15:47--------d-----wc:\programdata\hanayupu
2009-04-25 15:47 . 2009-04-25 15:47--------d-----wc:\users\All Users\hanayupu
2009-04-25 15:47 . 2009-04-25 16:08--------d-----wc:\programdata\mumehuve
2009-04-25 15:47 . 2009-04-25 16:08--------d-----wc:\users\All Users\mumehuve
2009-04-25 15:47 . 2009-04-25 15:47--------d-----wc:\programdata\vikikeme
2009-04-25 15:47 . 2009-04-25 15:47--------d-----wc:\users\All Users\vikikeme
2009-04-25 03:47 . 2009-04-25 03:47--------d-----wc:\programdata\vaguyasi
2009-04-25 03:47 . 2009-04-25 03:47--------d-----wc:\users\All Users\vaguyasi
2009-04-25 03:47 . 2009-04-25 04:08--------d-----wc:\programdata\hohokaza
2009-04-25 03:47 . 2009-04-25 04:08--------d-----wc:\users\All Users\hohokaza
2009-04-25 03:46 . 2009-04-28 17:50--------d-----wc:\programdata\hipolugi
2009-04-25 03:46 . 2009-04-28 17:50--------d-----wc:\users\All Users\hipolugi
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\vegiyemi
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\vegiyemi
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\lizujopu
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\lizujopu
2009-04-25 02:46 . 2009-04-29 20:08--------d-----wc:\programdata\zuvirumu
2009-04-25 02:46 . 2009-04-29 20:08--------d-----wc:\users\All Users\zuvirumu
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\wagitiru
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\wagitiru
2009-04-24 14:46 . 2009-04-24 14:46--------d-----wc:\programdata\bewodanu
2009-04-24 14:46 . 2009-04-24 14:46--------d-----wc:\users\All Users\bewodanu
2009-04-24 14:45 . 2009-04-24 15:07--------d-----wc:\programdata\nademiso
2009-04-24 14:45 . 2009-04-24 15:07--------d-----wc:\users\All Users\nademiso
2009-04-24 14:45 . 2009-04-24 14:45--------d-----wc:\programdata\sunimuju
2009-04-24 14:45 . 2009-04-24 14:45--------d-----wc:\users\All Users\sunimuju
2009-04-24 02:45 . 2009-04-24 03:07--------d-----wc:\programdata\bifaruwi
2009-04-24 02:45 . 2009-04-24 03:07--------d-----wc:\users\All Users\bifaruwi
2009-04-24 02:45 . 2009-04-24 02:45--------d-----wc:\programdata\benosafi
2009-04-24 02:45 . 2009-04-24 02:45--------d-----wc:\users\All Users\benosafi
2009-04-24 02:45 . 2009-04-24 02:45--------d-----wc:\programdata\hujuyuju
2009-04-24 02:45 . 2009-04-24 02:45--------d-----wc:\users\All Users\hujuyuju
2009-04-23 14:45 . 2009-04-23 14:45--------d-----wc:\programdata\wanizofu
2009-04-23 14:45 . 2009-04-23 14:45--------d-----wc:\users\All Users\wanizofu
2009-04-23 14:45 . 2009-04-23 14:45--------d-----wc:\programdata\danuzihi
2009-04-23 14:45 . 2009-04-23 14:45--------d-----wc:\users\All Users\danuzihi
2009-04-23 14:45 . 2009-04-23 15:06--------d-----wc:\programdata\nadohipi
2009-04-23 14:45 . 2009-04-23 15:06--------d-----wc:\users\All Users\nadohipi
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\ginoreru
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\ginoreru
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\fawofofo
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\vetaweyo
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\fawofofo
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\vetaweyo
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\programdata\lomehuda
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\users\All Users\lomehuda
2009-04-23 02:45 . 2009-04-28 17:52--------d-----wc:\programdata\sodekeba
2009-04-23 02:45 . 2009-04-28 17:52--------d-----wc:\users\All Users\sodekeba
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\programdata\bimeyonu
