Assistance needed.

Mikeyt086 · 06-09-2009 5:17pm #1

Hey, ive been having problems browsing the internet lately almost every wepage i try to load or link i click takes be to either podmena-vidachi.com, brittania search or thefeedyard.com.

I understand this is spyware, so i followed the tips in the stickied thread, installed and ran comedian and TPC and downloaded SuperAntiSpyware ran the scan and it found about 19 infected files which it then told me were treated.

I am still having the problems via the re-directing to dodey sites. Here is the log for the scan i did:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/05/2009 at 04:12 PM

Application Version : 4.28.1010

Core Rules Database Version : 4086
Trace Rules Database Version: 2026

Scan type : Complete Scan
Total Scan Time : 01:36:36

Memory items scanned : 424
Memory threats detected : 0
Registry items scanned : 5085
Registry threats detected : 6
File items scanned : 79502
File threats detected : 19

Adware.Tracking Cookie
C:\Documents and Settings\profile\Cookies\profile@azjmp[2].txt
C:\Documents and Settings\profile\Cookies\profile@hitbox[1].txt
C:\Documents and Settings\profile\Cookies\profile@adtech[1].txt
C:\Documents and Settings\profile\Cookies\profile@doubleclick[1].txt
C:\Documents and Settings\profile\Cookies\profile@imrworldwide[1].txt
C:\Documents and Settings\profile\Cookies\profile@specificclick[1].txt
C:\Documents and Settings\profile\Cookies\profile@ie-stat.bmmetrix[1].txt
C:\Documents and Settings\profile\Cookies\profile@adbrite[1].txt
C:\Documents and Settings\profile\Cookies\profile@questionmarket[1].txt
C:\Documents and Settings\profile\Cookies\profile@bs.serving-sys[2].txt
C:\Documents and Settings\profile\Cookies\profile@revsci[2].txt
C:\Documents and Settings\profile\Cookies\profile@serving-sys[1].txt
C:\Documents and Settings\profile\Cookies\profile@ehg-eset.hitbox[1].txt

Adware.VXGame-Trace
HKU\S-1-5-21-1506682764-4199850098-1352190075-1008\Software\kernelexe

Rootkit.Unclassified/KR_Done
C:\WINDOWS\system32\kr_done1

Adware.WinTouch/XInside
C:\Program Files\InetGet2
C:\Program Files\Router

Trojan.Unclassified/NVCOI
C:\Program Files\Temporary

Trojan.Unclassified/BraviaX
HKU\S-1-5-21-1506682764-4199850098-1352190075-1008\Software\Microsoft\Windows\CurrentVersion\Run#braviax [ C:\WINDOWS\system32\braviax.exe ]

Rogue.XP AntiSpyware 2009
HKU\S-1-5-21-1506682764-4199850098-1352190075-1008\Control Panel\don't load#wscui.cpl [ No ]

Rogue.HomeAntiVirus2010
HKLM\SOFTWARE\HomeAntivirus2010
HKLM\SOFTWARE\HomeAntivirus2010#info
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Home Antivirus 2010 [ "C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe" /hide ]

Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\PROFILE\APPLICATION DATA\THINSTALL\CSDATA\1000000600002I\SVCHOST.EXE

Rogue.Agent/Gen-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP268\A0235433.EXE

Can anyone shed some light as to what i should do next?

Thanks for any help.

ActorSeeksJob · 06-09-2009 6:02pm

hi

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Mikeyt086 · 06-09-2009 11:55pm

