Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Police Pro/ Everything imaginable Malware etc. [Solved]

Started by BlkTebow , Sep 11 2009 05:23 PM

  • This topic is locked This topic is locked

#31
BlkTebow
Posted 15 September 2009 - 04:08 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
:) NIce Kah Run very smoothly!! Message is attached!

Attached Files

  • Attached File  OTS.Txt   202.88KB   80 downloads

  • 0

Advertisements

#32
kahdah
Posted 15 September 2009 - 05:04 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok it will be a 2 step process to nuke all of the files on your system first with Avenger then second with OTS.
If one should fail then go ahead to the next steps.
========================
First do the following:
1.Double click on the Avenger to start it.
2.Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
AFinding
AFindingAlerter
AntipPro2009_100
Beep
CaCCProvSP
Files to delete:
c:\blyuwrjl.exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
c:\documents and settings\andy gossett\local settings\temp\299.exe
c:\documents and settings\andy gossett\local settings\temp\527.exe
c:\documents and settings\andy gossett\local settings\temp\757.exe
c:\documents and settings\andy gossett\local settings\temp\837.exe
c:\documents and settings\andy gossett\local settings\temp\c.exe
c:\emxtqjit.exe
c:\fyblb.exe
c:\osps.exe
c:\recycler\s-1-5-21-7844617112-8411431039-041237076-4898\msimfo32.exe
c:\svfp.exe
c:\windows\braviax.exe
c:\windows\cookies.ini
c:\windows\cru629.dat
c:\windows\dxxdv34567.bat
c:\windows\ld14.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\svchasts.exe
c:\windows\system32\~.exe
c:\windows\system32\41.exe
c:\windows\system32\avr09.exe
c:\windows\system32\bennuar.old
c:\windows\system32\binatoko.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\bisomasu.dll
c:\windows\system32\bovenage.dll
c:\windows\system32\braviax.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\cru629.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\desote.exe
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\donojawi.dll
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drmgs.sys
c:\windows\system32\dxpwcgcp.ini.vir
c:\windows\system32\fedoniko.dll
c:\windows\system32\fiopalcf.ini
c:\windows\system32\fopijunu.dll
c:\windows\system32\gasesila.dll
c:\windows\system32\gltshsqw.ini
c:\windows\system32\godobovo.dll
c:\windows\system32\gotahati.dll
c:\windows\system32\hahohetu.exe
c:\windows\system32\hajiruno.dll
c:\windows\system32\heruhozu.exe
c:\windows\system32\hjjlm.ini.ren
c:\windows\system32\hjjlm.ini.vir
c:\windows\system32\hjjlm.ini2.ren
c:\windows\system32\hjjlm.ini2.vir
c:\windows\system32\kijudawi.dll
c:\windows\system32\laroriwa.exe
c:\windows\system32\lesugeti.dll
c:\windows\system32\lomugiti.dll
c:\windows\system32\lonayemu.dll
c:\windows\system32\luvigaki.dll
c:\windows\system32\mofewobi.dll
c:\windows\system32\nirotona.dll
c:\windows\system32\niyihifi.exe
c:\windows\system32\ojeqgihv.ini
c:\windows\system32\onhelp.htm
c:\windows\system32\peroruvo.dll
c:\windows\system32\pisiluvu.dll
c:\windows\system32\puwaduvu.dll
c:\windows\system32\pxmqkdhu.ini.ren
c:\windows\system32\reveraza.dll
c:\windows\system32\satulosu.dll
c:\windows\system32\sejutedi.dll
c:\windows\system32\sonhelp.htm
c:\windows\system32\susopaya.exe
c:\windows\system32\sysnet.dat
c:\windows\system32\tibipaku.dll
c:\windows\system32\tilepilo.dll
c:\windows\system32\tipiyipo.dll
c:\windows\system32\umbrcwjc.ini
c:\windows\system32\uuoojdoi.ini
c:\windows\system32\voladeti.dll
c:\windows\system32\wingenocx.dll
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\wulubuvo.dll
c:\windows\system32\yoviyare
c:\windows\system32\yubihimo.dll
c:\windows\system32\zanamalo.exe
c:\windows\system32\zikedama.dll
c:\windows\temp\01066968.cmd
c:\xvhu.exe
Folders to delete:
c:\documents and settings\all users\application data\10613284
c:\program files\windows police pro
c:\windows\system32\images

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Paste in the code below.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
=============== Immediately Afterwards=====================