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\users\All Users\bimeyonu
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\programdata\yodutiti
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\users\All Users\yodutiti
2009-04-22 14:45 . 2009-04-22 14:45--------d-----wc:\programdata\zumupobi
2009-04-22 14:45 . 2009-04-22 14:45--------d-----wc:\users\All Users\zumupobi
2009-04-22 14:45 . 2009-04-22 14:45--------d-----wc:\programdata\bazamufa
2009-04-22 14:45 . 2009-04-22 14:45--------d-----wc:\users\All Users\bazamufa
2009-04-22 14:45 . 2009-04-22 15:06--------d-----wc:\programdata\hogikata
2009-04-22 14:45 . 2009-04-22 15:06--------d-----wc:\users\All Users\hogikata
2009-04-22 02:45 . 2009-04-22 02:45--------d-----wc:\programdata\johabuji
2009-04-22 02:45 . 2009-04-22 02:45--------d-----wc:\users\All Users\johabuji
2009-04-22 02:45 . 2009-04-22 03:06--------d-----wc:\programdata\moriwami
2009-04-22 02:45 . 2009-04-22 02:45--------d-----wc:\programdata\vuyugije
2009-04-22 02:45 . 2009-04-22 03:06--------d-----wc:\users\All Users\moriwami
2009-04-22 02:45 . 2009-04-22 02:45--------d-----wc:\users\All Users\vuyugije
2009-04-21 14:45 . 2009-04-21 14:45--------d-----wc:\programdata\diforusa
2009-04-21 14:45 . 2009-04-21 14:45--------d-----wc:\users\All Users\diforusa
2009-04-21 14:45 . 2009-04-21 14:45--------d-----wc:\programdata\kupuruzi
2009-04-21 14:45 . 2009-04-21 14:45--------d-----wc:\users\All Users\kupuruzi
2009-04-21 14:45 . 2009-04-21 15:06--------d-----wc:\programdata\wovahuzo
2009-04-21 14:45 . 2009-04-21 15:06--------d-----wc:\users\All Users\wovahuzo
2009-04-21 02:45 . 2009-04-28 17:53--------d-----wc:\programdata\zodogupe
2009-04-21 02:45 . 2009-04-28 17:53--------d-----wc:\users\All Users\zodogupe
2009-04-21 02:45 . 2009-04-28 17:52--------d-----wc:\programdata\ruyigige
2009-04-21 02:45 . 2009-04-28 17:52--------d-----wc:\users\All Users\ruyigige
2009-04-21 02:45 . 2009-04-28 17:52--------d-----wc:\programdata\pehuvesi
2009-04-21 02:45 . 2009-04-28 17:52--------d-----wc:\users\All Users\pehuvesi
2009-04-20 14:44 . 2009-04-28 17:51--------d-----wc:\programdata\minukure
2009-04-20 14:44 . 2009-04-28 17:51--------d-----wc:\users\All Users\minukure
2009-04-20 14:44 . 2009-04-28 17:50--------d-----wc:\programdata\hikemavi
2009-04-20 14:44 . 2009-04-28 17:50--------d-----wc:\users\All Users\hikemavi
2009-04-20 02:44 . 2009-04-28 17:53--------d-----wc:\programdata\zofudaga
2009-04-20 02:44 . 2009-04-28 17:53--------d-----wc:\users\All Users\zofudaga
2009-04-20 02:44 . 2009-04-28 17:50--------d-----wc:\programdata\fizugotu
2009-04-20 02:44 . 2009-04-28 17:50--------d-----wc:\users\All Users\fizugotu
2009-04-20 02:44 . 2009-04-28 17:52--------d-----wc:\programdata\rufowopa
2009-04-20 02:44 . 2009-04-28 17:52--------d-----wc:\users\All Users\rufowopa
2009-04-19 14:44 . 2009-04-28 17:53--------d-----wc:\programdata\zarasane
2009-04-19 14:44 . 2009-04-28 17:53--------d-----wc:\users\All Users\zarasane
2009-04-19 14:44 . 2009-04-28 17:52--------d-----wc:\programdata\resiyefu
2009-04-19 14:44 . 2009-04-28 17:52--------d-----wc:\users\All Users\resiyefu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 02:42 . 2007-05-22 04:18--------d-----wc:\program files\Common Files\Symantec Shared
2009-04-29 13:09 . 2007-04-14 13:29--------d-----wc:\program files\Shockwave.com
2009-04-17 08:12 . 2006-11-02 11:18--------d-----wc:\program files\Windows Mail
2009-04-06 18:12 . 2008-04-28 00:47--------d-----wc:\program files\Westward2_at
2009-04-01 22:10 . 2007-04-02 02:34--------d-----wc:\program files\Rhapsody
