Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with WiniGuard Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 skinsster

skinsster

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 19 February 2009 - 12:09 AM

I have accidentaly downloaded the WiniGurard Virus (I believe that it is the proper name for it). My computer is slower and I am constantly getting fake error messages on my screen about viruses and a message saying that i should buy winiGuard to remove them. I have tried the ATF cleaner, Malwarebytes anti-malware, Spyware Doctor, Solo Anti virus scanner, CCleaner, and avast and none have been able to get rid of my problem.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 23:01:48.18 on Wed 02/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2458 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\promo.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [promo.exe] c:\windows\system32\promo.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SoloSentry] c:\srnmic~1\SOLOSENT.EXE
mRun: [SoloSchedule] c:\srnmic~1\SOLOCFG.EXE
mRun: [SoloSysCheck] c:\srnmic~1\SYSCHECK.COM
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
uPolicies-system: DisableTaskMgr = 0
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201623182234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201623279343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\fbz9btt3.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 40840]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-19 114768]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-19 138680]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1079176]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2008-5-26 53307]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-19 352920]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-02-18 22:31 38 a------- c:\windows\SOLOSCAN.BAT
2009-02-18 22:31 <DIR> --d----- C:\SRN Micro
2009-02-17 23:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\Uniblue
2009-02-17 22:04 7,782 a------- c:\windows\system32\46a6do59loader1471z.exe
2009-02-17 01:32 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 01:32 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 01:32 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 01:32 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 01:32 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 01:32 <DIR> --d----- c:\docume~1\admini~1\applic~1\PC Tools
2009-02-17 01:15 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-17 01:15 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 01:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 01:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 01:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-17 01:03 17,623 a------- c:\windows\5179addwa9e3z50.dll
2009-02-17 01:03 16,800 a------- c:\windows\7595vir2z76.ocx
2009-02-17 01:03 14,155 a------- c:\windows\95829worz1f5.ocx
2009-02-17 01:03 13,838 a------- c:\windows\117629ackzool752.cpl
2009-02-17 01:03 11,229 a------- c:\windows\system32\956viz2599.cpl
2009-02-17 01:03 7,598 a------- c:\windows\22z53spambot69d.bin
2009-02-17 01:03 3,476 a------- c:\windows\16733not-z-5ir9s3da.exe
2009-02-17 01:03 2,776 a------- c:\windows\system32\659ezhief1765.cpl
2009-02-17 01:03 2,684 a------- c:\windows\30570hackt9ol24dz.exe
2009-02-17 01:02 8,704 a------- c:\windows\system32\rasha.exe
2009-02-17 01:02 610,304 a------- c:\windows\system32\promo.exe
2009-02-17 00:54 <DIR> --d----- c:\program files\CCleaner
2009-02-16 23:56 4 a------- c:\windows\system32\gaopdxcounter
2009-02-16 05:33 12,534 a------- c:\windows\system32\7caat9re5tz5463.dll
2009-02-14 18:08 8,198 a------- c:\windows\system32\5019spyware2z72.dll
2009-02-14 02:35 12,870 a------- c:\windows\9e3spazse5637.ocx
2009-02-13 00:17 4,826 a------- c:\windows\3e7zt9al3095.cpl
2009-02-12 21:08 17,035 a------- c:\windows\113z55irus9a6.exe
2009-02-12 16:32 12,830 a------- c:\windows\system32\5798spar5e10z4.exe
2009-02-10 23:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-10 12:46 11,130 a------- c:\windows\system32\4965h5cktozl951.cpl
2009-02-08 02:49 5,806 a------- c:\windows\35c0down9oader3z45.cpl
2009-02-07 08:32 13,574 a------- c:\windows\14556n5t-a-viruz392.exe
2009-02-06 01:08 16,891 a------- c:\windows\system32\17330h5cktozl99.bin
2009-02-05 20:13 16,419 a------- c:\windows\150f9hzeat29365.exe
2009-02-05 15:26 18,019 a------- c:\windows\system32\19z5spyware94.bin
2009-02-04 17:20 8,856 a------- c:\windows\system32\495z5ir1012.cpl
2009-02-04 11:03 7,135 a------- c:\windows\5051zparse2229.ocx
2009-02-03 21:47 16,011 a------- c:\windows\2z32vi91543.exe
2009-02-03 13:56 13,421 a------- c:\windows\30555not-a-viru95fz.exe
2009-02-03 04:37 11,267 a------- c:\windows\system32\3941thie925z.exe
2009-02-01 23:16 10,977 a------- c:\windows\system32\905sz5422.ocx
2009-01-29 19:08 1,415,680 a------- c:\windows\system32\WMV9VCM.DLL
2009-01-29 19:08 49,152 a------- c:\windows\system32\TSCCVID.DLL
2009-01-29 19:06 <DIR> --d----- c:\program files\TESTOUT
2009-01-29 18:07 <DIR> --d----- c:\program files\MSECache
2009-01-27 13:12 4,512 a------- c:\windows\6985spyz48.ocx
2009-01-27 11:15 8,273 a------- c:\windows\1937sz5a91736.ocx
2009-01-27 02:53 6,894 a------- c:\windows\z0593vi5us2f4.dll
2009-01-24 23:53 18,259 a------- c:\windows\system32\1az29hief1950.cpl
2009-01-24 17:24 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-24 17:24 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-24 17:23 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-01-24 17:23 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-01-22 08:17 16,098 a------- c:\windows\system32\25925not-a-vi59szda.ocx
2009-01-22 06:59 2,907 a------- c:\windows\1455zspambot3f99.dll
2009-01-22 04:58 13,492 a------- c:\windows\3895sparze299.cpl
2009-01-21 16:03 3,286 a------- c:\windows\31959viru526z.exe
2009-01-21 10:49 10,360 a------- c:\windows\60bzthreat89025.dll
2009-01-20 23:32 5,595 a------- c:\windows\system32\970dzw5loader2513.exe
2009-01-20 05:04 18,257 a------- c:\windows\system32\19678ha5ktool82z.ocx

==================== Find3M ====================

2009-01-18 01:20 13,226 a------- c:\windows\5a58addware59z.dll
2009-01-17 01:42 17,233 a------- c:\windows\2ab9spars514z0.bin
2009-01-16 16:42 5,273 a------- c:\windows\system32\40809ot-a-viru54bz.exe
2009-01-16 13:58 12,260 a------- c:\windows\system32\59dabzckdo5r106.bin
2009-01-15 23:04 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-01-15 23:04 17,212 a------t c:\windows\system32\SIntf32.dll
2009-01-15 23:04 12,067 a------t c:\windows\system32\SIntf16.dll
2009-01-14 10:34 5,801 a------- c:\windows\2bb9doz5loader6559.exe
2009-01-12 08:14 13,340 a------- c:\windows\25b9zparse1363.exe
2009-01-01 07:18 9,784 a------- c:\windows\system32\126075pamz9t7e5.bin
2008-12-28 07:52 10,684 a------- c:\windows\system32\54190viruz4d9.dll
2008-12-26 23:14 7,382 a------- c:\windows\96cadzware22235.exe
2008-12-26 15:55 5 a------- c:\windows\system32\drivers\DELL_OPT_GX280.MRK
2008-12-26 15:55 5 a------- c:\windows\system32\drivers\1028_DELL_OPT_GX280.MRK
2008-12-25 04:52 2,525 a------- c:\windows\system32\79e95ownloadez645.exe
2008-12-22 10:09 7,394 a------- c:\windows\system32\9f91thzeat5433.bin
2008-12-21 19:16 7,725 a------- c:\windows\system32\16395spambot1z9.dll
2008-12-20 18:24 10,750 a------- c:\windows\system32\7c2zvir25905.dll
2008-12-20 17:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-17 02:11 16,072 a------- c:\windows\system32\23504spambot5z9.exe
2008-12-16 15:15 15,667 a------- c:\windows\system32\21965spy1bz.exe
2008-12-13 00:11 12,856 a------- c:\windows\14085noz-a-virus799.exe
2008-12-11 20:28 7,382 a------- c:\windows\5949zspy365.bin
2008-12-11 11:09 2,697 a------- c:\windows\system32\3045steaz979.exe
2008-12-08 10:38 7,141 a------- c:\windows\system32\31559worm25z9.exe
2008-12-08 03:05 3,145 a------- c:\windows\system32\94cf5hreat27155z.exe
2008-12-05 15:50 9,201 a------- c:\windows\system32\3165sp9ware15z2.bin
2008-12-05 05:05 18,404 a------- c:\windows\system32\5a9cbzck9oor1965.exe
2008-11-30 21:32 14,398 a------- c:\windows\1655tzreat25292.dll
2008-11-25 12:44 3,131 a------- c:\windows\995fsparsz701.dll
2008-11-23 18:44 9,132 a------- c:\windows\system32\2e83spazse2958.exe
2008-11-23 16:53 3,887 a------- c:\windows\55d5ste9lz152.bin
2008-11-22 21:49 9,870 a------- c:\windows\system32\1869vzru95c65.bin
2008-11-22 01:25 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 23:02:25.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 19 February 2009 - 04:25 AM

Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. Dr. Web CureIt
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 skinsster

skinsster
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 19 February 2009 - 06:16 PM

After the scan finished, click Select all
Click on Cure and choose Move incurable

I did the Scan but it did not allow me to click the select all or cure buttons.

disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix

My computer will not allow me to disable my Firewall I have windows XP and when i select my firewall it says that I need to buy winiguard and it will not allow me to disable my firewall. Also my task manager does not work. Here are the reports that you asked for that I could give.

DR.Web:

tmp3.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.Starter.896;Incurable.Moved.;