ComboFix 09-09-06.03 - profile 07/09/2009 0:36.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.208 [GMT 1:00]
Running from: c:\documents and settings\profile\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\adubytu.bat
c:\documents and settings\All Users\Documents\aqegaxy.reg
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\NetworkService\protect.dll
c:\documents and settings\profile\Application Data\qubef.inf
c:\documents and settings\profile\Local Settings\Application Data\fuciroqe.inf
c:\documents and settings\profile\protect.dll
c:\program files\Dot1XCfg
c:\program files\Insider
c:\recycler\S-1-5-21-4284680536-3793788073-3175452046-500
c:\windows\Installer\17e1ea2.msp
c:\windows\Installer\17e1ea3.msp
c:\windows\Installer\17e1ea4.msp
c:\windows\Installer\17e1ea5.msp
c:\windows\Installer\17e1ea6.msp
c:\windows\Installer\17e1ea7.msp
c:\windows\Installer\17e1ea8.msp
c:\windows\Installer\17e1ea9.msp
c:\windows\Installer\17e1eaa.msp
c:\windows\Installer\2b0a58.msi
c:\windows\Installer\2b0a59.msp
c:\windows\Installer\2b0a5a.msp
c:\windows\Installer\2b0a5b.msp
c:\windows\Installer\2b0a5c.msp
c:\windows\Installer\2b0a5d.msp
c:\windows\Installer\2b0a5e.msp
c:\windows\Installer\2b0a5f.msp
c:\windows\Installer\2b0a60.msp
c:\windows\Installer\2b0a61.msp
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\kbiwkmqsntjlba.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\xomoco.sys
c:\windows\system32\kbiwkmbfohspyy.dat
c:\windows\system32\kbiwkmbpjxuwbo.dat
c:\windows\system32\kbiwkmpxymtbll.dll
c:\windows\system32\kbiwkmrgilxwqg.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP268\A0235414.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

\Service_kbiwkmtoiynmes

\Legacy_kbiwkmtoiynmes

\Legacy_KQUMFXPGM

((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 23:45 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-06 23:45 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-05 13:30 . 2009-09-05 13:30

d

w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-05 13:30 . 2009-09-05 13:30

d

w- c:\program files\SUPERAntiSpyware
2009-09-05 13:30 . 2009-09-05 13:30

d

w- c:\documents and settings\profile\Application Data\SUPERAntiSpyware.com
2009-09-05 13:29 . 2009-09-05 13:29

d

w- c:\program files\Common Files\Wise Installation Wizard
2009-09-05 13:16 . 2009-09-05 13:17

d

w- c:\program files\ERUNT
2009-09-04 23:35 . 2009-09-05 13:14

d

w- c:\program files\Enigma Software Group
2009-09-04 22:56 . 2009-09-04 22:56

d

w- c:\documents and settings\profile\Application Data\EA
2009-09-04 22:54 . 2009-09-04 23:21

d

w- c:\documents and settings\profile\Local Settings\Application Data\Deployment
2009-09-04 22:36 . 2009-09-04 22:36 117968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-04 22:35 . 2009-09-04 22:35

d

w- c:\windows\system32\XPSViewer
2009-09-04 22:35 . 2009-09-04 22:35

d

w- c:\program files\MSBuild
2009-09-04 22:34 . 2009-09-04 22:34

d

w- c:\program files\Reference Assemblies
2009-09-04 22:34 . 2008-07-06 12:06 89088

w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-04 22:34 . 2008-07-06 12:06 575488

w- c:\windows\system32\xpsshhdr.dll
2009-09-04 22:34 . 2008-07-06 12:06 575488

w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-04 22:34 . 2008-07-06 12:06 117760

w- c:\windows\system32\prntvpt.dll
2009-09-04 22:34 . 2008-07-06 10:50 597504

w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-04 22:34 . 2009-09-04 22:34

d

w- C:\073e113828708e0fd05881329a401d2c
2009-09-04 22:34 . 2008-07-06 12:06 1676288

w- c:\windows\system32\xpssvcs.dll
2009-09-04 22:34 . 2008-07-06 12:06 1676288

w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-04 19:20 . 2009-09-04 19:20 0 ----a-w- c:\windows\nsreg.dat
2009-09-04 19:20 . 2009-09-04 19:20

d

w- c:\documents and settings\profile\Local Settings\Application Data\Mozilla
2009-09-04 11:54 . 2009-09-04 11:54

d

w- c:\program files\MSXML 6.0
2009-09-04 11:47 . 2009-09-04 11:47

d

w- c:\documents and settings\profile\Local Settings\Application Data\Unity
2009-09-04 11:47 . 2009-09-04 11:47

d

w- c:\program files\Unity
2009-09-04 11:41 . 2009-09-04 11:41

d

w- C:\286c0896327190861d
2009-08-11 20:00 . 2009-08-11 20:23

d

w- c:\program files\Sony
2009-08-11 19:58 . 2009-08-11 19:58

d

w- c:\program files\Sony Setup
2009-08-09 17:19 . 2009-08-09 17:19

d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 13:54 . 2008-01-06 22:41

d

w- c:\documents and settings\profile\Application Data\LimeWire
2009-09-05 12:29 . 2007-04-24 13:25

d

w- c:\program files\ESET
2009-09-04 22:56 . 2007-12-09 12:48 25248 ----a-w- c:\documents and settings\profile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 22:24 . 2008-03-14 20:09