Start OTS. Copy/Paste the information in the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> desote.exe -> C:\WINDOWS\System32\desote.exe
[Win32 Services - Safe List]
YY -> (AFinding) AFinding Service [Win32_Own | Auto | Stopped] -> 
YY -> (AFindingAlerter) AFinding Service AFindingAlerter [Win32_Own | Auto | Stopped] -> 
YY -> (AntipPro2009_100) AntipyProex [Win32_Own | Auto | Stopped] -> C:\WINDOWS\svchasts.exe
YY -> (CaCCProvSP) CaCCProvSP [Win32_Own | On_Demand | Stopped] -> 
[Driver Services - Safe List]
YY -> (Beep) Beep [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\beep.sys
[Registry - Safe List]
< HOSTS File > (11 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts
YN -> Reset Hosts -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{0BF43445-2F28-4351-9252-17FE6E806AA0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "bigopuhawe" -> C:\WINDOWS\System32\lonayemu.dll [Rundll32.exe "lonayemu.dll",s]
YN -> "braviax" -> [braviax.exesystem32\lo]
YY -> "vapefujal" -> C:\WINDOWS\System32\gotahati.DLL [Rundll32.exe "c:\windows\system32\gotahati.dll",a]
YY -> "winupdate.exe" -> C:\WINDOWS\System32\winupdate.exe [C:\WINDOWS\system32\winupdate.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Performance Center" -> C:\Program Files\Ascentive\Performance Center\APCMain.exe [C:\Program Files\Ascentive\Performance Center\APCMain.exe -m]
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\cru629.dat -> C:\WINDOWS\System32\cru629.dat
YY -> c:\windows\system32\gotahati.dll -> C:\WINDOWS\System32\gotahati.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*TaskMan* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan
YN -> *TaskMan* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan
YY -> C:\RECYCLER\S-1-5-21-7844617112-8411431039-041237076-4898\msimfo32.exe -> C:\RECYCLER\S-1-5-21-7844617112-8411431039-041237076-4898\msimfo32.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{62c4d17c-49d7-4a72-806e-ebc718406456}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [juzozosef]
YY -> "{e6905a78-d180-4f29-8b53-b854939653d4}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [siwevusiw]
YY -> "{7d9ea0c5-31ec-4458-90cd-b87443bfcbdf}" [HKLM] -> C:\WINDOWS\System32\gotahati.dll [tepugitiy]
NY -> "{cc92643e-007c-4e81-bef5-d35dd5997420}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [vutodeheg]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{62c4d17c-49d7-4a72-806e-ebc718406456}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [kupuhivus]
YY -> "{7d9ea0c5-31ec-4458-90cd-b87443bfcbdf}" [HKLM] -> C:\WINDOWS\System32\gotahati.dll [mujuzedij]
YY -> "{cc92643e-007c-4e81-bef5-d35dd5997420}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [kupuhivus]
YY -> "{e6905a78-d180-4f29-8b53-b854939653d4}" [HKLM] -> C:\WINDOWS\System32\zikedama.dll [gahurihor]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\system32\cujabwmc.exe" -> [C:\WINDOWS\system32\cujaating System]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{175c2aed-0245-11dc-9afd-00038a000015}\Shell -> 
YN -> \{175c2aed-0245-11dc-9afd-00038a000015}\Shell\\"" -> [AutoRun]
[Files/Folders - Created Within 30 Days]
NY -> braviax.exe -> C:\WINDOWS\System32\braviax.exe
NY -> braviax.exe -> C:\WINDOWS\braviax.exe
NY -> bincd32.dat -> C:\WINDOWS\System32\bincd32.dat
NY -> bennuar.old -> C:\WINDOWS\System32\bennuar.old
NY -> desote.exe -> C:\WINDOWS\System32\desote.exe
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> AVR09.exe -> C:\WINDOWS\System32\AVR09.exe
NY -> winhelper.dll -> C:\WINDOWS\System32\winhelper.dll
NY -> 10613284 -> C:\Documents and Settings\All Users\Application Data\10613284
NY -> winupdate.exe -> C:\WINDOWS\System32\winupdate.exe
NY -> susopaya.exe -> C:\WINDOWS\System32\susopaya.exe
NY -> images -> C:\WINDOWS\System32\images
NY -> onhelp.htm -> C:\WINDOWS\System32\onhelp.htm
NY -> svchasts.exe -> C:\WINDOWS\svchasts.exe
NY -> ppp4.dat -> C:\WINDOWS\ppp4.dat
NY -> sysnet.dat -> C:\WINDOWS\System32\sysnet.dat
NY -> ppp3.dat -> C:\WINDOWS\ppp3.dat
NY -> dddesot.dll -> C:\WINDOWS\System32\dddesot.dll
NY -> sonhelp.htm -> C:\WINDOWS\System32\sonhelp.htm
NY -> Windows Police Pro -> C:\Program Files\Windows Police Pro
NY -> dxxdv34567.bat -> C:\WINDOWS\dxxdv34567.bat
NY -> ld14.exe -> C:\WINDOWS\ld14.exe
NY -> wingenocx.dll -> C:\WINDOWS\System32\wingenocx.dll
NY -> cru629.dat -> C:\WINDOWS\System32\cru629.dat
NY -> cru629.dat -> C:\WINDOWS\cru629.dat
NY -> svfp.exe -> C:\svfp.exe
NY -> emxtqjit.exe -> C:\emxtqjit.exe
NY -> fyblb.exe -> C:\fyblb.exe
NY -> blyuwrjl.exe -> C:\blyuwrjl.exe
NY -> osps.exe -> C:\osps.exe
NY -> wisdstr.exe -> C:\WINDOWS\System32\wisdstr.exe
NY -> xvhu.exe -> C:\xvhu.exe
NY -> ~.exe -> C:\WINDOWS\System32\~.exe
NY -> gotahati.dll -> C:\WINDOWS\System32\gotahati.dll
NY -> reveraza.dll -> C:\WINDOWS\System32\reveraza.dll
NY -> zikedama.dll -> C:\WINDOWS\System32\zikedama.dll
NY -> tibipaku.dll -> C:\WINDOWS\System32\tibipaku.dll
NY -> str.sys -> C:\WINDOWS\System32\drivers\str.sys
NY -> voladeti.dll -> C:\WINDOWS\System32\voladeti.dll
NY -> donojawi.dll -> C:\WINDOWS\System32\donojawi.dll
NY -> lonayemu.dll -> C:\WINDOWS\System32\lonayemu.dll
NY -> lesugeti.dll -> C:\WINDOWS\System32\lesugeti.dll
NY -> hajiruno.dll -> C:\WINDOWS\System32\hajiruno.dll
NY -> bovenage.dll -> C:\WINDOWS\System32\bovenage.dll
NY -> sejutedi.dll -> C:\WINDOWS\System32\sejutedi.dll
NY -> peroruvo.dll -> C:\WINDOWS\System32\peroruvo.dll
NY -> wulubuvo.dll -> C:\WINDOWS\System32\wulubuvo.dll
NY -> fopijunu.dll -> C:\WINDOWS\System32\fopijunu.dll
NY -> tilepilo.dll -> C:\WINDOWS\System32\tilepilo.dll
NY -> mofewobi.dll -> C:\WINDOWS\System32\mofewobi.dll
NY -> pisiluvu.dll -> C:\WINDOWS\System32\pisiluvu.dll
NY -> kijudawi.dll -> C:\WINDOWS\System32\kijudawi.dll
NY -> luvigaki.dll -> C:\WINDOWS\System32\luvigaki.dll
NY -> lomugiti.dll -> C:\WINDOWS\System32\lomugiti.dll
NY -> nirotona.dll -> C:\WINDOWS\System32\nirotona.dll
NY -> satulosu.dll -> C:\WINDOWS\System32\satulosu.dll
NY -> godobovo.dll -> C:\WINDOWS\System32\godobovo.dll
NY -> yubihimo.dll -> C:\WINDOWS\System32\yubihimo.dll
NY -> gasesila.dll -> C:\WINDOWS\System32\gasesila.dll
NY -> bisomasu.dll -> C:\WINDOWS\System32\bisomasu.dll
NY -> puwaduvu.dll -> C:\WINDOWS\System32\puwaduvu.dll
NY -> fedoniko.dll -> C:\WINDOWS\System32\fedoniko.dll
NY -> tipiyipo.dll -> C:\WINDOWS\System32\tipiyipo.dll
NY -> dxpwcgcp.ini.vir -> C:\WINDOWS\System32\dxpwcgcp.ini.vir
NY -> hjjlm.ini2.vir -> C:\WINDOWS\System32\hjjlm.ini2.vir
NY -> hjjlm.ini.vir -> C:\WINDOWS\System32\hjjlm.ini.vir
NY -> pxmqkdhu.ini.ren -> C:\WINDOWS\System32\pxmqkdhu.ini.ren
NY -> uuoojdoi.ini -> C:\WINDOWS\System32\uuoojdoi.ini
NY -> fiopalcf.ini -> C:\WINDOWS\System32\fiopalcf.ini
NY -> umbrcwjc.ini -> C:\WINDOWS\System32\umbrcwjc.ini
NY -> ojeqgihv.ini -> C:\WINDOWS\System32\ojeqgihv.ini
NY -> cookies.ini -> C:\WINDOWS\cookies.ini
NY -> gltshsqw.ini -> C:\WINDOWS\System32\gltshsqw.ini
NY -> hjjlm.ini2.ren -> C:\WINDOWS\System32\hjjlm.ini2.ren
NY -> hjjlm.ini.ren -> C:\WINDOWS\System32\hjjlm.ini.ren
NY -> beep.sys -> C:\WINDOWS\System32\drivers\beep.sys
NY -> drmgs.sys -> C:\WINDOWS\System32\drmgs.sys
NY -> comsa32.sys -> C:\WINDOWS\System32\comsa32.sys
[Files/Folders - Modified Within 30 Days]
NY -> yoviyare -> C:\WINDOWS\System32\yoviyare
NY -> gotahati.dll -> C:\WINDOWS\System32\gotahati.dll
NY -> reveraza.dll -> C:\WINDOWS\System32\reveraza.dll
NY -> braviax.exe -> C:\WINDOWS\System32\braviax.exe
NY -> braviax.exe -> C:\WINDOWS\braviax.exe
NY -> cru629.dat -> C:\WINDOWS\System32\cru629.dat
NY -> cru629.dat -> C:\WINDOWS\cru629.dat
NY -> zikedama.dll -> C:\WINDOWS\System32\zikedama.dll
NY -> tibipaku.dll -> C:\WINDOWS\System32\tibipaku.dll
NY -> bincd32.dat -> C:\WINDOWS\System32\bincd32.dat
NY -> ppp4.dat -> C:\WINDOWS\ppp4.dat
NY -> ppp3.dat -> C:\WINDOWS\ppp3.dat
NY -> desote.exe -> C:\WINDOWS\System32\desote.exe
NY -> onhelp.htm -> C:\WINDOWS\System32\onhelp.htm
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> dddesot.dll -> C:\WINDOWS\System32\dddesot.dll
NY -> bennuar.old -> C:\WINDOWS\System32\bennuar.old
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> AVR09.exe -> C:\WINDOWS\System32\AVR09.exe
NY -> 01066968.cmd -> C:\WINDOWS\Temp\01066968.cmd
NY -> winhelper.dll -> C:\WINDOWS\System32\winhelper.dll
NY -> niyihifi.exe -> C:\WINDOWS\System32\niyihifi.exe
NY -> voladeti.dll -> C:\WINDOWS\System32\voladeti.dll
NY -> donojawi.dll -> C:\WINDOWS\System32\donojawi.dll
NY -> winupdate.exe -> C:\WINDOWS\System32\winupdate.exe
NY -> heruhozu.exe -> C:\WINDOWS\System32\heruhozu.exe
NY -> c.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\c.exe
NY -> susopaya.exe -> C:\WINDOWS\System32\susopaya.exe
NY -> 757.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\757.exe
NY -> 527.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\527.exe
NY -> bovenage.dll -> C:\WINDOWS\System32\bovenage.dll
NY -> sejutedi.dll -> C:\WINDOWS\System32\sejutedi.dll
NY -> 299.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\299.exe
NY -> svchasts.exe -> C:\WINDOWS\svchasts.exe
NY -> sysnet.dat -> C:\WINDOWS\System32\sysnet.dat
NY -> sonhelp.htm -> C:\WINDOWS\System32\sonhelp.htm
NY -> 837.exe -> C:\Documents and Settings\Andy Gossett\Local Settings\Temp\837.exe
NY -> dxxdv34567.bat -> C:\WINDOWS\dxxdv34567.bat
NY -> wulubuvo.dll -> C:\WINDOWS\System32\wulubuvo.dll
NY -> binatoko.exe -> C:\WINDOWS\System32\binatoko.exe
NY -> ld14.exe -> C:\WINDOWS\ld14.exe
NY -> peroruvo.dll -> C:\WINDOWS\System32\peroruvo.dll
NY -> laroriwa.exe -> C:\WINDOWS\System32\laroriwa.exe
NY -> hahohetu.exe -> C:\WINDOWS\System32\hahohetu.exe
NY -> fopijunu.dll -> C:\WINDOWS\System32\fopijunu.dll
NY -> mofewobi.dll -> C:\WINDOWS\System32\mofewobi.dll
NY -> pisiluvu.dll -> C:\WINDOWS\System32\pisiluvu.dll
NY -> kijudawi.dll -> C:\WINDOWS\System32\kijudawi.dll
NY -> zanamalo.exe -> C:\WINDOWS\System32\zanamalo.exe
NY -> wingenocx.dll -> C:\WINDOWS\System32\wingenocx.dll
NY -> luvigaki.dll -> C:\WINDOWS\System32\luvigaki.dll
NY -> lomugiti.dll -> C:\WINDOWS\System32\lomugiti.dll
NY -> satulosu.dll -> C:\WINDOWS\System32\satulosu.dll
NY -> godobovo.dll -> C:\WINDOWS\System32\godobovo.dll
NY -> puwaduvu.dll -> C:\WINDOWS\System32\puwaduvu.dll
NY -> bisomasu.dll -> C:\WINDOWS\System32\bisomasu.dll
NY -> gasesila.dll -> C:\WINDOWS\System32\gasesila.dll
NY -> tipiyipo.dll -> C:\WINDOWS\System32\tipiyipo.dll
NY -> fedoniko.dll -> C:\WINDOWS\System32\fedoniko.dll
NY -> svfp.exe -> C:\svfp.exe
NY -> wisdstr.exe -> C:\WINDOWS\System32\wisdstr.exe
NY -> emxtqjit.exe -> C:\emxtqjit.exe
NY -> fyblb.exe -> C:\fyblb.exe
NY -> blyuwrjl.exe -> C:\blyuwrjl.exe
NY -> xvhu.exe -> C:\xvhu.exe
NY -> osps.exe -> C:\osps.exe
NY -> beep.sys -> C:\WINDOWS\System32\drivers\beep.sys
NY -> beep.sys -> C:\WINDOWS\System32\dllcache\beep.sys
NY -> ~.exe -> C:\WINDOWS\System32\~.exe
[File - Lop Check]
NY -> 10613284 -> C:\Documents and Settings\All Users\Application Data\10613284
[Custom Items]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:end
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.
  • 0

#33
BlkTebow
Posted 15 September 2009 - 05:55 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Hey Kah! Avenger.txt as follows:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "a9zx948f" found!
Could not open driver a9zx948f for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Hidden driver "aqwxpfzc" found!
Could not open driver aqwxpfzc for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Rootkit scan completed.