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 17:14:11.17 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2536 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090219-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\promo.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\SRNMIC~1\SOLOCFG.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [promo.exe] c:\windows\system32\promo.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SoloSentry] c:\srnmic~1\SOLOSENT.EXE
mRun: [SoloSchedule] c:\srnmic~1\SOLOCFG.EXE
mRun: [SoloSysCheck] c:\srnmic~1\SYSCHECK.COM
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
uPolicies-system: DisableTaskMgr = 0
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201623182234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201623279343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\fbz9btt3.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 40840]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-19 114768]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-19 138680]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1079176]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2008-5-26 53307]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-19 352920]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-02-19 09:06 <DIR> --d----- c:\documents and settings\administrator\DoctorWeb
2009-02-18 22:31 38 a------- c:\windows\SOLOSCAN.BAT
2009-02-18 22:31 <DIR> --d----- C:\SRN Micro
2009-02-17 23:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\Uniblue
2009-02-17 22:04 7,782 a------- c:\windows\system32\46a6do59loader1471z.exe
2009-02-17 01:32 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 01:32 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 01:32 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 01:32 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 01:32 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 01:32 <DIR> --d----- c:\docume~1\admini~1\applic~1\PC Tools
2009-02-17 01:15 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-17 01:15 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 01:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 01:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 01:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-17 01:03 17,623 a------- c:\windows\5179addwa9e3z50.dll
2009-02-17 01:03 16,800 a------- c:\windows\7595vir2z76.ocx
2009-02-17 01:03 14,155 a------- c:\windows\95829worz1f5.ocx
2009-02-17 01:03 13,838 a------- c:\windows\117629ackzool752.cpl
2009-02-17 01:03 11,229 a------- c:\windows\system32\956viz2599.cpl
2009-02-17 01:03 7,598 a------- c:\windows\22z53spambot69d.bin
2009-02-17 01:03 3,476 a------- c:\windows\16733not-z-5ir9s3da.exe
2009-02-17 01:03 2,776 a------- c:\windows\system32\659ezhief1765.cpl
2009-02-17 01:03 2,684 a------- c:\windows\30570hackt9ol24dz.exe
2009-02-17 01:02 8,704 a------- c:\windows\system32\rasha.exe
2009-02-17 01:02 610,304 a------- c:\windows\system32\promo.exe
2009-02-17 00:54 <DIR> --d----- c:\program files\CCleaner
2009-02-16 23:56 4 a------- c:\windows\system32\gaopdxcounter
2009-02-16 05:33 12,534 a------- c:\windows\system32\7caat9re5tz5463.dll
2009-02-14 18:08 8,198 a------- c:\windows\system32\5019spyware2z72.dll
2009-02-14 02:35 12,870 a------- c:\windows\9e3spazse5637.ocx
2009-02-13 00:17 4,826 a------- c:\windows\3e7zt9al3095.cpl
2009-02-12 21:08 17,035 a------- c:\windows\113z55irus9a6.exe
2009-02-12 16:32 12,830 a------- c:\windows\system32\5798spar5e10z4.exe
2009-02-10 23:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-10 12:46 11,130 a------- c:\windows\system32\4965h5cktozl951.cpl
2009-02-08 02:49 5,806 a------- c:\windows\35c0down9oader3z45.cpl
2009-02-07 08:32 13,574 a------- c:\windows\14556n5t-a-viruz392.exe
2009-02-06 01:08 16,891 a------- c:\windows\system32\17330h5cktozl99.bin
2009-02-05 20:13 16,419 a------- c:\windows\150f9hzeat29365.exe
2009-02-05 15:26 18,019 a------- c:\windows\system32\19z5spyware94.bin
2009-02-04 17:20 8,856 a------- c:\windows\system32\495z5ir1012.cpl
2009-02-04 11:03 7,135 a------- c:\windows\5051zparse2229.ocx
2009-02-03 21:47 16,011 a------- c:\windows\2z32vi91543.exe
2009-02-03 13:56 13,421 a------- c:\windows\30555not-a-viru95fz.exe
2009-02-03 04:37 11,267 a------- c:\windows\system32\3941thie925z.exe
2009-02-01 23:16 10,977 a------- c:\windows\system32\905sz5422.ocx
2009-01-29 19:08 1,415,680 a------- c:\windows\system32\WMV9VCM.DLL
2009-01-29 19:08 49,152 a------- c:\windows\system32\TSCCVID.DLL
2009-01-29 19:06 <DIR> --d----- c:\program files\TESTOUT
2009-01-29 18:07 <DIR> --d----- c:\program files\MSECache
2009-01-27 13:12 4,512 a------- c:\windows\6985spyz48.ocx
2009-01-27 11:15 8,273 a------- c:\windows\1937sz5a91736.ocx
2009-01-27 02:53 6,894 a------- c:\windows\z0593vi5us2f4.dll
2009-01-24 23:53 18,259 a------- c:\windows\system32\1az29hief1950.cpl
2009-01-24 17:24 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-24 17:24 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-24 17:23 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-01-24 17:23 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-01-22 08:17 16,098 a------- c:\windows\system32\25925not-a-vi59szda.ocx
2009-01-22 06:59 2,907 a------- c:\windows\1455zspambot3f99.dll
2009-01-22 04:58 13,492 a------- c:\windows\3895sparze299.cpl
2009-01-21 16:03 3,286 a------- c:\windows\31959viru526z.exe
2009-01-21 10:49 10,360 a------- c:\windows\60bzthreat89025.dll
2009-01-20 23:32 5,595 a------- c:\windows\system32\970dzw5loader2513.exe

==================== Find3M ====================

2009-01-18 01:20 13,226 a------- c:\windows\5a58addware59z.dll
2009-01-17 01:42 17,233 a------- c:\windows\2ab9spars514z0.bin
2009-01-16 16:42 5,273 a------- c:\windows\system32\40809ot-a-viru54bz.exe
2009-01-16 13:58 12,260 a------- c:\windows\system32\59dabzckdo5r106.bin
2009-01-15 23:04 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-01-15 23:04 17,212 a------t c:\windows\system32\SIntf32.dll
2009-01-15 23:04 12,067 a------t c:\windows\system32\SIntf16.dll
2009-01-14 10:34 5,801 a------- c:\windows\2bb9doz5loader6559.exe
2009-01-12 08:14 13,340 a------- c:\windows\25b9zparse1363.exe
2009-01-01 07:18 9,784 a------- c:\windows\system32\126075pamz9t7e5.bin
2008-12-28 07:52 10,684 a------- c:\windows\system32\54190viruz4d9.dll
2008-12-26 23:14 7,382 a------- c:\windows\96cadzware22235.exe
2008-12-26 15:55 5 a------- c:\windows\system32\drivers\DELL_OPT_GX280.MRK
2008-12-26 15:55 5 a------- c:\windows\system32\drivers\1028_DELL_OPT_GX280.MRK
2008-12-25 04:52 2,525 a------- c:\windows\system32\79e95ownloadez645.exe
2008-12-22 10:09 7,394 a------- c:\windows\system32\9f91thzeat5433.bin
2008-12-21 19:16 7,725 a------- c:\windows\system32\16395spambot1z9.dll
2008-12-20 18:24 10,750 a------- c:\windows\system32\7c2zvir25905.dll
2008-12-20 17:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-17 02:11 16,072 a------- c:\windows\system32\23504spambot5z9.exe
2008-12-16 15:15 15,667 a------- c:\windows\system32\21965spy1bz.exe
2008-12-13 00:11 12,856 a------- c:\windows\14085noz-a-virus799.exe
2008-12-11 20:28 7,382 a------- c:\windows\5949zspy365.bin
2008-12-11 11:09 2,697 a------- c:\windows\system32\3045steaz979.exe
2008-12-08 10:38 7,141 a------- c:\windows\system32\31559worm25z9.exe
2008-12-08 03:05 3,145 a------- c:\windows\system32\94cf5hreat27155z.exe
2008-12-05 15:50 9,201 a------- c:\windows\system32\3165sp9ware15z2.bin
2008-12-05 05:05 18,404 a------- c:\windows\system32\5a9cbzck9oor1965.exe
2008-11-30 21:32 14,398 a------- c:\windows\1655tzreat25292.dll
2008-11-25 12:44 3,131 a------- c:\windows\995fsparsz701.dll
2008-11-23 18:44 9,132 a------- c:\windows\system32\2e83spazse2958.exe
2008-11-23 16:53 3,887 a------- c:\windows\55d5ste9lz152.bin
2008-11-22 21:49 9,870 a------- c:\windows\system32\1869vzru95c65.bin
2008-11-22 01:25 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 17:14:48.92 ===============

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 20 February 2009 - 04:21 AM

Just run ComboFix then...

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 skinsster

skinsster
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 February 2009 - 01:00 PM

I tried to run combofix multiple times now but it has froze up my computer each time that I use it. Is there anything else that I can do?

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 21 February 2009 - 04:07 PM

IMPORTANT: Disconnect the computer from the internet.. Only connect to internet to browse this forum and to download tools, or to post logs..

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    c:\windows\system32\46a6do59loader1471z.exe
    c:\windows\5179addwa9e3z50.dll
    c:\windows\7595vir2z76.ocx
    c:\windows\95829worz1f5.ocx
    c:\windows\117629ackzool752.cpl
    c:\windows\system32\956viz2599.cpl
    c:\windows\22z53spambot69d.bin
    c:\windows\16733not-z-5ir9s3da.exe
    c:\windows\system32\659ezhief1765.cpl
    c:\windows\30570hackt9ol24dz.exe
    c:\windows\system32\promo.exe
    c:\windows\system32\rasha.exe
    c:\windows\system32\gaopdxcounter
    c:\windows\system32\7caat9re5tz5463.dll
    c:\windows\system32\5019spyware2z72.dll
    c:\windows\9e3spazse5637.ocx
    c:\windows\3e7zt9al3095.cpl
    c:\windows\113z55irus9a6.exe
    c:\windows\system32\5798spar5e10z4.exe
    c:\windows\system32\deploytk.dll
    c:\windows\system32\4965h5cktozl951.cpl
    c:\windows\35c0down9oader3z45.cpl
    c:\windows\14556n5t-a-viruz392.exe
    c:\windows\system32\17330h5cktozl99.bin
    c:\windows\150f9hzeat29365.exe
    c:\windows\system32\19z5spyware94.bin
    c:\windows\system32\495z5ir1012.cpl
    c:\windows\5051zparse2229.ocx
    c:\windows\2z32vi91543.exe
    c:\windows\30555not-a-viru95fz.exe
    c:\windows\system32\3941thie925z.exe
    c:\windows\system32\905sz5422.ocx
    c:\windows\6985spyz48.ocx
    c:\windows\1937sz5a91736.ocx
    c:\windows\z0593vi5us2f4.dll
    c:\windows\system32\1az29hief1950.cpl
    c:\windows\system32\25925not-a-vi59szda.ocx
    c:\windows\1455zspambot3f99.dll
    c:\windows\3895sparze299.cpl
    c:\windows\31959viru526z.exe
    c:\windows\60bzthreat89025.dll
    c:\windows\system32\970dzw5loader2513.exe
    c:\windows\5a58addware59z.dll
    c:\windows\2ab9spars514z0.bin
    c:\windows\system32\40809ot-a-viru54bz.exe
    c:\windows\system32\59dabzckdo5r106.bin
    c:\windows\2bb9doz5loader6559.exe
    c:\windows\25b9zparse1363.exe
    c:\windows\system32\126075pamz9t7e5.bin
    c:\windows\system32\54190viruz4d9.dll
    c:\windows\96cadzware22235.exe
    c:\windows\system32\79e95ownloadez645.exe
    c:\windows\system32\9f91thzeat5433.bin
    c:\windows\system32\16395spambot1z9.dll
    c:\windows\system32\7c2zvir25905.dll
    c:\windows\system32\23504spambot5z9.exe
    c:\windows\system32\21965spy1bz.exe
    c:\windows\14085noz-a-virus799.exe
    c:\windows\5949zspy365.bin
    c:\windows\system32\3045steaz979.exe
    c:\windows\system32\31559worm25z9.exe
    c:\windows\system32\94cf5hreat27155z.exe
    c:\windows\system32\3165sp9ware15z2.bin
    c:\windows\system32\5a9cbzck9oor1965.exe
    c:\windows\1655tzreat25292.dll
    c:\windows\995fsparsz701.dll
    c:\windows\system32\2e83spazse2958.exe
    c:\windows\55d5ste9lz152.bin
    c:\windows\system32\1869vzru95c65.bin
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




[bNEXT[/b]


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Run DDS again.. Post these logs in your next reply.. Post each log in separate post..

1. OTMoveIt3
2. Attach GMER result
3. DDS.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 skinsster

skinsster
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 February 2009 - 06:11 PM

