busebayu.dll error

Status
Not open for further replies.
C

cascadelink

Solid State Member
Messages
9
I'm getting these two errors on startup:

Error loading c:\windows\system32\busebayu.dll
The specified module could not be found

and

Windows cannot find 'logon.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click on the Start button, and then click Search.

I've been running AVG 8.5.424

Any ideas on how to fix this?
Thanks,
Tim
 
Go to start, run, type msconfig and click ok. Go to Startup, click disable all, then recheck your antivirus, and reboot. Does the message still appear after rebooting?
 
It fixed the busebayu.dll error--that does appear on startup.

But, the logon.exe error still appears.
 
Ok, here's the log from Combofix, I'll get the Malware log next

ComboFix 09-11-05.01 - Administrator 11/05/2009 15:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1434 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-2025429265-1450960922-839522115-500
c:\temp\Inet\Temporary Internet Files\SKBGM.cfg
c:\temp\Inet\Temporary Internet Files\SKBGM0.che
c:\temp\Inet\Temporary Internet Files\SKBGM1.che
c:\temp\Inet\Temporary Internet Files\SKBGM2.che
c:\temp\Inet\Temporary Internet Files\SKBGM3.che
c:\temp\Inet\Temporary Internet Files\SKBGM4.che
c:\temp\Inet\Temporary Internet Files\SKBGM5.che
c:\temp\Inet\Temporary Internet Files\SKBGM6.che
c:\temp\Inet\Temporary Internet Files\SKBGM7.che
c:\temp\Inet\Temporary Internet Files\SKBGM8.che
c:\temp\Inet\Temporary Internet Files\SKBGM9.che

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-04 02:58 . 2009-11-04 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 02:58 . 2009-11-04 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 00:12 . 2009-11-04 00:18 -------- d-----w- c:\program files\support.com
2009-11-04 00:12 . 2009-11-04 00:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SupportSoft
2009-11-04 00:12 . 2009-11-04 00:12 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-11-03 18:59 . 2009-10-06 23:47 3510552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-10-25 01:57 . 2009-10-25 01:57 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-25 01:57 . 2009-10-26 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-22 12:22 . 2009-10-06 23:47 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-17 12:20 . 2009-10-17 12:20 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-10 01:39 . 2009-10-10 01:39 126970 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\uninstall.exe
2009-10-10 01:38 . 2009-10-10 01:39 1407680 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-10-08 16:06 . 2009-10-06 23:46 1142552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 13:54 . 2009-01-20 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-04 01:31 . 2008-12-11 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-22 23:34 . 2009-01-20 02:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-10-13 12:14 . 2007-05-19 23:32 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Move Networks
2009-10-10 01:39 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-09-25 21:58 . 2009-01-20 19:58 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-21 13:33 . 2009-04-22 16:22 -------- d-----w- c:\program files\Flickr Uploadr
2009-09-11 14:18 . 2006-05-17 11:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-05-17 11:54 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2006-05-17 11:54 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2006-05-17 11:55 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 18:34 . 2008-12-11 13:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 18:34 . 2008-12-11 13:14 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 18:34 . 2008-12-11 13:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 18:46 . 2009-08-17 18:46 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 18:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Flickr Uploadr\\Flickr Uploadr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [05/17/2006 2:56 PM 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [02/21/2006 5:05 PM 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [09/23/2005 9:48 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/11/2008 8:14 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/11/2008 8:14 AM 108552]
R1 cmdGuard;cmdGuard;c:\windows\system32\drivers\cmdguard.sys [12/10/2008 10:42 PM 101776]
R1 cmdHlp;cmdHlp;c:\windows\system32\drivers\cmdhlp.sys [12/10/2008 10:42 PM 31504]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/11/2008 8:14 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/11/2008 8:14 AM 297752]
R2 FlashDrv;FlashDrv;c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [05/17/2006 2:56 PM 7196]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [05/17/2006 2:56 PM 17920]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [05/17/2006 2:39 PM 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [05/17/2006 2:39 PM 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [05/17/2006 2:39 PM 31104]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [05/17/2006 2:39 PM 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [05/17/2006 7:31 AM 14208]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E75386B4-C629-11DB-8338-444553544200} - hxxp://cyimg7.cyworld.com/cymusic/package/cyinstal.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o66nfd0h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.locorunning.com/race-series.php
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{d9918442-cc02-4a59-bef4-fbb9c59ea853} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{5a267ced-62b7-4c04-8f0e-ec76db4c3ffb} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{e87ca22f-b05e-4055-a199-9ddc675f4ddd} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{7df4301b-b9d7-4975-9a27-356b796c32ab} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{64919a54-20dd-4c35-9247-ebb666c1ce4b} - c:\windows\system32\busebayu.dll
SSODL-hapokegik-{d9918442-cc02-4a59-bef4-fbb9c59ea853} - c:\windows\system32\busebayu.dll
SSODL-kazilokur-{5a267ced-62b7-4c04-8f0e-ec76db4c3ffb} - c:\windows\system32\busebayu.dll
SSODL-zamezakif-{e87ca22f-b05e-4055-a199-9ddc675f4ddd} - c:\windows\system32\busebayu.dll
SSODL-wineyusap-{7df4301b-b9d7-4975-9a27-356b796c32ab} - c:\windows\system32\busebayu.dll
SSODL-lezoyulam-{64919a54-20dd-4c35-9247-ebb666c1ce4b} - c:\windows\system32\busebayu.dll
Notify-WgaLogon - (no file)
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-05 15:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\digtizer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\o2flash.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-05 15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 20:16