Driver "AFinding" deleted successfully.
Driver "AFindingAlerter" deleted successfully.
Driver "AntipPro2009_100" deleted successfully.
Driver "Beep" deleted successfully.
Driver "CaCCProvSP" deleted successfully.
File "c:\blyuwrjl.exe" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat" deleted successfully.
File "c:\documents and settings\andy gossett\local settings\temp\299.exe" deleted successfully.
File "c:\documents and settings\andy gossett\local settings\temp\527.exe" deleted successfully.
File "c:\documents and settings\andy gossett\local settings\temp\757.exe" deleted successfully.
File "c:\documents and settings\andy gossett\local settings\temp\837.exe" deleted successfully.
File "c:\documents and settings\andy gossett\local settings\temp\c.exe" deleted successfully.
File "c:\emxtqjit.exe" deleted successfully.
File "c:\fyblb.exe" deleted successfully.
File "c:\osps.exe" deleted successfully.

Error: file "c:\recycler\s-1-5-21-7844617112-8411431039-041237076-4898\msimfo32.exe" not found!
Deletion of file "c:\recycler\s-1-5-21-7844617112-8411431039-041237076-4898\msimfo32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\svfp.exe" deleted successfully.
File "c:\windows\braviax.exe" deleted successfully.
File "c:\windows\cookies.ini" deleted successfully.
File "c:\windows\cru629.dat" deleted successfully.
File "c:\windows\dxxdv34567.bat" deleted successfully.
File "c:\windows\ld14.exe" deleted successfully.
File "c:\windows\ppp3.dat" deleted successfully.
File "c:\windows\ppp4.dat" deleted successfully.
File "c:\windows\svchasts.exe" deleted successfully.
File "c:\windows\system32\~.exe" deleted successfully.
File "c:\windows\system32\41.exe" deleted successfully.
File "c:\windows\system32\avr09.exe" deleted successfully.
File "c:\windows\system32\bennuar.old" deleted successfully.
File "c:\windows\system32\binatoko.exe" deleted successfully.
File "c:\windows\system32\bincd32.dat" deleted successfully.
File "c:\windows\system32\bisomasu.dll" deleted successfully.
File "c:\windows\system32\bovenage.dll" deleted successfully.
File "c:\windows\system32\braviax.exe" deleted successfully.
File "c:\windows\system32\comsa32.sys" deleted successfully.
File "c:\windows\system32\cru629.dat" deleted successfully.
File "c:\windows\system32\dddesot.dll" deleted successfully.
File "c:\windows\system32\desote.exe" deleted successfully.
File "c:\windows\system32\dllcache\beep.sys" deleted successfully.
File "c:\windows\system32\donojawi.dll" deleted successfully.
File "c:\windows\system32\drivers\beep.sys" deleted successfully.
File "c:\windows\system32\drivers\str.sys" deleted successfully.
File "c:\windows\system32\drmgs.sys" deleted successfully.
File "c:\windows\system32\dxpwcgcp.ini.vir" deleted successfully.
File "c:\windows\system32\fedoniko.dll" deleted successfully.
File "c:\windows\system32\fiopalcf.ini" deleted successfully.
File "c:\windows\system32\fopijunu.dll" deleted successfully.
File "c:\windows\system32\gasesila.dll" deleted successfully.
File "c:\windows\system32\gltshsqw.ini" deleted successfully.
File "c:\windows\system32\godobovo.dll" deleted successfully.
File "c:\windows\system32\gotahati.dll" deleted successfully.
File "c:\windows\system32\hahohetu.exe" deleted successfully.
File "c:\windows\system32\hajiruno.dll" deleted successfully.
File "c:\windows\system32\heruhozu.exe" deleted successfully.
File "c:\windows\system32\hjjlm.ini.ren" deleted successfully.
File "c:\windows\system32\hjjlm.ini.vir" deleted successfully.
File "c:\windows\system32\hjjlm.ini2.ren" deleted successfully.
File "c:\windows\system32\hjjlm.ini2.vir" deleted successfully.
File "c:\windows\system32\kijudawi.dll" deleted successfully.
File "c:\windows\system32\laroriwa.exe" deleted successfully.
File "c:\windows\system32\lesugeti.dll" deleted successfully.
File "c:\windows\system32\lomugiti.dll" deleted successfully.
File "c:\windows\system32\lonayemu.dll" deleted successfully.
File "c:\windows\system32\luvigaki.dll" deleted successfully.
File "c:\windows\system32\mofewobi.dll" deleted successfully.
File "c:\windows\system32\nirotona.dll" deleted successfully.
File "c:\windows\system32\niyihifi.exe" deleted successfully.
File "c:\windows\system32\ojeqgihv.ini" deleted successfully.
File "c:\windows\system32\onhelp.htm" deleted successfully.
File "c:\windows\system32\peroruvo.dll" deleted successfully.
File "c:\windows\system32\pisiluvu.dll" deleted successfully.
File "c:\windows\system32\puwaduvu.dll" deleted successfully.
File "c:\windows\system32\pxmqkdhu.ini.ren" deleted successfully.
File "c:\windows\system32\reveraza.dll" deleted successfully.
File "c:\windows\system32\satulosu.dll" deleted successfully.
File "c:\windows\system32\sejutedi.dll" deleted successfully.
File "c:\windows\system32\sonhelp.htm" deleted successfully.
File "c:\windows\system32\susopaya.exe" deleted successfully.
File "c:\windows\system32\sysnet.dat" deleted successfully.
File "c:\windows\system32\tibipaku.dll" deleted successfully.
File "c:\windows\system32\tilepilo.dll" deleted successfully.
File "c:\windows\system32\tipiyipo.dll" deleted successfully.
File "c:\windows\system32\umbrcwjc.ini" deleted successfully.
File "c:\windows\system32\uuoojdoi.ini" deleted successfully.
File "c:\windows\system32\voladeti.dll" deleted successfully.
File "c:\windows\system32\wingenocx.dll" deleted successfully.
File "c:\windows\system32\winhelper.dll" deleted successfully.
File "c:\windows\system32\winupdate.exe" deleted successfully.
File "c:\windows\system32\wisdstr.exe" deleted successfully.
File "c:\windows\system32\wulubuvo.dll" deleted successfully.
File "c:\windows\system32\yoviyare" deleted successfully.
File "c:\windows\system32\yubihimo.dll" deleted successfully.
File "c:\windows\system32\zanamalo.exe" deleted successfully.
File "c:\windows\system32\zikedama.dll" deleted successfully.
File "c:\windows\temp\01066968.cmd" deleted successfully.
File "c:\xvhu.exe" deleted successfully.
Folder "c:\documents and settings\all users\application data\10613284" deleted successfully.
Folder "c:\program files\windows police pro" deleted successfully.
Folder "c:\windows\system32\images" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#34
BlkTebow
Posted 15 September 2009 - 06:03 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Hey Kah WOW my comp is NOW FINALLY RUNNING ON NORMAL MODE pretty dang GOOD!!! Ok the attachments are as follows:

1 - Avenger.txt
2 - OTS txt. BEFORE ran fix
3 - OTS txt Results AFTER the reboot

Attached Files


  • 0

#35
kahdah
Posted 15 September 2009 - 06:07 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
We a re not quite done yet your system is still pretty infected.
Let's give combofix a shot at it please.
=========================================
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#36
BlkTebow
Posted 15 September 2009 - 07:03 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Hey Kah ok I had to install system recovery and all of that done all of that ok so which OS should I load under just Reg. Win XP Home Ed. or Win Recovery Console??? thx I'm just leaving it be until I get an answer b/c I don't want to FONK anything up!! :)
  • 0

#37
kahdah
Posted 15 September 2009 - 07:07 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Just boot into windows xp
  • 0

#38
BlkTebow
Posted 15 September 2009 - 07:11 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Nice ok next reply you'll get will be the combofix.txt in 5 min. or so!
  • 0

#39
BlkTebow
Posted 15 September 2009 - 07:43 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Well it's been running for a while now and it says completed stage 50 and it's just a blinking underscore now is it still running b/c it's been on this for the past 10 minutes....
  • 0

#40
BlkTebow
Posted 15 September 2009 - 08:17 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Nevermind it started back up
  • 0

Advertisements

#41
BlkTebow
Posted 15 September 2009 - 08:47 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
COmboFIx.TXT:

ComboFix 09-09-13.04 - Andy Gossett 09/15/2009 20:16.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.138 [GMT -5:00]
Running from: c:\documents and settings\Andy Gossett\Desktop\kahdah.bat.exe
AV: avast! antivirus 4.8.1351 [VPS 090817-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\documents and settings\Andy Gossett\Application Data\inst.exe
c:\documents and settings\Andy Gossett\err.log
c:\documents and settings\Andy Gossett\ResErrors.log
c:\program files\Internet Explorer\2.exe
c:\recycler\S-1-5-21-7844617112-8411431039-041237076-4898
c:\windows\010112010146118114.dat
c:\windows\0101120101465452.dat
c:\windows\0101120101465749.dat
c:\windows\bf23567.dat
c:\windows\Install.txt
c:\windows\Installer\1e2a55f.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\jmmark2.dat
c:\windows\system32\drivers\UAChxyqjwqvst.sys
c:\windows\system32\Install.txt
c:\windows\system32\tmp0_101933315326.bk
c:\windows\system32\tmp0_105533264040.bk
c:\windows\system32\tmp0_110937459620.bk
c:\windows\system32\tmp0_11544525383.bk
c:\windows\system32\tmp0_117515787063.bk
c:\windows\system32\tmp0_117842139711.bk
c:\windows\system32\tmp0_1201601120.bk
c:\windows\system32\tmp0_12347549415.bk
c:\windows\system32\tmp0_12642225959.bk
c:\windows\system32\tmp0_127342152879.bk
c:\windows\system32\tmp0_13258716964.bk
c:\windows\system32\tmp0_14150433581.bk
c:\windows\system32\tmp0_151072261410.bk
c:\windows\system32\tmp0_151115155766.bk
c:\windows\system32\tmp0_15305593845.bk
c:\windows\system32\tmp0_155587794767.bk
c:\windows\system32\tmp0_163384530095.bk
c:\windows\system32\tmp0_167187302326.bk
c:\windows\system32\tmp0_16793646846.bk
c:\windows\system32\tmp0_172773127792.bk
c:\windows\system32\tmp0_173143506521.bk
c:\windows\system32\tmp0_173476294771.bk
c:\windows\system32\tmp0_179828607736.bk
c:\windows\system32\tmp0_180092713113.bk
c:\windows\system32\tmp0_213943867546.bk
c:\windows\system32\tmp0_233096395921.bk
c:\windows\system32\tmp0_234284473035.bk
c:\windows\system32\tmp0_234767772931.bk
c:\windows\system32\tmp0_23645135324.bk
c:\windows\system32\tmp0_24299653048.bk
c:\windows\system32\tmp0_25459335728.bk
c:\windows\system32\tmp0_259947578160.bk
c:\windows\system32\tmp0_270831203704.bk
c:\windows\system32\tmp0_283464536128.bk
c:\windows\system32\tmp0_284727627284.bk
c:\windows\system32\tmp0_287957863150.bk
c:\windows\system32\tmp0_294871663117.bk
c:\windows\system32\tmp0_298765511537.bk
c:\windows\system32\tmp0_303913519588.bk
c:\windows\system32\tmp0_3040085514.bk
c:\windows\system32\tmp0_30996845921.bk
c:\windows\system32\tmp0_311564453917.bk
c:\windows\system32\tmp0_31193661852.bk
c:\windows\system32\tmp0_313163629094.bk
c:\windows\system32\tmp0_3192730266.bk
c:\windows\system32\tmp0_333331424436.bk
c:\windows\system32\tmp0_335541731787.bk
c:\windows\system32\tmp0_33814847304.bk
c:\windows\system32\tmp0_346281251000.bk
c:\windows\system32\tmp0_346920209891.bk
c:\windows\system32\tmp0_349257222632.bk
c:\windows\system32\tmp0_34938885921.bk
c:\windows\system32\tmp0_351434215753.bk
c:\windows\system32\tmp0_353353371640.bk
c:\windows\system32\tmp0_354151768505.bk
c:\windows\system32\tmp0_356020898769.bk
c:\windows\system32\tmp0_366911176867.bk
c:\windows\system32\tmp0_368195538840.bk
c:\windows\system32\tmp0_369524497268.bk
c:\windows\system32\tmp0_370691766608.bk
c:\windows\system32\tmp0_371321486167.bk
c:\windows\system32\tmp0_403072398108.bk
c:\windows\system32\tmp0_40486689273.bk
c:\windows\system32\tmp0_406800314117.bk
c:\windows\system32\tmp0_411355803138.bk
c:\windows\system32\tmp0_415883560890.bk
c:\windows\system32\tmp0_418390302662.bk
c:\windows\system32\tmp0_422254537782.bk
c:\windows\system32\tmp0_42663180069.bk
c:\windows\system32\tmp0_42921788655.bk
c:\windows\system32\tmp0_430368676726.bk
c:\windows\system32\tmp0_434443720572.bk
c:\windows\system32\tmp0_434797425767.bk
c:\windows\system32\tmp0_451169661642.bk
c:\windows\system32\tmp0_451571483542.bk
c:\windows\system32\tmp0_45351330193.bk
c:\windows\system32\tmp0_455348336977.bk
c:\windows\system32\tmp0_460548165013.bk
c:\windows\system32\tmp0_464795186169.bk
c:\windows\system32\tmp0_466244207315.bk
c:\windows\system32\tmp0_471817654066.bk
c:\windows\system32\tmp0_475385294231.bk
c:\windows\system32\tmp0_481311458914.bk
c:\windows\system32\tmp0_483627759134.bk
c:\windows\system32\tmp0_486792787774.bk
c:\windows\system32\tmp0_488858371858.bk
c:\windows\system32\tmp0_49137772316.bk
c:\windows\system32\tmp0_492278243981.bk
c:\windows\system32\tmp0_49359895752.bk
c:\windows\system32\tmp0_49958594866.bk
c:\windows\system32\tmp0_504020435393.bk
c:\windows\system32\tmp0_52717113550.bk
c:\windows\system32\tmp0_532298776324.bk
c:\windows\system32\tmp0_534847425943.bk
c:\windows\system32\tmp0_541197829882.bk
c:\windows\system32\tmp0_545030208224.bk
c:\windows\system32\tmp0_556346289071.bk
c:\windows\system32\tmp0_559698327175.bk
c:\windows\system32\tmp0_563785515474.bk
c:\windows\system32\tmp0_565571296247.bk
c:\windows\system32\tmp0_566588122352.bk
c:\windows\system32\tmp0_573098325227.bk
c:\windows\system32\tmp0_588390307243.bk
c:\windows\system32\tmp0_591379293881.bk
c:\windows\system32\tmp0_602185204149.bk
c:\windows\system32\tmp0_607399506196.bk
c:\windows\system32\tmp0_60851684625.bk
c:\windows\system32\tmp0_616023148494.bk
c:\windows\system32\tmp0_623134783849.bk
c:\windows\system32\tmp0_623860507249.bk
c:\windows\system32\tmp0_643001674811.bk
c:\windows\system32\tmp0_65359155771.bk
c:\windows\system32\tmp0_656170384182.bk
c:\windows\system32\tmp0_656374405687.bk
c:\windows\system32\tmp0_657290548635.bk
c:\windows\system32\tmp0_666739391229.bk
c:\windows\system32\tmp0_67832177297.bk
c:\windows\system32\tmp0_681439377034.bk
c:\windows\system32\tmp0_682815199849.bk
c:\windows\system32\tmp0_689098573662.bk
c:\windows\system32\tmp0_708386622989.bk
c:\windows\system32\tmp0_711093738879.bk
c:\windows\system32\tmp0_7118804098.bk
c:\windows\system32\tmp0_726579405124.bk
c:\windows\system32\tmp0_736779410950.bk
c:\windows\system32\tmp0_737573664241.bk
c:\windows\system32\tmp0_74977050755.bk
c:\windows\system32\tmp0_75274270457.bk
c:\windows\system32\tmp0_76224263128.bk
c:\windows\system32\tmp0_770199335962.bk
c:\windows\system32\tmp0_770582449674.bk
c:\windows\system32\tmp0_774852583313.bk
c:\windows\system32\tmp0_77853062884.bk
c:\windows\system32\tmp0_780657891451.bk
c:\windows\system32\tmp0_783457847091.bk
c:\windows\system32\tmp0_7932527150.bk
c:\windows\system32\tmp0_795207587214.bk
c:\windows\system32\tmp0_814427766687.bk
c:\windows\system32\tmp0_825789559593.bk
c:\windows\system32\tmp0_825845314878.bk
c:\windows\system32\tmp0_827076779384.bk
c:\windows\system32\tmp0_830965490127.bk
c:\windows\system32\tmp0_835396296485.bk
c:\windows\system32\tmp0_83797294523.bk
c:\windows\system32\tmp0_838486250101.bk
c:\windows\system32\tmp0_841472814183.bk
c:\windows\system32\tmp0_861583597130.bk
c:\windows\system32\tmp0_86476499948.bk
c:\windows\system32\tmp0_865435177047.bk
c:\windows\system32\tmp0_868907246585.bk
c:\windows\system32\tmp0_86969618503.bk
c:\windows\system32\tmp0_869812521656.bk
c:\windows\system32\tmp0_871957673364.bk
c:\windows\system32\tmp0_873719132493.bk
c:\windows\system32\tmp0_878263820998.bk
c:\windows\system32\tmp0_893342871657.bk
c:\windows\system32\tmp0_894395377473.bk
c:\windows\system32\tmp0_93649597688.bk
c:\windows\system32\tmp1_103252753152.bk
c:\windows\system32\tmp1_113823241099.bk
c:\windows\system32\tmp1_127619416519.bk
c:\windows\system32\tmp1_127756554197.bk
c:\windows\system32\tmp1_139094656313.bk
c:\windows\system32\tmp1_146152281592.bk
c:\windows\system32\tmp1_149067639585.bk
c:\windows\system32\tmp1_161083388269.bk
c:\windows\system32\tmp1_171666767128.bk
c:\windows\system32\tmp1_171848193882.bk
c:\windows\system32\tmp1_185044836012.bk
c:\windows\system32\tmp1_189457106576.bk
c:\windows\system32\tmp1_192179650007.bk
c:\windows\system32\tmp1_21066842485.bk
c:\windows\system32\tmp1_212156205889.bk
c:\windows\system32\tmp1_21835023696.bk
c:\windows\system32\tmp1_22693780352.bk
c:\windows\system32\tmp1_230527827662.bk
c:\windows\system32\tmp1_232254395413.bk
c:\windows\system32\tmp1_234078562669.bk
c:\windows\system32\tmp1_239193458681.bk
c:\windows\system32\tmp1_241059569161.bk
c:\windows\system32\tmp1_256465431365.bk
c:\windows\system32\tmp1_257629285292.bk
c:\windows\system32\tmp1_25880238488.bk
c:\windows\system32\tmp1_260277807382.bk
c:\windows\system32\tmp1_264107836262.bk
c:\windows\system32\tmp1_27106355319.bk
c:\windows\system32\tmp1_272554138741.bk
c:\windows\system32\tmp1_277220141429.bk
c:\windows\system32\tmp1_279573203634.bk
c:\windows\system32\tmp1_283124454535.bk
c:\windows\system32\tmp1_293480418845.bk
c:\windows\system32\tmp1_297291720476.bk
