Internet Security 2010 yeah

my computer logs on but can't use task manager or just about anything else Really need some help plz im begging you.

im going to use hijack this right now.

found this site

took forever to update spyware doctor its scanning right now
thanks for everything this a neat site. will bookmark

do i need anything else like malwarebytes or do anything else do i still have to delete the files with internet secruity on them?

plus all i did was hit ctrl alt del right when you see that sign youve herps have fun with them and as fast as i could stop winlogon86 ithink thats what it is not but yeah finally updated spyware doctor hope this helps.

Give MBAM a try if you can.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

malewarebytes wont install off my cruzer stick to my computer but i got spywaredoctor to update finally found the internet security 2010 plus a bunch of trojans and stuff this is my new hijackthis file after my computer started i still had that warning thing before i see the desktop plus found out how to kill process
with taskmgr just find the taskmgr file and change the name to iexplore i did that by going to c drive windows system32 and finding taskmgr and pressing ctrl+c then ctrl+v and it makes a copy of taskmgr in the bottom of the system32 file and changed the name so now taskmgr works but my system restore isnt working and spywaredoctor i think needs a setup restore before fixing the virus's is that right or no?

  Download combofix from here
Link 1
Link 2
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Internet Security 2010 yeah CF_download_FF

    Internet Security 2010 yeah CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.

  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Internet Security 2010 yeah Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Internet Security 2010 yeah Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

cant get malewarebytes to load it says unable to execute file: c\documents and settins\malewarebytes anti maleware\mbam.exe

create process falied: code 2
the system cannot find the file specified

it just keeps saying problem loading page do you know how to fix that to? if not thats ok he also had internet secruity 2010 but his just went away whats up with that?
it just keeps saying problem loading page do you know how to fix that to? if not thats ok he also had internet secruity 2010 but his just went away whats up with that?

are there any other links that might work this computer wont open the page.
can i fix this computer so it will open your links.

Try this link instead:

yeah it opened i seen it earlier but its in a different language?

which one do i download?

Referal check, that sucks. Ignore my last link, guess we'll need to use something else.

Download OTL by OldTimer to your Desktop.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    O2 - BHO: (no name) - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O4 - HKLM..\Run: [AntiVirus Plus] File not found
    O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\SYSTEM32\winupdate86.exe (TJbFla)
    O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\dirupahu.DLL ()
    O4 - HKCU..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O20 - AppInit_DLLs: (dowikabu.dll) - C:\WINDOWS\System32\dowikabu.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\dirupahu.dll) - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
    O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\SYSTEM32\winlogon86.exe (TJbFla)
    O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\System32\RtlGina2.dll ()
    O21 - SSODL: lemalezat - {3bec323f-7023-47f6-9240-6f2c5e692601} - CLSID or File not found.
    O21 - SSODL: vunodiguz - {f065e614-d020-4316-bd9b-c877b962bd41} - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
    O22 - SharedTaskScheduler: {3bec323f-7023-47f6-9240-6f2c5e692601} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {f065e614-d020-4316-bd9b-c877b962bd41} - kupuhivus - C:\WINDOWS\SYSTEM32\dirupahu.dll ()
    O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
    O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{c1c15677-b4a4-11dd-b363-0011436c0a69}\Shell\AutoRun\command - "" = setupSNK.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    [2010/01/04 22:40:10 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
    [2010/01/04 22:24:08 | 00,024,064 | ---- | C] (TJbFla) -- C:\WINDOWS\System32\winlogon86.exe
    [2010/01/04 22:23:57 | 00,044,544 | ---- | C] (tzuk) -- C:\afburr.exe
    [2010/01/04 22:23:56 | 00,024,064 | ---- | C] (TJbFla) -- C:\khkil.exe
    [2009/12/30 01:22:14 | 00,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt.exe
    [2099/01/01 12:00:00 | 00,114,176 | -HS- | M] () -- C:\WINDOWS\System32\nudegoya.exe
    [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\dirupahu.dll
    [2099/01/01 12:00:00 | 00,061,952 | -HS- | M] () -- C:\WINDOWS\System32\xnetini.kdd
    [2099/01/01 12:00:00 | 00,061,952 | -HS- | M] () -- C:\WINDOWS\System32\kavunize.dll
    [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\wuleluzu.dll
    [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\nadojizu.dll
    [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\kejajumo.dll
    [2099/01/01 12:00:00 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\dowikabu.dll
    [2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\rugozeko.dll
    [2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\kamideva.dll
    [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zeginizo.dll
    [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\surosubo.dll
    [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\dakegopu.dll
    [2099/01/01 12:00:00 | 00,002,048 | -HS- | M] () -- C:\WINDOWS\System32\haniyuga.dll
    [2010/01/08 13:26:16 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
    [2010/01/08 13:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\bwcpkovy.job
    [2010/01/08 10:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
    [2010/01/08 10:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
    [2010/01/08 10:11:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
    [2010/01/07 16:02:08 | 00,001,834 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Start Menu\Programs\Startup\AntiVirus Plus.lnk
    [2010/01/07 16:02:08 | 00,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
    [2010/01/05 16:35:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14265.exe
    [2010/01/05 14:15:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10563.exe
    [2010/01/05 13:55:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7480.exe
    [2010/01/05 13:32:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\640.exe
    [2010/01/05 13:12:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1086.exe
    [2010/01/05 05:30:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12883.exe
    [2010/01/05 05:10:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5155.exe
    [2010/01/05 04:50:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22439.exe
    [2010/01/04 23:34:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15084.exe
    [2010/01/04 22:54:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/04 22:30:43 | 00,000,419 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
    [2010/01/04 22:30:43 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
    [2010/01/04 22:24:29 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
    [2010/01/04 22:24:23 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\nt9slkt.dll
    [2010/01/04 22:24:10 | 00,000,001 | ---- | M] () -- C:\s
    [2010/01/04 22:23:58 | 00,044,544 | ---- | M] (tzuk) -- C:\afburr.exe
    [2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\WINDOWS\System32\winupdate86.exe
    [2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\WINDOWS\System32\winlogon86.exe
    [2010/01/04 22:23:58 | 00,024,064 | ---- | M] (TJbFla) -- C:\khkil.exe
    [2010/01/04 22:23:55 | 00,052,736 | ---- | M] () -- C:\eujbmv.exe
    [2010/01/04 22:23:54 | 00,027,136 | ---- | M] () -- C:\jdmhvwpg.exe
    [2010/01/04 22:23:53 | 00,022,016 | ---- | M] () -- C:\vwylecru.exe
    [2009/12/12 19:45:10 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html