2009-03-30 21:30 . 2007-06-15 05:40--------d-----wc:\program files\Serif
2009-03-30 21:30 . 2006-12-16 06:19--------d--h--wc:\program files\InstallShield Installation Information
2009-03-30 21:29 . 2007-03-20 13:55--------d-----wc:\program files\Real
2009-03-30 21:28 . 2006-12-16 06:29--------d-----wc:\program files\CyberLink
2009-03-30 21:27 . 2007-04-09 17:12--------d-----wc:\program files\WildTangent
2009-03-30 21:25 . 2007-03-01 20:09--------d-----wc:\program files\MySpace
2009-03-30 21:19 . 2006-12-16 06:32--------d-----wc:\program files\Gateway Games
2009-03-30 21:17 . 2007-10-19 23:46--------d-----wc:\program files\DivX
2009-03-30 21:04 . 2006-11-02 10:2586016----a-wc:\windows\inf\infstor.dat
2009-03-30 21:04 . 2006-11-02 10:2551200----a-wc:\windows\inf\infpub.dat
2009-03-30 21:04 . 2006-11-02 10:2586016----a-wc:\windows\inf\infstrng.dat
2009-03-30 21:04 . 2007-07-03 08:03--------d-----wc:\program files\Common Files\Apple
2009-03-17 03:16 . 2009-04-16 19:5340960----a-wc:\windows\AppPatch\apihex86.dll
2009-03-17 03:16 . 2009-04-16 19:5314848----a-wc:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 19:5325600----a-wc:\windows\system32\amxread.dll
2009-03-05 22:32 . 2009-03-05 22:27--------d-----wc:\program files\ManyCam 2.3
2009-03-03 04:24 . 2009-04-16 19:533503584----a-wc:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 19:533469280----a-wc:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 19:52826368----a-wc:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 19:53158720----a-wc:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 19:53549888----a-wc:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 19:5324576----a-wc:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 19:5256320----a-wc:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 19:5397280----a-wc:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 19:5353248----a-wc:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 19:5337888----a-wc:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 19:5278336----a-wc:\windows\system32\ieencode.dll
2009-03-03 04:16 . 2009-04-16 19:5252736----a-wc:\windows\AppPatch\iebrshim.dll
2009-03-03 04:15 . 2009-04-16 19:5272704----a-wc:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 19:53654336----a-wc:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 19:5226624----a-wc:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 19:5248128----a-wc:\windows\system32\mshtmler.dll
2009-02-13 07:26 . 2009-04-16 19:5372704----a-wc:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 19:531233408----a-wc:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 19:537680----a-wc:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-11 12:052028032----a-wc:\windows\system32\win32k.sys
2008-12-12 09:20 . 2006-11-02 12:50174--sha-wc:\program files\desktop.ini
2007-04-18 23:22 . 2007-04-18 23:22774144----a-wc:\program files\RngInterstitial.dll
2007-08-14 14:39 . 2007-08-03 21:1924--sh--wc:\windows\S4435AE6B.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-8-17 1447184]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2383206740-1977817344-2628701725-1001]
"EnableNotificationsRef"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2383206740-1977817344-2628701725-500]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{524C4205-F379-4D27-87D6-CFA593BEE568}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{41DE6FAE-AB22-4391-9E46-F0DE74465AD1}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 knzxdvua;knzxdvua;