d

w- c:\documents and settings\profile\Application Data\Winff
2009-08-05 23:15 . 2007-12-25 10:52

d

w- c:\program files\EA Sports
2009-08-05 23:15 . 2008-07-02 18:53

d

w- c:\program files\Antares Audio Technologies
2009-08-05 23:14 . 2008-07-03 14:10

d

w- c:\program files\Acoustica Mixcraft 3
2009-08-05 23:14 . 2008-07-03 14:10

d

w- c:\program files\Acoustica Shared Effects
2009-07-31 23:45 . 2008-12-10 12:45

d---a-w- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-07-31 19:47 . 2009-07-31 19:47

d

w- c:\program files\GetData
2009-07-30 14:58 . 2009-07-30 14:58

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 14:58 . 2009-07-30 14:58

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:09 . 2009-07-25 16:09

d

w- c:\program files\Alwil Software
2009-07-25 16:00 . 2009-07-25 16:00 17532 ----a-w- c:\windows\uzunaxyfub.dat
2009-07-25 16:00 . 2009-07-25 16:00 15515 ----a-w- c:\documents and settings\profile\Local Settings\Application Data\anacynik.dll
2009-07-25 16:00 . 2009-07-25 16:00 13614 ----a-w- c:\program files\Common Files\eruv.com
2009-07-25 16:00 . 2009-07-25 16:00 10449 ----a-w- c:\documents and settings\profile\Local Settings\Application Data\ydag.pif
2009-07-25 16:00 . 2009-07-25 16:00 16230 ----a-w- c:\documents and settings\profile\Application Data\olexogexim.sys
2009-07-25 16:00 . 2009-07-25 16:00 13573 ----a-w- c:\windows\system32\iqisedyhy.scr
2009-07-25 16:00 . 2009-07-25 16:00 13035 ----a-w- c:\documents and settings\All Users\Application Data\zipubi.pif
2009-07-25 08:47 . 2009-07-25 08:47 10903 ----a-w- c:\documents and settings\profile\Local Settings\Application Data\razepuzywi.dll
2009-07-25 08:47 . 2009-07-25 08:47 15232 ----a-w- c:\documents and settings\profile\Local Settings\Application Data\cekuliso.dat
2009-07-25 08:47 . 2009-07-25 08:47 13683 ----a-w- c:\documents and settings\profile\Application Data\ecojy.dll
2009-07-14 19:59 . 2009-07-14 19:59

d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-07-10 23:39 . 2007-12-12 16:17

d

w- c:\documents and settings\profile\Application Data\dvdcss
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-04-16 172032]
"FuncKey"="c:\program files\Hotkey 1.0.4\FuncKey.exe" [2006-07-27 122880]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-05 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\profile\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-22 08:56 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3658:UDP"= 3658:UDP:FIFA Online

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [04/09/2009 14:50 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04/09/2009 14:49 74480]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [07/08/2007 10:02 46112]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [19/01/2007 20:05 659456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [04/09/2009 14:50 7408]
S2 kqumfxpgm;kqumfxpgm;\??\c:\windows\system32\drivers\xomoco.sys --> c:\windows\system32\drivers\xomoco.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll

.

Supplementary Scan

.
uStart Page = www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\profile\Application Data\Mozilla\Firefox\Profiles\dbas4mbr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 00:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.

Other Running Processes

.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-06 0:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 23:55

Pre-Run: 36,035,948,544 bytes free
Post-Run: 35,970,998,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

258 --- E O F --- 2007-12-12 22:49

ActorSeeksJob · 07-09-2009 11:12am

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
kqumfxpgm

File::
c:\windows\system32\drivers\xomoco.sys
c:\windows\uzunaxyfub.dat
c:\documents and settings\profile\Local Settings\Application Data\anacynik.dll
c:\program files\Common Files\eruv.com
c:\documents and settings\profile\Local Settings\Application Data\ydag.pif
c:\documents and settings\profile\Application Data\olexogexim.sys
c:\windows\system32\iqisedyhy.scr
c:\documents and settings\All Users\Application Data\zipubi.pif
c:\documents and settings\profile\Local Settings\Application Data\razepuzywi.dll
c:\documents and settings\profile\Local Settings\Application Data\cekuliso.dat
c:\documents and settings\profile\Application Data\ecojy.dll

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Assistance needed.

Comments