c:\windows\system32\tmp1_299192192171.bk
c:\windows\system32\tmp1_311953599068.bk
c:\windows\system32\tmp1_31310182584.bk
c:\windows\system32\tmp1_328735309691.bk
c:\windows\system32\tmp1_333178544967.bk
c:\windows\system32\tmp1_346362288943.bk
c:\windows\system32\tmp1_34639953325.bk
c:\windows\system32\tmp1_362393294289.bk
c:\windows\system32\tmp1_371208177151.bk
c:\windows\system32\tmp1_373944633738.bk
c:\windows\system32\tmp1_37913220344.bk
c:\windows\system32\tmp1_381252228641.bk
c:\windows\system32\tmp1_381332287450.bk
c:\windows\system32\tmp1_386418460532.bk
c:\windows\system32\tmp1_39753411273.bk
c:\windows\system32\tmp1_402509287442.bk
c:\windows\system32\tmp1_41691153086.bk
c:\windows\system32\tmp1_420915489876.bk
c:\windows\system32\tmp1_423249729526.bk
c:\windows\system32\tmp1_42509042045.bk
c:\windows\system32\tmp1_434353894818.bk
c:\windows\system32\tmp1_435351194769.bk
c:\windows\system32\tmp1_441685119530.bk
c:\windows\system32\tmp1_44691611523.bk
c:\windows\system32\tmp1_455266690438.bk
c:\windows\system32\tmp1_477076222145.bk
c:\windows\system32\tmp1_47932551945.bk
c:\windows\system32\tmp1_47963679194.bk
c:\windows\system32\tmp1_492214429934.bk
c:\windows\system32\tmp1_49629232535.bk
c:\windows\system32\tmp1_502110853649.bk
c:\windows\system32\tmp1_503178794195.bk
c:\windows\system32\tmp1_50596620431.bk
c:\windows\system32\tmp1_51759140827.bk
c:\windows\system32\tmp1_527228631949.bk
c:\windows\system32\tmp1_529959391622.bk
c:\windows\system32\tmp1_531387429054.bk
c:\windows\system32\tmp1_54266428221.bk
c:\windows\system32\tmp1_54650847202.bk
c:\windows\system32\tmp1_546738728229.bk
c:\windows\system32\tmp1_547233437937.bk
c:\windows\system32\tmp1_554638501661.bk
c:\windows\system32\tmp1_561049451878.bk
c:\windows\system32\tmp1_56306346175.bk
c:\windows\system32\tmp1_563379330848.bk
c:\windows\system32\tmp1_568324790021.bk
c:\windows\system32\tmp1_574929542524.bk
c:\windows\system32\tmp1_578954651503.bk
c:\windows\system32\tmp1_58389544478.bk
c:\windows\system32\tmp1_590509586758.bk
c:\windows\system32\tmp1_594056800618.bk
c:\windows\system32\tmp1_595400786515.bk
c:\windows\system32\tmp1_599969239748.bk
c:\windows\system32\tmp1_603116856025.bk
c:\windows\system32\tmp1_607321663870.bk
c:\windows\system32\tmp1_612282783554.bk
c:\windows\system32\tmp1_61523778160.bk
c:\windows\system32\tmp1_623816346196.bk
c:\windows\system32\tmp1_626509821709.bk
c:\windows\system32\tmp1_637936228519.bk
c:\windows\system32\tmp1_669591772857.bk
c:\windows\system32\tmp1_679536821183.bk
c:\windows\system32\tmp1_6957102868.bk
c:\windows\system32\tmp1_69787376002.bk
c:\windows\system32\tmp1_72549534738.bk
c:\windows\system32\tmp1_739692482759.bk
c:\windows\system32\tmp1_739800172988.bk
c:\windows\system32\tmp1_741008456009.bk
c:\windows\system32\tmp1_74918741046.bk
c:\windows\system32\tmp1_7498046225.bk
c:\windows\system32\tmp1_757567570369.bk
c:\windows\system32\tmp1_767892578492.bk
c:\windows\system32\tmp1_772407574365.bk
c:\windows\system32\tmp1_781040752037.bk
c:\windows\system32\tmp1_78331769675.bk
c:\windows\system32\tmp1_786120530386.bk
c:\windows\system32\tmp1_78962666381.bk
c:\windows\system32\tmp1_79299714164.bk
c:\windows\system32\tmp1_794529264294.bk
c:\windows\system32\tmp1_812194237846.bk
c:\windows\system32\tmp1_822771609120.bk
c:\windows\system32\tmp1_828367751804.bk
c:\windows\system32\tmp1_831744332783.bk
c:\windows\system32\tmp1_832804419449.bk
c:\windows\system32\tmp1_84254947458.bk
c:\windows\system32\tmp1_847422332986.bk
c:\windows\system32\tmp1_857063437789.bk
c:\windows\system32\tmp1_8686546875.bk
c:\windows\system32\tmp1_888656450937.bk
c:\windows\system32\tmp1_89278244734.bk
c:\windows\system32\tmp1_92384749700.bk
c:\windows\system32\tmp1_95289818880.bk
c:\windows\system32\tmp2_100835834388.bk
c:\windows\system32\tmp2_147211247105.bk
c:\windows\system32\tmp2_170212829907.bk
c:\windows\system32\tmp2_183689667889.bk
c:\windows\system32\tmp2_192201362419.bk
c:\windows\system32\tmp2_213288864225.bk
c:\windows\system32\tmp2_275698820605.bk
c:\windows\system32\tmp2_307963731247.bk
c:\windows\system32\tmp2_445718146708.bk
c:\windows\system32\tmp2_572146157177.bk
c:\windows\system32\tmp2_60330207194.bk
c:\windows\system32\tmp2_839305746340.bk
c:\windows\system32\tmp2_846317408425.bk
c:\windows\system32\tmp3_101247762190.bk
c:\windows\system32\tmp3_11296726181.bk
c:\windows\system32\tmp3_116639142361.bk
c:\windows\system32\tmp3_121945793673.bk
c:\windows\system32\tmp3_126026446029.bk
c:\windows\system32\tmp3_139844529159.bk
c:\windows\system32\tmp3_14205583312.bk
c:\windows\system32\tmp3_14925819565.bk
c:\windows\system32\tmp3_152166677056.bk
c:\windows\system32\tmp3_153313175649.bk
c:\windows\system32\tmp3_157425380610.bk
c:\windows\system32\tmp3_160577870856.bk
c:\windows\system32\tmp3_160869205186.bk
c:\windows\system32\tmp3_162808759881.bk
c:\windows\system32\tmp3_170414478884.bk
c:\windows\system32\tmp3_17129237131.bk
c:\windows\system32\tmp3_174275786780.bk
c:\windows\system32\tmp3_179409113649.bk
c:\windows\system32\tmp3_179852845246.bk
c:\windows\system32\tmp3_180122350509.bk
c:\windows\system32\tmp3_189645593111.bk
c:\windows\system32\tmp3_190061662037.bk
c:\windows\system32\tmp3_209612198570.bk
c:\windows\system32\tmp3_211511439558.bk
c:\windows\system32\tmp3_22195259389.bk
c:\windows\system32\tmp3_237190874816.bk
c:\windows\system32\tmp3_238344896429.bk
c:\windows\system32\tmp3_246559208775.bk
c:\windows\system32\tmp3_247601492833.bk
c:\windows\system32\tmp3_248899390641.bk
c:\windows\system32\tmp3_251991688382.bk
c:\windows\system32\tmp3_25306230345.bk
c:\windows\system32\tmp3_25321868612.bk
c:\windows\system32\tmp3_260138846616.bk
c:\windows\system32\tmp3_262727140375.bk
c:\windows\system32\tmp3_266704297712.bk
c:\windows\system32\tmp3_27153551783.bk
c:\windows\system32\tmp3_272268764288.bk
c:\windows\system32\tmp3_279521191744.bk
c:\windows\system32\tmp3_285645735392.bk
c:\windows\system32\tmp3_286750416061.bk
c:\windows\system32\tmp3_2984125297.bk
c:\windows\system32\tmp3_30210741207.bk
c:\windows\system32\tmp3_306141248723.bk
c:\windows\system32\tmp3_307929868998.bk
c:\windows\system32\tmp3_312872530130.bk
c:\windows\system32\tmp3_322957735514.bk
c:\windows\system32\tmp3_33805814622.bk
c:\windows\system32\tmp3_345227448254.bk
c:\windows\system32\tmp3_347127409001.bk
c:\windows\system32\tmp3_353769727483.bk
c:\windows\system32\tmp3_359866824918.bk
c:\windows\system32\tmp3_362625671975.bk
c:\windows\system32\tmp3_3646575245.bk
c:\windows\system32\tmp3_37419168177.bk
c:\windows\system32\tmp3_374945764251.bk
c:\windows\system32\tmp3_37583438255.bk
c:\windows\system32\tmp3_377581740822.bk
c:\windows\system32\tmp3_378434690945.bk
c:\windows\system32\tmp3_37945244724.bk
c:\windows\system32\tmp3_386253181787.bk
c:\windows\system32\tmp3_390332717937.bk
c:\windows\system32\tmp3_393768504803.bk
c:\windows\system32\tmp3_410716387234.bk
c:\windows\system32\tmp3_412873590483.bk
c:\windows\system32\tmp3_424439794090.bk
c:\windows\system32\tmp3_425863825524.bk
c:\windows\system32\tmp3_436097871990.bk
c:\windows\system32\tmp3_438293674285.bk
c:\windows\system32\tmp3_44571852294.bk
c:\windows\system32\tmp3_447319621451.bk
c:\windows\system32\tmp3_44760336870.bk
c:\windows\system32\tmp3_4492289407.bk
c:\windows\system32\tmp3_455790503736.bk
c:\windows\system32\tmp3_458574292151.bk
c:\windows\system32\tmp3_460193127457.bk
c:\windows\system32\tmp3_466288110798.bk
c:\windows\system32\tmp3_47833344404.bk
c:\windows\system32\tmp3_48086681056.bk
c:\windows\system32\tmp3_488383461443.bk
c:\windows\system32\tmp3_489072179315.bk
c:\windows\system32\tmp3_494820842258.bk
c:\windows\system32\tmp3_503843146566.bk
c:\windows\system32\tmp3_505372513383.bk
c:\windows\system32\tmp3_510513632364.bk
c:\windows\system32\tmp3_520275672485.bk
c:\windows\system32\tmp3_523041315997.bk
c:\windows\system32\tmp3_523603311408.bk
c:\windows\system32\tmp3_533042348639.bk
c:\windows\system32\tmp3_540752571185.bk
c:\windows\system32\tmp3_5447436619.bk
c:\windows\system32\tmp3_553385286729.bk
c:\windows\system32\tmp3_559627768014.bk
c:\windows\system32\tmp3_562870682784.bk
c:\windows\system32\tmp3_565732451584.bk
c:\windows\system32\tmp3_57178483258.bk
c:\windows\system32\tmp3_578853248728.bk
c:\windows\system32\tmp3_58302160280.bk
c:\windows\system32\tmp3_583768407614.bk
c:\windows\system32\tmp3_587419381305.bk
c:\windows\system32\tmp3_595453571015.bk
c:\windows\system32\tmp3_59953894829.bk
c:\windows\system32\tmp3_600992574659.bk
c:\windows\system32\tmp3_604162421726.bk
c:\windows\system32\tmp3_606180687014.bk
c:\windows\system32\tmp3_609581439488.bk
c:\windows\system32\tmp3_615114320883.bk
c:\windows\system32\tmp3_616646466635.bk