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-28 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2006-12-16 5504]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 PAC207;Basic Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{8DA8332C-7F4D-4621-AA07-FDDFF2794959}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-reSetup.exe - c:\users\John\Desktop\RESETU~2.EXE
HKCU-Run-Eraser - c:\eraser\eraser.exe
HKCU-Run-BellesBeautyBoutiqueSetup.exe - c:\users\John\Desktop\BELLES~2.EXE
HKCU-Run-cec4f502 - c:\programdata\tumuwaku\tumuwaku.dll
HKCU-Run-CPMcdf7c69e - c:\programdata\tosofove\tosofove.dll
HKCU-Run-huyevetabi - c:\programdata\zuvirumu\zuvirumu.dll
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride =
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ghopffb4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ghopffb4.default\extensions\[emailprotected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ghopffb4.default\extensions\[emailprotected]\plugins\npmozax.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 22:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\John\AppData\Roaming\GTek\GTUpdate\AUpdate\NMSSupport\DB\{1330EA23-8648-4CD3-883A-56F97A5B2012}.xml 794 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2383206740-1977817344-2628701725-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}\iexplore]
@DACL=(02 0000)
"Type"=dword:00000003
"Flags"=dword:00000000
"Time"=hex:d7,07,05,00,00,00,06,00,12,00,11,00,39,00,10,02
[HKEY_USERS\S-1-5-21-2383206740-1977817344-2628701725-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\iexplore]
@DACL=(02 0000)
"Type"=dword:00000003
"Flags"=dword:00000000
"Time"=hex:d7,07,05,00,00,00,06,00,12,00,11,00,39,00,1f,02
[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-04-30 22:28
ComboFix-quarantined-files.txt 2009-04-30 03:28
Pre-Run: 219,747,774,464 bytes free
Post-Run: 219,739,893,760 bytes free
365--- E O F ---2009-04-29 23:05
Quotec:\users\John\Downloads\ComboFix.exe
ComboFix needs to be on the desktop to work properly. Please remove it from the downloads folder and place it on the desktop.
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
Code: [Select]KillAll::
Driver::
knzxdvua
Folder::
c:\programdata\tosofove
c:\programdata\tumuwaku
c:\users\All Users\tosofove
c:\users\All Users\tumuwaku
c:\programdata\witiwegu
c:\users\All Users\witiwegu
c:\programdata\vasosunu
c:\users\All Users\vasosunu
c:\programdata\veyopiho
c:\users\All Users\veyopiho
c:\programdata\sebajuyo
c:\users\All Users\sebajuyo
c:\programdata\wayapego
c:\users\All Users\wayapego
c:\programdata\petonuho
c:\users\All Users\petonuho
c:\programdata\hatikefe
c:\users\All Users\hatikefe
c:\programdata\lamujoto
c:\users\All Users\lamujoto
c:\programdata\zahuzewi
c:\users\All Users\zahuzewi
c:\programdata\hikepohe
c:\users\All Users\hikepohe
c:\programdata\zezowawi
c:\users\All Users\zezowawi
c:\programdata\sekisahi
c:\users\All Users\sekisahi
c:\programdata\hanayupu
c:\users\All Users\hanayupu
c:\programdata\mumehuve
c:\users\All Users\mumehuve
c:\programdata\vikikeme
c:\users\All Users\vikikeme
c:\programdata\vaguyasi
c:\users\All Users\vaguyasi
c:\programdata\hohokaza
c:\users\All Users\hohokaza
c:\programdata\hipolugi
c:\users\All Users\hipolugi
c:\programdata\vegiyemi
c:\users\All Users\vegiyemi
c:\programdata\lizujopu
c:\users\All Users\lizujopu
c:\programdata\zuvirumu
c:\users\All Users\zuvirumu
c:\programdata\wagitiru
c:\users\All Users\wagitiru
c:\programdata\bewodanu
c:\users\All Users\bewodanu
c:\programdata\nademiso