OTMoveIt3 report

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\windows\system32\46a6do59loader1471z.exe not found.
File/Folder c:\windows\5179addwa9e3z50.dll not found.
File/Folder c:\windows\7595vir2z76.ocx not found.
File/Folder c:\windows\95829worz1f5.ocx not found.
File/Folder c:\windows\117629ackzool752.cpl not found.
File/Folder c:\windows\system32\956viz2599.cpl not found.
File/Folder c:\windows\22z53spambot69d.bin not found.
File/Folder c:\windows\16733not-z-5ir9s3da.exe not found.
File/Folder c:\windows\system32\659ezhief1765.cpl not found.
File/Folder c:\windows\30570hackt9ol24dz.exe not found.
File/Folder c:\windows\system32\promo.exe not found.
File/Folder c:\windows\system32\rasha.exe not found.
File/Folder c:\windows\system32\gaopdxcounter not found.
File/Folder c:\windows\system32\7caat9re5tz5463.dll not found.
File/Folder c:\windows\system32\5019spyware2z72.dll not found.
File/Folder c:\windows\9e3spazse5637.ocx not found.
File/Folder c:\windows\3e7zt9al3095.cpl not found.
File/Folder c:\windows\113z55irus9a6.exe not found.
File/Folder c:\windows\system32\5798spar5e10z4.exe not found.
File/Folder c:\windows\system32\deploytk.dll not found.
File/Folder c:\windows\system32\4965h5cktozl951.cpl not found.
File/Folder c:\windows\35c0down9oader3z45.cpl not found.
File/Folder c:\windows\14556n5t-a-viruz392.exe not found.
File/Folder c:\windows\system32\17330h5cktozl99.bin not found.
File/Folder c:\windows\150f9hzeat29365.exe not found.
File/Folder c:\windows\system32\19z5spyware94.bin not found.
File/Folder c:\windows\system32\495z5ir1012.cpl not found.
File/Folder c:\windows\5051zparse2229.ocx not found.
File/Folder c:\windows\2z32vi91543.exe not found.
File/Folder c:\windows\30555not-a-viru95fz.exe not found.
File/Folder c:\windows\system32\3941thie925z.exe not found.
File/Folder c:\windows\system32\905sz5422.ocx not found.
File/Folder c:\windows\6985spyz48.ocx not found.
File/Folder c:\windows\1937sz5a91736.ocx not found.
File/Folder c:\windows\z0593vi5us2f4.dll not found.
File/Folder c:\windows\system32\1az29hief1950.cpl not found.
File/Folder c:\windows\system32\25925not-a-vi59szda.ocx not found.
File/Folder c:\windows\1455zspambot3f99.dll not found.
File/Folder c:\windows\3895sparze299.cpl not found.
File/Folder c:\windows\31959viru526z.exe not found.
File/Folder c:\windows\60bzthreat89025.dll not found.
File/Folder c:\windows\system32\970dzw5loader2513.exe not found.
File/Folder c:\windows\5a58addware59z.dll not found.
File/Folder c:\windows\2ab9spars514z0.bin not found.
File/Folder c:\windows\system32\40809ot-a-viru54bz.exe not found.
File/Folder c:\windows\system32\59dabzckdo5r106.bin not found.
File/Folder c:\windows\2bb9doz5loader6559.exe not found.
File/Folder c:\windows\25b9zparse1363.exe not found.
File/Folder c:\windows\system32\126075pamz9t7e5.bin not found.
File/Folder c:\windows\system32\54190viruz4d9.dll not found.
File/Folder c:\windows\96cadzware22235.exe not found.
File/Folder c:\windows\system32\79e95ownloadez645.exe not found.
File/Folder c:\windows\system32\9f91thzeat5433.bin not found.
File/Folder c:\windows\system32\16395spambot1z9.dll not found.
File/Folder c:\windows\system32\7c2zvir25905.dll not found.
File/Folder c:\windows\system32\23504spambot5z9.exe not found.
File/Folder c:\windows\system32\21965spy1bz.exe not found.
File/Folder c:\windows\14085noz-a-virus799.exe not found.
File/Folder c:\windows\5949zspy365.bin not found.
File/Folder c:\windows\system32\3045steaz979.exe not found.
File/Folder c:\windows\system32\31559worm25z9.exe not found.
File/Folder c:\windows\system32\94cf5hreat27155z.exe not found.
File/Folder c:\windows\system32\3165sp9ware15z2.bin not found.
File/Folder c:\windows\system32\5a9cbzck9oor1965.exe not found.
File/Folder c:\windows\1655tzreat25292.dll not found.
File/Folder c:\windows\995fsparsz701.dll not found.
File/Folder c:\windows\system32\2e83spazse2958.exe not found.
File/Folder c:\windows\55d5ste9lz152.bin not found.
File/Folder c:\windows\system32\1869vzru95c65.bin not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_4a8.dat scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_65c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02212009_170333

#8 skinsster

skinsster
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 February 2009 - 06:12 PM

DDS.txt


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 17:08:46.64 on 2009-02-21
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2589 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\SRNMIC~1\SOLOCFG.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [promo.exe] c:\windows\system32\promo.exe
mRun: [SoloSentry] c:\srnmic~1\SOLOSENT.EXE
mRun: [SoloSchedule] c:\srnmic~1\SOLOCFG.EXE
mRun: [SoloSysCheck] c:\srnmic~1\SYSCHECK.COM
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201623182234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201623279343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\fbz9btt3.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-19 138680]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2008-5-26 53307]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-19 352920]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1079176]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-02-21 11:48 389,120 a------- c:\windows\system32\CF28146.exe
2009-02-21 11:48 <DIR> --d----- C:\ComboFix
2009-02-21 11:37 389,120 a------- c:\windows\system32\CF26343.exe
2009-02-21 11:09 389,120 a------- c:\windows\system32\CF20481.exe
2009-02-21 08:18 161,792 a------- c:\windows\SWREG.exe
2009-02-21 08:18 98,816 a------- c:\windows\sed.exe
2009-02-21 04:55 250 a------- c:\windows\gmer.ini
2009-02-21 04:45 <DIR> --d----- C:\_OTMoveIt
2009-02-19 09:06 <DIR> --d----- c:\documents and settings\administrator\DoctorWeb
2009-02-18 22:31 38 a------- c:\windows\SOLOSCAN.BAT
2009-02-18 22:31 <DIR> --d----- C:\SRN Micro
2009-02-17 23:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\Uniblue
2009-02-17 01:32 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 01:32 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 01:32 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 01:32 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 01:32 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 01:32 <DIR> --d----- c:\docume~1\admini~1\applic~1\PC Tools
2009-02-17 01:15 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-17 01:15 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 01:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 01:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 01:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-17 00:54 <DIR> --d----- c:\program files\CCleaner
2009-01-29 19:08 1,415,680 a------- c:\windows\system32\WMV9VCM.DLL
2009-01-29 19:08 49,152 a------- c:\windows\system32\TSCCVID.DLL
2009-01-29 19:06 <DIR> --d----- c:\program files\TESTOUT
2009-01-29 18:07 <DIR> --d----- c:\program files\MSECache
2009-01-24 17:24 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-24 17:24 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-24 17:23 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-01-24 17:23 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys

==================== Find3M ====================

2009-01-15 23:04 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-01-15 23:04 17,212 a------t c:\windows\system32\SIntf32.dll
2009-01-15 23:04 12,067 a------t c:\windows\system32\SIntf16.dll
2008-12-26 15:55 5 a------- c:\windows\system32\drivers\DELL_OPT_GX280.MRK
2008-12-26 15:55 5 a------- c:\windows\system32\drivers\1028_DELL_OPT_GX280.MRK
2008-12-20 17:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-22 01:29 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-11-22 01:29 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat
2008-11-22 01:29 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 17:09:07.53 ===============

Attached Files



#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 22 February 2009 - 01:56 AM

Delete ALL version of ComboFix that you have in your computer and do below...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 skinsster

skinsster
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 22 February 2009 - 10:27 PM

The pop ups have stopped so I do not know if the virus is deleted or just not working however.

ComboFix 09-02-21.01 - Administrator 2009-02-22 21:22:16.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2643 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt

.
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.