c:\windows\system32\tmp3_636384696281.bk
c:\windows\system32\tmp3_641497693093.bk
c:\windows\system32\tmp3_650327730662.bk
c:\windows\system32\tmp3_667188364728.bk
c:\windows\system32\tmp3_668247699541.bk
c:\windows\system32\tmp3_669781260125.bk
c:\windows\system32\tmp3_692050357430.bk
c:\windows\system32\tmp3_701245457769.bk
c:\windows\system32\tmp3_702945565839.bk
c:\windows\system32\tmp3_704862166635.bk
c:\windows\system32\tmp3_710425748793.bk
c:\windows\system32\tmp3_71212713129.bk
c:\windows\system32\tmp3_712701399982.bk
c:\windows\system32\tmp3_714260777423.bk
c:\windows\system32\tmp3_725511587722.bk
c:\windows\system32\tmp3_726753514191.bk
c:\windows\system32\tmp3_728684786047.bk
c:\windows\system32\tmp3_733896508396.bk
c:\windows\system32\tmp3_73774738828.bk
c:\windows\system32\tmp3_738327245401.bk
c:\windows\system32\tmp3_740177522767.bk
c:\windows\system32\tmp3_74785643474.bk
c:\windows\system32\tmp3_749997214572.bk
c:\windows\system32\tmp3_75451969468.bk
c:\windows\system32\tmp3_758704554445.bk
c:\windows\system32\tmp3_764657689209.bk
c:\windows\system32\tmp3_786495117499.bk
c:\windows\system32\tmp3_790200387329.bk
c:\windows\system32\tmp3_797402124269.bk
c:\windows\system32\tmp3_799439650657.bk
c:\windows\system32\tmp3_799449847369.bk
c:\windows\system32\tmp3_806795198951.bk
c:\windows\system32\tmp3_81434560927.bk
c:\windows\system32\tmp3_815173245228.bk
c:\windows\system32\tmp3_81923172030.bk
c:\windows\system32\tmp3_827704259952.bk
c:\windows\system32\tmp3_829298838492.bk
c:\windows\system32\tmp3_841183699037.bk
c:\windows\system32\tmp3_849667852256.bk
c:\windows\system32\tmp3_85341454574.bk
c:\windows\system32\tmp3_857404121785.bk
c:\windows\system32\tmp3_860131686883.bk
c:\windows\system32\tmp3_867613255726.bk
c:\windows\system32\tmp3_879184679043.bk
c:\windows\system32\tmp3_89231343556.bk
c:\windows\system32\tmp3_89735365389.bk
c:\windows\system32\tmp3_898452274074.bk
c:\windows\system32\tmp3_899037592126.bk
c:\windows\system32\tmp3_93897714231.bk
c:\windows\system32\tmp4_105536259730.bk
c:\windows\system32\tmp4_113430346415.bk
c:\windows\system32\tmp4_115781268274.bk
c:\windows\system32\tmp4_116873358912.bk
c:\windows\system32\tmp4_127112842731.bk
c:\windows\system32\tmp4_127980235724.bk
c:\windows\system32\tmp4_130024862498.bk
c:\windows\system32\tmp4_130462230493.bk
c:\windows\system32\tmp4_135216429099.bk
c:\windows\system32\tmp4_143078109235.bk
c:\windows\system32\tmp4_146310380313.bk
c:\windows\system32\tmp4_156454140915.bk
c:\windows\system32\tmp4_164962231214.bk
c:\windows\system32\tmp4_172913859165.bk
c:\windows\system32\tmp4_181208646520.bk
c:\windows\system32\tmp4_182692718964.bk
c:\windows\system32\tmp4_18769321846.bk
c:\windows\system32\tmp4_195141310053.bk
c:\windows\system32\tmp4_201599621731.bk
c:\windows\system32\tmp4_20326726352.bk
c:\windows\system32\tmp4_209510735668.bk
c:\windows\system32\tmp4_211949530507.bk
c:\windows\system32\tmp4_213883388179.bk
c:\windows\system32\tmp4_221888193521.bk
c:\windows\system32\tmp4_22337741936.bk
c:\windows\system32\tmp4_223456227500.bk
c:\windows\system32\tmp4_224432180434.bk
c:\windows\system32\tmp4_236773852952.bk
c:\windows\system32\tmp4_238333576277.bk
c:\windows\system32\tmp4_239568717113.bk
c:\windows\system32\tmp4_241635235182.bk
c:\windows\system32\tmp4_244260280149.bk
c:\windows\system32\tmp4_244773431044.bk
c:\windows\system32\tmp4_250810144528.bk
c:\windows\system32\tmp4_25831061757.bk
c:\windows\system32\tmp4_267739888643.bk
c:\windows\system32\tmp4_284377808390.bk
c:\windows\system32\tmp4_287963759813.bk
c:\windows\system32\tmp4_293163219062.bk
c:\windows\system32\tmp4_294768352716.bk
c:\windows\system32\tmp4_294840286507.bk
c:\windows\system32\tmp4_296630876975.bk
c:\windows\system32\tmp4_3059756755.bk
c:\windows\system32\tmp4_309875568054.bk
c:\windows\system32\tmp4_31057297942.bk
c:\windows\system32\tmp4_315170568091.bk
c:\windows\system32\tmp4_327742562225.bk
c:\windows\system32\tmp4_32800449359.bk
c:\windows\system32\tmp4_33166846831.bk
c:\windows\system32\tmp4_333024419910.bk
c:\windows\system32\tmp4_345523838732.bk
c:\windows\system32\tmp4_346108247953.bk
c:\windows\system32\tmp4_350860465433.bk
c:\windows\system32\tmp4_358172169880.bk
c:\windows\system32\tmp4_359896144518.bk
c:\windows\system32\tmp4_36395216027.bk
c:\windows\system32\tmp4_3685890031.bk
c:\windows\system32\tmp4_370592305030.bk
c:\windows\system32\tmp4_374745445435.bk
c:\windows\system32\tmp4_374997279768.bk
c:\windows\system32\tmp4_379427176103.bk
c:\windows\system32\tmp4_381998279800.bk
c:\windows\system32\tmp4_396529459817.bk
c:\windows\system32\tmp4_401548294158.bk
c:\windows\system32\tmp4_4019329978.bk
c:\windows\system32\tmp4_402925850454.bk
c:\windows\system32\tmp4_406447582562.bk
c:\windows\system32\tmp4_409858172197.bk
c:\windows\system32\tmp4_411468104733.bk
c:\windows\system32\tmp4_416021760273.bk
c:\windows\system32\tmp4_425308189720.bk
c:\windows\system32\tmp4_427634356688.bk
c:\windows\system32\tmp4_430228466630.bk
c:\windows\system32\tmp4_441643628528.bk
c:\windows\system32\tmp4_446820533457.bk
c:\windows\system32\tmp4_464758611055.bk
c:\windows\system32\tmp4_4665319246.bk
c:\windows\system32\tmp4_47257930280.bk
c:\windows\system32\tmp4_485618185919.bk
c:\windows\system32\tmp4_490969309841.bk
c:\windows\system32\tmp4_498136299305.bk
c:\windows\system32\tmp4_500049354105.bk
c:\windows\system32\tmp4_501344660900.bk
c:\windows\system32\tmp4_52523780522.bk
c:\windows\system32\tmp4_525930837283.bk
c:\windows\system32\tmp4_527448283383.bk
c:\windows\system32\tmp4_530377438982.bk
c:\windows\system32\tmp4_531419580779.bk
c:\windows\system32\tmp4_533412740291.bk
c:\windows\system32\tmp4_536315506403.bk
c:\windows\system32\tmp4_539100538010.bk
c:\windows\system32\tmp4_5483283802.bk
c:\windows\system32\tmp4_549028813665.bk
c:\windows\system32\tmp4_557306195637.bk
c:\windows\system32\tmp4_5609244494.bk
c:\windows\system32\tmp4_563735685445.bk
c:\windows\system32\tmp4_576973228484.bk
c:\windows\system32\tmp4_583791511912.bk
c:\windows\system32\tmp4_588084196829.bk
c:\windows\system32\tmp4_600968855626.bk
c:\windows\system32\tmp4_612681742308.bk
c:\windows\system32\tmp4_61976602972.bk
c:\windows\system32\tmp4_621075520253.bk
c:\windows\system32\tmp4_630624446185.bk
c:\windows\system32\tmp4_632561530220.bk
c:\windows\system32\tmp4_6341713076.bk
c:\windows\system32\tmp4_646176104947.bk
c:\windows\system32\tmp4_650549645881.bk
c:\windows\system32\tmp4_652820301007.bk
c:\windows\system32\tmp4_672776168977.bk
c:\windows\system32\tmp4_673346762144.bk
c:\windows\system32\tmp4_679113876000.bk
c:\windows\system32\tmp4_679482252397.bk
c:\windows\system32\tmp4_684626475593.bk
c:\windows\system32\tmp4_69696915819.bk
c:\windows\system32\tmp4_697137567880.bk
c:\windows\system32\tmp4_697830107034.bk
c:\windows\system32\tmp4_700270174653.bk
c:\windows\system32\tmp4_705762431320.bk
c:\windows\system32\tmp4_713250201000.bk
c:\windows\system32\tmp4_715634226122.bk
c:\windows\system32\tmp4_720007619062.bk
c:\windows\system32\tmp4_720502488691.bk
c:\windows\system32\tmp4_720716119967.bk
c:\windows\system32\tmp4_725537232984.bk
c:\windows\system32\tmp4_727109890245.bk
c:\windows\system32\tmp4_727586287644.bk
c:\windows\system32\tmp4_732472387498.bk
c:\windows\system32\tmp4_733046246343.bk
c:\windows\system32\tmp4_73620687970.bk
c:\windows\system32\tmp4_736951756402.bk
c:\windows\system32\tmp4_747677354624.bk
c:\windows\system32\tmp4_748475277864.bk
c:\windows\system32\tmp4_749477600174.bk
c:\windows\system32\tmp4_753430344061.bk
c:\windows\system32\tmp4_77868054248.bk
c:\windows\system32\tmp4_78861863759.bk
c:\windows\system32\tmp4_791012709923.bk
c:\windows\system32\tmp4_801104634520.bk
c:\windows\system32\tmp4_802979533457.bk
c:\windows\system32\tmp4_810544307594.bk
c:\windows\system32\tmp4_81342502111.bk
c:\windows\system32\tmp4_81646203328.bk
c:\windows\system32\tmp4_818737372026.bk
c:\windows\system32\tmp4_819559761404.bk
c:\windows\system32\tmp4_825622411049.bk
c:\windows\system32\tmp4_836408551502.bk
c:\windows\system32\tmp4_836611205567.bk
c:\windows\system32\tmp4_858606543278.bk
c:\windows\system32\tmp4_863362737868.bk
c:\windows\system32\tmp4_869341831302.bk
c:\windows\system32\tmp4_882238449037.bk
c:\windows\system32\tmp4_888133285299.bk
c:\windows\system32\tmp4_89124573317.bk
c:\windows\system32\tmp4_9214994365.bk
c:\windows\system32\tmp4_92361199374.bk
c:\windows\system32\tmp4_95760268920.bk
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClfqujotehb.dll
c:\windows\system32\UACnmwrridvbq.dll
c:\windows\system32\UACnssinthnxr.dll
c:\windows\system32\UACsbqaencfmn.dll
c:\windows\system32\UACvnfyabwqqp.dll
c:\windows\system32\UACxmafwxnxgr.dat
c:\windows\system32\wispex.html