Pre-Run: 51,120,893,952 bytes free
Post-Run: 50,993,229,824 bytes free

- - End Of File - - 77E069C885B1A6429522B6840BD84568
 
And here's the log from Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Database version: 3107
Windows 5.1.2600 Service Pack 3

11/05/2009 5:18:11 PM
mbam-log-2009-11-05 (17-18-11).txt

Scan type: Quick Scan
Objects scanned: 97148
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Combofix log:


ComboFix 09-11-05.01 - Administrator 11/05/2009 15:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1434 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-2025429265-1450960922-839522115-500
c:\temp\Inet\Temporary Internet Files\SKBGM.cfg
c:\temp\Inet\Temporary Internet Files\SKBGM0.che
c:\temp\Inet\Temporary Internet Files\SKBGM1.che
c:\temp\Inet\Temporary Internet Files\SKBGM2.che
c:\temp\Inet\Temporary Internet Files\SKBGM3.che
c:\temp\Inet\Temporary Internet Files\SKBGM4.che
c:\temp\Inet\Temporary Internet Files\SKBGM5.che
c:\temp\Inet\Temporary Internet Files\SKBGM6.che
c:\temp\Inet\Temporary Internet Files\SKBGM7.che
c:\temp\Inet\Temporary Internet Files\SKBGM8.che
c:\temp\Inet\Temporary Internet Files\SKBGM9.che