2009-12-27 06:17 . 2009-12-27 06:17 13,619 --a------ c:\windows\299615rojz36.exe
2009-12-24 23:55 . 2009-12-24 23:55 4,109 --a------ c:\windows\53z5stea92776.cpl
2009-12-23 19:37 . 2009-12-23 19:37 10,380 --a------ c:\windows\295595rojz2f.cpl
2009-12-20 19:43 . 2009-12-20 19:43 4,314 --a------ c:\windows\35z0ba9k5oor1653.cpl
2009-12-20 01:17 . 2009-12-20 01:17 11,355 --a------ c:\windows\system32\457athief97z0.cpl
2009-12-19 15:23 . 2009-12-19 15:23 14,430 --a------ c:\windows\system32\3e91threatz6295.cpl
2009-12-18 01:35 . 2009-12-18 01:35 12,718 --a------ c:\windows\6056z9reat15191.bin
2009-12-17 11:52 . 2009-12-17 11:52 8,702 --a------ c:\windows\system32\19978not-a5zirus193.dll
2009-12-15 00:08 . 2009-12-15 00:08 7,221 --a------ c:\windows\system32\12z99irus353.exe
2009-12-14 19:54 . 2009-12-14 19:54 15,282 --a------ c:\windows\system32\10515hackzo9l6c2.cpl
2009-12-14 12:47 . 2009-12-14 12:47 6,677 --a------ c:\windows\system32\7za3spyw9r51629.exe
2009-12-13 19:53 . 2009-12-13 19:53 5,868 --a------ c:\windows\system32\7z56not-a-viru99d.ocx
2009-12-13 16:50 . 2009-12-13 16:50 10,003 --a------ c:\windows\1886zspy9a25.cpl
2009-12-13 11:55 . 2009-12-13 11:55 6,384 --a------ c:\windows\45d1szyware952.cpl
2009-12-13 04:34 . 2009-12-13 04:34 11,185 --a------ c:\windows\system32\5b7z5hief897.ocx
2009-12-12 22:09 . 2009-12-12 22:09 17,485 --a------ c:\windows\system32\1927zviru93d5.ocx
2009-12-12 11:23 . 2009-12-12 11:23 13,729 --a------ c:\windows\system32\28419no9-a-vizus665.exe
2009-12-12 05:16 . 2009-12-12 05:16 10,996 --a------ c:\windows\15375not-a-vzrus2b79.dll
2009-12-10 21:36 . 2009-12-10 21:36 10,417 --a------ c:\windows\system32\59a9zarse2919.ocx
2009-12-09 02:05 . 2009-12-09 02:05 16,784 --a------ c:\windows\12353sz536d9.cpl
2009-12-08 18:19 . 2009-12-08 18:19 4,038 --a------ c:\windows\5e8zvir9545.bin
2009-12-07 02:37 . 2009-12-07 02:37 6,000 --a------ c:\windows\29410not-a-vir5s3z7.bin
2009-12-06 20:01 . 2009-12-06 20:01 8,837 --a------ c:\windows\system32\7505not-a-vi9us19az.cpl
2009-12-06 17:36 . 2009-12-06 17:36 15,187 --a------ c:\windows\system32\57eb9tezl5645.bin
2009-12-05 20:29 . 2009-12-05 20:29 12,230 --a------ c:\windows\system32\1075py55z9.ocx
2009-12-03 14:47 . 2009-12-03 14:47 6,147 --a------ c:\windows\5494ste5l2z76.ocx
2009-12-03 08:01 . 2009-12-03 08:01 7,722 --a------ c:\windows\6235downloaderz896.exe
2009-12-02 04:20 . 2009-12-02 04:20 6,466 --a------ c:\windows\174zspyw9re825.bin
2009-11-28 16:18 . 2009-11-28 16:18 6,838 --a------ c:\windows\29897spy53z9.exe
2009-11-28 14:24 . 2009-11-28 14:24 5,683 --a------ c:\windows\38c6threa91546z.dll
2009-11-27 23:56 . 2009-11-27 23:56 7,719 --a------ c:\windows\z0420v9rus45a.cpl
2009-11-27 16:44 . 2009-11-27 16:44 17,192 --a------ c:\windows\57750worm5z9.exe
2009-11-26 05:54 . 2009-11-26 05:54 11,825 --a------ c:\windows\system32\605fa5dware2890z.exe
2009-11-23 07:56 . 2009-11-23 07:56 4,759 --a------ c:\windows\system32\31z21spy591.exe
2009-11-21 07:05 . 2009-11-21 07:05 9,002 --a------ c:\windows\afdbzckdoo52901.exe
2009-11-20 15:39 . 2009-11-20 15:39 7,071 --a------ c:\windows\system32\90a9s5eal3106z.dll
2009-11-19 03:36 . 2009-11-19 03:36 9,662 --a------ c:\windows\system32\4b3zsp95are.bin
2009-11-15 19:59 . 2009-11-15 19:59 15,115 --a------ c:\windows\1599t5reaz9875.ocx
2009-11-14 15:53 . 2009-11-14 15:53 15,136 --a------ c:\windows\1z022wor9551.cpl
2009-11-13 19:28 . 2009-11-13 19:28 12,790 --a------ c:\windows\system32\19519hacktoolz2e.dll
2009-11-12 17:10 . 2009-11-12 17:10 9,434 --a------ c:\windows\system32\1680hacz9o5l795.bin
2009-11-11 11:21 . 2009-11-11 11:21 10,265 --a------ c:\windows\system32\7fa1backz9or1955.dll
2009-11-11 03:06 . 2009-11-11 03:06 12,592 --a------ c:\windows\35059irz963.ocx
2009-11-10 20:46 . 2009-11-10 20:46 12,537 --a------ c:\windows\656zvir9142.ocx
2009-11-08 17:34 . 2009-11-08 17:34 9,584 --a------ c:\windows\6z45thr9at8398.dll
2009-11-04 12:54 . 2009-11-04 12:54 17,969 --a------ c:\windows\2z119v5rus525.cpl
2009-11-04 12:06 . 2009-11-04 12:06 10,835 --a------ c:\windows\system32\z4430wor91dd5.dll
2009-11-02 15:23 . 2009-11-02 15:23 16,824 --a------ c:\windows\91cfthie52763z.dll
2009-11-02 13:41 . 2009-11-02 13:41 14,192 --a------ c:\windows\604cthizf9355.ocx
2009-11-02 09:09 . 2009-11-02 09:09 4,207 --a------ c:\windows\751back5ozr199.ocx
2009-11-01 20:18 . 2009-11-01 20:18 4,187 --a------ c:\windows\95658virzs683.bin
2009-11-01 07:24 . 2009-11-01 07:24 10,547 --a------ c:\windows\50309ormaez.bin
2009-10-27 06:02 . 2009-10-27 06:02 4,065 --a------ c:\windows\16bfthrz5t14990.dll
2009-10-25 21:30 . 2009-10-25 21:30 15,548 --a------ c:\windows\system32\614e59zware1755.bin
2009-10-25 20:32 . 2009-10-25 20:32 8,279 --a------ c:\windows\system32\d965zyware71.cpl
2009-10-24 05:42 . 2009-10-24 05:42 8,875 --a------ c:\windows\system32\3d9cspywa5e1z29.exe
2009-10-24 01:26 . 2009-10-24 01:26 2,710 --a------ c:\windows\z1518not-a-virus90.exe
2009-10-23 13:59 . 2009-10-23 13:59 11,900 --a------ c:\windows\9zfbackdoor5321.dll
2009-10-22 18:40 . 2009-10-22 18:40 3,528 --a------ c:\windows\system32\29181troz155.bin
2009-10-22 12:11 . 2009-10-22 12:11 5,637 --a------ c:\windows\29c1zpywar51594.dll
2009-10-22 08:09 . 2009-10-22 08:09 14,207 --a------ c:\windows\system32\912bszarse1395.dll
2009-10-21 04:11 . 2009-10-21 04:11 10,859 --a------ c:\windows\system32\3z587spy379.ocx
2009-10-18 19:47 . 2009-10-18 19:47 14,965 --a------ c:\windows\917noz-5-9irus178.ocx
2009-10-18 02:02 . 2009-10-18 02:02 5,596 --a------ c:\windows\system32\1957threa515z68.exe
2009-10-16 14:53 . 2009-10-16 14:53 17,621 --a------ c:\windows\53999virus1z9.ocx
2009-10-12 10:25 . 2009-10-12 10:25 5,306 --a------ c:\windows\7bbcazd5a9e2659.bin
2009-10-12 06:13 . 2009-10-12 06:13 10,676 --a------ c:\windows\7d485hreat92z.cpl
2009-10-11 14:10 . 2009-10-11 14:10 8,402 --a------ c:\windows\10959not-a-zirus2ed.ocx
2009-10-10 11:19 . 2009-10-10 11:19 13,825 --a------ c:\windows\27fdst9al174z5.dll
2009-10-07 16:04 . 2009-10-07 16:04 16,324 --a------ c:\windows\521bzd9w5re3063.ocx
2009-10-05 22:55 . 2009-10-05 22:55 3,590 --a------ c:\windows\182z59orm58f.ocx
2009-10-04 22:54 . 2009-10-04 22:54 4,119 --a------ c:\windows\3516thrzat22892.bin
2009-10-04 22:15 . 2009-10-04 22:15 10,714 --a------ c:\windows\49favzr95.bin
2009-10-04 15:43 . 2009-10-04 15:43 13,226 --a------ c:\windows\2955virusbz.cpl
2009-10-03 19:27 . 2009-10-03 19:27 14,562 --a------ c:\windows\system32\19z99hack5oolb3.exe
2009-10-02 19:41 . 2009-10-02 19:41 7,420 --a------ c:\windows\18559zirus659.ocx
2009-10-02 11:21 . 2009-10-02 11:21 4,498 --a------ c:\windows\25c0spa5s9z56.cpl
2009-09-27 11:55 . 2009-09-27 11:55 9,268 --a------ c:\windows\system32\124469zrm25b.dll
2009-09-27 04:01 . 2009-09-27 04:01 11,998 --a------ c:\windows\system32\9885wo9mz61.ocx
2009-09-26 01:18 . 2009-09-26 01:18 12,675 --a------ c:\windows\system32\71f6threat95065z.dll
2009-09-25 18:47 . 2009-09-25 18:47 4,804 --a------ c:\windows\69f0zownlo5der608.dll
2009-09-24 22:35 . 2009-09-24 22:35 14,548 --a------ c:\windows\953downl95der2385z.exe
2009-09-24 08:36 . 2009-09-24 08:36 11,368 --a------ c:\windows\system32\2674n9t-a-v5rus6bz.bin
2009-09-23 11:22 . 2009-09-23 11:22 12,301 --a------ c:\windows\system32\1z94st9al505.dll
2009-09-23 07:06 . 2009-09-23 07:06 5,440 --a------ c:\windows\15z39worm95.exe
2009-09-22 00:15 . 2009-09-22 00:15 5,867 --a------ c:\windows\system32\d459r2z67.cpl
2009-09-19 05:43 . 2009-09-19 05:43 10,226 --a------ c:\windows\5e4bszy5are31729.dll
2009-09-17 20:49 . 2009-09-17 20:49 11,722 --a------ c:\windows\system32\d45sparse27z59.dll
2009-09-17 16:00 . 2009-09-17 16:00 2,660 --a------ c:\windows\system32\z99579acktool185.cpl
2009-09-16 18:55 . 2009-09-16 18:55 12,764 --a------ c:\windows\4d56thiefz4349.dll
2009-09-13 16:50 . 2009-09-13 16:50 13,979 --a------ c:\windows\system32\5739tzreat8459.ocx
2009-09-13 13:43 . 2009-09-13 13:43 4,679 --a------ c:\windows\6dd2spy5ar9307z.exe
2009-09-11 12:27 . 2009-09-11 12:27 17,446 --a------ c:\windows\5055s9ambot5zd.exe
2009-09-10 07:08 . 2009-09-10 07:08 18,407 --a------ c:\windows\system32\9064threat52z56.ocx
2009-09-06 05:02 . 2009-09-06 05:02 3,423 --a------ c:\windows\625edownlozder9686.cpl
2009-09-05 23:25 . 2009-09-05 23:25 9,280 --a------ c:\windows\31562viruz591.dll
2009-09-05 17:19 . 2009-09-05 17:19 15,171 --a------ c:\windows\12655szamb9t688.ocx
2009-09-04 18:22 . 2009-09-04 18:22 14,934 --a------ c:\windows\1b3zdownl59der2845.ocx
2009-09-01 16:36 . 2009-09-01 16:36 7,328 --a------ c:\windows\9e15stzal2492.bin
2009-08-26 18:39 . 2009-08-26 18:39 2,966 --a------ c:\windows\15597not-9-virus5az.ocx
2009-08-25 19:18 . 2009-08-25 19:18 11,625 --a------ c:\windows\7bd5stza92060.cpl
2009-08-25 08:24 . 2009-08-25 08:24 17,470 --a------ c:\windows\system32\9z75thief2502.bin
2009-08-23 23:45 . 2009-08-23 23:45 12,551 --a------ c:\windows\5357wor916dz.ocx
2009-08-21 23:23 . 2009-08-21 23:23 2,708 --a------ c:\windows\system32\321s59az3162.ocx
2009-08-21 19:18 . 2009-08-21 19:18 3,223 --a------ c:\windows\system32\555fvirz69.bin
2009-08-20 10:13 . 2009-08-20 10:13 12,307 --a------ c:\windows\system32\319z0hackt9ol195.bin
2009-08-20 02:33 . 2009-08-20 02:33 12,801 --a------ c:\windows\system32\3583zvirus189.cpl
2009-08-19 00:34 . 2009-08-19 00:34 17,362 --a------ c:\windows\9101hac5tzol678.exe
2009-08-18 06:48 . 2009-08-18 06:48 16,607 --a------ c:\windows\system32\146zspyware15929.exe
2009-08-17 13:10 . 2009-08-17 13:10 4,782 --a------ c:\windows\z9416viru52d7.ocx
2009-08-16 00:35 . 2009-08-16 00:35 8,970 --a------ c:\windows\system32\555bspyware49z.exe
2009-08-15 17:39 . 2009-08-15 17:39 9,811 --a------ c:\windows\system32\35869hrea515809z.ocx
2009-08-15 13:31 . 2009-08-15 13:31 5,855 --a------ c:\windows\system32\zec7spyware29895.dll
2009-08-14 23:08 . 2009-08-14 23:08 9,724 --a------ c:\windows\12948n5t-a-vir9s192z.dll
2009-08-14 08:31 . 2009-08-14 08:31 5,194 --a------ c:\windows\1360znot-5-virus69e.cpl
2009-08-08 06:22 . 2009-08-08 06:22 14,652 --a------ c:\windows\37c0th9eat29506z.ocx
2009-08-07 04:19 . 2009-08-07 04:19 4,174 --a------ c:\windows\system32\251z2n9t-a-virus13f.dll
2009-08-06 03:55 . 2009-08-06 03:55 17,295 --a------ c:\windows\1696sp9mb5z1a8.exe
2009-08-05 22:58 . 2009-08-05 22:58 3,014 --a------ c:\windows\system32\558threat6z09.ocx
2009-08-05 06:05 . 2009-08-05 06:05 13,948 --a------ c:\windows\243359otza-virus164.exe
2009-08-03 13:32 . 2009-08-03 13:32 3,996 --a------ c:\windows\5094virz042.dll
2009-08-03 09:18 . 2009-08-03 09:18 15,426 --a------ c:\windows\system32\74z7spamb5t99.dll
2009-08-03 02:43 . 2009-08-03 02:43 11,671 --a------ c:\windows\system32\2zd79a5kdoor1293.dll
2009-08-03 01:57 . 2009-08-03 01:57 5,678 --a------ c:\windows\system32\28e6t5iez1398.exe
2009-07-31 21:19 . 2009-07-31 21:19 5,557 --a------ c:\windows\1e34spzrse2952.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 02:36 --------- d-----w c:\documents and settings\Administrator\Application Data\OpenOffice.org2
2009-02-22 03:32 --------- d-----w c:\program files\Warcraft III
2009-02-14 00:13 --------- d-----w c:\program files\World of Warcraft
2009-02-11 05:31 --------- d-----w c:\program files\Java
2009-01-20 15:20 --------- d-----w c:\program files\Diablo II
2009-01-16 05:04 21,840 ----atw c:\windows\system32\SIntfNT.dll
2009-01-16 05:04 17,212 ----atw c:\windows\system32\SIntf32.dll
2009-01-16 05:04 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-12-29 02:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 02:00 --------- d-----w c:\program files\Broadcom
2008-12-26 21:57 --------- d-----w c:\program files\Intel
2008-12-26 21:55 5 ----a-w c:\windows\system32\drivers\DELL_OPT_GX280.MRK
2008-12-26 21:55 5 ----a-w c:\windows\system32\drivers\1028_DELL_OPT_GX280.MRK
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-22 07:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-11-22 07:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112220081123\index.dat
2008-11-22 07:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-21_11.21.39.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-21 10:55:52 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 03:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2009-02-21 10:55:52 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2009-02-23 02:36:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_25c.dat
+ 2009-02-23 02:36:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= tsccvid.dll 0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1254:UDP"= 1254:UDP:Windows Media Format SDK (firefox.exe)
"1255:UDP"= 1255:UDP:Windows Media Format SDK (firefox.exe)
"1256:UDP"= 1256:UDP:Windows Media Format SDK (firefox.exe)
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-02 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-02 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-02 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-02 17664]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-19 20560]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2008-05-26 53307]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-02 11029]
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-promo.exe - c:\windows\system32\promo.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fbz9btt3.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 21:23:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-22 21:24:59
ComboFix-quarantined-files.txt 2009-02-23 03:24:42

Pre-Run: 172,384,501,760 bytes free
Post-Run: 172,379,152,384 bytes free

248 --- E O F --- 2009-02-11 05:31:30

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 23 February 2009 - 10:36 AM

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


Why you didn't install Recovery Console as I told you before? Please install Recovery Console this time..



