Hi, my computer seems to running normally now. Thank you. The files and folders you had me drop into combofix; were they damaged or encoded spyware/viruses? Before you had me perform this last action I was getting "RUNDLL Error Loading C:\Windows\ufepevog.dll The specified module could not be found" on windows startup. This is now no longer an issue. Below are the Hijackthis and combofix log...
ComboFix 09-10-14.04 - Owner 10/14/2009 19:00.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3367.2907 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FILE ::
"c:\documents and settings\Owner\Application Data\avydo.dat"
"c:\program files\Common Files\egaxog.lib"
"c:\program files\Common Files\icuhi.lib"
"c:\windows\adet420.dll"
"c:\windows\system32\vedilune.exe"
"c:\windows\ufepevog.dll"
"c:\windows\Vlujipuzimocinex.dat"
"c:\windows\Xkeruraf.bin"
"c:\windows\zuwiref.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\avydo.dat
c:\documents and settings\Owner\Application Data\Azureus
c:\documents and settings\Owner\Application Data\Azureus\.certs
c:\documents and settings\Owner\Application Data\Azureus\.keystore
c:\documents and settings\Owner\Application Data\Azureus\.lock
c:\documents and settings\Owner\Application Data\Azureus\active\21DB66F63ABF314C6E00797AFC0EEB523069401B.dat
c:\documents and settings\Owner\Application Data\Azureus\active\21DB66F63ABF314C6E00797AFC0EEB523069401B.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\3ED1CC9830BDEFFFD3324BA35062DB277D37FB3E.dat
c:\documents and settings\Owner\Application Data\Azureus\active\3ED1CC9830BDEFFFD3324BA35062DB277D37FB3E.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\cache.dat
c:\documents and settings\Owner\Application Data\Azureus\azureus.config
c:\documents and settings\Owner\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Owner\Application Data\Azureus\azureus.config.saving
c:\documents and settings\Owner\Application Data\Azureus\azureus.statistics
c:\documents and settings\Owner\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Owner\Application Data\Azureus\banips.config
c:\documents and settings\Owner\Application Data\Azureus\banips.config.bak
c:\documents and settings\Owner\Application Data\Azureus\cache\381727708.ico
c:\documents and settings\Owner\Application Data\Azureus\cnetworks.config
c:\documents and settings\Owner\Application Data\Azureus\devices.config
c:\documents and settings\Owner\Application Data\Azureus\devices.config.bak
c:\documents and settings\Owner\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\general.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\version.dat
c:\documents and settings\Owner\Application Data\Azureus\downloads.config
c:\documents and settings\Owner\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Owner\Application Data\Azureus\filters.config
c:\documents and settings\Owner\Application Data\Azureus\friends.config
c:\documents and settings\Owner\Application Data\Azureus\friends.config.bak
c:\documents and settings\Owner\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Owner\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Devices_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Friends_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_Engine_3266225919.txt
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_Engine_9.txt
c:\documents and settings\Owner\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Subscriptions_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.CMsgr_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.emp_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.Friends_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.PMsgr_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.STres_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\WP_xsearch_1.log
c:\documents and settings\Owner\Application Data\Azureus\media\azpd\4AOTVHKOXH5HYTT4VL3PBGWYOCJYQF6K.azpd
c:\documents and settings\Owner\Application Data\Azureus\media\azpd\MXJWMQLJ7KXBJMNPAJLRNDX2CWA6ZTK6.azpd
c:\documents and settings\Owner\Application Data\Azureus\media\azpd\T4JYEWPEG64YY4ZXVMS35BI54YUFLAES.azpd
c:\documents and settings\Owner\Application Data\Azureus\metasearch.config
c:\documents and settings\Owner\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Owner\Application Data\Azureus\net\pm_11426.dat
c:\documents and settings\Owner\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Owner\Application Data\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Owner\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Owner\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\Owner\Application Data\Azureus\subs\03D8F22765B9E59B32A1.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\047969C2F30A401262F9.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\08B7E1A245FAAA4C1EDC.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\177D97ABD20DFF1C1109.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\17D053E4AF421BFD8B27.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\19D197C718E86D5B1B15.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\1B3A550E1FDB9D742C65.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\22359AD4380630DE8A40.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\23113C48F815F25FF852.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\23113C48F815F25FF852.vuze.2
c:\documents and settings\Owner\Application Data\Azureus\subs\23113C48F815F25FF852.vuze.bak
c:\documents and settings\Owner\Application Data\Azureus\subs\23874448F3148CDD35E7.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\271E92AFDBD73D248E67.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\295735F98560C1D42F24.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\2AA584663DC7C2DE32EE.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\39554085B8E2EE6D631B.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\3B71B7394C152CD8E1DD.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\447229A3A371779E8871.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\4CE0839375CB605B3C64.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\4E2C3C2A5F4FCEA9E199.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\53D74B2B7421ACF8B446.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\6422D03196C2B19C0D74.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\6CE4CD4B41EB765CCBCF.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\745F6E1D6E3B69A353E3.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\7CD984994CA61B4298FC.