Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

ComboFix log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

ComboFix log

Unread postby malwarevictim » April 2nd, 2009, 1:46 pm

ComboFix 09-04-01.01 - Owner 2009-04-02 12:43:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.398 [GMT -4:00]
Running from: c:\documents and settings\Owner.BSC\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner.BSC\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\aguremot.ini
c:\windows\system32\apibujoh.ini
c:\windows\system32\arulasad.ini
c:\windows\system32\asirebiv.ini
c:\windows\system32\awazokaw.ini
c:\windows\system32\Cache
c:\windows\system32\cbcvcuqf.ini
c:\windows\system32\devopaha.dll
c:\windows\system32\dugigidu.dll
c:\windows\system32\duvotihe.dll
c:\windows\system32\ebagufez.ini
c:\windows\system32\elavoyur.ini
c:\windows\system32\elilovoh.ini
c:\windows\system32\enivopaz.ini
c:\windows\system32\enujumub.ini
c:\windows\system32\ezudotib.ini
c:\windows\system32\ganotida.dll
c:\windows\system32\gidogudi.dll
c:\windows\system32\hakodoso.dll
c:\windows\system32\higudivo.dll.tmp
c:\windows\system32\idugodig.ini
c:\windows\system32\ifuvenej.ini
c:\windows\system32\igiwubef.ini
c:\windows\system32\ikigawer.ini
c:\windows\system32\ilavoneg.ini
c:\windows\system32\inazikun.ini
c:\windows\system32\iqqukwek.ini
c:\windows\system32\isogefel.ini
c:\windows\system32\itoyafob.ini
c:\windows\system32\iyibihap.ini
c:\windows\system32\iyopojen.ini
c:\windows\system32\izepojak.ini
c:\windows\system32\jepazeje.dll.tmp
c:\windows\system32\kelinepe.dll.tmp
c:\windows\system32\muhatohu.dll
c:\windows\system32\newuwiyo.dll
c:\windows\system32\ogaremuh.ini
c:\windows\system32\ogikujid.ini
c:\windows\system32\ogolapaf.ini
c:\windows\system32\okagadeh.ini
c:\windows\system32\omunodup.ini
c:\windows\system32\opkpeoxs.ini
c:\windows\system32\ososajev.ini
c:\windows\system32\ovenubih.ini
c:\windows\system32\ovomodiv.ini
c:\windows\system32\owajafay.ini
c:\windows\system32\povisema.dll.tmp
c:\windows\system32\pudonumo.dll
c:\windows\system32\puswrdoj.ini
c:\windows\system32\ruyovale.dll
c:\windows\system32\semijuwi.dll
c:\windows\system32\ubakiwod.ini
c:\windows\system32\ubwylpva.ini
c:\windows\system32\udawekag.ini
c:\windows\system32\ufifakov.ini
c:\windows\system32\ugujubet.ini
c:\windows\system32\umajejij.ini
c:\windows\system32\uremehew.ini
c:\windows\system32\utasuset.ini
c:\windows\system32\vFgPYJjl.ini
c:\windows\system32\vFgPYJjl.ini2
c:\windows\system32\vixfvelr.ini
c:\windows\system32\wavemile.dll
c:\windows\system32\wisegava.dll.tmp
c:\windows\system32\yopopanu.dll
c:\windows\system32\yuhoraki.dll
c:\windows\system32\zasezara.dll
c:\windows\system32\zulalahu.dll.tmp
c:\windows\wiaservv.log
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-01 23:42 . 2009-04-01 23:42 2,713 ---hs---- c:\windows\system32\doyifari.dll
2009-03-31 10:20 . 2009-03-31 10:20 <DIR> d-------- C:\TIBCOProjects
2009-03-26 12:18 . 2009-03-26 12:18 <DIR> d-------- c:\program files\Viewpoint
2009-03-26 12:18 . 2009-03-26 12:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-26 12:17 . 2009-03-26 12:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-26 12:17 . 2009-03-28 18:18 999 --ah----- C:\IPH.PH
2009-03-25 19:35 . 2009-03-25 19:35 <DIR> d-------- c:\documents and settings\Owner.BSC\Application Data\TVU networks
2009-03-19 21:07 . 2009-03-19 21:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks
2009-03-14 12:51 . 2007-03-28 09:16 344,064 --a------ c:\windows\system32\lxddcoin.dll
2009-03-14 12:51 . 2006-05-17 22:47 40,960 --a------ c:\windows\system32\lxddvs.dll
2009-03-14 12:50 . 2007-01-09 12:13 692,224 --a------ c:\windows\system32\lxdddrs.dll
2009-03-14 12:50 . 2006-10-06 13:08 69,632 --a------ c:\windows\system32\lxddcnv4.dll
2009-03-14 12:50 . 2007-01-23 14:40 65,536 --a------ c:\windows\system32\lxddcaps.dll
2009-03-14 12:49 . 2007-02-21 19:11 45,056 --a------ c:\windows\system32\LXF3PMON.DLL
2009-03-14 12:49 . 2006-11-07 06:02 36,864 --a------ c:\windows\system32\lxf3oem.dll
2009-03-14 12:49 . 2007-02-21 19:11 32,768 --a------ c:\windows\system32\LXF3FXPU.DLL
2009-03-14 12:47 . 2009-03-14 12:53 <DIR> d-------- c:\program files\Lexmark Toolbar
2009-03-14 12:47 . 2009-03-14 12:50 <DIR> d-------- c:\program files\Lexmark Fax Solutions
2009-03-14 12:47 . 2006-12-06 00:19 44 --a------ c:\windows\system32\lxddrwrd.ini
2009-03-14 12:45 . 2009-03-14 12:50 <DIR> d-------- c:\program files\Lexmark 2500 Series
2009-03-04 21:10 . 2009-03-04 21:10 <DIR> d-------- c:\program files\MSECache
2009-03-04 20:24 . 2009-03-04 20:36 <DIR> d-------- c:\documents and settings\Owner.BSC\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 16:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 16:23 --------- d-----w c:\program files\CyberLink
2009-04-01 18:15 --------- d-----w c:\program files\Lx_cats
2009-03-29 23:26 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-29 01:19 --------- d-----w c:\documents and settings\Owner.BSC\Application Data\Juniper Networks