1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\299615rojz36.exe
c:\windows\53z5stea92776.cpl
c:\windows\295595rojz2f.cpl
c:\windows\35z0ba9k5oor1653.cpl
c:\windows\system32\457athief97z0.cpl
c:\windows\system32\3e91threatz6295.cpl
c:\windows\6056z9reat15191.bin
c:\windows\system32\19978not-a5zirus193.dll
c:\windows\system32\12z99irus353.exe
c:\windows\system32\10515hackzo9l6c2.cpl
c:\windows\system32\7za3spyw9r51629.exe
c:\windows\system32\7z56not-a-viru99d.ocx
c:\windows\1886zspy9a25.cpl
c:\windows\45d1szyware952.cpl
c:\windows\system32\5b7z5hief897.ocx
c:\windows\system32\1927zviru93d5.ocx
c:\windows\system32\28419no9-a-vizus665.exe
c:\windows\15375not-a-vzrus2b79.dll
c:\windows\system32\59a9zarse2919.ocx
c:\windows\12353sz536d9.cpl
c:\windows\5e8zvir9545.bin
c:\windows\29410not-a-vir5s3z7.bin
c:\windows\system32\7505not-a-vi9us19az.cpl
c:\windows\system32\57eb9tezl5645.bin
c:\windows\system32\1075py55z9.ocx
c:\windows\5494ste5l2z76.ocx
c:\windows\6235downloaderz896.exe
c:\windows\174zspyw9re825.bin
c:\windows\29897spy53z9.exe
c:\windows\38c6threa91546z.dll
c:\windows\z0420v9rus45a.cpl
c:\windows\57750worm5z9.exe
c:\windows\system32\605fa5dware2890z.exe
c:\windows\system32\31z21spy591.exe
c:\windows\afdbzckdoo52901.exe
c:\windows\system32\90a9s5eal3106z.dll
c:\windows\system32\4b3zsp95are.bin
c:\windows\1599t5reaz9875.ocx
c:\windows\1z022wor9551.cpl
c:\windows\system32\19519hacktoolz2e.dll
c:\windows\system32\1680hacz9o5l795.bin
c:\windows\system32\7fa1backz9or1955.dll
c:\windows\35059irz963.ocx
c:\windows\656zvir9142.ocx
c:\windows\6z45thr9at8398.dll
c:\windows\2z119v5rus525.cpl
c:\windows\system32\z4430wor91dd5.dll
c:\windows\91cfthie52763z.dll
c:\windows\604cthizf9355.ocx
c:\windows\751back5ozr199.ocx
c:\windows\95658virzs683.bin
c:\windows\50309ormaez.bin
c:\windows\16bfthrz5t14990.dll
c:\windows\system32\614e59zware1755.bin
c:\windows\system32\d965zyware71.cpl
c:\windows\system32\3d9cspywa5e1z29.exe
c:\windows\z1518not-a-virus90.exe
c:\windows\9zfbackdoor5321.dll
c:\windows\system32\29181troz155.bin
c:\windows\29c1zpywar51594.dll
c:\windows\system32\912bszarse1395.dll
c:\windows\system32\3z587spy379.ocx
c:\windows\917noz-5-9irus178.ocx
c:\windows\system32\1957threa515z68.exe
c:\windows\53999virus1z9.ocx
c:\windows\7bbcazd5a9e2659.bin
c:\windows\7d485hreat92z.cpl
c:\windows\10959not-a-zirus2ed.ocx
c:\windows\27fdst9al174z5.dll
c:\windows\521bzd9w5re3063.ocx
c:\windows\182z59orm58f.ocx
c:\windows\3516thrzat22892.bin
c:\windows\49favzr95.bin
c:\windows\2955virusbz.cpl
c:\windows\system32\19z99hack5oolb3.exe
c:\windows\18559zirus659.ocx
c:\windows\25c0spa5s9z56.cpl
c:\windows\system32\124469zrm25b.dll
c:\windows\system32\9885wo9mz61.ocx
c:\windows\system32\71f6threat95065z.dll
c:\windows\69f0zownlo5der608.dll
c:\windows\953downl95der2385z.exe
c:\windows\system32\2674n9t-a-v5rus6bz.bin
c:\windows\system32\1z94st9al505.dll
c:\windows\15z39worm95.exe
c:\windows\system32\d459r2z67.cpl
c:\windows\5e4bszy5are31729.dll
c:\windows\system32\d45sparse27z59.dll
c:\windows\system32\z99579acktool185.cpl
c:\windows\4d56thiefz4349.dll
c:\windows\system32\5739tzreat8459.ocx
c:\windows\6dd2spy5ar9307z.exe
c:\windows\5055s9ambot5zd.exe
c:\windows\system32\9064threat52z56.ocx
c:\windows\625edownlozder9686.cpl
c:\windows\31562viruz591.dll
c:\windows\12655szamb9t688.ocx
c:\windows\1b3zdownl59der2845.ocx
c:\windows\9e15stzal2492.bin
c:\windows\15597not-9-virus5az.ocx
c:\windows\7bd5stza92060.cpl
c:\windows\system32\9z75thief2502.bin
c:\windows\5357wor916dz.ocx
c:\windows\system32\321s59az3162.ocx
c:\windows\system32\555fvirz69.bin
c:\windows\system32\319z0hackt9ol195.bin
c:\windows\system32\3583zvirus189.cpl
c:\windows\9101hac5tzol678.exe
c:\windows\system32\146zspyware15929.exe
c:\windows\z9416viru52d7.ocx
c:\windows\system32\555bspyware49z.exe
c:\windows\system32\35869hrea515809z.ocx
c:\windows\system32\zec7spyware29895.dll
c:\windows\12948n5t-a-vir9s192z.dll
c:\windows\1360znot-5-virus69e.cpl
c:\windows\37c0th9eat29506z.ocx
c:\windows\system32\251z2n9t-a-virus13f.dll
c:\windows\1696sp9mb5z1a8.exe
c:\windows\system32\558threat6z09.ocx
c:\windows\243359otza-virus164.exe
c:\windows\5094virz042.dll
c:\windows\system32\74z7spamb5t99.dll
c:\windows\system32\2zd79a5kdoor1293.dll
c:\windows\system32\28e6t5iez1398.exe
c:\windows\1e34spzrse2952.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 skinsster

skinsster
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 23 February 2009 - 07:51 PM

It will not allow me to install recovery console it clicked to install it each time but it does not work

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 23 February 2009 - 09:42 PM

Ok.. Just proceed with CFScript step :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 skinsster

skinsster
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 26 February 2009 - 12:44 AM

This is the Combofix log:

ComboFix 09-02-25.02 - Administrator 2009-02-25 23:35:28.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2622 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090225-1] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\10959not-a-zirus2ed.ocx
c:\windows\12353sz536d9.cpl
c:\windows\12655szamb9t688.ocx
c:\windows\12948n5t-a-vir9s192z.dll
c:\windows\1360znot-5-virus69e.cpl
c:\windows\15375not-a-vzrus2b79.dll
c:\windows\15597not-9-virus5az.ocx
c:\windows\1599t5reaz9875.ocx
c:\windows\15z39worm95.exe
c:\windows\1696sp9mb5z1a8.exe
c:\windows\16bfthrz5t14990.dll
c:\windows\174zspyw9re825.bin
c:\windows\182z59orm58f.ocx
c:\windows\18559zirus659.ocx
c:\windows\1886zspy9a25.cpl
c:\windows\1b3zdownl59der2845.ocx
c:\windows\1e34spzrse2952.exe
c:\windows\1z022wor9551.cpl
c:\windows\243359otza-virus164.exe
c:\windows\25c0spa5s9z56.cpl
c:\windows\27fdst9al174z5.dll
c:\windows\29410not-a-vir5s3z7.bin
c:\windows\295595rojz2f.cpl
c:\windows\2955virusbz.cpl
c:\windows\29897spy53z9.exe
c:\windows\299615rojz36.exe
c:\windows\29c1zpywar51594.dll
c:\windows\2z119v5rus525.cpl
c:\windows\31562viruz591.dll
c:\windows\35059irz963.ocx
c:\windows\3516thrzat22892.bin
c:\windows\35z0ba9k5oor1653.cpl
c:\windows\37c0th9eat29506z.ocx
c:\windows\38c6threa91546z.dll
c:\windows\45d1szyware952.cpl
c:\windows\49favzr95.bin
c:\windows\4d56thiefz4349.dll
c:\windows\50309ormaez.bin
c:\windows\5055s9ambot5zd.exe
c:\windows\5094virz042.dll
c:\windows\521bzd9w5re3063.ocx
c:\windows\5357wor916dz.ocx
c:\windows\53999virus1z9.ocx
c:\windows\53z5stea92776.cpl
c:\windows\5494ste5l2z76.ocx
c:\windows\57750worm5z9.exe
c:\windows\5e4bszy5are31729.dll
c:\windows\5e8zvir9545.bin
c:\windows\604cthizf9355.ocx
c:\windows\6056z9reat15191.bin
c:\windows\6235downloaderz896.exe
c:\windows\625edownlozder9686.cpl
c:\windows\656zvir9142.ocx
c:\windows\69f0zownlo5der608.dll
c:\windows\6dd2spy5ar9307z.exe
c:\windows\6z45thr9at8398.dll
c:\windows\751back5ozr199.ocx
c:\windows\7bbcazd5a9e2659.bin
c:\windows\7bd5stza92060.cpl
c:\windows\7d485hreat92z.cpl
c:\windows\9101hac5tzol678.exe
c:\windows\917noz-5-9irus178.ocx
c:\windows\91cfthie52763z.dll
c:\windows\953downl95der2385z.exe
c:\windows\95658virzs683.bin
c:\windows\9e15stzal2492.bin
c:\windows\9zfbackdoor5321.dll
c:\windows\afdbzckdoo52901.exe
c:\windows\system32\10515hackzo9l6c2.cpl
c:\windows\system32\1075py55z9.ocx
c:\windows\system32\124469zrm25b.dll
c:\windows\system32\12z99irus353.exe
c:\windows\system32\146zspyware15929.exe
c:\windows\system32\1680hacz9o5l795.bin
c:\windows\system32\1927zviru93d5.ocx
c:\windows\system32\19519hacktoolz2e.dll
c:\windows\system32\1957threa515z68.exe
c:\windows\system32\19978not-a5zirus193.dll
c:\windows\system32\19z99hack5oolb3.exe
c:\windows\system32\1z94st9al505.dll
c:\windows\system32\251z2n9t-a-virus13f.dll
c:\windows\system32\2674n9t-a-v5rus6bz.bin
c:\windows\system32\28419no9-a-vizus665.exe
c:\windows\system32\28e6t5iez1398.exe
c:\windows\system32\29181troz155.bin
c:\windows\system32\2zd79a5kdoor1293.dll
c:\windows\system32\319z0hackt9ol195.bin
c:\windows\system32\31z21spy591.exe
c:\windows\system32\321s59az3162.ocx
c:\windows\system32\3583zvirus189.cpl
c:\windows\system32\35869hrea515809z.ocx
c:\windows\system32\3d9cspywa5e1z29.exe
c:\windows\system32\3e91threatz6295.cpl
c:\windows\system32\3z587spy379.ocx
c:\windows\system32\457athief97z0.cpl
c:\windows\system32\4b3zsp95are.bin
c:\windows\system32\555bspyware49z.exe
c:\windows\system32\555fvirz69.bin
c:\windows\system32\558threat6z09.ocx
c:\windows\system32\5739tzreat8459.ocx
c:\windows\system32\57eb9tezl5645.bin
c:\windows\system32\59a9zarse2919.ocx
c:\windows\system32\5b7z5hief897.ocx
c:\windows\system32\605fa5dware2890z.exe
c:\windows\system32\614e59zware1755.bin
c:\windows\system32\71f6threat95065z.dll
c:\windows\system32\74z7spamb5t99.dll
c:\windows\system32\7505not-a-vi9us19az.cpl
c:\windows\system32\7fa1backz9or1955.dll
c:\windows\system32\7z56not-a-viru99d.ocx
c:\windows\system32\7za3spyw9r51629.exe
c:\windows\system32\9064threat52z56.ocx
c:\windows\system32\90a9s5eal3106z.dll
c:\windows\system32\912bszarse1395.dll
c:\windows\system32\9885wo9mz61.ocx
c:\windows\system32\9z75thief2502.bin
c:\windows\system32\d459r2z67.cpl
c:\windows\system32\d45sparse27z59.dll
c:\windows\system32\d965zyware71.cpl
c:\windows\system32\z4430wor91dd5.dll
c:\windows\system32\z99579acktool185.cpl
c:\windows\system32\zec7spyware29895.dll
c:\windows\z0420v9rus45a.cpl
c:\windows\z1518not-a-virus90.exe
c:\windows\z9416viru52d7.ocx
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\10959not-a-zirus2ed.ocx
c:\windows\12353sz536d9.cpl
c:\windows\12655szamb9t688.ocx
c:\windows\12948n5t-a-vir9s192z.dll
c:\windows\1360znot-5-virus69e.cpl
c:\windows\15375not-a-vzrus2b79.dll
c:\windows\15597not-9-virus5az.ocx
c:\windows\1599t5reaz9875.ocx
c:\windows\15z39worm95.exe
c:\windows\1696sp9mb5z1a8.exe
c:\windows\16bfthrz5t14990.dll
c:\windows\174zspyw9re825.bin
c:\windows\182z59orm58f.ocx
c:\windows\18559zirus659.ocx
c:\windows\1886zspy9a25.cpl
c:\windows\1b3zdownl59der2845.ocx
c:\windows\1e34spzrse2952.exe
c:\windows\1z022wor9551.cpl
c:\windows\243359otza-virus164.exe
c:\windows\25c0spa5s9z56.cpl
c:\windows\27fdst9al174z5.dll
c:\windows\29410not-a-vir5s3z7.bin
c:\windows\295595rojz2f.cpl
c:\windows\2955virusbz.cpl
c:\windows\29897spy53z9.exe
c:\windows\299615rojz36.exe
c:\windows\29c1zpywar51594.dll
c:\windows\2z119v5rus525.cpl
c:\windows\31562viruz591.dll
c:\windows\35059irz963.ocx
c:\windows\3516thrzat22892.bin
c:\windows\35z0ba9k5oor1653.cpl
c:\windows\37c0th9eat29506z.ocx
c:\windows\38c6threa91546z.dll
c:\windows\45d1szyware952.cpl
c:\windows\49favzr95.bin
c:\windows\4d56thiefz4349.dll
c:\windows\50309ormaez.bin
c:\windows\5055s9ambot5zd.exe
c:\windows\5094virz042.dll
c:\windows\521bzd9w5re3063.ocx
c:\windows\5357wor916dz.ocx
c:\windows\53999virus1z9.ocx
c:\windows\53z5stea92776.cpl
c:\windows\5494ste5l2z76.ocx
c:\windows\57750worm5z9.exe
c:\windows\5e4bszy5are31729.dll
c:\windows\5e8zvir9545.bin
c:\windows\604cthizf9355.ocx
c:\windows\6056z9reat15191.bin
c:\windows\6235downloaderz896.exe
c:\windows\625edownlozder9686.cpl
c:\windows\656zvir9142.ocx
c:\windows\69f0zownlo5der608.dll
c:\windows\6dd2spy5ar9307z.exe
c:\windows\6z45thr9at8398.dll
c:\windows\751back5ozr199.ocx
c:\windows\7bbcazd5a9e2659.bin
c:\windows\7bd5stza92060.cpl
c:\windows\7d485hreat92z.cpl
c:\windows\9101hac5tzol678.exe
c:\windows\917noz-5-9irus178.ocx
c:\windows\91cfthie52763z.dll
c:\windows\953downl95der2385z.exe
c:\windows\95658virzs683.bin
c:\windows\9e15stzal2492.bin
c:\windows\9zfbackdoor5321.dll
c:\windows\afdbzckdoo52901.exe
c:\windows\system32\10515hackzo9l6c2.cpl
c:\windows\system32\1075py55z9.ocx
c:\windows\system32\124469zrm25b.dll
c:\windows\system32\12z99irus353.exe
c:\windows\system32\146zspyware15929.exe
c:\windows\system32\1680hacz9o5l795.bin
c:\windows\system32\1927zviru93d5.ocx
c:\windows\system32\19519hacktoolz2e.dll
c:\windows\system32\1957threa515z68.exe
c:\windows\system32\19978not-a5zirus193.dll
c:\windows\system32\19z99hack5oolb3.exe
c:\windows\system32\1z94st9al505.dll
c:\windows\system32\251z2n9t-a-virus13f.dll
c:\windows\system32\2674n9t-a-v5rus6bz.bin
c:\windows\system32\28419no9-a-vizus665.exe
c:\windows\system32\28e6t5iez1398.exe
c:\windows\system32\29181troz155.bin
c:\windows\system32\2zd79a5kdoor1293.dll
c:\windows\system32\319z0hackt9ol195.bin
c:\windows\system32\31z21spy591.exe
c:\windows\system32\321s59az3162.ocx
c:\windows\system32\3583zvirus189.cpl
c:\windows\system32\35869hrea515809z.ocx
c:\windows\system32\3d9cspywa5e1z29.exe
c:\windows\system32\3e91threatz6295.cpl
c:\windows\system32\3z587spy379.ocx
c:\windows\system32\457athief97z0.cpl
c:\windows\system32\4b3zsp95are.bin
c:\windows\system32\555bspyware49z.exe
c:\windows\system32\555fvirz69.bin
c:\windows\system32\558threat6z09.ocx
c:\windows\system32\5739tzreat8459.ocx
c:\windows\system32\57eb9tezl5645.bin
c:\windows\system32\59a9zarse2919.ocx
c:\windows\system32\5b7z5hief897.ocx
c:\windows\system32\605fa5dware2890z.exe
c:\windows\system32\614e59zware1755.bin
c:\windows\system32\71f6threat95065z.dll
c:\windows\system32\74z7spamb5t99.dll
c:\windows\system32\7505not-a-vi9us19az.cpl
c:\windows\system32\7fa1backz9or1955.dll
c:\windows\system32\7z56not-a-viru99d.ocx
c:\windows\system32\7za3spyw9r51629.exe
c:\windows\system32\9064threat52z56.ocx
c:\windows\system32\90a9s5eal3106z.dll
c:\windows\system32\912bszarse1395.dll
c:\windows\system32\9885wo9mz61.ocx
c:\windows\system32\9z75thief2502.bin
c:\windows\system32\d459r2z67.cpl
c:\windows\system32\d45sparse27z59.dll
c:\windows\system32\d965zyware71.cpl
c:\windows\system32\z4430wor91dd5.dll
c:\windows\system32\z99579acktool185.cpl
c:\windows\system32\zec7spyware29895.dll
c:\windows\z0420v9rus45a.cpl
c:\windows\z1518not-a-virus90.exe
c:\windows\z9416viru52d7.ocx