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\81136BEEE66A32A5CB53.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\813864B48EA2A46A1C48.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\8DE6E5753F5ADF094F49.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\9317B3DF092285BAE7CE.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\9536237799C938A1CC7D.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\970722C57F2EBEFA096B.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A1C6BE071DCE85B9636E.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A944E6E027737E4EEB85.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\AB77A8E82C63A68AF3AB.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\ADC9B51FE03726160ED8.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\BC4AF73659C585221827.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\BD0B879734390F7414C4.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\C732D6BA9C09C29B2FA3.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\CC14D5EF11EB663649DD.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\CF9C193A50DD099E1FCC.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\D1398C18A77AD0F70C8D.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\D52A24EE42E3641453B5.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\DB17EB2B2FA2FDD5F2FE.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\DB8DC1EB2722421C9454.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\E8139A68B1EC9E7A6DAD.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\EC04AE2313D66A13A488.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\EECADD9945BFCC6D5E08.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\F8B566BCA64E84B4B29C.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\F8B566BCA64E84B4B29C.vuze.2
c:\documents and settings\Owner\Application Data\Azureus\subs\FB411BC9F6005CA814D8.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\FD6CF4E3E1FFB5A69D5A.vuze
c:\documents and settings\Owner\Application Data\Azureus\subscriptions.config
c:\documents and settings\Owner\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Owner\Application Data\Azureus\tables.config
c:\documents and settings\Owner\Application Data\Azureus\tables.config.bak
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6638.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6639.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6640.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6641.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6642.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6643.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6644.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6645.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6647.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU6648.tmp\Vuze_4.2.0.8b_win32.exe
c:\documents and settings\Owner\Application Data\Azureus\tmp\speedTestTorrent.torrent
c:\documents and settings\Owner\Application Data\Azureus\torrents\[isoHunt]_Star.Wars.The.Force.Unleashed.USA.Wii-FATAL[1].torrent
c:\documents and settings\Owner\Application Data\Azureus\torrents\[WII]Guitar_Hero_World_Tour_[PAL][ESPALWII.com].rar_[mininova].torrent
c:\documents and settings\Owner\Application Data\Azureus\torrents\[WII]How.To.Burn.WII.Games-TPB.torrent
c:\documents and settings\Owner\Application Data\Azureus\torrents\1634499
c:\documents and settings\Owner\Application Data\Azureus\torrents\2039528
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU10630.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU10633.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU1173.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU21789.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU2730.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU30441.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU38702.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU38705.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU43153.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU60256.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU6570.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\AZU7930.tmp
c:\documents and settings\Owner\Application Data\Azureus\torrents\Facebreaker_K.O._Party_USA_Wii-VORTEX[www.TmasGames.com].torrent
c:\documents and settings\Owner\Application Data\Azureus\torrents\Guitar_Hero_5_USA_Wii-SUNSHiNE.torrent
c:\documents and settings\Owner\Application Data\Azureus\torrents\Stunning_Blonde_Teen_Girl_Auditions_For_Porn_Movies_XXX_Teen_Sex.torrent
c:\documents and settings\Owner\Application Data\Azureus\tracker.config
c:\documents and settings\Owner\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Owner\Application Data\Azureus\unsentdata.config
c:\documents and settings\Owner\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Owner\Application Data\Azureus\update.log
c:\documents and settings\Owner\Application Data\Azureus\update.properties
c:\documents and settings\Owner\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Owner\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Owner\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\Common Files\egaxog.lib
c:\program files\Common Files\icuhi.lib
c:\program files\Vuze
c:\program files\Vuze\hs_err_pid2292.log
c:\program files\Vuze\hs_err_pid2356.log
c:\program files\Vuze\hs_err_pid3116.log
c:\program files\Vuze\hs_err_pid3268.log
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.zip
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.zip
c:\program files\Vuze\plugins\azemp\azemp_2.1.02.jar
c:\program files\Vuze\plugins\azemp\azemp_2.1.02.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\mplayer\config
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.32
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.34
c:\program files\Vuze\plugins\azemp\plugin.properties_2.1.02
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.zip
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.21.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.21.zip
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.zip
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.17
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.21
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.5
c:\windows\adet420.dll
c:\windows\system32\vedilune.exe
c:\windows\Vlujipuzimocinex.dat
c:\windows\Xkeruraf.bin
c:\windows\zuwiref.dat
.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.