2009-03-29 01:18 --------- d-----w c:\program files\Google
2009-03-29 01:16 --------- d-----w c:\program files\Common Files\Nullsoft
2009-03-29 01:16 --------- d-----w c:\program files\Common Files\AOL
2009-03-26 16:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-24 13:57 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-21 20:37 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-14 16:52 --------- d-----w c:\documents and settings\Owner.BSC\Application Data\Lexmark Productivity Studio
2009-03-14 16:27 --------- d-----w c:\program files\Yahoo!
2009-03-14 16:27 --------- d-----w c:\program files\Windows Live
2009-03-14 16:27 --------- d-----w c:\program files\QuickTime
2009-03-09 20:46 --------- d-----w c:\documents and settings\Owner.BSC\Application Data\Skype
2009-02-19 14:11 --------- d-----w c:\program files\Logitech
2009-02-19 14:02 --------- d-----w c:\program files\Common Files\FotoWire
2009-02-19 14:02 --------- d-----w c:\documents and settings\Owner.BSC\Application Data\FotoWire
2009-02-19 13:59 81,920 ------r c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-02-19 13:59 --------- d-----w c:\program files\Common Files\Logitech
2009-01-01 03:38 10,794 --sha-w c:\windows\system32\dipamola.exe
1601-01-01 00:12 10,794 --sha-w c:\windows\system32\folelali.exe
1601-01-01 00:12 3,494 --sha-w c:\windows\system32\guditowi.exe
1601-01-01 00:12 32,694 --sha-w c:\windows\system32\seratewa.exe
1601-01-01 00:12 31,234 --sha-w c:\windows\system32\tagerako.exe
2008-10-14 19:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101420081015\index.dat
2008-10-26 16:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102620081027\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-07 737370]
"DriveIcons"="c:\program files\DriveIcon\DriveIcon.exe" [2006-03-17 655360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-21 1932568]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-21 16:37 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-20 16:21 133104 c:\documents and settings\Owner.BSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 17:22 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 17:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2009-02-19 09:59 20480 c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--------- 2004-06-01 12:09 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--------- 2004-06-01 06:46 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--------- 2004-06-01 12:09 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--------- 2004-06-01 12:03 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-05-21 20:11 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 20:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-04-27 14:48 7561216 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 14:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-05-08 09:17 81920 c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-06 16:16 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-12 19:50 88204 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-04-27 14:48 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\tibco\\designer\\5.5\\bin\\designer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\ehome\\ehrecvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Ymsgr_tray.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-20 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-20 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-20 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-20 298264]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-03-26 24652]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-03-14 99248]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-02-02 204800]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\drivers\CamDrL20.sys [2009-02-19 245760]
S3 TIBCOAdmin-local;TIBCO Administrator 5.4 (local);C:/tibco/administrator/domain/local/bin/tibcoadmin_local.exe --ntservice "TIBCOAdmin-local" --> C:/tibco/administrator/domain/local/bin/tibcoadmin_local.exe --ntservice TIBCOAdmin-local [?]
S3 tibemsd;TIBCO EMS Server;c:\tibco\ems\bin\emsntsct.exe "tibemsd" --> c:\tibco\ems\bin\emsntsct.exe tibemsd [?]
S3 TIBHawkAgent-local-BSC;TIBCO Hawk Agent (local);C:/tibco/tra/domain/local/hawkagent_local.exe --ntservice "TIBHawkAgent-local-BSC" --> C:/tibco/tra/domain/local/hawkagent_local.exe --ntservice TIBHawkAgent-local-BSC [?]
S3 TIBHawkAgent;TIBCO Hawk Agent;c:\tibco\hawk\bin\tibhawkagentnt.exe [2008-10-19 57344]
S3 TIBHawkEvent;TIBCO Hawk Event;c:\tibco\hawk\bin\tibhawkeventnt.exe [2008-10-19 57344]
S3 TIBHawkHMA;TIBCO Hawk HMA;c:\tibco\hawk\bin\tibhawkhma.exe --service TIBHawkHMA --> c:\tibco\hawk\bin\tibhawkhma.exe --service TIBHawkHMA [?]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e770a3b2-08dd-11de-a70d-00c0a8cbcd3c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 16:53]