.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-07-28 16:34 . 2009-07-28 16:34 12,351 --a------ c:\windows\6f62zd9ware55.bin
2009-07-28 14:30 . 2009-07-28 14:30 12,083 --a------ c:\windows\729backd95r2z23.ocx
2009-07-27 15:45 . 2009-07-27 15:45 6,171 --a------ c:\windows\215dspazs92806.ocx
2009-07-26 04:18 . 2009-07-26 04:18 12,527 --a------ c:\windows\system32\5107troz90c.exe
2009-07-24 07:59 . 2009-07-24 07:59 10,152 --a------ c:\windows\system32\297z75roj508.bin
2009-07-22 05:37 . 2009-07-22 05:37 7,988 --a------ c:\windows\system32\1ed8vi519z5.dll
2009-07-22 00:05 . 2009-07-22 00:05 11,314 --a------ c:\windows\10638viz5s3f9.cpl
2009-07-21 18:37 . 2009-07-21 18:37 2,819 --a------ c:\windows\system32\15405szy1859.ocx
2009-07-20 21:22 . 2009-07-20 21:22 14,535 --a------ c:\windows\system32\72z9vir1365.cpl
2009-07-20 07:14 . 2009-07-20 07:14 6,483 --a------ c:\windows\2z359ddware1270.ocx
2009-07-18 05:48 . 2009-07-18 05:48 16,249 --a------ c:\windows\system32\256469zy15b.exe
2009-07-17 22:01 . 2009-07-17 22:01 3,000 --a------ c:\windows\z82spar9e8095.exe
2009-07-17 20:00 . 2009-07-17 20:00 11,770 --a------ c:\windows\55639zreat26935.bin
2009-07-17 19:03 . 2009-07-17 19:03 10,208 --a------ c:\windows\system32\279799o5z399.ocx
2009-07-17 14:52 . 2009-07-17 14:52 14,736 --a------ c:\windows\9ba55dzware859.ocx
2009-07-17 13:33 . 2009-07-17 13:33 7,672 --a------ c:\windows\system32\57a5zp9ware1994.dll
2009-07-16 05:46 . 2009-07-16 05:46 4,091 --a------ c:\windows\774fs9e5z3139.bin
2009-07-15 11:00 . 2009-07-15 11:00 9,292 --a------ c:\windows\4ec95z293.dll
2009-07-11 16:21 . 2009-07-11 16:21 15,172 --a------ c:\windows\6a429zief3511.cpl
2009-07-11 15:33 . 2009-07-11 15:33 7,720 --a------ c:\windows\zd395ir54.cpl
2009-07-11 02:24 . 2009-07-11 02:24 8,765 --a------ c:\windows\6845st9al3003z.dll
2009-07-10 11:35 . 2009-07-10 11:35 4,459 --a------ c:\windows\25029spamb5z4a9.cpl
2009-07-07 20:35 . 2009-07-07 20:35 8,114 --a------ c:\windows\69z9spa5se1967.bin
2009-07-07 08:25 . 2009-07-07 08:25 4,600 --a------ c:\windows\19295wo5mz79.dll
2009-07-06 03:57 . 2009-07-06 03:57 2,840 --a------ c:\windows\6739thief655z.ocx
2009-07-05 18:51 . 2009-07-05 18:51 12,377 --a------ c:\windows\system32\594fzparse2385.ocx
2009-07-05 06:28 . 2009-07-05 06:28 11,437 --a------ c:\windows\6931haczto5l245.cpl
2009-07-05 05:06 . 2009-07-05 05:06 12,276 --a------ c:\windows\system32\291et5izf725.ocx
2009-07-01 08:34 . 2009-07-01 08:34 12,753 --a------ c:\windows\2z400vi5u9198.exe
2009-06-30 21:45 . 2009-06-30 21:45 7,893 --a------ c:\windows\159asp5rse1168z.cpl
2009-06-28 02:49 . 2009-06-28 02:49 4,734 --a------ c:\windows\system32\z250059cktool78e.ocx
2009-06-27 20:03 . 2009-06-27 20:03 6,095 --a------ c:\windows\system32\5296szywar5190.exe
2009-06-26 17:38 . 2009-06-26 17:38 8,532 --a------ c:\windows\system32\27459wozm597.dll
2009-06-26 13:50 . 2009-06-26 13:50 9,086 --a------ c:\windows\system32\1c5z9ddw5re3114.dll
2009-06-25 10:03 . 2009-06-25 10:03 13,714 --a------ c:\windows\z7925troj39b.ocx
2009-06-24 05:11 . 2009-06-24 05:11 15,353 --a------ c:\windows\3d98s5zrse288.exe
2009-06-23 18:20 . 2009-06-23 18:20 3,305 --a------ c:\windows\system32\5292zhief18189.dll
2009-06-22 12:45 . 2009-06-22 12:45 17,393 --a------ c:\windows\system32\2652down9oader304z.bin
2009-06-20 14:28 . 2009-06-20 14:28 4,718 --a------ c:\windows\system32\25df9parse542z.ocx
2009-06-18 09:57 . 2009-06-18 09:57 7,519 --a------ c:\windows\5bzthief393.cpl
2009-06-18 08:59 . 2009-06-18 08:59 7,645 --a------ c:\windows\2287spyw5r9z389.exe
2009-06-16 14:27 . 2009-06-16 14:27 17,662 --a------ c:\windows\system32\198085azktool9c4.cpl
2009-06-15 23:07 . 2009-06-15 23:07 6,754 --a------ c:\windows\system32\21929sp5mboz1d6.ocx
2009-06-15 06:33 . 2009-06-15 06:33 11,014 --a------ c:\windows\19715zorma19.dll
2009-06-14 20:22 . 2009-06-14 20:22 10,780 --a------ c:\windows\30976z9oj1675.ocx
2009-06-12 15:56 . 2009-06-12 15:56 6,795 --a------ c:\windows\system32\189d5hiez2180.ocx
2009-06-11 23:32 . 2009-06-11 23:32 10,773 --a------ c:\windows\4641viz3359.bin
2009-06-09 23:47 . 2009-06-09 23:47 14,902 --a------ c:\windows\685zv5r9s521.ocx
2009-06-06 16:21 . 2009-06-06 16:21 14,794 --a------ c:\windows\system32\z4153tr9j35d.ocx
2009-05-28 05:58 . 2009-05-28 05:58 15,927 --a------ c:\windows\165z69irus33b.dll
2009-05-24 12:45 . 2009-05-24 12:45 14,062 --a------ c:\windows\75dcad9warez119.exe
2009-05-20 13:39 . 2009-05-20 13:39 4,082 --a------ c:\windows\system32\5777h9cktoolz2.cpl
2009-05-18 16:19 . 2009-05-18 16:19 11,731 --a------ c:\windows\system32\5b7za9dwar52968.cpl
2009-05-17 21:52 . 2009-05-17 21:52 13,198 --a------ c:\windows\30z39vir5s598.ocx
2009-05-17 04:42 . 2009-05-17 04:42 6,423 --a------ c:\windows\system32\30zbbackdoo5959.exe
2009-05-14 12:21 . 2009-05-14 12:21 5,057 --a------ c:\windows\system32\27075wo9m67z.exe
2009-05-13 23:52 . 2009-05-13 23:52 5,896 --a------ c:\windows\2a2zdown9oader21655.dll
2009-05-12 20:41 . 2009-05-12 20:41 7,307 --a------ c:\windows\1955virz992.cpl
2009-05-11 22:10 . 2009-05-11 22:10 8,649 --a------ c:\windows\26240wor95cz.dll
2009-05-10 15:41 . 2009-05-10 15:41 15,374 --a------ c:\windows\system32\30b9zpar5e3057.ocx
2009-05-10 07:10 . 2009-05-10 07:10 13,354 --a------ c:\windows\system32\1629addzare5994.bin
2009-05-08 22:16 . 2009-05-08 22:16 17,210 --a------ c:\windows\21394wz5m583.cpl
2009-05-08 10:56 . 2009-05-08 10:56 13,899 --a------ c:\windows\system32\3139259y2z2.dll
2009-05-06 01:58 . 2009-05-06 01:58 7,050 --a------ c:\windows\system32\6376vi91569z.ocx
2009-05-06 00:15 . 2009-05-06 00:15 17,067 --a------ c:\windows\6499addwarz5829.bin
2009-05-05 19:13 . 2009-05-05 19:13 15,283 --a------ c:\windows\system32\169zste5l2174.exe
2009-05-04 08:45 . 2009-05-04 08:45 2,556 --a------ c:\windows\system32\5dad5teal1z69.bin
2009-05-04 03:54 . 2009-05-04 03:54 8,772 --a------ c:\windows\system32\880zspy59d.ocx
2009-05-01 17:46 . 2009-05-01 17:46 14,036 --a------ c:\windows\25dspywarez958.exe
2009-05-01 13:43 . 2009-05-01 13:43 12,086 --a------ c:\windows\system32\9d6zp95se3033.exe
2009-05-01 05:46 . 2009-05-01 05:46 7,727 --a------ c:\windows\system32\z5965spam9ot6aa.dll
2009-05-01 02:09 . 2009-05-01 02:09 7,162 --a------ c:\windows\5f899ackzoo5484.ocx
2009-04-26 09:56 . 2009-04-26 09:56 16,726 --a------ c:\windows\4e2daddzare27985.exe
2009-04-26 02:51 . 2009-04-26 02:51 13,622 --a------ c:\windows\z2e05d9ware1077.ocx
2009-04-25 22:44 . 2009-04-25 22:44 6,138 --a------ c:\windows\61z5worm2509.cpl
2009-04-25 11:08 . 2009-04-25 11:08 4,108 --a------ c:\windows\system32\22692hacktoo546z.ocx
2009-04-25 10:20 . 2009-04-25 10:20 6,868 --a------ c:\windows\2z24backd5or579.exe
2009-04-23 12:29 . 2009-04-23 12:29 14,758 --a------ c:\windows\6058z5r1901.ocx
2009-04-23 11:30 . 2009-04-23 11:30 14,586 --a------ c:\windows\5ad29tezl2950.cpl
2009-04-21 03:48 . 2009-04-21 03:48 8,420 --a------ c:\windows\system32\31258sp92za5.bin
2009-04-20 17:35 . 2009-04-20 17:35 8,032 --a------ c:\windows\system32\2z98vir585.bin
2009-04-20 10:37 . 2009-04-20 10:37 15,465 --a------ c:\windows\z328s5y1c59.dll
2009-04-18 00:33 . 2009-04-18 00:33 7,995 --a------ c:\windows\system32\z478vi5599.dll
2009-04-17 20:57 . 2009-04-17 20:57 18,130 --a------ c:\windows\system32\1996d5wnlo9der28z7.exe
2009-04-17 17:55 . 2009-04-17 17:55 16,047 --a------ c:\windows\system32\4492zo5m390.ocx
2009-04-17 16:52 . 2009-04-17 16:52 3,020 --a------ c:\windows\5859zparse16549.cpl
2009-04-17 12:15 . 2009-04-17 12:15 7,805 --a------ c:\windows\39752not5a-viruz153.exe
2009-04-17 05:14 . 2009-04-17 05:14 14,380 --a------ c:\windows\657bac9zoor1459.bin
2009-04-16 21:29 . 2009-04-16 21:29 3,387 --a------ c:\windows\system32\1535zd9ware1756.bin
2009-04-16 10:30 . 2009-04-16 10:30 15,871 --a------ c:\windows\system32\892ztroj59.ocx
2009-04-15 17:31 . 2009-04-15 17:31 8,636 --a------ c:\windows\system32\19e55zrea913150.cpl
2009-04-13 14:45 . 2009-04-13 14:45 12,465 --a------ c:\windows\23c3dz5nload9r1555.cpl
2009-04-12 02:03 . 2009-04-12 02:03 13,216 --a------ c:\windows\28379ha5kzool54a.bin
2009-04-11 16:07 . 2009-04-11 16:07 8,058 --a------ c:\windows\27b7zparse32539.cpl
2009-04-10 04:43 . 2009-04-10 04:43 11,684 --a------ c:\windows\9744spamb5t790z.cpl
2009-04-09 19:46 . 2009-04-09 19:46 5,595 --a------ c:\windows\3z565teal1869.bin
2009-04-09 08:43 . 2009-04-09 08:43 16,162 --a------ c:\windows\699z5ir703.dll
2009-04-09 04:53 . 2009-04-09 04:53 5,779 --a------ c:\windows\system32\92964hzc5tool7bb.ocx
2009-04-07 14:56 . 2009-04-07 14:56 3,971 --a------ c:\windows\5d4f5irz964.ocx
2009-04-06 21:31 . 2009-04-06 21:31 11,646 --a------ c:\windows\system32\9e97a5dwarz519.cpl
2009-04-05 16:38 . 2009-04-05 16:38 16,829 --a------ c:\windows\2722backdozr15945.exe
2009-04-05 15:10 . 2009-04-05 15:10 8,869 --a------ c:\windows\system32\136995rzj3ba.exe
2009-04-05 01:38 . 2009-04-05 01:38 12,567 --a------ c:\windows\system32\16015wzr91b15.dll
2009-04-02 11:43 . 2009-04-02 11:43 9,153 --a------ c:\windows\3f599teaz3225.cpl
2009-04-02 01:59 . 2009-04-02 01:59 11,438 --a------ c:\windows\5z796troj429.cpl
2009-03-26 14:07 . 2009-03-26 14:07 9,063 --a------ c:\windows\system32\129z6tro5100.cpl
2009-03-26 11:33 . 2009-03-26 11:33 12,514 --a------ c:\windows\system32\3a249zr24645.ocx
2009-03-25 23:31 . 2009-03-25 23:31 7,684 --a------ c:\windows\1dedspzwa5e15549.bin
2009-03-24 17:15 . 2009-03-24 17:15 8,561 --a------ c:\windows\system32\75f8spywar98z3.dll
2009-03-17 23:06 . 2009-03-17 23:06 12,814 --a------ c:\windows\647zvir2519.exe
2009-03-16 05:01 . 2009-03-16 05:01 14,433 --a------ c:\windows\12adth5ef2992z.cpl
2009-03-15 15:39 . 2009-03-15 15:39 7,283 --a------ c:\windows\17759vi9us2az5.dll
2009-03-15 10:13 . 2009-03-15 10:13 7,355 --a------ c:\windows\4593zpywar9504.ocx
2009-03-13 16:31 . 2009-03-13 16:31 13,969 --a------ c:\windows\system32\5891w5rm19z.ocx
2009-03-09 23:56 . 2009-03-09 23:56 9,009 --a------ c:\windows\657fthr9z5116.exe
2009-03-09 01:40 . 2009-03-09 01:40 3,330 --a------ c:\windows\system32\185hacz9ool510.ocx
2009-03-08 13:05 . 2009-03-08 13:05 17,517 --a------ c:\windows\1z2605roj791.dll
2009-03-08 05:53 . 2009-03-08 05:53 7,716 --a------ c:\windows\system32\7f03spywar524z9.cpl
2009-03-07 07:16 . 2009-03-07 07:16 3,122 --a------ c:\windows\5d8zaddware19709.dll
2009-03-06 22:22 . 2009-03-06 22:22 10,422 --a------ c:\windows\system32\19z45spy65b.exe
2009-03-06 19:18 . 2009-03-06 19:18 9,298 --a------ c:\windows\2538zspam5ot94b.cpl
2009-03-06 04:05 . 2009-03-06 04:05 4,886 --a------ c:\windows\d425h9ez1694.bin
2009-03-06 00:37 . 2009-03-06 00:37 9,868 --a------ c:\windows\system32\5ab4th5ez911515.ocx
2009-03-04 20:21 . 2009-03-04 20:21 7,734 --a------ c:\windows\94725not-a-virus3zc.cpl
2009-03-04 03:00 . 2009-03-04 03:00 17,916 --a------ c:\windows\system32\369z59m2fd.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 05:38 --------- d-----w c:\documents and settings\Administrator\Application Data\OpenOffice.org2
2009-02-23 13:32 --------- d-----w c:\program files\Warcraft III
2009-02-14 00:13 --------- d-----w c:\program files\World of Warcraft
2009-02-11 05:31 --------- d-----w c:\program files\Java
2009-01-20 15:20 --------- d-----w c:\program files\Diablo II
2008-12-29 02:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 02:00 --------- d-----w c:\program files\Broadcom
2008-12-26 21:57 --------- d-----w c:\program files\Intel
2008-12-26 21:55 5 ----a-w c:\windows\system32\drivers\DELL_OPT_GX280.MRK
2008-12-26 21:55 5 ----a-w c:\windows\system32\drivers\1028_DELL_OPT_GX280.MRK
2008-11-22 07:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-11-22 07:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112220081123\index.dat
2008-11-22 07:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-21_11.21.39.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2009-02-21 10:55:52 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 03:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2006-10-27 01:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-27 01:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 21:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 21:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 21:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 21:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 02:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 02:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 02:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 02:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 02:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 02:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 02:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 02:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 21:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 02:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 02:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 02:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 02:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 02:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 02:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 02:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 21:03:38 903,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ATLCONV.DLL
+ 2006-10-27 21:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 01:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 01:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 01:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 20:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-27 01:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 21:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 02:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 01:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 19:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 20:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-27 01:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 02:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 03:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 02:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 19:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 19:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 01:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-27 01:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 02:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 03:06:06 71,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\NAMEEXT.DLL
+ 2006-10-27 21:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 02:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 02:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 02:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 02:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 02:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 02:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-07-27 00:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 03:06:26 1,325,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\PJ11OD11.DLL
+ 2006-10-27 03:06:18 326,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\PJRESC.DLL
+ 2006-10-27 03:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 21:03:40 3,648,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\PRJRES.DLL
+ 2006-10-27 03:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 02:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 03:06:18 731,952 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\SERCONV.DLL
+ 2006-10-27 02:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-09-30 06:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 21:03:44 17,251,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119B30000000000000000F01FEC\12.0.4518\WINPROJ.EXE
+ 2009-02-25 06:14:38 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-02-25 06:16:21 20,240 ----a-r c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-25 06:16:21 217,864 ----a-r c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-25 06:16:21 18,704 ----a-r c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-25 06:16:21 35,088 ----a-r c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-25 06:16:20 239,376 ----a-r c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
+ 2009-02-21 10:55:52 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2007-08-23 07:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
+ 2006-10-26 20:10:06 33,088 ----a-w c:\windows\system32\FM20ENU.DLL
- 2009-01-30 13:43:54 119,744 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-25 00:15:52 126,912 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2006-10-26 19:45:04 207,360 ----a-w c:\windows\system32\INKED.DLL
+ 2006-07-24 16:50:38 125,744 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2006-07-24 16:50:40 39,728 ----a-w c:\windows\system32\SCP32.DLL
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2006-07-24 16:50:40 47,920 ----a-w c:\windows\system32\VBAME.DLL
+ 2006-10-26 19:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
+ 2009-02-26 05:38:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_630.dat
+ 2009-02-26 05:38:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_bc.dat
+ 2006-10-26 19:40:34 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2007-08-23 06:18:08 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-10-26 19:40:36 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 19:40:36 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 19:40:36 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 19:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2007-08-23 06:18:08 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2007-08-23 06:18:08 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2007-08-23 06:18:08 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2007-08-23 06:18:08 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-10-26 19:40:36 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 19:40:36 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 19:40:36 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 19:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 19:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 19:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 19:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 19:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 19:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2007-08-23 06:18:08 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2007-08-23 06:18:08 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2007-08-23 06:18:08 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2007-08-23 06:18:08 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2007-08-23 06:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2007-08-23 06:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2007-08-23 06:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2007-08-23 06:18:08 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2007-08-23 06:18:08 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= tsccvid.dll 0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1254:UDP"= 1254:UDP:Windows Media Format SDK (firefox.exe)
"1255:UDP"= 1255:UDP:Windows Media Format SDK (firefox.exe)
"1256:UDP"= 1256:UDP:Windows Media Format SDK (firefox.exe)
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-02 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-02 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-02 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-02 17664]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-19 20560]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2008-05-26 53307]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-02 11029]
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fbz9btt3.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 23:38:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-25 23:41:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-26 05:40:52
ComboFix2.txt 2009-02-23 03:25:01