2009-10-10 12:41 . 2009-10-10 12:41 422 ----a-w- C:\boot.bat
2009-10-09 23:00 . 2009-10-09 23:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 22:58 . 2009-10-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-09 22:33 . 2009-10-09 22:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-10-09 22:33 . 2009-10-09 22:33 262144 ----a-w- C:\ntuser.dat
2009-10-09 22:32 . 2009-10-09 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-06 23:57 . 2009-10-07 00:05 -------- d-----w- C:\XPSP2
2009-10-06 23:57 . 2009-10-07 00:00 -------- d-----w- C:\XPCD
2009-10-06 23:34 . 2009-10-06 23:35 -------- d-----w- C:\Combo-Fix18293C
2009-10-06 23:32 . 2009-10-06 23:33 -------- d-----w- C:\Combo-Fix19749C
2009-10-05 22:39 . 2009-10-06 23:18 -------- d-----w- C:\Combo-Fix
2009-10-05 00:26 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-05 00:26 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-03 14:33 . 2009-10-03 14:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-03 14:20 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 14:20 . 2009-10-03 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 14:20 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 13:58 . 2009-10-03 15:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 00:43 . 2009-10-02 00:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-09-28 23:57 . 2009-09-28 23:57 -------- d--h--w- c:\windows\PIF
2009-09-27 14:54 . 2009-09-29 00:30 1014172 ----a-w- c:\windows\system32\RegiCleanseUpdates.zip
2009-09-27 14:11 . 2009-09-27 14:11 -------- d-----w- c:\windows\system32\RegiCleanse
2009-09-27 14:11 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
2009-09-27 14:11 . 2009-10-02 23:54 -------- d-----w- c:\program files\RegiCleanse System Optimizer
2009-09-26 16:30 . 2009-05-22 04:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys
2009-09-21 01:59 . 2009-09-21 01:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-20 18:09 . 2009-09-20 18:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-20 16:00 . 2009-09-20 16:00 10752 ----a-w- c:\windows\DCEBoot.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 14:26 . 2009-08-02 16:22 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-10-09 23:01 . 2008-08-03 12:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-09 22:33 . 2008-08-03 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-09 22:33 . 2008-08-03 23:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-10-09 22:32 . 2008-08-03 18:10 -------- d-----w- c:\program files\Yahoo!
2009-10-05 22:15 . 2008-08-03 14:33 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-10-03 15:53 . 2008-08-23 03:55 5072 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-09-26 16:21 . 2008-08-02 20:00 62904 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 22:06 . 2008-08-03 13:47 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-09-20 22:06 . 2008-08-03 13:47 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-09-20 22:06 . 2008-08-03 13:47 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 1980-01-01 00:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-03-22 01:03 . 2009-03-22 01:03 1911328 -c--a-w- c:\program files\ImgBurn.rar
.
((((((((((((((((((((((((((((( SnapShot@2009-10-05_00.53.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-09 23:02 . 2009-10-09 23:02 21504 c:\windows\Installer\1d53cf.msi
+ 2009-10-09 23:00 . 2009-10-09 23:00 27648 c:\windows\Installer\1d53c4.msi
+ 2009-10-06 23:17 . 2009-10-06 23:18 669852 c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-10-09 23:03 . 2009-10-09 23:03 6653952 c:\windows\Installer\1d53f5.msp
+ 2009-10-09 23:04 . 2009-10-09 23:04 1697792 c:\windows\Installer\1d53f4.msp
+ 2009-10-09 23:02 . 2009-10-09 23:02 3938816 c:\windows\Installer\1d53ca.msi
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-31 1398024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-12 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-12 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-27 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-12-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-12-28 106496]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [8/3/2008 9:47 AM 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 12:39 AM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2/16/2008 12:39 AM 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/3/2008 9:48 AM 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [8/3/2008 9:48 AM 648456]
S2 gupdate1c9f83192256a02;Google Update Service (gupdate1c9f83192256a02);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/3/2009 10:20 AM 38224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.commStart Page =
hxxp://www.yahoo.comuInternet Connection Wizard,ShellNext =
hxxp://www.gatewaybiz.com/DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\py6l8vp7.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-14 19:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Completion time: 2009-10-14 19:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 23:15
ComboFix2.txt 2009-10-13 23:06
ComboFix3.txt 2009-10-05 00:59
Pre-Run: 17,296,015,872 bytes free
Post-Run: 17,240,166,400 bytes free
409 --- E O F --- 2009-09-10 21:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:40 PM, on 10/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.gatewaybiz.com/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://supportcenter.rr.com/sdccommon/d ... gctlcm.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: Google Update Service (gupdate1c9f83192256a02) (gupdate1c9f83192256a02) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6799 bytes