  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

should i have spywaredoctor on it is should i close it it found 147 ifections this morning.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Let it remove what it found, then try running Combofix now we've dented it.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

my internet will work on that one?

im on my uncles computer.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Are you asking if the internet will work on the infected machine? if so, logs don't show any proxy so there's no reason why it shouldn't, but anything is possible when it comes to malware infections.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

on this computer download combofix.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah


descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

now what

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Has Combofix completed it's run? if so, post the log.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

no didnt know if that was what you wanted doing it right now

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah


descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

ran combofix and it said open with witch program and i clicked notepad but its a bunch of text not like the others what do i do and should i have spyware doctor running

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Close Spyware Doctor, Combofix opens with the "open with" window?

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try run Combofix now.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

my computer slowing down and loading your last message with exe. app.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

got the exehelper from this computer be back with the log.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

exehelper made a log saved it but i ran combofix and was going to reboot but it said these real time scanners close before you hit ok or something of that nature
spywaredoctor 7
what now?

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

You need to disable AVG and spyware doctor. Read my instructions in my post on page 1, it has info on disabling your AV.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

sorry heres the log for exe just keep running up and down the stairs good workout though.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

exeHelper by Raktor
Build 20091220
Run at 16:07:00 on 01/08/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

exeHelper just resets the file association for exe files, to fix the "run with..." box so you can run Combofix.
Standing by for the log file.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

if to do it up stairs to get your disable av link might be a min.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

both computers wont goto that link can you copy and paste or just tell me how to do it.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Both computers wont go to the bleepingcomputer link?

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

now it will load your site but it has the green 3 bars for wifi but i go's away when i try that site

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Re-run OTL and post OTL.txt only.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

ok be back.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

OTL logfile created on: 1/8/2010 4:48:03 PM - Run 2
OTL by OldTimer - Version Folder = C:\Documents and Settings\Steve Collins\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.86 Gb Total Space | 39.31 Gb Free Space | 74.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON1150
Current User Name: Steve Collins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/08 16:08:05 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\32788R22FWJFW\cmd.cfxxe
PRC - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 06:00:00 | 00,093,184 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\yavayusa.dll
MOD - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
MOD - [2009/12/13 00:47:25 | 00,081,920 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/12 23:49:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 21:16:36 | 00,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009/01/18 08:13:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/03 07:11:35 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/12/20 20:54:34 | 00,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/30 15:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2004/02/20 17:14:04 | 00,045,056 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (WLTRYSVC)
SRV - [2004/01/06 11:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - [2009/11/20 14:56:02 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/01/18 08:14:02 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean)
DRV - [2009/01/18 08:13:44 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 07:12:22 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/04/03 07:12:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/04/03 07:11:40 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys -- (AvgTdi)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/16 13:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/04/01 11:43:02 | 00,066,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - [2005/03/31 07:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/18 01:28:33 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2005/02/18 01:16:15 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 01:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/11/15 16:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/09/23 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys -- (usbser)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/05/13 20:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/03/19 11:54:24 | 00,038,912 | R--- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys -- (P2k)
DRV - [2004/02/20 17:13:50 | 00,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/02 11:44:22 | 00,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel(R)

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

posted from infected computer.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    MOD - [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\yavayusa.dll
    O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
    O4 - HKLM..\Run: [kimatobobo] File not found
    O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL ()
    O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
    O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
    [2009/12/11 03:01:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit
    [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\yavayusa.dll
    [2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\raripizu.dll
    [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\norefose.dll
    [2010/01/08 16:53:51 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
    [2010/01/08 16:03:54 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ugvmnwsy.job
    [2010/01/08 14:58:08 | 00,000,419 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
    [2010/01/08 14:58:08 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini

  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

Delete this folder:

Try re-running Combofix.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah


descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

To delete the folder? right click on it, select "delete"

Now double click on Combofix and try running it.

descriptionInternet Security 2010 yeah EmptyRe: Internet Security 2010 yeah

