my malware once again will not start and also my avg free will not turn on at all it doesnt load plz help me fix this thanks
Jer3mytmz 0 Newbie Poster
Jer3mytmz 0 Newbie Poster
Here is the Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:06, on 2009-03-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\jer3my\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jer3my\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jer3my\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071115
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=482Os1q0mRtrn-wV2_mG8Z5Wqwg
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {d4800b36-e1c7-43bb-bada-5f2b243d7ae5} - C:\WINDOWS\system32\pihuwali.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hasayajujo] Rundll32.exe "C:\WINDOWS\system32\fohomugu.dll",s
O4 - HKLM\..\Run: [7863f7a2] rundll32.exe "C:\WINDOWS\system32\wukoraga.dll",b
O4 - HKLM\..\Run: [CPM7b50c43e] Rundll32.exe "C:\WINDOWS\system32\fapilizu.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jer3my\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [hasayajujo] Rundll32.exe "C:\WINDOWS\system32\fohomugu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [hasayajujo] Rundll32.exe "C:\WINDOWS\system32\fohomugu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC36121-1FD9-4F4C-8FEE-51587F3E5D67}: NameServer = 68.237.161.12 71.250.0.12
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: opnmKaya - opnmKaya.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fapilizu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fapilizu.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11662 bytes
Jer3mytmz 0 Newbie Poster
also ran combo fix this is what came up some one please help!
ComboFix 08-12-17.01 - jer3my 2009-03-24 9:21:29.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2449 [GMT -4:00]
Running from: c:\documents and settings\jer3my\Desktop\fixcomb.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.
2009-03-24 18:00 . 2009-03-24 06:07 95,232 --a--c--- c:\windows\system32\fapilizu.dll
2009-03-24 18:00 . 2009-03-24 06:07 89,088 --a--c--- c:\windows\system32\wukoraga.dll
2009-03-24 06:07 . 2009-03-24 08:42 3,281,352 ---hsc--- c:\windows\system32\agarokuw.ini
2009-03-22 14:42 . 2009-03-22 15:04 1,791,156 ---hsc--- c:\windows\system32\iwuboboj.ini
2009-03-22 14:42 . 2009-03-22 14:42 128,000 --ahsc--- c:\windows\system32\querdc.dll
2009-03-22 10:04 . 2009-03-22 10:04 128,000 --ahsc--- c:\windows\system32\cwxpkf.dll
2009-03-21 16:24 . 2009-03-22 10:57 1,791,169 ---hsc--- c:\windows\system32\ediwubuv.ini
2009-03-21 16:24 . 2009-03-21 16:24 129,536 --ahsc--- c:\windows\system32\cwoono.dll
2009-03-01 14:54 . 2009-03-24 09:11 <DIR> d----c--- c:\program files\DNA
2009-03-01 14:54 . 2009-03-01 14:54 <DIR> d----c--- c:\program files\BitTorrent
2009-03-01 14:54 . 2009-03-01 14:54 <DIR> d----c--- c:\program files\AskSearch
2009-03-01 14:54 . 2009-03-01 14:54 <DIR> d----c--- c:\program files\AskBarDis
2009-03-01 14:54 . 2009-03-24 09:21 <DIR> d----c--- c:\documents and settings\jer3my\Application Data\DNA
2009-02-26 02:12 . 2009-02-26 02:12 <DIR> d----c--- c:\program files\FLV Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 13:13 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-24 12:09 --------- dc----w c:\program files\Steam
2009-03-23 09:52 94,720 -csha-w c:\windows\system32\wopebulu.dll
2009-03-23 09:52 89,088 -csha-w c:\windows\system32\ruyebana.dll
2009-03-23 09:52 129,024 -csha-w c:\windows\system32\jomotewa.dll
2009-03-22 18:42 95,744 -csha-w c:\windows\system32\hurasivi.dll
2009-03-22 18:42 90,112 -csha-w c:\windows\system32\jobobuwi.dll
2009-03-22 18:42 128,000 -csha-w c:\windows\system32\huzitala.dll
2009-03-22 15:43 --------- dc----w c:\documents and settings\jer3my\Application Data\LimeWire
2009-03-22 14:04 93,696 -csha-w c:\windows\system32\bulimane.dll
2009-03-22 14:04 88,576 -csha-w c:\windows\system32\herurata.dll
2009-03-21 20:24 94,720 -csha-w c:\windows\system32\mokomaru.dll
2009-03-21 20:24 129,536 -csha-w c:\windows\system32\hifejavi.dll
2009-03-19 22:12 --------- dc----w c:\documents and settings\jer3my\Application Data\BitTorrent
2009-03-19 16:37 2,600 -c--a-w c:\documents and settings\jer3my\Application Data\wklnhst.dat
2009-03-02 04:29 --------- dc----w c:\program files\DivX
2009-02-18 03:36 --------- dc-h--w c:\documents and settings\jer3my\Application Data\ijjigame
2009-02-15 22:11 --------- dc----w c:\program files\LimeWire
2009-02-09 10:19 1,846,272 -c--a-w c:\windows\system32\win32k.sys
2009-02-09 01:09 --------- dc----w c:\documents and settings\jer3my\Application Data\aAvgApi
2009-02-07 18:10 --------- dc----w c:\program files\Warcraft III
2009-02-06 02:22 --------- dc----w c:\documents and settings\jer3my\Application Data\Ventrilo
2009-02-06 02:21 --------- dc----w c:\program files\Ventrilo
2009-02-06 02:21 --------- dc----w c:\program files\Common Files\Wise Installation Wizard
2009-02-06 00:41 325,128 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-06 00:41 107,272 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-06 00:41 10,520 -c--a-w c:\windows\system32\avgrsstx.dll
2009-02-06 00:41 --------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-01-24 23:36 --------- dc----w c:\documents and settings\jer3my\Application Data\cogad
2008-10-24 01:51 27 -c--a-w c:\documents and settings\All Users\Application Data\sneopts.dat
2007-11-28 23:53 60,968 -c--a-w c:\documents and settings\jer3my\GoToAssistDownloadHelper.exe
2007-11-19 17:17 439,296 -c--a-w c:\documents and settings\jer3my\GoToAssist_phone__317_en.exe
2007-08-03 23:36 8,784 -c--a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-03 22:03 245,408 -c--a-w c:\program files\mozilla firefox\plugins\unicows.dll
2005-07-29 21:24 472 -csha-r c:\windows\amVyM215\uApVgZYc.vbs
1601-01-01 00:12 58,880 -csha-w c:\windows\system32\fohomugu.dll
.