2009-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2047258067-2470998688-862904253-1006.job
- c:\documents and settings\Owner.BSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-20 16:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4089f7d2-2c9e-4633-8c18-3ce2f11462b4} - c:\windows\system32\kifupiza.dll
BHO-{49636E20-1B03-4E81-8B53-546792DCD7EF} - c:\windows\system32\ljJYPgFv.dll
BHO-{5d49cb2f-8e2e-4ce3-8e37-61bbba1a8cec} - c:\windows\system32\devopaha.dll
BHO-{eb2ff624-5964-4940-b6f0-8acfa3b554f4} - c:\windows\system32\vxovls.dll
Notify-byXQhGYP - byXQhGYP.dll
MSConfigStartUp-28eb71b0 - c:\windows\system32\gidogudi.dll
MSConfigStartUp-bopavoluzi - c:\windows\system32\zasezara.dll
MSConfigStartUp-CPM2bd8422c - c:\windows\system32\yopopanu.dll
MSConfigStartUp-Inapusexuyo - c:\windows\Mnelezonusohom.dll
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe
MSConfigStartUp-Xmasecedulofo - c:\windows\Pgirivuxeruxi.dat


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.BSC\Application Data\Mozilla\Firefox\Profiles\kmxu4dwd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\Owner.BSC\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 12:49:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBCOAdmin-local]
"ImagePath"="C:/tibco/administrator/domain/local/bin/tibcoadmin_local.exe --ntservice \"TIBCOAdmin-local\""
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBHawkAgent-local-BSC]
"ImagePath"="C:/tibco/tra/domain/local/hawkagent_local.exe --ntservice \"TIBHawkAgent-local-BSC\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBCOAdmin-local]
"ImagePath"="C:/tibco/administrator/domain/local/bin/tibcoadmin_local.exe --ntservice \"TIBCOAdmin-local\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBHawkAgent-local-BSC]
"ImagePath"="C:/tibco/tra/domain/local/hawkagent_local.exe --ntservice \"TIBHawkAgent-local-BSC\""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-04-02 12:55:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 16:55:42

Pre-Run: 45,625,389,056 bytes free
Post-Run: 45,949,505,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

341 --- E O F --- 2008-11-12 15:31:15
malwarevictim
Active Member
 
Posts: 1
Joined: April 2nd, 2009, 1:43 pm
Top
Advertisement
Register to Remove

Re: ComboFix log

Unread postby NonSuch » April 3rd, 2009, 1:57 am

ComboFix is not intended to be used by anyone who has neither the expertise to properly interpret its logs nor the assistance and direct supervision of an authorized malware removal helper. To run ComboFix on one's own, with neither of the above, is to court disaster. Please refrain from attempting further self-help fixes on your own, with this or any other tool.

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log, and a copy of your ComboFix log, both in the same post.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 276 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index