Pre-Run: 172,436,824,064 bytes free
Post-Run: 172,421,636,096 bytes free

624 --- E O F --- 2009-02-25 06:16:22


This is the new Hijack This log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 23:42:43.23 on Wed 02/25/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2523 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090225-1] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201623182234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201623279343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\fbz9btt3.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-19 138680]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2008-5-26 53307]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-19 352920]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029]

=============== Created Last 30 ================

2009-02-25 11:56 10,710 a------- c:\windows\97155hacztool265.exe
2009-02-25 04:59 15,123 a------- c:\windows\209sp5m9ot555z.ocx
2009-02-24 08:47 17,950 a------- c:\windows\5632zorm279.dll
2009-02-24 04:28 7,264 a------- c:\windows\978795ot-a-virus1ez.exe
2009-02-23 16:59 <DIR> --d----- c:\windows\SHELLNEW
2009-02-22 21:20 <DIR> --d----- C:\Combo-Fix
2009-02-21 20:04 6,726 a------- c:\windows\3dd75dz9are703.ocx
2009-02-21 08:18 161,792 a------- c:\windows\SWREG.exe
2009-02-21 08:18 98,816 a------- c:\windows\sed.exe
2009-02-21 04:55 250 a------- c:\windows\gmer.ini
2009-02-21 04:45 <DIR> --d----- C:\_OTMoveIt
2009-02-19 09:06 <DIR> --d----- c:\documents and settings\administrator\DoctorWeb
2009-02-17 23:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\Uniblue
2009-02-17 01:15 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-17 01:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-29 19:08 1,415,680 a------- c:\windows\system32\WMV9VCM.DLL
2009-01-29 19:08 49,152 a------- c:\windows\system32\TSCCVID.DLL
2009-01-29 19:06 <DIR> --d----- c:\program files\TESTOUT
2009-01-29 18:07 <DIR> --d----- c:\program files\MSECache

==================== Find3M ====================

2009-01-15 23:04 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-01-15 23:04 17,212 a------t c:\windows\system32\SIntf32.dll
2009-01-15 23:04 12,067 a------t c:\windows\system32\SIntf16.dll
2008-12-20 17:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-22 01:29 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-11-22 01:29 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat
2008-11-22 01:29 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 23:42:54.01 ===============

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 26 February 2009 - 08:14 AM

Please install a firewall first... Choose either ONE of this firewall....


NEXT


1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

NetSvc::

Driver::

File::
c:\windows\6f62zd9ware55.bin
c:\windows\729backd95r2z23.ocx
c:\windows\215dspazs92806.ocx
c:\windows\system32\5107troz90c.exe
c:\windows\system32\297z75roj508.bin
c:\windows\system32\1ed8vi519z5.dll
c:\windows\10638viz5s3f9.cpl
c:\windows\system32\15405szy1859.ocx
c:\windows\system32\72z9vir1365.cpl
c:\windows\2z359ddware1270.ocx
c:\windows\system32\256469zy15b.exe
c:\windows\z82spar9e8095.exe
c:\windows\55639zreat26935.bin
c:\windows\system32\279799o5z399.ocx
c:\windows\9ba55dzware859.ocx
c:\windows\system32\57a5zp9ware1994.dll
c:\windows\774fs9e5z3139.bin
c:\windows\4ec95z293.dll
c:\windows\6a429zief3511.cpl
c:\windows\zd395ir54.cpl
c:\windows\6845st9al3003z.dll
c:\windows\25029spamb5z4a9.cpl
c:\windows\69z9spa5se1967.bin
c:\windows\19295wo5mz79.dll
c:\windows\6739thief655z.ocx
c:\windows\system32\594fzparse2385.ocx
c:\windows\6931haczto5l245.cpl
c:\windows\system32\291et5izf725.ocx
c:\windows\2z400vi5u9198.exe
c:\windows\159asp5rse1168z.cpl
c:\windows\system32\z250059cktool78e.ocx
c:\windows\system32\5296szywar5190.exe
c:\windows\system32\27459wozm597.dll
c:\windows\system32\1c5z9ddw5re3114.dll
c:\windows\z7925troj39b.ocx
c:\windows\3d98s5zrse288.exe
c:\windows\system32\5292zhief18189.dll
c:\windows\system32\2652down9oader304z.bin
c:\windows\system32\25df9parse542z.ocx
c:\windows\5bzthief393.cpl
c:\windows\2287spyw5r9z389.exe
c:\windows\system32\198085azktool9c4.cpl
c:\windows\system32\21929sp5mboz1d6.ocx
c:\windows\19715zorma19.dll
c:\windows\30976z9oj1675.ocx
c:\windows\system32\189d5hiez2180.ocx
c:\windows\4641viz3359.bin
c:\windows\685zv5r9s521.ocx
c:\windows\system32\z4153tr9j35d.ocx
c:\windows\165z69irus33b.dll
c:\windows\75dcad9warez119.exe
c:\windows\system32\5777h9cktoolz2.cpl
c:\windows\system32\5b7za9dwar52968.cpl
c:\windows\30z39vir5s598.ocx
c:\windows\system32\30zbbackdoo5959.exe
c:\windows\system32\27075wo9m67z.exe
c:\windows\2a2zdown9oader21655.dll
c:\windows\1955virz992.cpl
c:\windows\26240wor95cz.dll
c:\windows\system32\30b9zpar5e3057.ocx
c:\windows\system32\1629addzare5994.bin
c:\windows\21394wz5m583.cpl
c:\windows\system32\3139259y2z2.dll
c:\windows\system32\6376vi91569z.ocx
c:\windows\6499addwarz5829.bin
c:\windows\system32\169zste5l2174.exe
c:\windows\system32\5dad5teal1z69.bin
c:\windows\system32\880zspy59d.ocx
c:\windows\25dspywarez958.exe
c:\windows\system32\9d6zp95se3033.exe
c:\windows\system32\z5965spam9ot6aa.dll
c:\windows\5f899ackzoo5484.ocx
c:\windows\4e2daddzare27985.exe
c:\windows\z2e05d9ware1077.ocx
c:\windows\61z5worm2509.cpl
c:\windows\system32\22692hacktoo546z.ocx
c:\windows\2z24backd5or579.exe
c:\windows\6058z5r1901.ocx
c:\windows\5ad29tezl2950.cpl
c:\windows\system32\31258sp92za5.bin
c:\windows\system32\2z98vir585.bin
c:\windows\z328s5y1c59.dll
c:\windows\system32\z478vi5599.dll
c:\windows\system32\1996d5wnlo9der28z7.exe
c:\windows\system32\4492zo5m390.ocx
c:\windows\5859zparse16549.cpl
c:\windows\39752not5a-viruz153.exe
c:\windows\657bac9zoor1459.bin
c:\windows\system32\1535zd9ware1756.bin
c:\windows\system32\892ztroj59.ocx
c:\windows\system32\19e55zrea913150.cpl
c:\windows\23c3dz5nload9r1555.cpl
c:\windows\28379ha5kzool54a.bin
c:\windows\27b7zparse32539.cpl
c:\windows\9744spamb5t790z.cpl
c:\windows\3z565teal1869.bin
c:\windows\699z5ir703.dll
c:\windows\system32\92964hzc5tool7bb.ocx
c:\windows\5d4f5irz964.ocx
c:\windows\system32\9e97a5dwarz519.cpl
c:\windows\2722backdozr15945.exe
c:\windows\system32\136995rzj3ba.exe
c:\windows\system32\16015wzr91b15.dll
c:\windows\3f599teaz3225.cpl
c:\windows\5z796troj429.cpl
c:\windows\system32\129z6tro5100.cpl
c:\windows\system32\3a249zr24645.ocx
c:\windows\1dedspzwa5e15549.bin
c:\windows\system32\75f8spywar98z3.dll
c:\windows\647zvir2519.exe
c:\windows\12adth5ef2992z.cpl
c:\windows\17759vi9us2az5.dll
c:\windows\4593zpywar9504.ocx
c:\windows\system32\5891w5rm19z.ocx
c:\windows\657fthr9z5116.exe
c:\windows\system32\185hacz9ool510.ocx
c:\windows\1z2605roj791.dll
c:\windows\system32\7f03spywar524z9.cpl
c:\windows\5d8zaddware19709.dll
c:\windows\system32\19z45spy65b.exe
c:\windows\2538zspam5ot94b.cpl
c:\windows\d425h9ez1694.bin
c:\windows\system32\5ab4th5ez911515.ocx
c:\windows\94725not-a-virus3zc.cpl
c:\windows\system32\369z59m2fd.cpl
c:\windows\97155hacztool265.exe
c:\windows\209sp5m9ot555z.ocx
c:\windows\5632zorm279.dll
c:\windows\978795ot-a-virus1ez.exe
c:\windows\3dd75dz9are703.ocx

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


NEXT


Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again



1. Start AVZ.
2. Choose from the menu File => Standard scripts and mark the 3. Healing/Quarantine and Advanced System Investigation check box.
3. Click on the Execute selected scripts.
4. Automatic scanning, healing and system check will be executed.
5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
7. All applications will work properly after the system restart.


  • After that, please restart AVZ again,
  • From the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply



NEXT


Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • It will then ask you to save two files, the .run file and the log. Save both of them in your Desktop.
  • You will see the .run file on your desktop. Please zip the .run file and attach it in your next reply
Then upload that as an attachment in your next post.



Post me these logs in your next reply..

1. ComboFix
2. Attach virusinfo_syscheck.htm
3. Attach RunScanner.run result

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users