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-04 02:58 . 2009-11-04 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 02:58 . 2009-11-04 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 00:12 . 2009-11-04 00:18 -------- d-----w- c:\program files\support.com
2009-11-04 00:12 . 2009-11-04 00:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SupportSoft
2009-11-04 00:12 . 2009-11-04 00:12 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-11-03 18:59 . 2009-10-06 23:47 3510552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-10-25 01:57 . 2009-10-25 01:57 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-25 01:57 . 2009-10-26 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-22 12:22 . 2009-10-06 23:47 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-17 12:20 . 2009-10-17 12:20 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-10 01:39 . 2009-10-10 01:39 126970 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\uninstall.exe
2009-10-10 01:38 . 2009-10-10 01:39 1407680 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-10-08 16:06 . 2009-10-06 23:46 1142552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 13:54 . 2009-01-20 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-04 01:31 . 2008-12-11 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-22 23:34 . 2009-01-20 02:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-10-13 12:14 . 2007-05-19 23:32 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Move Networks
2009-10-10 01:39 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-09-25 21:58 . 2009-01-20 19:58 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-21 13:33 . 2009-04-22 16:22 -------- d-----w- c:\program files\Flickr Uploadr
2009-09-11 14:18 . 2006-05-17 11:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-05-17 11:54 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2006-05-17 11:54 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2006-05-17 11:55 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 18:34 . 2008-12-11 13:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 18:34 . 2008-12-11 13:14 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 18:34 . 2008-12-11 13:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 18:46 . 2009-08-17 18:46 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 18:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Flickr Uploadr\\Flickr Uploadr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [05/17/2006 2:56 PM 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [02/21/2006 5:05 PM 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [09/23/2005 9:48 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/11/2008 8:14 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/11/2008 8:14 AM 108552]
R1 cmdGuard;cmdGuard;c:\windows\system32\drivers\cmdguard.sys [12/10/2008 10:42 PM 101776]
R1 cmdHlp;cmdHlp;c:\windows\system32\drivers\cmdhlp.sys [12/10/2008 10:42 PM 31504]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/11/2008 8:14 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/11/2008 8:14 AM 297752]
R2 FlashDrv;FlashDrv;c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [05/17/2006 2:56 PM 7196]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [05/17/2006 2:56 PM 17920]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [05/17/2006 2:39 PM 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [05/17/2006 2:39 PM 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [05/17/2006 2:39 PM 31104]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [05/17/2006 2:39 PM 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [05/17/2006 7:31 AM 14208]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E75386B4-C629-11DB-8338-444553544200} - hxxp://cyimg7.cyworld.com/cymusic/package/cyinstal.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o66nfd0h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.locorunning.com/race-series.php
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{d9918442-cc02-4a59-bef4-fbb9c59ea853} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{5a267ced-62b7-4c04-8f0e-ec76db4c3ffb} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{e87ca22f-b05e-4055-a199-9ddc675f4ddd} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{7df4301b-b9d7-4975-9a27-356b796c32ab} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{64919a54-20dd-4c35-9247-ebb666c1ce4b} - c:\windows\system32\busebayu.dll
SSODL-hapokegik-{d9918442-cc02-4a59-bef4-fbb9c59ea853} - c:\windows\system32\busebayu.dll
SSODL-kazilokur-{5a267ced-62b7-4c04-8f0e-ec76db4c3ffb} - c:\windows\system32\busebayu.dll
SSODL-zamezakif-{e87ca22f-b05e-4055-a199-9ddc675f4ddd} - c:\windows\system32\busebayu.dll
SSODL-wineyusap-{7df4301b-b9d7-4975-9a27-356b796c32ab} - c:\windows\system32\busebayu.dll
SSODL-lezoyulam-{64919a54-20dd-4c35-9247-ebb666c1ce4b} - c:\windows\system32\busebayu.dll
Notify-WgaLogon - (no file)
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-05 15:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\digtizer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\o2flash.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-05 15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 20:16

Pre-Run: 51,120,893,952 bytes free
Post-Run: 50,993,229,824 bytes free

- - End Of File - - 77E069C885B1A6429522B6840BD84568
 
Status
Not open for further replies.

Similar threads

P
Blue screen error again?
2
Replies
16
Views
2K
phantom555
P
G
Task bar not responding after update
Replies
3
Views
1K
petergroft29
P
Captain Xarzu
How do I ensure I properly get text alerts on my Android phone?
Replies
2
Views
901
Joe C
Joe C
B
Multiple Seagate External Drives Not Working(Windows+Mac)
Replies
2
Views
470
Joe C
Joe C
D
"could not parse error", what should i do?
Replies
1
Views
1K
petergroft29
P
Back
Top Bottom