c:\users\All Users\nademiso
c:\programdata\sunimuju
c:\users\All Users\sunimuju
c:\programdata\bifaruwi
c:\users\All Users\bifaruwi
c:\programdata\benosafi
c:\users\All Users\benosafi
c:\programdata\hujuyuju
c:\users\All Users\hujuyuju
c:\programdata\wanizofu
c:\users\All Users\wanizofu
c:\programdata\danuzihi
c:\users\All Users\danuzihi
c:\programdata\nadohipi
c:\users\All Users\nadohipi
c:\programdata\ginoreru
c:\users\All Users\ginoreru
c:\programdata\fawofofo
c:\programdata\vetaweyo
c:\users\All Users\fawofofo
c:\users\All Users\vetaweyo
c:\programdata\lomehuda
c:\users\All Users\lomehuda
c:\programdata\sodekeba
c:\users\All Users\sodekeba
c:\programdata\bimeyonu
c:\users\All Users\bimeyonu
c:\programdata\yodutiti
c:\users\All Users\yodutiti
c:\programdata\zumupobi
c:\users\All Users\zumupobi
c:\programdata\bazamufa
c:\users\All Users\bazamufa
c:\programdata\hogikata
c:\users\All Users\hogikata
c:\programdata\johabuji
c:\users\All Users\johabuji
c:\programdata\moriwami
c:\programdata\vuyugije
c:\users\All Users\moriwami
c:\users\All Users\vuyugije
c:\programdata\diforusa
c:\users\All Users\diforusa
c:\programdata\kupuruzi
c:\users\All Users\kupuruzi
c:\programdata\wovahuzo
c:\users\All Users\wovahuzo
c:\programdata\zodogupe
c:\users\All Users\zodogupe
c:\programdata\ruyigige
c:\users\All Users\ruyigige
c:\programdata\pehuvesi
c:\users\All Users\pehuvesi
c:\programdata\minukure
c:\users\All Users\minukure
c:\programdata\hikemavi
c:\users\All Users\hikemavi
c:\programdata\zofudaga
c:\users\All Users\zofudaga
c:\programdata\fizugotu
c:\users\All Users\fizugotu
c:\programdata\rufowopa
c:\users\All Users\rufowopa
c:\programdata\zarasane
c:\users\All Users\zarasane
c:\programdata\resiyefu
c:\users\All Users\resiyefu
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
RegNull::
[-HKEY_USERS\S-1-5-21-2383206740-1977817344-2628701725-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}\iexplore]
[-HKEY_USERS\S-1-5-21-2383206740-1977817344-2628701725-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\iexplore]
[-HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[-HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[-HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[-HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[-HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[-HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After REBOOT (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Download the Norton Removal Tool (SymNRT) to your Desktop.
Once downloaded please close ALL open browsers, also save any work because this may require a restart.
- Go to your desktop and double click on the removal tool and then click Setup.
- Once open Click Next
- Accept the license AGREEMENT and click Next
- Type in the letters/numbers that you see into the text box then click Next.
- Then click Next and the tool will start running.
- Once finished restart the PC.
- Delete Nortonremoval tool from your Desktop.
.
----------
Download the McAfee Consumer Product Removal Tool to your Desktop.
Using McAfee Consumer Product Removal tool:
- Double click the MCPR.exe
- A Command Line window will be displayed, and then close automatically.
- Wait for a second Command Line window to be displayed.
- Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
- After the second window appears, the program will begin the cleanup.
- Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
- Press Y on the keyboard.
- Wait for the computer to restart.
- All McAfee products are now removed from your computer.
|