((((((((((((((((((((((((((((( snapshot_2009-03-22_11.16.39.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-22 14:49:34 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-24 13:11:26 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-22 14:49:34 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-24 13:11:26 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-22 14:49:34 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-24 13:11:26 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 18:24 325000 --a--c--- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4800b36-e1c7-43bb-bada-5f2b243d7ae5}]
c:\windows\system32\pihuwali.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"Google Update"="c:\documents and settings\jer3my\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-18 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-01 321344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2002-05-18 327680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-30 185632]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-12-03 1265296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"hasayajujo"="c:\windows\system32\fohomugu.dll" [ 58880]
"7863f7a2"="c:\windows\system32\wukoraga.dll" [2009-03-24 89088]
"CPM7b50c43e"="c:\windows\system32\fapilizu.dll" [2009-03-24 95232]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-15 7168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-21 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\fapilizu.dll" [2009-03-24 95232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fapilizu.dll [2009-03-24 95232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-28 19:53 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 20:41 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKaya]
opnmKaya.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\ruludoji.dll cwoono.dll c:\windows\system32\mokomaru.dll c:\windows\system32\fapilizu.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\ruludoji.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\jeremyzeng\\counter-strike\\hl.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\juiced 2 hot import nights\\j2launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\jer3my\\My Documents\\Downloads\\GunboundRV_setup.exe"=
"c:\\Documents and Settings\\jer3my\\Desktop\\GunboundRV_setup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"6112:TCP"= 6112:TCP:warcraft
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-19 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-19 107272]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-19 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-19 298264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-11-19 24652]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bdc2830-6822-11dd-b4c5-001aa09c90b4}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe097f73-d999-11dc-b38a-001aa09c90b4}]
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - F:\portablevaultaes.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2009-03-24 c:\windows\Tasks\gcrklabu.job
- c:\windows\system32\rundll32.exe [2004-08-04 07:00]
2009-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027744643-3886717838-3255096313-1006.job
- c:\documents and settings\jer3my\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 04:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=482Os1q0mRtrn-wV2_mG8Z5Wqwg
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {{28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\Verizon Online\ControlPad\Misc\a_menu.exe
IE: {{28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\Verizon Online\ControlPad\Misc\a_menu.exe -
IE: {{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
TCP: {2FC36121-1FD9-4F4C-8FEE-51587F3E5D67} = 68.237.161.12 71.250.0.12
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\jer3my\Application Data\Mozilla\Firefox\Profiles\85zviy1o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101760&l=dis
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\jer3my\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
pref(dom.disable_open_during_load, false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 09:21:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys]
"imagepath"="\systemroot\system32\drivers\UACoiqhklvv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\cwoono.dll
c:\windows\system32\mokomaru.dll
c:\windows\system32\fapilizu.dll
UACqvejpjws.dll 900000 204800 \\?\globalroot\systemroot\system32\UACqvejpjws.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\cwoono.dll
c:\windows\system32\mokomaru.dll
c:\windows\system32\fapilizu.dll
UACqvejpjws.dll bc0000 204800 \\?\globalroot\systemroot\system32\UACqvejpjws.dll
.
Completion time: 2009-03-24 9:23:20
ComboFix-quarantined-files.txt 2009-03-24 13:23:18
ComboFix2.txt 2009-03-24 12:40:23
ComboFix3.txt 2008-12-27 22:04:09
ComboFix4.txt 2008-12-18 09:18:27
ComboFix5.txt 2009-03-24 13:20:58
Pre-Run: 67,668,926,464 bytes free
Post-Run: 67,657,994,240 bytes free
282 --- E O F --- 2009-03-13 23:11:07
maanu 0 Light Poster
i believe it is you with same problem few months ago . i have not yet closely compared the logs but they seem equal ..
http://www.daniweb.com/forums/showthread.php?t=162801&highlight=portablevaultaes.exe
can u plz go through with those 4 pages ? i believe your problem was solved..
if not then come back here , we ll try to help you ..
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
i believe it is you with same problem few months ago . i have not yet closely compared the logs but they seem equal ..
http://www.daniweb.com/forums/thread162801.html&highlight=portablevaultaes.exe
can u plz go through with those 4 pages ? i believe your problem was solved..
if not then come back here , we ll try to help you ..
OP never bothered coming back here; http://www.daniweb.com/forums/thread162801-4.html so I would not put too much effort in.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.