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_NOBICYT
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Legacy_WSERVING
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NOBICYT
-------\Service_perfmons
-------\Service_Routing
-------\Service_sys
-------\Service_sysdrv
-------\Service_WServing


((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.

2009-09-15 23:47 . 2009-09-15 23:47 -------- d-----w- C:\_OTS
2009-09-15 23:29 . 2009-09-15 23:29 2474 ----a-w- C:\3.reg
2009-09-15 23:29 . 2009-09-15 23:29 2628 ----a-w- C:\2.reg
2009-09-15 23:29 . 2009-09-15 23:29 2072 ----a-w- C:\1.reg
2009-09-15 23:28 . 2009-09-15 23:28 628 ----a-w- C:\avexport.bat
2009-09-14 02:36 . 2009-09-14 02:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-14 02:13 . 2009-09-15 23:28 574 ----a-w- C:\cleanup.bat
2009-09-14 02:13 . 2009-09-15 23:28 135168 ----a-w- C:\zip.exe
2009-09-12 06:44 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-12 06:44 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-12 06:44 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-12 06:44 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-12 06:44 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-12 06:44 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-12 06:44 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-12 06:44 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-12 06:43 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-12 06:43 . 2009-09-12 06:43 -------- d-----w- c:\program files\Alwil Software
2009-09-12 05:41 . 2009-09-12 05:41 -------- d-----w- c:\program files\VS Revo Group
2009-09-09 03:20 . 2009-09-09 22:43 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\Lavasoft
2009-09-07 05:47 . 2009-09-07 05:47 76560 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-07 04:12 . 2009-09-07 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-09-07 04:04 . 2005-09-23 12:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-09-07 04:02 . 2009-09-07 04:02 -------- d-sh--w- c:\documents and settings\Andy Gossett\IECompatCache
2009-09-07 03:26 . 2009-09-07 03:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-07 03:26 . 2009-09-07 03:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-05 22:20 . 2009-09-05 22:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-05 19:47 . 2009-09-05 19:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-01 08:15 . 2009-09-11 09:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 00:47 . 2007-10-29 07:53 -------- d-----w- c:\program files\PeerGuardian2
2009-09-15 23:29 . 2007-09-07 01:16 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\uTorrent
2009-09-15 21:35 . 2009-03-29 18:10 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 23:03 . 2007-12-17 23:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-07 03:25 . 2008-11-14 10:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-22 17:18 . 2006-01-15 00:56 91728 ----a-w- c:\documents and settings\Andy Gossett\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 04:38 . 2005-11-27 15:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-14 17:42 . 2007-11-05 08:39 -------- d-----w- c:\program files\MSBuild
2009-08-14 17:40 . 2009-08-14 17:40 -------- d-----w- c:\program files\Reference Assemblies
2009-08-13 06:54 . 2007-11-05 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-11 22:26 . 2007-09-07 23:23 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\Apple Computer
2009-08-06 20:53 . 2005-11-17 16:08 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 21:49 . 2009-08-04 21:15 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-08-04 21:47 . 2009-08-04 21:42 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-08-04 21:41 . 2009-08-04 21:31 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-08-04 20:02 . 2006-01-15 00:55 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-04 20:02 . 2007-08-15 16:54 88 --sh--r- c:\windows\system32\3BCEB709B6.sys
2009-07-27 05:36 . 2007-03-19 19:43 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\LimeWire
2009-07-25 10:23 . 2008-12-07 18:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 21:01 . 2007-05-14 18:27 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\U3
2009-07-18 04:48 . 2007-07-09 17:34 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\Vso
2009-07-17 19:01 . 2004-08-10 18:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-10-31 05:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-10 18:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 18:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 18:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 18:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 18:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 18:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 13:34 . 2009-06-23 13:34 6911 ---h--w- c:\windows\bf5087.dat
2009-06-23 12:00 . 2009-06-23 12:00 1 ----a-w- c:\windows\123312sd345fdg.dat
2009-06-03 05:20 . 2009-06-03 05:20 49152 --sha-w- c:\windows\system32\fidezeta.dll.tmp
2009-06-03 05:20 . 2009-06-03 05:20 49152 --sha-w- c:\windows\system32\gejaneme.dll.tmp
2009-06-04 18:46 . 2009-06-04 18:46 210944 --sha-w- c:\windows\system32\nijetiyi.exe
2009-06-03 05:20 . 2009-06-03 05:20 49152 --sha-w- c:\windows\system32\sanedumi.dll.tmp
2009-06-03 05:19 . 2009-06-03 05:19 184320 --sha-w- c:\windows\system32\wiyirive.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-07-10 2215960]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-07-10 2215960]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-07-10 2215960]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-05-09 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Andy Gossett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-18 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-17 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\windows\warnhp.html
FriendlyName= Desktop Uninstall

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2837:UDP"= 2837:UDP:Windows Media Format SDK (Indt2.sys)
"3074:UDP"= 3074:UDP:Xbox (192.168.0.3074) 3074 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/12/2009 1:44 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/12/2009 1:44 AM 20560]
S1 uze5oti1;AVZ-RK Kernel Driver;\??\c:\windows\system32\Drivers\uze5oti1.sys --> c:\windows\system32\Drivers\uze5oti1.sys [?]
S2 mhehklbaqc;mhehklbaqc;\??\c:\windows\system32\drivers\zwlcpd.sys --> c:\windows\system32\drivers\zwlcpd.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/5/2008 9:02 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/5/2008 9:02 AM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{31254ED7-8950-E631-0606-040707080607}]
c:\windows\Nvcpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D48g43BC-4266-43f0-B6ED-9D38C4202C7E}]
c:\program files\Common Files\mscd.exe
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-16 c:\windows\Tasks\User_Feed_Synchronization-{0DFD9271-E81E-420E-80C9-B89111248B6F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
.
- - - - ORPHANS REMOVED - - - -

BHO-{317a8723-7a90-4569-9d55-ef00af2a363a} - hajiruno.dll
BHO-{6566d52d-8040-4d8c-97d8-ed1595ef0cd4} - lonayemu.dll
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-Hide IP Platinum - c:\program files\Hide IP Platinum\hideippla.exe
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-P2kAutostart - (no file)
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKLM-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-FaxCenterServer - c:\program files\Lexmark Fax Solutions\fm3032.exe
HKLM-Run-cctray - c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
HKLM-Run-10613284 - c:\documents and settings\All Users\Application Data\10613284\10613284.exe
HKLM-Run-bigopuhawe - lesugeti.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 21:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Lexmark 1200 Series\LXCZbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2009-09-16 21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-16 02:42

Pre-Run: 18,423,369,728 bytes free
Post-Run: 18,267,553,792 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
929 --- E O F --- 2009-09-16 02:29
  • 0

#42
kahdah
Posted 16 September 2009 - 05:37 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
uze5oti1
mhehklbaqc
aqwxpfzc
a9zx948f


File::
c:\windows\system32\wiyirive.exe
c:\windows\bf5087.dat
c:\windows\123312sd345fdg.dat
c:\windows\system32\fidezeta.dll.tmp
c:\windows\system32\gejaneme.dll.tmp
c:\windows\system32\nijetiyi.exe
c:\windows\system32\sanedumi.dll.tmp

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"=-
[-HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"=-
[-HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"=-
[-HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

Folder::
c:\program files\The_Pirate_Bay


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt

  • 0

#43
BlkTebow
Posted 16 September 2009 - 08:03 PM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
Combofit.txt

ComboFix 09-09-13.04 - Andy Gossett 09/16/2009 19:42.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.143 [GMT -5:00]
Running from: c:\documents and settings\Andy Gossett\Desktop\kahdah.bat.exe
Command switches used :: c:\documents and settings\Andy Gossett\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090916-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\123312sd345fdg.dat"
"c:\windows\bf5087.dat"
"c:\windows\system32\fidezeta.dll.tmp"
"c:\windows\system32\gejaneme.dll.tmp"
"c:\windows\system32\nijetiyi.exe"
"c:\windows\system32\sanedumi.dll.tmp"
"c:\windows\system32\wiyirive.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\The_Pirate_Bay
c:\program files\The_Pirate_Bay\INSTALL.LOG
c:\program files\The_Pirate_Bay\tbThe_.dll
c:\program files\The_Pirate_Bay\tbThe0.dll
c:\program files\The_Pirate_Bay\tbThe1.dll
c:\program files\The_Pirate_Bay\The_Pirate_BayToolbarHelper.exe
c:\program files\The_Pirate_Bay\toolbar.cfg
c:\program files\The_Pirate_Bay\UNWISE.EXE
c:\windows\123312sd345fdg.dat
c:\windows\bf5087.dat
c:\windows\system32\fidezeta.dll.tmp
c:\windows\system32\gejaneme.dll.tmp
c:\windows\system32\nijetiyi.exe
c:\windows\system32\sanedumi.dll.tmp
c:\windows\system32\wiyirive.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MHEHKLBAQC
-------\Service_mhehklbaqc
-------\Service_uze5oti1


((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
.

2009-09-16 23:35 . 2009-09-16 23:35 -------- d-----w- c:\windows\LastGood.Tmp
2009-09-16 02:44 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-16 02:37 . 2008-05-08 11:24 155648 ----a-w- c:\windows\system32\wscript.exe
2009-09-15 23:47 . 2009-09-15 23:47 -------- d-----w- C:\_OTS
2009-09-15 23:29 . 2009-09-15 23:29 2474 ----a-w- C:\3.reg
2009-09-15 23:29 . 2009-09-15 23:29 2628 ----a-w- C:\2.reg
2009-09-15 23:29 . 2009-09-15 23:29 2072 ----a-w- C:\1.reg
2009-09-15 23:28 . 2009-09-15 23:28 628 ----a-w- C:\avexport.bat
2009-09-14 02:36 . 2009-09-14 02:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-14 02:13 . 2009-09-15 23:28 574 ----a-w- C:\cleanup.bat
2009-09-14 02:13 . 2009-09-15 23:28 135168 ----a-w- C:\zip.exe
2009-09-12 06:44 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-12 06:44 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-12 06:44 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-12 06:44 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-12 06:44 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-12 06:44 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-12 06:44 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-12 06:44 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-12 06:43 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-12 06:43 . 2009-09-12 06:43 -------- d-----w- c:\program files\Alwil Software
2009-09-12 05:41 . 2009-09-12 05:41 -------- d-----w- c:\program files\VS Revo Group
2009-09-09 03:20 . 2009-09-09 22:43 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\Lavasoft
2009-09-07 05:47 . 2009-09-07 05:47 76560 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-07 04:12 . 2009-09-07 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-09-07 04:04 . 2005-09-23 12:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-09-07 04:02 . 2009-09-07 04:02 -------- d-sh--w- c:\documents and settings\Andy Gossett\IECompatCache
2009-09-07 03:26 . 2009-09-07 03:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-07 03:26 . 2009-09-07 03:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-05 22:20 . 2009-09-05 22:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-05 19:47 . 2009-09-05 19:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-01 08:15 . 2009-09-11 09:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 01:28 . 2007-10-29 07:53 -------- d-----w- c:\program files\PeerGuardian2
2009-09-16 10:41 . 2007-09-07 01:16 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\uTorrent
2009-09-16 03:36 . 2007-11-05 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-15 21:35 . 2009-03-29 18:10 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 23:03 . 2007-12-17 23:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-07 03:25 . 2008-11-14 10:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-22 17:18 . 2006-01-15 00:56 91728 ----a-w- c:\documents and settings\Andy Gossett\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 04:38 . 2005-11-27 15:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-14 17:42 . 2007-11-05 08:39 -------- d-----w- c:\program files\MSBuild
2009-08-14 17:40 . 2009-08-14 17:40 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 22:26 . 2007-09-07 23:23 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\Apple Computer
2009-08-06 20:53 . 2005-11-17 16:08 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 21:49 . 2009-08-04 21:15 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-08-04 21:47 . 2009-08-04 21:42 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-08-04 21:41 . 2009-08-04 21:31 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-08-04 20:02 . 2006-01-15 00:55 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-04 20:02 . 2007-08-15 16:54 88 --sh--r- c:\windows\system32\3BCEB709B6.sys
2009-07-27 05:36 . 2007-03-19 19:43 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\LimeWire
2009-07-25 10:23 . 2008-12-07 18:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 21:01 . 2007-05-14 18:27 -------- d-----w- c:\documents and settings\Andy Gossett\Application Data\U3
2009-07-17 19:01 . 2004-08-10 18:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-10-31 05:17 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-10 18:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 18:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 18:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 18:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 18:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 18:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-16_02.23.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-17 01:34 . 2009-09-17 01:34 16384 c:\windows\Temp\Perflib_Perfdata_f4.dat
+ 2009-09-17 01:33 . 2009-09-17 01:33 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
- 2009-09-16 02:20 . 2009-09-16 02:20 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2009-09-17 01:38 . 2009-09-17 01:38 16384 c:\windows\Temp\Perflib_Perfdata_2a0.dat
- 2007-11-05 08:46 . 2009-08-13 06:55 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-10 18:51 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-10 18:51 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-20 16:48 . 2009-03-20 16:48 183808 c:\windows\Installer\7f1c8.msp
- 2007-11-05 08:46 . 2009-08-13 06:55 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-09-16 03:35 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-16 03:35 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-16 03:35 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
- 2004-08-10 18:51 . 2008-06-18 11:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-10 18:51 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-10 18:51 . 2008-06-18 11:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-10 18:51 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-18 17:56 . 2009-08-18 17:56 5020672 c:\windows\Installer\460947.msp
+ 2007-11-05 08:46 . 2009-09-16 03:36 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-11-05 08:46 . 2009-08-13 06:55 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-11-05 08:46 . 2009-09-16 03:36 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-11-05 08:46 . 2009-08-13 06:54 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-09-16 03:38 . 2009-08-28 19:38 24689600 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-05-09 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Andy Gossett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-18 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-17 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2837:UDP"= 2837:UDP:Windows Media Format SDK (Indt2.sys)
"3074:UDP"= 3074:UDP:Xbox (192.168.0.3074) 3074 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/12/2009 1:44 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/12/2009 1:44 AM 20560]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/5/2008 9:02 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/5/2008 9:02 AM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - pgfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{31254ED7-8950-E631-0606-040707080607}]
c:\windows\Nvcpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D48g43BC-4266-43f0-B6ED-9D38C4202C7E}]
c:\program files\Common Files\mscd.exe
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-17 c:\windows\Tasks\User_Feed_Synchronization-{0DFD9271-E81E-420E-80C9-B89111248B6F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 20:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\_av_proI.tm~a03376\setup.lok 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(748)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-17 20:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-17 01:47
ComboFix2.txt 2009-09-16 02:42

Pre-Run: 20,249,374,720 bytes free
Post-Run: 20,233,691,136 bytes free

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
309 --- E O F --- 2009-09-16 11:37
  • 0

#44
kahdah
Posted 17 September 2009 - 05:44 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
First: Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Second: Online Scanner
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#45
BlkTebow
Posted 17 September 2009 - 07:06 AM

BlkTebow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts
:)

Malwarebytes' Anti-Malware 1.41
Database version: 2815
Windows 5.1.2600 Service Pack 3

9/17/2009 7:56:20 AM
mbam-log-2009-09-17 (07-56-20).txt

Scan type: Quick Scan
Objects scanned: 108180
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{d48g43bc-4266-43f0-b6ed-9d38c4202c7e} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nt32int.dll (Trojan.Unclassified) -> Quarantined and deleted successfully.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP