Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can only start up in debugging mode,, major virus issues.


  • Please log in to reply
21 replies to this topic

#1 puckguy81

puckguy81

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 03 March 2010 - 11:58 PM

I have some major problems, I have tried many adware and spyware removers, but it seems like its just gotten worse. Now, when I start up, it says I have a worm, and does nothing unless I boot up in debugging mode. I can't even boot in safe mode! Also, I can't open any exe files including task manager. I am really frustrated, I hope someone can help!!!!!

B-rad

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:57 PM

Posted 04 March 2010 - 03:44 AM

Hi puckguy81,

I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

I need you to give me detailed feedback like how far it goes when you try to boot to normal mode.
Also you have run adware and spyware removers before not being able to open any execute file?
Tell me also if you have access to internet in that mode.

In any mode, tell me what happens if go to Start => Run (or use Windows key+R) and type in CMD and click OK. Also tell me what happens if you type in command and hit enter (if a command prompt opens you may type exit and hit enter to close).

#3 puckguy81

puckguy81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 04 March 2010 - 12:13 PM

Thanks for responding, before I got your response, I got it to run Avast, it found plenty of junk, but is still not working properly. I used a flash drive to load and open the program. When I start it up in normal mode now, it does start up, but it takes about 3 minutes. I get a few errors:

"Some components of ActiveShield are either missing or might not have been installed properly. Please reinstall ActiveShield." (I used to have this program, but I am not sure what happened.)

txdcamon.exe - Application Error --Application has generated an exception that could not be handled. Process ID=0xde0 (3552), Thread ID=0xde4 (3556). Click OK to terminate the application. Click CANCEL to debug the application.

RUNDLL Error loading ruheteha.dll The specified module could not be found.

RUNDLL Error loading c:\windows\system32\dopituzi.dll

RUNDLL Error loading C:\WINDOWS\system32\config\systemprofile\Application Data\Antivirus Plus\Antivirus Plus.70367201.dll The specified module could not be found.

Task Manager is opening now however, and the command prompt does open. BTW I do have internet access. Also, there was an icon for that Antivirus plus crap in the tray but it is not there anymore.

Thanks again for your help.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:57 PM

Posted 04 March 2010 - 12:32 PM

Good news and thanks for the feedback. thumbup2.gif

We will take care of those errors.
  1. Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

  2. Please perform the following scan:
    • Download DDS by sUBs from the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run. When done it will open two logs:
      • DDS.txt
      • Attach.txt
    • Copy and paste the logs to your reply.

  3. Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • If DeFogger ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.

  4. Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
      • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
      • Show All (this one also should be unchecked)
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.


#5 puckguy81

puckguy81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 04 March 2010 - 01:37 PM

Here are the logs:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/5/2003 6:43:26 PM
System Uptime: 3/4/2010 9:49:37 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor | 2593/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 39.881 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin Wireless 54Mbps Desktop Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70001799&REV_03\4&1C660DD6&0&00F0
Manufacturer: Broadcom
Name: Belkin Wireless 54Mbps Desktop Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70001799&REV_03\4&1C660DD6&0&00F0
Service: BCM43XX

==== System Restore Points ===================

RP1: 3/3/2010 8:41:49 PM - System Checkpoint
RP2: 3/3/2010 8:59:01 PM - Created By FixIEDef
RP3: 3/3/2010 9:07:11 PM - Installed McAfee Virtual Technician
RP4: 3/4/2010 12:21:31 AM - avast! Free Antivirus Setup

==== Installed Programs ======================


A2 Oasis
ABBYY FineReader 6.0 Sprint
Absolute Poker
Actiontec Gateway
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Banctec Service Agreement
BCM V.92 56K Modem
BearShare
BitZip (remove only)
Bodog Poker
Bonjour
BPA Support Files
CCleaner (remove only)
CleanUp!
Crawler Toolbar
Creative WaveStudio
Critical Update for Windows Media Player 11 (KB959772)
DA920EN
Dell Networking Guide
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (766)
Drivers Install For Linksys Easylink Advisor
Easy CD Creator 5 Basic
ESPN Java Check
ESPN RunTime
ESPN Version 2.0.7.5
Full Tilt Poker
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iConcepts Music Express
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
Java™ 6 Update 15
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Legal Terminology Flash!
Lexmark 1300 Series
Lexmark 5300 Series
LimeWire 4.18.8
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
Mass e-Mailer 2.19
MathPlayer
McAfee Virtual Technician
MediaMonkey 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Modem Helper
Move Media Player
Mozilla Firefox (3.5.5)
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
Netscape Navigator (9.0.0.6)
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 2.3
Paint Shop Pro 7
PokerStars
PopCap Browser Plugin
PrintMaster
Pro-Football Forecaster
Project64 1.6
QuickTime
RealPlayer
Roll
Security Task Manager 1.7h
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
Sound Blaster Live!
Sprint Desktop Sync
Sprint media manager
SupportSoft Assisted Service
The Sims Superstar
Trend Micro AntiVirus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB Driver Vers. 3.2
USB Dual Vibration Joystick
Venta Fax & Voice 5.61 (remove/restore)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Backup Utility
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 11
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

3/4/2010 9:53:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
3/4/2010 9:53:33 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/4/2010 9:35:52 AM, error: BCM43XX [5005] - Belkin Wireless 54Mbps Desktop Adapter : Has encountered an internal error and has failed.
3/4/2010 12:01:47 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Lexar USB Flash Drive USB Device.
3/3/2010 9:48:14 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
3/3/2010 9:48:14 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
3/3/2010 9:21:20 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 4 time(s).
3/3/2010 9:13:38 PM, error: DCOM [10000] - Unable to start a DCOM Server: {CDECC4C3-7377-11D3-9A6C-00C04FF40D52}. The error: "%2" Happened while starting this command: c:\program files\mcafee.com\shared\mghtml.exe -Embedding
3/3/2010 9:03:46 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 3 time(s).
3/3/2010 8:50:22 PM, error: NetDDE [206] - Listen failed: 15:
3/3/2010 8:50:18 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
3/3/2010 8:50:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/3/2010 8:45:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/3/2010 8:23:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/3/2010 8:20:57 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 2 time(s).
3/3/2010 8:20:03 PM, error: Service Control Manager [7034] - The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
3/3/2010 8:14:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
3/3/2010 8:14:08 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/3/2010 8:14:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
3/3/2010 11:30:34 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/3/2010 11:30:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

==== End Of File ===========================



DDS (Ver_09-12-01.01) - NTFSx86
Run by Heather at 10:42:49.14 on Thu 03/04/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.127 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro AntiVirus *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdkserv.exe
C:\WINDOWS\system32\lxdkcoms.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5300 Series\lxdkmon.exe
C:\Program Files\Lexmark 5300 Series\lxdkamon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Documents and Settings\Heather\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page =
uSearch Page =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://www.msn.com
mDefault_Search_URL = hxxp://ie.search.msn.com
mSearch Page = hxxp://s-redirect.com/?a=2&b=n-ex
mStart Page = hxxp://www.msn.com
mSearch Bar = hxxp://s-redirect.com/?a=2&b=n-ex
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchURL = hxxp://s-redirect.com/?a=2&b=n-ex
mWinlogon: Userinit=userinit.exe
mWinlogon: SFCDisable=4 (0x4)
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: {6ceab020-2889-4d6c-9926-ae2a86ba70b5} - nagowigi.dll
BHO: Antivirus Plus BHO: {c2b5aab8-2183-4be7-81a6-f11493c45872} - c:\windows\system32\config\systemprofile\application data\antivirus plus\AntiVirus Plus.70367201.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=349&nc_referer=&age=0&hiscore=0&sp=0&questionSet=&r=6025608&width=600&height=440&quality=high"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: [lxdkmon.exe] "c:\program files\lexmark 5300 series\lxdkmon.exe"
mRun: [lxdkamon] "c:\program files\lexmark 5300 series\lxdkamon.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\windows\system32\config\systemprofile\application data\antivirus plus\AntiVirus Plus.70367201.dll", start 70367201
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [tinayuyez] Rundll32.exe "c:\windows\system32\dopituzi.dll",a
mRun: [ruyopibimu] Rundll32.exe "ruheteha.dll",s
dRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\windows\system32\config\systemprofile\application data\antivirus plus\AntiVirus Plus.70367201.dll", start 70367201
StartupFolder: c:\documents and settings\heather\start menu\programs\startup\PowerReg Scheduler.exe
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: <NO NAME> =
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Crawler Search - tbr:iemenu
IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\documents and settings\heather\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} - hxxp://67.42.70.157/webpages/DMWebX.ocx
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {886DDE35-E955-11D0-A707-000000521958} - hxxp://69.56.176.78/webplugin.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/default/gf.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-wedding-dash/WeddingDash.1.0.0.47.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {22A6AE17-422E-4D8A-BB15-453FFF59E995} = 193.104.110.38,4.2.2.1,192.168.0.1 205.171.3.25
TCP: {B7129AB2-5031-430B-897D-E081708A3316} = 208.67.220.220,208.67.222.222
TCP: {FF3FB411-66FF-4945-937C-CDBFE0CEEB3D} = 208.67.220.220,208.67.222.222
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: jkhfe - c:\windows\system32\jkhfe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nufupotey - {a6f72602-c9d6-4021-8267-2d686fd630dd} - c:\windows\system32\fufakehe.dll
SSODL: dolifalod - {23969adb-9a53-46b5-9d1f-e95ab4066b65} - c:\windows\system32\dopituzi.dll
STS: c:\windows\system32\f1tjav7ne.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\f1tjav7ne.dll
STS: gahurihor: {c12744b3-a9c8-40ac-b9a7-1e1d9684d53b} - c:\windows\system32\posoveva.dll
STS: jugezatag: {558dad7f-5045-4d11-8ba2-54ebc9939f1d} - c:\windows\system32\posoveva.dll
STS: mujuzedij: {eecbc555-7441-41e8-8563-e20151ae89f9} - c:\windows\system32\wimohigi.dll
STS: jugezatag: {567a7504-e557-4101-a2b2-7c49e048fd1a} - c:\windows\system32\pihimage.dll
STS: tokatiluy: {416132f9-85b7-4053-81a5-72aeeed9117f} - c:\windows\system32\pihimage.dll
STS: kupuhivus: {65e272ab-df41-4e3b-8f9f-03c2710440a8} - c:\windows\system32\fufakehe.dll
STS: mujuzedij: {e32f8c29-69e9-4719-b019-8c1f93cd7f4a} - c:\windows\system32\fufakehe.dll
STS: gahurihor: {0f6ba009-004a-4edd-88e0-0505ab9ddc22} - c:\windows\system32\nitalopo.dll
STS: kupuhivus: {a6f72602-c9d6-4021-8267-2d686fd630dd} - c:\windows\system32\fufakehe.dll
STS: jugezatag: {23969adb-9a53-46b5-9d1f-e95ab4066b65} - c:\windows\system32\dopituzi.dll
LSA: Authentication Packages = msv1_0 c:\\windows\\system32\\vtsqr
LSA: Notification Packages = scecli zidajaji.dll
Hosts: 91.212.127.226 os-secure2009.com
Hosts: 91.212.127.226 www.os-secure2009.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\heather\applic~1\mozilla\firefox\profiles\sq0udbqf.default\
FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\heather\application data\move networks\plugins\npqmp071505000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? asc3550p;asc3550p
R? BELKIN;Belkin Wireless G USB Network Adapter
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? mcupdmgr.exe;McAfee SecurityCenter Update Manager
S? aswFsBlk;aswFsBlk
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? avast! Mail Scanner;avast! Mail Scanner
S? avast! Web Scanner;avast! Web Scanner
S? EAPPkt;Realtek EAPPkt Protocol
S? Lbd;Lbd
S? lxdc_device;lxdc_device
S? lxdcCATSCustConnectService;lxdcCATSCustConnectService
S? lxdk_device;lxdk_device
S? lxdkCATSCustConnectService;lxdkCATSCustConnectService
S? McShield;McAfee.com McShield
S? MCVSRte;McAfee.com VirusScan Online Realtime Engine
S? NaiFiltr;NaiFiltr
S? tmevtmgr;tmevtmgr
S? tmpreflt;tmpreflt
S? TmProxy;Trend Micro Proxy Service

=============== Created Last 30 ================

2010-03-04 07:21:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-04 07:03:45 0 d-----w- c:\program files\Enigma Software Group
2010-03-04 04:07:18 0 d-----w- c:\program files\McAfee
2010-03-04 03:59:02 0 d-----w- c:\windows\ERUNT
2010-03-04 03:58:45 0 d-----w- C:\!FixIEDef

==================== Find3M ====================

2010-01-08 19:44:42 2098 --sh--w- c:\windows\system32\dahobidi.exe
2010-01-08 01:44:10 2098 --sh--w- c:\windows\system32\bujusafu.exe
2010-01-07 07:43:09 2098 --sh--w- c:\windows\system32\zabekeho.exe
2010-01-06 13:42:20 2098 --sh--w- c:\windows\system32\lutuhafa.exe
2010-01-05 19:41:33 2098 --sh--w- c:\windows\system32\retupodi.exe
2010-01-05 01:40:59 2098 --sh--w- c:\windows\system32\yonozise.exe
2010-01-04 07:39:53 2098 --sh--w- c:\windows\system32\nereteva.exe
2010-01-03 13:38:21 2098 --sh--w- c:\windows\system32\pituguda.exe
2010-01-02 19:36:41 2098 --sh--w- c:\windows\system32\somazoje.exe
2010-01-02 01:34:39 2098 --sh--w- c:\windows\system32\sifonera.exe
2010-01-01 07:33:15 2098 --sh--w- c:\windows\system32\soyopefi.exe
2009-12-31 13:31:03 2098 --sh--w- c:\windows\system32\suvasedi.exe
2009-12-30 19:30:13 2098 --sh--w- c:\windows\system32\tinotobu.exe
2009-12-30 01:28:36 2098 --sh--w- c:\windows\system32\yokefewa.exe
2009-12-29 07:27:14 2098 --sh--w- c:\windows\system32\mudahono.exe
2009-12-28 13:25:27 2098 --sh--w- c:\windows\system32\ropasaje.exe
2009-12-27 19:24:02 2098 --sh--w- c:\windows\system32\zemogife.exe
2009-12-27 01:22:42 2098 --sh--w- c:\windows\system32\fejiwunu.exe
2009-12-26 07:21:40 2098 --sh--w- c:\windows\system32\fesosenu.exe
2009-12-25 13:20:31 2098 --sh--w- c:\windows\system32\vebazifa.exe
2009-12-24 19:19:29 2098 --sh--w- c:\windows\system32\mewosije.exe
2009-12-24 01:18:28 2098 --sh--w- c:\windows\system32\degepake.exe
2009-12-23 07:17:09 2098 --sh--w- c:\windows\system32\mosikeyu.exe
2009-12-22 13:16:37 2098 --sh--w- c:\windows\system32\hofogiyi.exe
2009-12-21 19:14:44 2098 --sh--w- c:\windows\system32\derasafe.exe
2009-12-19 14:30:32 2098 --sh--w- c:\windows\system32\berijona.exe
2009-12-19 14:30:28 2098 --sh--w- c:\windows\system32\vovuzidi.exe
2009-12-19 14:30:28 2098 --sh--w- c:\windows\system32\dapavama.dll
2009-12-18 02:14:46 228352 ----a-w- c:\windows\system32\14250.exe
2009-12-18 02:14:21 228352 ----a-w- c:\windows\system32\3509.exe
2009-12-17 21:59:45 2098 --sh--w- c:\windows\system32\zugolije.dll
2009-12-17 21:59:45 2098 --sh--w- c:\windows\system32\vitesado.exe
2009-12-17 21:59:44 2098 --sh--w- c:\windows\system32\mejeweme.dll
2009-12-17 21:59:42 2098 --sh--w- c:\windows\system32\hodidege.exe
2009-12-16 21:58:20 2098 --sh--w- c:\windows\system32\zenanori.exe
2009-12-16 03:57:31 2098 --sh--w- c:\windows\system32\vefufise.exe
2009-12-15 09:55:26 2098 --sh--w- c:\windows\system32\vuwizodi.exe
2009-12-14 08:50:07 2098 --sh--w- c:\windows\system32\lurigeti.exe
2009-12-13 14:48:37 2098 --sh--w- c:\windows\system32\gowepazo.exe
2009-12-12 20:47:22 2098 --sh--w- c:\windows\system32\gobefeza.exe
2009-12-12 02:46:52 2098 --sh--w- c:\windows\system32\gigozura.exe
2009-12-11 08:45:32 2098 --sh--w- c:\windows\system32\yibufozi.exe
2009-12-10 14:45:32 2098 --sh--w- c:\windows\system32\kapineye.exe
2009-12-08 08:42:29 2098 --sh--w- c:\windows\system32\forapahi.dll
2009-12-08 08:42:22 2098 --sh--w- c:\windows\system32\bidifetu.dll
2009-12-08 08:42:18 2098 --sh--w- c:\windows\system32\sihiyadu.dll
2009-12-08 08:42:12 2098 --sh--w- c:\windows\system32\nageduge.exe
2009-12-08 08:42:08 2098 --sh--w- c:\windows\system32\sabiyogi.exe
2009-12-08 08:42:08 2098 --sh--w- c:\windows\system32\fijovopo.dll
2009-12-06 08:41:15 2098 --sh--w- c:\windows\system32\jidudesu.dll
2009-12-06 08:41:12 2098 --sh--w- c:\windows\system32\galemoku.dll
2009-12-06 08:41:05 2098 --sh--w- c:\windows\system32\vejomuvu.dll
2009-12-06 08:40:56 2098 --sh--w- c:\windows\system32\zagosawa.exe
2009-12-06 08:40:56 2098 --sh--w- c:\windows\system32\yiwisoze.dll
2009-12-06 08:40:56 2098 --sh--w- c:\windows\system32\vufafere.exe
2009-12-04 20:40:50 2098 --sh--w- c:\windows\system32\guhazoni.dll
2009-12-04 20:40:47 2098 --sh--w- c:\windows\system32\mumifovo.dll
2009-12-04 20:40:30 2098 --sh--w- c:\windows\system32\sotodino.dll
2009-12-04 20:40:29 2098 --sh--w- c:\windows\system32\vokidabo.dll
2009-12-04 20:40:29 2098 --sh--w- c:\windows\system32\tokimime.exe
2009-12-04 20:40:29 2098 --sh--w- c:\windows\system32\honuhiyi.exe
2003-09-29 20:06:03 3366186 -c----w- c:\program files\klitekpp243e.exe
2009-08-22 11:55:57 3 --sha-w- c:\windows\system32\begopasu.dll
2009-08-24 02:07:49 3 --sha-w- c:\windows\system32\behuwigo.dll
2009-08-20 07:47:28 3 --sha-w- c:\windows\system32\belamahu.dll
2009-08-24 23:50:38 3 --sha-w- c:\windows\system32\bibowobe.dll
2009-08-20 20:16:15 3 --sha-w- c:\windows\system32\bipomelu.dll
2009-08-24 16:29:31 3 --sha-w- c:\windows\system32\bituzisa.dll
2009-08-24 02:52:58 3 --sha-w- c:\windows\system32\boloyahe.dll
2009-08-25 10:05:48 3 --sha-w- c:\windows\system32\bozarevu.dll
2009-08-20 07:24:53 3 --sha-w- c:\windows\system32\budifene.dll
2009-11-09 18:16:32 2098 --sh--w- c:\windows\system32\buyozilo.exe
2009-08-15 06:18:34 45056 --sha-w- c:\windows\system32\dezevata.dll
2009-08-23 01:55:27 3 --sha-w- c:\windows\system32\dikitipo.dll
2009-12-01 08:38:17 2098 --sh--w- c:\windows\system32\diripeyi.exe
2009-08-25 10:05:48 3 --sha-w- c:\windows\system32\doferaga.dll
2009-08-23 01:55:27 3 --sha-w- c:\windows\system32\dojidona.dll
2009-08-23 01:32:53 3 --sha-w- c:\windows\system32\dorahoki.dll
2009-08-21 08:22:31 3 --sha-w- c:\windows\system32\dorajeli.dll
2009-08-22 11:33:06 3 --sha-w- c:\windows\system32\dunasabe.dll
2009-08-30 08:36:39 45056 --sha-w- c:\windows\system32\dupejume.dll
2009-08-22 11:10:26 3 --sha-w- c:\windows\system32\dupibowi.dll
2009-08-24 16:06:58 3 --sha-w- c:\windows\system32\duwetabe.dll
2009-08-22 10:47:46 3 --sha-w- c:\windows\system32\femizaji.dll
2009-08-24 16:52:06 3 --sha-w- c:\windows\system32\feyojejo.dll
2009-08-25 22:12:41 3 --sha-w- c:\windows\system32\fikefezi.dll
2009-08-24 15:44:24 3 --sha-w- c:\windows\system32\fimedeme.dll
2009-11-14 06:18:27 2098 --sh--w- c:\windows\system32\fovodewa.dll
2009-08-21 22:41:34 3 --sha-w- c:\windows\system32\funefuwi.dll
2009-08-24 23:05:30 3 --sha-w- c:\windows\system32\fuvavepu.dll
2009-08-17 18:19:56 92672 --sha-w- c:\windows\system32\gadonesi.dll
2009-08-24 03:15:31 3 --sha-w- c:\windows\system32\geduvuha.dll
2009-08-22 12:18:43 3 --sha-w- c:\windows\system32\gisazoko.dll
2009-08-24 23:28:03 3 --sha-w- c:\windows\system32\guriwuva.dll
2009-11-09 18:16:32 2098 --sh--w- c:\windows\system32\hapevapu.dll
2009-08-14 18:18:23 77824 --sha-w- c:\windows\system32\hefonafo.dll
2009-08-21 08:22:30 3 --sha-w- c:\windows\system32\hehosere.dll
2009-08-24 16:06:57 3 --sha-w- c:\windows\system32\hesagaho.dll
2009-08-21 20:28:44 3 --sha-w- c:\windows\system32\hijesafu.dll
2009-08-23 00:47:46 3 --sha-w- c:\windows\system32\hofubayi.dll
2009-08-24 02:07:50 3 --sha-w- c:\windows\system32\hofukuwu.dll
2009-08-29 20:36:21 39424 --sha-w- c:\windows\system32\hogumana.dll
2009-08-16 18:19:19 73728 --sha-w- c:\windows\system32\holusifo.dll
2009-08-30 08:36:41 17170 --sha-w- c:\windows\system32\hujepaka.dll
2009-08-24 03:15:31 3 --sha-w- c:\windows\system32\hulipiso.dll
2009-11-13 06:18:04 2098 --sh--w- c:\windows\system32\hunulane.dll
2009-08-14 18:18:23 45056 --sha-w- c:\windows\system32\huyesiba.dll
2009-08-24 15:21:50 3 --sha-w- c:\windows\system32\jafazeni.dll
2009-08-24 22:00:21 3 --sha-w- c:\windows\system32\jawobeze.dll
2009-08-20 06:39:44 3 --sha-w- c:\windows\system32\jehekohi.dll
2009-12-01 08:38:17 2098 --sh--w- c:\windows\system32\jewonere.exe
2009-08-23 01:10:19 3 --sha-w- c:\windows\system32\jihulara.dll
2009-08-20 06:39:44 3 --sha-w- c:\windows\system32\jihuwiyo.dll
2009-11-11 06:17:01 2098 --sh--w- c:\windows\system32\jijarote.dll
2009-08-24 20:32:39 3 --sha-w- c:\windows\system32\jijobozu.dll
2009-08-24 16:52:06 3 --sha-w- c:\windows\system32\jotaziba.dll
2009-08-24 20:32:39 3 --sha-w- c:\windows\system32\jotefago.dll
2009-08-23 00:25:12 3 --sha-w- c:\windows\system32\jozufiwe.dll
2009-08-14 06:18:23 73728 --sha-w- c:\windows\system32\junirizu.dll
2009-08-24 15:44:23 3 --sha-w- c:\windows\system32\juyoweyi.dll
2009-08-24 23:05:29 3 --sha-w- c:\windows\system32\kedulide.dll
2009-08-22 10:47:46 3 --sha-w- c:\windows\system32\kepuluse.dll
2009-08-24 20:10:06 3 --sha-w- c:\windows\system32\kivibaze.dll
2009-08-21 22:41:34 3 --sha-w- c:\windows\system32\kogiviwi.dll
2009-08-21 22:41:35 3 --sha-w- c:\windows\system32\kuhisivu.dll
2009-08-21 22:19:01 3 --sha-w- c:\windows\system32\lamabahe.dll
2009-08-23 14:01:38 3 --sha-w- c:\windows\system32\laniliwi.dll
2009-08-22 11:10:26 3 --sha-w- c:\windows\system32\lavoforo.dll
2009-08-24 23:50:38 3 --sha-w- c:\windows\system32\lehumawu.dll
2009-08-21 21:56:27 3 --sha-w- c:\windows\system32\leleyawe.dll
2009-11-14 06:18:28 2098 --sh--w- c:\windows\system32\letojoje.dll
1601-01-01 00:03:28 70656 --sha-w- c:\windows\system32\liwadefi.dll
2009-08-20 07:24:53 3 --sha-w- c:\windows\system32\liwinege.dll
2009-08-24 18:42:23 3 --sha-w- c:\windows\system32\luharuvu.dll
2009-11-10 06:16:39 2098 --sh--w- c:\windows\system32\lukazahe.dll
2009-11-30 08:37:12 39424 --sh--w- c:\windows\system32\luyumuni.dll
2009-08-24 23:28:03 3 --sha-w- c:\windows\system32\majimaba.dll
2009-08-25 22:12:40 3 --sha-w- c:\windows\system32\mipehiye.dll
2009-08-23 01:55:27 3 --sha-w- c:\windows\system32\mititato.dll
2009-08-24 20:10:06 3 --sha-w- c:\windows\system32\mohokela.dll
2009-08-20 07:47:27 3 --sha-w- c:\windows\system32\mokufumi.dll
2009-08-24 15:21:50 3 --sha-w- c:\windows\system32\moresopu.dll
2009-08-24 16:29:32 3 --sha-w- c:\windows\system32\mugabiyi.dll
2009-11-10 18:16:51 2098 --sh--w- c:\windows\system32\nahutela.dll
2009-08-24 17:14:40 3 --sha-w- c:\windows\system32\nemeyoya.dll
2009-08-22 12:18:43 3 --sha-w- c:\windows\system32\nijeyopu.dll
2009-08-23 00:47:46 3 --sha-w- c:\windows\system32\nomirasu.dll
2009-11-27 20:43:48 2098 --sh--w- c:\windows\system32\nozefovo.dll
2009-12-01 08:38:30 2098 --sh--w- c:\windows\system32\nuhatove.dll
2009-08-24 19:04:58 3 --sha-w- c:\windows\system32\nulibubi.dll
2009-08-18 18:20:31 12813 --sha-w- c:\windows\system32\nuluvalo.dll
2009-08-13 18:18:12 44032 --sha-w- c:\windows\system32\nunaruko.dll
2009-08-24 20:55:14 3 --sha-w- c:\windows\system32\nusakipo.dll
2009-08-18 06:20:27 12814 --sha-w- c:\windows\system32\paletigi.dll
2009-08-22 11:55:48 3 --sha-w- c:\windows\system32\payukuna.dll
2009-08-24 19:04:58 3 --sha-w- c:\windows\system32\pekutula.dll
2009-08-20 20:16:15 3 --sha-w- c:\windows\system32\pepakumu.dll
2009-08-21 20:28:44 3 --sha-w- c:\windows\system32\pereguro.dll
1601-01-01 00:03:28 47104 --sha-w- c:\windows\system32\perosaro.dll
2009-08-22 10:47:46 3 --sha-w- c:\windows\system32\pijifazo.dll
2009-08-24 22:00:21 3 --sha-w- c:\windows\system32\pipijofa.dll
2009-08-16 06:18:58 45056 --sha-w- c:\windows\system32\piyadayi.dll
2009-08-21 22:19:01 3 --sha-w- c:\windows\system32\piyomuve.dll
2009-08-22 11:33:09 3 --sha-w- c:\windows\system32\podemiwi.dll
2009-11-10 18:16:51 2098 --sh--w- c:\windows\system32\pogudoma.dll
2009-11-09 18:16:31 2098 --sh--w- c:\windows\system32\punahudo.dll
2009-08-14 06:18:23 45056 --sha-w- c:\windows\system32\purujufe.dll
2009-08-24 02:52:57 3 --sha-w- c:\windows\system32\ragatusi.dll
2009-08-24 16:52:07 3 --sha-w- c:\windows\system32\repepuyi.dll
2009-08-24 17:14:41 3 --sha-w- c:\windows\system32\rerodoho.dll
2009-08-24 20:32:40 3 --sha-w- c:\windows\system32\revizijo.dll
2009-08-24 18:42:23 3 --sha-w- c:\windows\system32\rijotawi.dll
2009-08-20 19:53:41 3 --sha-w- c:\windows\system32\rogusuba.dll
2009-08-20 07:02:19 3 --sha-w- c:\windows\system32\rohokeku.dll
2009-11-12 18:17:43 39424 --sh--w- c:\windows\system32\rowopoyo.dll
2009-07-29 22:33:19 2048 --sha-w- c:\windows\system32\rugahojo.dll
2009-08-24 23:05:29 3 --sha-w- c:\windows\system32\rujekare.dll
2009-08-24 16:29:31 3 --sha-w- c:\windows\system32\rupovowu.dll
2009-08-23 14:01:38 3 --sha-w- c:\windows\system32\salafewu.dll
2009-08-24 22:00:22 3 --sha-w- c:\windows\system32\sevutoso.dll
2009-08-24 02:30:25 3 --sha-w- c:\windows\system32\sewezago.dll
2009-08-21 08:22:30 3 --sha-w- c:\windows\system32\sipetizu.dll
2009-08-24 15:44:23 3 --sha-w- c:\windows\system32\sogolite.dll
2009-08-15 18:18:50 92672 --sha-w- c:\windows\system32\somiviri.dll
2009-08-21 21:56:27 3 --sha-w- c:\windows\system32\sugedaku.dll
2009-08-30 20:36:49 39424 --sha-w- c:\windows\system32\tayulefu.dll
2009-11-18 18:21:00 92672 --sh--w- c:\windows\system32\tenoheze.dll
2009-08-24 16:06:57 3 --sha-w- c:\windows\system32\teyubodo.dll
2009-08-24 20:55:13 3 --sha-w- c:\windows\system32\tijugava.dll
2009-08-24 17:14:40 3 --sha-w- c:\windows\system32\todunahe.dll
2009-08-24 20:10:06 3 --sha-w- c:\windows\system32\tofibune.dll
2009-08-23 00:25:12 3 --sha-w- c:\windows\system32\tuhezolo.dll
2009-08-19 06:20:44 92160 --sha-w- c:\windows\system32\tukowohu.dll
2009-08-21 20:51:19 3 --sha-w- c:\windows\system32\tuweyudu.dll
2009-08-23 00:25:12 3 --sha-w- c:\windows\system32\vabefali.dll
2009-08-30 20:36:50 45056 --sha-w- c:\windows\system32\vahipoja.dll
2009-08-13 06:17:58 18432 --sha-w- c:\windows\system32\vamopile.dll
2009-08-24 02:07:50 3 --sha-w- c:\windows\system32\vanaputi.dll
2009-08-23 01:32:53 3 --sha-w- c:\windows\system32\vawaweni.dll
2009-08-20 07:02:19 3 --sha-w- c:\windows\system32\vazuweyi.dll
2009-08-24 03:15:31 3 --sha-w- c:\windows\system32\vehalitu.dll
2009-08-20 07:02:19 3 --sha-w- c:\windows\system32\vesobopa.dll
2009-08-24 18:19:49 3 --sha-w- c:\windows\system32\vijibite.dll
2009-08-29 19:36:13 45056 --sha-w- c:\windows\system32\vinelewe.dll
2009-08-21 22:19:01 3 --sha-w- c:\windows\system32\vuvufoha.dll
2009-08-20 20:16:16 3 --sha-w- c:\windows\system32\wafetela.dll
2009-08-20 19:53:41 3 --sha-w- c:\windows\system32\watekaho.dll
2009-12-01 08:38:26 2098 --sh--w- c:\windows\system32\watekoda.dll
2009-08-22 11:33:06 3 --sha-w- c:\windows\system32\weneretu.dll
2009-08-21 20:51:19 3 --sha-w- c:\windows\system32\werudowi.dll
2009-08-21 21:56:27 3 --sha-w- c:\windows\system32\wibamupu.dll
2009-08-24 18:42:24 3 --sha-w- c:\windows\system32\wileroso.dll
2009-08-23 14:01:38 3 --sha-w- c:\windows\system32\wisiwawi.dll
2009-08-24 23:28:03 3 --sha-w- c:\windows\system32\wobopaga.dll
2009-08-20 06:39:44 3 --sha-w- c:\windows\system32\woduluju.dll
2009-08-21 20:28:44 3 --sha-w- c:\windows\system32\wohekili.dll
2009-11-08 06:15:52 2098 --sh--w- c:\windows\system32\wopowupa.dll
2009-08-27 20:43:16 40401 --sha-w- c:\windows\system32\woweketi.dll
2009-08-16 06:18:58 73728 --sha-w- c:\windows\system32\wukoraga.dll
2009-08-22 12:18:46 3 --sha-w- c:\windows\system32\wurirajo.dll
2009-10-30 06:12:03 39424 --sh--w- c:\windows\system32\yapadoyi.dll
2009-11-10 06:16:40 2098 --sh--w- c:\windows\system32\yarirozu.dll
2009-08-24 18:19:49 3 --sha-w- c:\windows\system32\yehewusu.dll
2009-08-13 06:17:57 39424 --sha-w- c:\windows\system32\yekaleya.dll
2009-08-29 20:36:22 45056 --sha-w- c:\windows\system32\yeneriho.dll
2009-08-22 11:10:27 3 --sha-w- c:\windows\system32\yerezije.dll
2009-08-22 11:55:57 3 --sha-w- c:\windows\system32\yezutumo.dll
2009-08-17 06:19:36 22528 --sha-w- c:\windows\system32\yijazowi.exe
2009-11-14 18:18:30 39424 --sh--w- c:\windows\system32\yinuzevo.dll
2009-08-24 23:50:39 3 --sha-w- c:\windows\system32\yofewewo.dll
2009-07-30 18:11:48 2048 --sha-w- c:\windows\system32\yumaluso.dll
2009-08-23 01:32:53 3 --sha-w- c:\windows\system32\zaliviza.dll
2009-11-11 06:17:01 2098 --sh--w- c:\windows\system32\zebasovo.dll
2009-08-23 01:10:19 3 --sha-w- c:\windows\system32\zedufade.dll
2009-08-24 02:30:24 3 --sha-w- c:\windows\system32\zefeyaga.dll
2009-08-25 10:05:49 3 --sha-w- c:\windows\system32\zehiheve.dll
2009-12-01 08:38:17 2098 --sh--w- c:\windows\system32\zehuwabu.dll
2009-08-30 08:36:40 34593 --sha-w- c:\windows\system32\zelokore.dll
2009-08-25 22:12:40 3 --sha-w- c:\windows\system32\zemerunu.dll
2009-08-24 19:04:58 3 --sha-w- c:\windows\system32\zibebega.dll
2009-09-17 09:58:41 5554 --sha-w- c:\windows\system32\zilivihi.dll
2009-08-20 19:53:42 3 --sha-w- c:\windows\system32\zinelaha.dll
2009-12-01 08:38:27 2098 --sh--w- c:\windows\system32\zopimiwo.dll
2009-08-24 18:19:50 3 --sha-w- c:\windows\system32\zotaloko.dll
2009-08-24 02:52:57 3 --sha-w- c:\windows\system32\zujiduto.dll
2009-08-24 02:30:24 3 --sha-w- c:\windows\system32\zujuhoru.dll
2009-08-24 15:21:50 3 --sha-w- c:\windows\system32\zusasawe.dll
2009-11-10 06:16:39 2098 --sh--w- c:\windows\system32\zusiminu.dll

============= FINISH: 10:45:43.25 ===============


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:18 on 04/03/2010 (Heather)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-04 11:19:45
Windows 5.1.2600 Service Pack 3
Running: gebj6uiu.exe; Driver: C:\DOCUME~1\Heather\LOCALS~1\Temp\uxtdipog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF29B24FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF29B2322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF29B245C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs NaiFiltr.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----





#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:57 PM

Posted 04 March 2010 - 02:39 PM

With all respect I expect you to read all the post fully and give me feedback if needed. This is the third and last time I'm asking this:

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

In case you don't agree you are on your own.

#7 puckguy81

puckguy81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 04 March 2010 - 04:04 PM

I'm sorry, yes I agree to not make any changes, I forgot to put that in the last post, I appreciate your help.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:57 PM

Posted 04 March 2010 - 04:24 PM

Thank you.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  1. I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either avast! Free Antivirus or Trend Micro AntiVirus.

  2. I see on the log the Crawler Toolbar is installed on your computer:

    This program is an open to debate toolbar which might be related to adware or is installed without informed consent of the user. You may read more about Crawler Toolbar HERE and HERE

    If you decide to uninstall Crawler Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Crawler Toolbar with Web Security Guard

    Also remove the folder in bold: C:\Program Files\Crawler

  3. I see on your log that Pokerstar is installed on your computer:

    This program is known to be related to adware/spyware. More information here: http://www.bleepingcomputer.com/uninstall/...rStars.net.html
    To uninstall it:
    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    PokerStars

    Also remove the folder in bold: C:\Program Files\PokerStars

  4. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


    In case malware prevented it from updating or running using Windows Explorer (right-click start > Explorer) navigate to the following folder: C"\Program Files\Malwarebyte' Anti-Malware
    Locate the file mbam.exe and rename it to clear.exe then double-click to run it.

    In case the Malwarebytes exe gets deleted by the malware (Code 2 error, mbam.exe not found) download a randomized renamed mbam.exe version from here.
    Place the renamed mbam.exe in the Program Files\Malwarebytes' Anti-Malware folder and run the renamed file from there directly instead of using the shortcut.


#9 puckguy81

puckguy81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 04 March 2010 - 08:07 PM

Ok, I ran, Malwarebytes. I also deleted the programs you suggested. All of the DLL errors are gone, but it is still very slow to load the windows screen, is there anything else I need to do?



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:57 PM

Posted 04 March 2010 - 08:56 PM

We are by no means finished unless you decide it that way. So if you want me to proceed please post the log.


#11 puckguy81

puckguy81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 05 March 2010 - 09:35 AM

Definitely want to continue!

Here is the log:Malwarebytes' Anti-Malware 1.44
Database version: 3825
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180

3/4/2010 5:54:12 PM
mbam-log-2010-03-04 (17-54-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 263359
Time elapsed: 2 hour(s), 26 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 6
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 305

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cf46bfb3-2acc-441b-b82b-36b9562c7ff1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tinayuyez (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ruyopibimu (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{22a6ae17-422e-4d8a-bb15-453fff59e995}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.0.1 205.171.3.25 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\zwangisearch (Adware.Zwangi) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\begopasu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\behuwigo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\belamahu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bibowobe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bidifetu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bipomelu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bituzisa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\boloyahe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bozarevu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\budifene.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dapavama.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dezevata.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dikitipo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\doferaga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dojidona.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dorahoki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dorajeli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dunasabe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dupejume.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dupibowi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\duwetabe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\femizaji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\feyojejo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fijovopo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fikefezi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fimedeme.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\forapahi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fovodewa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\funefuwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fuvavepu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gadonesi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\galemoku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\geduvuha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\gisazoko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\guhazoni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\guriwuva.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hapevapu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hefonafo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hehosere.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hesagaho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hijesafu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hofubayi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hofukuwu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hogumana.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\holusifo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hujepaka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hulipiso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hunulane.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\huyesiba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jafazeni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jawobeze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jehekohi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jeyiribe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jidudesu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jihulara.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jihuwiyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jijarote.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jijobozu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jotaziba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jotefago.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jozufiwe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\junirizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\juyoweyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kedulide.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kepuluse.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kivibaze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kogiviwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kuhisivu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lamabahe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\laniliwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lavoforo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lehumawu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\leleyawe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\letojoje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\liwadefi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\liwinege.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\luharuvu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lukazahe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luyumuni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\majimaba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mejeweme.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mipehiye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mititato.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mohokela.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mokufumi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\moresopu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mugabiyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mumifovo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nahutela.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nemeyoya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nijeyopu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nomirasu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nozefovo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nuhatove.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nulibubi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuluvalo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nunaruko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nusakipo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\paletigi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\payukuna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pekutula.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pepakumu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pereguro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\perosaro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pijifazo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pipijofa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\piyadayi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\piyomuve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\podemiwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pogudoma.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\punahudo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\purujufe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ragatusi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\repepuyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rerodoho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\revizijo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rijotawi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rogusuba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rohokeku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rowopoyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rugahojo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rujekare.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rupovowu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\salafewu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sevutoso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sewezago.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sihiyadu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sipetizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sogolite.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\somiviri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sotodino.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sugedaku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tayulefu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tenoheze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\teyubodo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tijugava.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\todunahe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tofibune.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tuhezolo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tukowohu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tuweyudu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vabefali.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vahipoja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vamopile.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vanaputi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vawaweni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vazuweyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vehalitu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vejomuvu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vesobopa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vijibite.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vinelewe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vokidabo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vuvufoha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wafetela.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\watekaho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\watekoda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\weneretu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\werudowi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wibamupu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wileroso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wisiwawi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wobopaga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\woduluju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wohekili.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wopowupa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\woweketi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wukoraga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wurirajo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yapadoyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yarirozu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yehewusu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yekaleya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yeneriho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yerezije.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yezutumo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yinuzevo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yiwisoze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yofewewo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yumaluso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zaliviza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zebasovo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zedufade.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zefeyaga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zehiheve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zehuwabu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zelokore.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zemerunu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zibebega.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zilivihi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zinelaha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zopimiwo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zotaloko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zugolije.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zujiduto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zujuhoru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zusasawe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zusiminu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005054.old (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005058.exe (Trojan.Ascesso) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005059.exe (Trojan.Ascesso) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005060.exe (Rogue.AdvancedAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005061.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005062.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005064.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005065.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005067.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005068.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005069.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005074.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005075.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005078.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005080.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005081.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005082.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005083.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005086.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005088.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005089.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005090.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005092.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005093.dll (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005094.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005095.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005096.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005097.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005098.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005099.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005100.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005101.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005102.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005103.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005107.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005108.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005110.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005111.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005112.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005114.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005091.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0005109.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0006129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0006130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0006131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010257.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010242.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010243.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010244.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010245.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010246.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010247.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010248.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010249.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010250.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010251.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010252.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010253.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010254.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010255.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010256.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010258.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010259.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010260.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010261.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010262.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010263.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010264.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010265.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010266.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010268.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010269.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010270.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0010271.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\isapeep.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\husovetu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\logo[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\logo[2].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Heather\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Heather\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:57 PM

Posted 05 March 2010 - 09:45 AM

Malwarebytes removed a lot.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • You will get a warning about the not trusted download sites for ComboFix, click Yes.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#13 puckguy81

puckguy81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 05 March 2010 - 10:51 AM

ComboFix 10-03-04.05 - Heather 03/05/2010 8:09.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.183 [GMT -7:00]
Running from: c:\documents and settings\Heather\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Common Files\SLMSS
c:\program files\Common Files\SLMSS\acp1.dat
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Install.txt
c:\windows\msettings.ini
c:\windows\system32\1000.exe
c:\windows\system32\10020.exe
c:\windows\system32\10021.exe
c:\windows\system32\10040.exe
c:\windows\system32\10067.exe
c:\windows\system32\10075.exe
c:\windows\system32\10112.exe
c:\windows\system32\1017.exe
c:\windows\system32\10176.exe
c:\windows\system32\1018.exe
c:\windows\system32\10195.exe
c:\windows\system32\10202.exe
c:\windows\system32\10214.exe
c:\windows\system32\10285.exe
c:\windows\system32\10291.exe
c:\windows\system32\10322.exe
c:\windows\system32\10341.exe
c:\windows\system32\10348.exe
c:\windows\system32\10353.exe
c:\windows\system32\10383.exe
c:\windows\system32\10390.exe
c:\windows\system32\10435.exe
c:\windows\system32\10466.exe
c:\windows\system32\10548.exe
c:\windows\system32\10555.exe
c:\windows\system32\10585.exe
c:\windows\system32\10632.exe
c:\windows\system32\10662.exe
c:\windows\system32\10712.exe
c:\windows\system32\10792.exe
c:\windows\system32\10808.exe
c:\windows\system32\10817.exe
c:\windows\system32\10893.exe
c:\windows\system32\11008.exe
c:\windows\system32\11020.exe
c:\windows\system32\11023.exe
c:\windows\system32\11063.exe
c:\windows\system32\11075.exe
c:\windows\system32\11124.exe
c:\windows\system32\11173.exe
c:\windows\system32\11192.exe
c:\windows\system32\11224.exe
c:\windows\system32\11247.exe
c:\windows\system32\11258.exe
c:\windows\system32\11260.exe
c:\windows\system32\1131.exe
c:\windows\system32\11323.exe
c:\windows\system32\11337.exe
c:\windows\system32\11342.exe
c:\windows\system32\11348.exe
c:\windows\system32\11413.exe
c:\windows\system32\11422.exe
c:\windows\system32\11435.exe
c:\windows\system32\11462.exe
c:\windows\system32\11477.exe
c:\windows\system32\11478.exe
c:\windows\system32\1150.exe
c:\windows\system32\11511.exe
c:\windows\system32\11538.exe
c:\windows\system32\11585.exe
c:\windows\system32\11599.exe
c:\windows\system32\11600.exe
c:\windows\system32\11635.exe
c:\windows\system32\11642.exe
c:\windows\system32\11664.exe
c:\windows\system32\11701.exe
c:\windows\system32\11713.exe
c:\windows\system32\11833.exe
c:\windows\system32\11840.exe
c:\windows\system32\11903.exe
c:\windows\system32\11935.exe
c:\windows\system32\11942.exe
c:\windows\system32\1200.exe
c:\windows\system32\1204.exe
c:\windows\system32\12043.exe
c:\windows\system32\12044.exe
c:\windows\system32\12052.exe
c:\windows\system32\12053.exe
c:\windows\system32\12132.exe
c:\windows\system32\12164.exe
c:\windows\system32\12181.exe
c:\windows\system32\12193.exe
c:\windows\system32\12208.exe
c:\windows\system32\12263.exe
c:\windows\system32\12287.exe
c:\windows\system32\12292.exe
c:\windows\system32\123.exe
c:\windows\system32\12316.exe
c:\windows\system32\12317.exe
c:\windows\system32\12382.exe
c:\windows\system32\12392.exe
c:\windows\system32\12423.exe
c:\windows\system32\12455.exe
c:\windows\system32\12497.exe
c:\windows\system32\12508.exe
c:\windows\system32\12529.exe
c:\windows\system32\12550.exe
c:\windows\system32\12560.exe
c:\windows\system32\12623.exe
c:\windows\system32\12637.exe
c:\windows\system32\12638.exe
c:\windows\system32\1264.exe
c:\windows\system32\12673.exe
c:\windows\system32\12717.exe
c:\windows\system32\12722.exe
c:\windows\system32\12734.exe
c:\windows\system32\12760.exe
c:\windows\system32\12818.exe
c:\windows\system32\1282.exe
c:\windows\system32\12835.exe
c:\windows\system32\12843.exe
c:\windows\system32\12859.exe
c:\windows\system32\12896.exe
c:\windows\system32\12938.exe
c:\windows\system32\12949.exe
c:\windows\system32\12993.exe
c:\windows\system32\13007.exe
c:\windows\system32\13022.exe
c:\windows\system32\13030.exe
c:\windows\system32\13031.exe
c:\windows\system32\13061.exe
c:\windows\system32\13064.exe
c:\windows\system32\13142.exe
c:\windows\system32\13169.exe
c:\windows\system32\13186.exe
c:\windows\system32\13210.exe
c:\windows\system32\13261.exe
c:\windows\system32\13290.exe
c:\windows\system32\13295.exe
c:\windows\system32\13357.exe
c:\windows\system32\1337.exe
c:\windows\system32\13401.exe
c:\windows\system32\13452.exe
c:\windows\system32\13458.exe
c:\windows\system32\13467.exe
c:\windows\system32\1355.exe
c:\windows\system32\13584.exe
c:\windows\system32\13648.exe
c:\windows\system32\13653.exe
c:\windows\system32\13694.exe
c:\windows\system32\13829.exe
c:\windows\system32\13931.exe
c:\windows\system32\13966.exe
c:\windows\system32\13967.exe
c:\windows\system32\13971.exe
c:\windows\system32\13977.exe
c:\windows\system32\13985.exe
c:\windows\system32\140.exe
c:\windows\system32\14008.exe
c:\windows\system32\14015.exe
c:\windows\system32\14018.exe
c:\windows\system32\14146.exe
c:\windows\system32\1416.exe
c:\windows\system32\14181.exe
c:\windows\system32\142.exe
c:\windows\system32\14231.exe
c:\windows\system32\14250.exe
c:\windows\system32\14256.exe
c:\windows\system32\14266.exe
c:\windows\system32\14270.exe
c:\windows\system32\14309.exe
c:\windows\system32\14310.exe
c:\windows\system32\14343.exe
c:\windows\system32\14369.exe
c:\windows\system32\1440.exe
c:\windows\system32\14413.exe
c:\windows\system32\14423.exe
c:\windows\system32\14438.exe
c:\windows\system32\14460.exe
c:\windows\system32\14464.exe
c:\windows\system32\14474.exe
c:\windows\system32\14485.exe
c:\windows\system32\1451.exe
c:\windows\system32\14604.exe
c:\windows\system32\14606.exe
c:\windows\system32\14625.exe
c:\windows\system32\14644.exe
c:\windows\system32\14688.exe
c:\windows\system32\14700.exe
c:\windows\system32\14735.exe
c:\windows\system32\14736.exe
c:\windows\system32\14771.exe
c:\windows\system32\14798.exe
c:\windows\system32\148.exe
c:\windows\system32\14887.exe
c:\windows\system32\14893.exe
c:\windows\system32\14902.exe
c:\windows\system32\14924.exe
c:\windows\system32\14932.exe
c:\windows\system32\14945.exe
c:\windows\system32\14955.exe
c:\windows\system32\14962.exe
c:\windows\system32\14989.exe
c:\windows\system32\15006.exe
c:\windows\system32\15074.exe
c:\windows\system32\15117.exe
c:\windows\system32\15119.exe
c:\windows\system32\15122.exe
c:\windows\system32\15141.exe
c:\windows\system32\15145.exe
c:\windows\system32\1515.exe
c:\windows\system32\15185.exe
c:\windows\system32\15205.exe
c:\windows\system32\15255.exe
c:\windows\system32\15262.exe
c:\windows\system32\15264.exe
c:\windows\system32\15281.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\1539.exe
c:\windows\system32\1541.exe
c:\windows\system32\1543.exe
c:\windows\system32\15457.exe
c:\windows\system32\15498.exe
c:\windows\system32\15540.exe
c:\windows\system32\15573.exe
c:\windows\system32\15574.exe
c:\windows\system32\15676.exe
c:\windows\system32\15698.exe
c:\windows\system32\15724.exe
c:\windows\system32\15748.exe
c:\windows\system32\15759.exe
c:\windows\system32\1587.exe
c:\windows\system32\1588.exe
c:\windows\system32\15881.exe
c:\windows\system32\15890.exe
c:\windows\system32\15944.exe
c:\windows\system32\16036.exe
c:\windows\system32\16105.exe
c:\windows\system32\16118.exe
c:\windows\system32\16139.exe
c:\windows\system32\16142.exe
c:\windows\system32\16152.exe
c:\windows\system32\16188.exe
c:\windows\system32\16202.exe
c:\windows\system32\16215.exe
c:\windows\system32\1626.exe
c:\windows\system32\16279.exe
c:\windows\system32\16282.exe
c:\windows\system32\16303.exe
c:\windows\system32\1637.exe
c:\windows\system32\16413.exe
c:\windows\system32\16419.exe
c:\windows\system32\16423.exe
c:\windows\system32\1650.exe
c:\windows\system32\16512.exe
c:\windows\system32\16519.exe
c:\windows\system32\16541.exe
c:\windows\system32\16549.exe
c:\windows\system32\1655.exe
c:\windows\system32\16565.exe
c:\windows\system32\16596.exe
c:\windows\system32\16634.exe
c:\windows\system32\16641.exe
c:\windows\system32\16687.exe
c:\windows\system32\16734.exe
c:\windows\system32\16785.exe
c:\windows\system32\16810.exe
c:\windows\system32\16827.exe
c:\windows\system32\16858.exe
c:\windows\system32\16941.exe
c:\windows\system32\16944.exe
c:\windows\system32\16962.exe
c:\windows\system32\16972.exe
c:\windows\system32\17035.exe
c:\windows\system32\17086.exe
c:\windows\system32\17103.exe
c:\windows\system32\17159.exe
c:\windows\system32\17189.exe
c:\windows\system32\17192.exe
c:\windows\system32\17222.exe
c:\windows\system32\17253.exe
c:\windows\system32\17272.exe
c:\windows\system32\17371.exe
c:\windows\system32\17398.exe
c:\windows\system32\17410.exe
c:\windows\system32\17421.exe
c:\windows\system32\17437.exe
c:\windows\system32\17451.exe
c:\windows\system32\17505.exe
c:\windows\system32\1752.exe
c:\windows\system32\17546.exe
c:\windows\system32\17549.exe
c:\windows\system32\17578.exe
c:\windows\system32\1758.exe
c:\windows\system32\1763.exe
c:\windows\system32\17673.exe
c:\windows\system32\1769.exe
c:\windows\system32\17713.exe
c:\windows\system32\17773.exe
c:\windows\system32\17807.exe
c:\windows\system32\17825.exe
c:\windows\system32\17841.exe
c:\windows\system32\17861.exe
c:\windows\system32\17864.exe
c:\windows\system32\17870.exe
c:\windows\system32\17913.exe
c:\windows\system32\17952.exe
c:\windows\system32\17958.exe
c:\windows\system32\17964.exe
c:\windows\system32\18007.exe
c:\windows\system32\18035.exe
c:\windows\system32\18057.exe
c:\windows\system32\18060.exe
c:\windows\system32\18087.exe
c:\windows\system32\18114.exe
c:\windows\system32\18127.exe
c:\windows\system32\18190.exe
c:\windows\system32\18230.exe
c:\windows\system32\18240.exe
c:\windows\system32\1832.exe
c:\windows\system32\18330.exe
c:\windows\system32\18332.exe
c:\windows\system32\1842.exe
c:\windows\system32\18443.exe
c:\windows\system32\18467.exe
c:\windows\system32\18538.exe
c:\windows\system32\18540.exe
c:\windows\system32\18584.exe
c:\windows\system32\18588.exe
c:\windows\system32\18636.exe
c:\windows\system32\18649.exe
c:\windows\system32\18651.exe
c:\windows\system32\18662.exe
c:\windows\system32\18678.exe
c:\windows\system32\1869.exe
c:\windows\system32\18696.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\18762.exe
c:\windows\system32\18786.exe
c:\windows\system32\18787.exe
c:\windows\system32\18823.exe
c:\windows\system32\18875.exe
c:\windows\system32\18896.exe
c:\windows\system32\18935.exe
c:\windows\system32\18958.exe
c:\windows\system32\19008.exe
c:\windows\system32\19037.exe
c:\windows\system32\19038.exe
c:\windows\system32\19072.exe
c:\windows\system32\19090.exe
c:\windows\system32\19102.exe
c:\windows\system32\19156.exe
c:\windows\system32\19169.exe
c:\windows\system32\19187.exe
c:\windows\system32\1924.exe
c:\windows\system32\1926.exe
c:\windows\system32\19264.exe
c:\windows\system32\19271.exe
c:\windows\system32\19279.exe
c:\windows\system32\193.exe
c:\windows\system32\19314.exe
c:\windows\system32\19340.exe
c:\windows\system32\19353.exe
c:\windows\system32\19357.exe
c:\windows\system32\19364.exe
c:\windows\system32\19369.exe
c:\windows\system32\19370.exe
c:\windows\system32\19375.exe
c:\windows\system32\19405.exe
c:\windows\system32\19497.exe
c:\windows\system32\19558.exe
c:\windows\system32\19589.exe
c:\windows\system32\19593.exe
c:\windows\system32\19629.exe
c:\windows\system32\19647.exe
c:\windows\system32\19668.exe
c:\windows\system32\19690.exe
c:\windows\system32\19711.exe
c:\windows\system32\19718.exe
c:\windows\system32\19796.exe
c:\windows\system32\19801.exe
c:\windows\system32\19815.exe
c:\windows\system32\19820.exe
c:\windows\system32\19855.exe
c:\windows\system32\19866.exe
c:\windows\system32\19870.exe
c:\windows\system32\19886.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\19917.exe
c:\windows\system32\19923.exe
c:\windows\system32\1993.exe
c:\windows\system32\19954.exe
c:\windows\system32\19976.exe
c:\windows\system32\1999.exe
c:\windows\system32\20024.exe
c:\windows\system32\20037.exe
c:\windows\system32\20040.exe
c:\windows\system32\20053.exe
c:\windows\system32\20055.exe
c:\windows\system32\20072.exe
c:\windows\system32\2011.exe
c:\windows\system32\20142.exe
c:\windows\system32\20159.exe
c:\windows\system32\20164.exe
c:\windows\system32\20175.exe
c:\windows\system32\20215.exe
c:\windows\system32\20222.exe
c:\windows\system32\20259.exe
c:\windows\system32\20267.exe
c:\windows\system32\20314.exe
c:\windows\system32\20315.exe
c:\windows\system32\20326.exe
c:\windows\system32\20328.exe
c:\windows\system32\20333.exe
c:\windows\system32\20334.exe
c:\windows\system32\20355.exe
c:\windows\system32\20416.exe
c:\windows\system32\20424.exe
c:\windows\system32\20426.exe
c:\windows\system32\20450.exe
c:\windows\system32\20472.exe
c:\windows\system32\20482.exe
c:\windows\system32\20485.exe
c:\windows\system32\20510.exe
c:\windows\system32\20537.exe
c:\windows\system32\20556.exe
c:\windows\system32\20577.exe
c:\windows\system32\20580.exe
c:\windows\system32\20600.exe
c:\windows\system32\20601.exe
c:\windows\system32\20608.exe
c:\windows\system32\20626.exe
c:\windows\system32\20649.exe
c:\windows\system32\20671.exe
c:\windows\system32\20783.exe
c:\windows\system32\20798.exe
c:\windows\system32\2082.exe
c:\windows\system32\20851.exe
c:\windows\system32\2088.exe
c:\windows\system32\20888.exe
c:\windows\system32\20913.exe
c:\windows\system32\20945.exe
c:\windows\system32\21003.exe
c:\windows\system32\21015.exe
c:\windows\system32\21025.exe
c:\windows\system32\21080.exe
c:\windows\system32\21098.exe
c:\windows\system32\21113.exe
c:\windows\system32\21119.exe
c:\windows\system32\21132.exe
c:\windows\system32\21153.exe
c:\windows\system32\21221.exe
c:\windows\system32\2125.exe
c:\windows\system32\21318.exe
c:\windows\system32\21416.exe
c:\windows\system32\21425.exe
c:\windows\system32\21430.exe
c:\windows\system32\21457.exe
c:\windows\system32\21459.exe
c:\windows\system32\21520.exe
c:\windows\system32\21538.exe
c:\windows\system32\2154.exe
c:\windows\system32\21543.exe
c:\windows\system32\21545.exe
c:\windows\system32\21548.exe
c:\windows\system32\21556.exe
c:\windows\system32\2161.exe
c:\windows\system32\21624.exe
c:\windows\system32\21634.exe
c:\windows\system32\21659.exe
c:\windows\system32\2168.exe
c:\windows\system32\21694.exe
c:\windows\system32\21718.exe
c:\windows\system32\21724.exe
c:\windows\system32\21726.exe
c:\windows\system32\21763.exe
c:\windows\system32\21881.exe
c:\windows\system32\21945.exe
c:\windows\system32\21948.exe
c:\windows\system32\22029.exe
c:\windows\system32\22044.exe
c:\windows\system32\22093.exe
c:\windows\system32\22142.exe
c:\windows\system32\22171.exe
c:\windows\system32\22185.exe
c:\windows\system32\22190.exe
c:\windows\system32\2220.exe
c:\windows\system32\2223.exe
c:\windows\system32\22233.exe
c:\windows\system32\22262.exe
c:\windows\system32\22279.exe
c:\windows\system32\22296.exe
c:\windows\system32\22355.exe
c:\windows\system32\22386.exe
c:\windows\system32\22409.exe
c:\windows\system32\22410.exe
c:\windows\system32\22413.exe
c:\windows\system32\22428.exe
c:\windows\system32\22466.exe
c:\windows\system32\22483.exe
c:\windows\system32\22532.exe
c:\windows\system32\22536.exe
c:\windows\system32\22549.exe
c:\windows\system32\22593.exe
c:\windows\system32\22619.exe
c:\windows\system32\22646.exe
c:\windows\system32\22648.exe
c:\windows\system32\22658.exe
c:\windows\system32\22663.exe
c:\windows\system32\22701.exe
c:\windows\system32\22704.exe
c:\windows\system32\22725.exe
c:\windows\system32\22741.exe
c:\windows\system32\22758.exe
c:\windows\system32\22765.exe
c:\windows\system32\22798.exe
c:\windows\system32\22813.exe
c:\windows\system32\22848.exe
c:\windows\system32\22850.exe
c:\windows\system32\22888.exe
c:\windows\system32\22913.exe
c:\windows\system32\22929.exe
c:\windows\system32\22987.exe
c:\windows\system32\2303.exe
c:\windows\system32\2306.exe
c:\windows\system32\23073.exe
c:\windows\system32\23152.exe
c:\windows\system32\23191.exe
c:\windows\system32\23194.exe
c:\windows\system32\23195.exe
c:\windows\system32\23196.exe
c:\windows\system32\23199.exe
c:\windows\system32\23216.exe
c:\windows\system32\2324.exe
c:\windows\system32\23245.exe
c:\windows\system32\23271.exe
c:\windows\system32\23281.exe
c:\windows\system32\23299.exe
c:\windows\system32\23318.exe
c:\windows\system32\23342.exe
c:\windows\system32\23388.exe
c:\windows\system32\23392.exe
c:\windows\system32\235.exe
c:\windows\system32\23622.exe
c:\windows\system32\2363.exe
c:\windows\system32\23646.exe
c:\windows\system32\23655.exe
c:\windows\system32\2368.exe
c:\windows\system32\2369.exe
c:\windows\system32\23754.exe
c:\windows\system32\23757.exe
c:\windows\system32\23775.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\23815.exe
c:\windows\system32\23831.exe
c:\windows\system32\23844.exe
c:\windows\system32\23847.exe
c:\windows\system32\23850.exe
c:\windows\system32\23851.exe
c:\windows\system32\23869.exe
c:\windows\system32\23928.exe
c:\windows\system32\23936.exe
c:\windows\system32\23971.exe
c:\windows\system32\23986.exe
c:\windows\system32\23992.exe
c:\windows\system32\24021.exe
c:\windows\system32\24028.exe
c:\windows\system32\24041.exe
c:\windows\system32\24050.exe
c:\windows\system32\24060.exe
c:\windows\system32\24084.exe
c:\windows\system32\24108.exe
c:\windows\system32\24129.exe
c:\windows\system32\24155.exe
c:\windows\system32\24179.exe
c:\windows\system32\24182.exe
c:\windows\system32\2421.exe
c:\windows\system32\24221.exe
c:\windows\system32\24229.exe
c:\windows\system32\24272.exe
c:\windows\system32\24350.exe
c:\windows\system32\24355.exe
c:\windows\system32\24370.exe
c:\windows\system32\24372.exe
c:\windows\system32\24389.exe
c:\windows\system32\24393.exe
c:\windows\system32\24423.exe
c:\windows\system32\24429.exe
c:\windows\system32\24464.exe
c:\windows\system32\24472.exe
c:\windows\system32\24484.exe
c:\windows\system32\24488.exe
c:\windows\system32\24516.exe
c:\windows\system32\24555.exe
c:\windows\system32\24596.exe
c:\windows\system32\24626.exe
c:\windows\system32\24648.exe
c:\windows\system32\24766.exe
c:\windows\system32\24767.exe
c:\windows\system32\2483.exe
c:\windows\system32\24848.exe
c:\windows\system32\24855.exe
c:\windows\system32\24868.exe
c:\windows\system32\24937.exe
c:\windows\system32\24946.exe
c:\windows\system32\24948.exe
c:\windows\system32\24970.exe
c:\windows\system32\25072.exe
c:\windows\system32\25087.exe
c:\windows\system32\2510.exe
c:\windows\system32\25200.exe
c:\windows\system32\25205.exe
c:\windows\system32\25264.exe
c:\windows\system32\25269.exe
c:\windows\system32\2531.exe
c:\windows\system32\25311.exe
c:\windows\system32\25313.exe
c:\windows\system32\25347.exe
c:\windows\system32\25402.exe
c:\windows\system32\25411.exe
c:\windows\system32\25423.exe
c:\windows\system32\25484.exe
c:\windows\system32\25508.exe
c:\windows\system32\25542.exe
c:\windows\system32\25547.exe
c:\windows\system32\25561.exe
c:\windows\system32\25620.exe
c:\windows\system32\25627.exe
c:\windows\system32\25629.exe
c:\windows\system32\25667.exe
c:\windows\system32\25705.exe
c:\windows\system32\25721.exe
c:\windows\system32\25734.exe
c:\windows\system32\2575.exe
c:\windows\system32\25760.exe
c:\windows\system32\25824.exe
c:\windows\system32\25874.exe
c:\windows\system32\2589.exe
c:\windows\system32\25990.exe
c:\windows\system32\25996.exe
c:\windows\system32\2600.exe
c:\windows\system32\26019.exe
c:\windows\system32\26058.exe
c:\windows\system32\2607.exe
c:\windows\system32\26102.exe
c:\windows\system32\26116.exe
c:\windows\system32\26129.exe
c:\windows\system32\26154.exe
c:\windows\system32\2616.exe
c:\windows\system32\26168.exe
c:\windows\system32\26173.exe
c:\windows\system32\2625.exe
c:\windows\system32\26264.exe
c:\windows\system32\26292.exe
c:\windows\system32\26299.exe
c:\windows\system32\26302.exe
c:\windows\system32\26303.exe
c:\windows\system32\26308.exe
c:\windows\system32\2634.exe
c:\windows\system32\26362.exe
c:\windows\system32\26418.exe
c:\windows\system32\26423.exe
c:\windows\system32\26428.exe
c:\windows\system32\26439.exe
c:\windows\system32\26463.exe
c:\windows\system32\26477.exe
c:\windows\system32\26488.exe
c:\windows\system32\26500.exe
c:\windows\system32\26504.exe
c:\windows\system32\26534.exe
c:\windows\system32\26547.exe
c:\windows\system32\26576.exe
c:\windows\system32\2668.exe
c:\windows\system32\2670.exe
c:\windows\system32\26740.exe
c:\windows\system32\26770.exe
c:\windows\system32\26777.exe
c:\windows\system32\26869.exe
c:\windows\system32\26909.exe
c:\windows\system32\26924.exe
c:\windows\system32\2695.exe
c:\windows\system32\26952.exe
c:\windows\system32\26962.exe
c:\windows\system32\26969.exe
c:\windows\system32\26991.exe
c:\windows\system32\27067.exe
c:\windows\system32\27088.exe
c:\windows\system32\27109.exe
c:\windows\system32\27136.exe
c:\windows\system32\27152.exe
c:\windows\system32\27157.exe
c:\windows\system32\2716.exe
c:\windows\system32\27348.exe
c:\windows\system32\27350.exe
c:\windows\system32\27384.exe
c:\windows\system32\27432.exe
c:\windows\system32\27446.exe
c:\windows\system32\27489.exe
c:\windows\system32\27506.exe
c:\windows\system32\27529.exe
c:\windows\system32\27593.exe
c:\windows\system32\27595.exe
c:\windows\system32\27611.exe
c:\windows\system32\27624.exe
c:\windows\system32\27644.exe
c:\windows\system32\27664.exe
c:\windows\system32\27720.exe
c:\windows\system32\27753.exe
c:\windows\system32\27756.exe
c:\windows\system32\27813.exe
c:\windows\system32\2784.exe
c:\windows\system32\27870.exe
c:\windows\system32\27892.exe
c:\windows\system32\27938.exe
c:\windows\system32\27982.exe
c:\windows\system32\28.exe
c:\windows\system32\2800.exe
c:\windows\system32\28009.exe
c:\windows\system32\28019.exe
c:\windows\system32\28022.exe
c:\windows\system32\28027.exe
c:\windows\system32\28070.exe
c:\windows\system32\28112.exe
c:\windows\system32\28145.exe
c:\windows\system32\28245.exe
c:\windows\system32\28253.exe
c:\windows\system32\28286.exe
c:\windows\system32\28289.exe
c:\windows\system32\28296.exe
c:\windows\system32\28297.exe
c:\windows\system32\28318.exe
c:\windows\system32\28321.exe
c:\windows\system32\28323.exe
c:\windows\system32\28425.exe
c:\windows\system32\28433.exe
c:\windows\system32\28450.exe
c:\windows\system32\28464.exe
c:\windows\system32\28466.exe
c:\windows\system32\28476.exe
c:\windows\system32\28489.exe
c:\windows\system32\28503.exe
c:\windows\system32\28520.exe
c:\windows\system32\28570.exe
c:\windows\system32\28617.exe
c:\windows\system32\2865.exe
c:\windows\system32\28685.exe
c:\windows\system32\28688.exe
c:\windows\system32\28692.exe
c:\windows\system32\28703.exe
c:\windows\system32\28704.exe
c:\windows\system32\28712.exe
c:\windows\system32\28740.exe
c:\windows\system32\28745.exe
c:\windows\system32\28789.exe
c:\windows\system32\28796.exe
c:\windows\system32\288.exe
c:\windows\system32\28865.exe
c:\windows\system32\28869.exe
c:\windows\system32\29011.exe
c:\windows\system32\29067.exe
c:\windows\system32\29141.exe
c:\windows\system32\29168.exe
c:\windows\system32\29170.exe
c:\windows\system32\29174.exe
c:\windows\system32\292.exe
c:\windows\system32\29200.exe
c:\windows\system32\29213.exe
c:\windows\system32\29215.exe
c:\windows\system32\29288.exe
c:\windows\system32\29292.exe
c:\windows\system32\29314.exe
c:\windows\system32\29334.exe
c:\windows\system32\29337.exe
c:\windows\system32\29350.exe
c:\windows\system32\29358.exe
c:\windows\system32\29361.exe
c:\windows\system32\2943.exe
c:\windows\system32\29448.exe
c:\windows\system32\29510.exe
c:\windows\system32\29524.exe
c:\windows\system32\29541.exe
c:\windows\system32\29556.exe
c:\windows\system32\29565.exe
c:\windows\system32\29577.exe
c:\windows\system32\29617.exe
c:\windows\system32\2963.exe
c:\windows\system32\29643.exe
c:\windows\system32\29657.exe
c:\windows\system32\29658.exe
c:\windows\system32\29697.exe
c:\windows\system32\2971.exe
c:\windows\system32\29734.exe
c:\windows\system32\29763.exe
c:\windows\system32\29790.exe
c:\windows\system32\29812.exe
c:\windows\system32\29833.exe
c:\windows\system32\29855.exe
c:\windows\system32\29869.exe
c:\windows\system32\29901.exe
c:\windows\system32\2995.exe
c:\windows\system32\29954.exe
c:\windows\system32\29972.exe
c:\windows\system32\29976.exe
c:\windows\system32\300.exe
c:\windows\system32\30003.exe
c:\windows\system32\30093.exe
c:\windows\system32\30106.exe
c:\windows\system32\30145.exe
c:\windows\system32\30188.exe
c:\windows\system32\30191.exe
c:\windows\system32\30212.exe
c:\windows\system32\30227.exe
c:\windows\system32\303.exe
c:\windows\system32\30303.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\30380.exe
c:\windows\system32\3039.exe
c:\windows\system32\30482.exe
c:\windows\system32\30523.exe
c:\windows\system32\30527.exe
c:\windows\system32\30626.exe
c:\windows\system32\30657.exe
c:\windows\system32\30674.exe
c:\windows\system32\30695.exe
c:\windows\system32\30771.exe
c:\windows\system32\30814.exe
c:\windows\system32\30833.exe
c:\windows\system32\30836.exe
c:\windows\system32\30838.exe
c:\windows\system32\30877.exe
c:\windows\system32\30900.exe
c:\windows\system32\30911.exe
c:\windows\system32\3093.exe
c:\windows\system32\30932.exe
c:\windows\system32\30974.exe
c:\windows\system32\31001.exe
c:\windows\system32\31003.exe
c:\windows\system32\3102.exe
c:\windows\system32\31060.exe
c:\windows\system32\31073.exe
c:\windows\system32\31101.exe
c:\windows\system32\31107.exe
c:\windows\system32\31111.exe
c:\windows\system32\31115.exe
c:\windows\system32\31185.exe
c:\windows\system32\31196.exe
c:\windows\system32\31240.exe
c:\windows\system32\31286.exe
c:\windows\system32\31316.exe
c:\windows\system32\3132.exe
c:\windows\system32\31320.exe
c:\windows\system32\31322.exe
c:\windows\system32\31329.exe
c:\windows\system32\31342.exe
c:\windows\system32\31361.exe
c:\windows\system32\31426.exe
c:\windows\system32\31461.exe
c:\windows\system32\31524.exe
c:\windows\system32\31556.exe
c:\windows\system32\31627.exe
c:\windows\system32\31631.exe
c:\windows\system32\31673.exe
c:\windows\system32\31682.exe
c:\windows\system32\31783.exe
c:\windows\system32\31818.exe
c:\windows\system32\31928.exe
c:\windows\system32\31934.exe
c:\windows\system32\3195.exe
c:\windows\system32\31998.exe
c:\windows\system32\32060.exe
c:\windows\system32\32133.exe
c:\windows\system32\32170.exe
c:\windows\system32\32209.exe
c:\windows\system32\3221.exe
c:\windows\system32\32226.exe
c:\windows\system32\32257.exe
c:\windows\system32\32266.exe
c:\windows\system32\32270.exe
c:\windows\system32\32292.exe
c:\windows\system32\32356.exe
c:\windows\system32\32391.exe
c:\windows\system32\32404.exe
c:\windows\system32\32439.exe
c:\windows\system32\32486.exe
c:\windows\system32\32525.exe
c:\windows\system32\32591.exe
c:\windows\system32\32604.exe
c:\windows\system32\32609.exe
c:\windows\system32\32637.exe
c:\windows\system32\32662.exe
c:\windows\system32\32678.exe
c:\windows\system32\32685.exe
c:\windows\system32\32696.exe
c:\windows\system32\32702.exe
c:\windows\system32\32726.exe
c:\windows\system32\32757.exe
c:\windows\system32\3297.exe
c:\windows\system32\335.exe
c:\windows\system32\3359.exe
c:\windows\system32\3430.exe
c:\windows\system32\3434.exe
c:\windows\system32\3443.exe
c:\windows\system32\3487.exe
c:\windows\system32\3509.exe
c:\windows\system32\3527.exe
c:\windows\system32\3548.exe
c:\windows\system32\3550.exe
c:\windows\system32\3557.exe
c:\windows\system32\3561.exe
c:\windows\system32\3584.exe
c:\windows\system32\3602.exe
c:\windows\system32\3608.exe
c:\windows\system32\3625.exe
c:\windows\system32\3653.exe
c:\windows\system32\3676.exe
c:\windows\system32\3677.exe
c:\windows\system32\3697.exe
c:\windows\system32\3728.exe
c:\windows\system32\3737.exe
c:\windows\system32\3753.exe
c:\windows\system32\3788.exe
c:\windows\system32\3829.exe
c:\windows\system32\3831.exe
c:\windows\system32\3878.exe
c:\windows\system32\3882.exe
c:\windows\system32\3902.exe
c:\windows\system32\3959.exe
c:\windows\system32\4031.exe
c:\windows\system32\4041.exe
c:\windows\system32\4084.exe
c:\windows\system32\4099.exe
c:\windows\system32\4144.exe
c:\windows\system32\4169.exe
c:\windows\system32\4186.exe
c:\windows\system32\4213.exe
c:\windows\system32\4313.exe
c:\windows\system32\4414.exe
c:\windows\system32\4474.exe
c:\windows\system32\4501.exe
c:\windows\system32\4536.exe
c:\windows\system32\4565.exe
c:\windows\system32\4596.exe
c:\windows\system32\4636.exe
c:\windows\system32\4639.exe
c:\windows\system32\4660.exe
c:\windows\system32\4664.exe
c:\windows\system32\4667.exe
c:\windows\system32\467.exe
c:\windows\system32\4675.exe
c:\windows\system32\4678.exe
c:\windows\system32\4681.exe
c:\windows\system32\4734.exe
c:\windows\system32\4745.exe
c:\windows\system32\4757.exe
c:\windows\system32\4802.exe
c:\windows\system32\481.exe
c:\windows\system32\4827.exe
c:\windows\system32\4833.exe
c:\windows\system32\4845.exe
c:\windows\system32\4886.exe
c:\windows\system32\491.exe
c:\windows\system32\4940.exe
c:\windows\system32\4944.exe
c:\windows\system32\4966.exe
c:\windows\system32\4975.exe
c:\windows\system32\5002.exe
c:\windows\system32\5021.exe
c:\windows\system32\503.exe
c:\windows\system32\5030.exe
c:\windows\system32\5048.exe
c:\windows\system32\5049.exe
c:\windows\system32\5073.exe
c:\windows\system32\5075.exe
c:\windows\system32\5097.exe
c:\windows\system32\5100.exe
c:\windows\system32\5108.exe
c:\windows\system32\5109.exe
c:\windows\system32\5249.exe
c:\windows\system32\5275.exe
c:\windows\system32\53.exe
c:\windows\system32\5402.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5454.exe
c:\windows\system32\5535.exe
c:\windows\system32\5537.exe
c:\windows\system32\5556.exe
c:\windows\system32\5565.exe
c:\windows\system32\5589.exe
c:\windows\system32\5601.exe
c:\windows\system32\5629.exe
c:\windows\system32\5662.exe
c:\windows\system32\5699.exe
c:\windows\system32\5705.exe
c:\windows\system32\5706.exe
c:\windows\system32\5786.exe
c:\windows\system32\58.exe
c:\windows\system32\5829.exe
c:\windows\system32\5844.exe
c:\windows\system32\5851.exe
c:\windows\system32\5938.exe
c:\windows\system32\5994.exe
c:\windows\system32\5997.exe
c:\windows\system32\6038.exe
c:\windows\system32\6072.exe
c:\windows\system32\6077.exe
c:\windows\system32\608.exe
c:\windows\system32\6092.exe
c:\windows\system32\610.exe
c:\windows\system32\6191.exe
c:\windows\system32\62.exe
c:\windows\system32\6202.exe
c:\windows\system32\6212.exe
c:\windows\system32\6224.exe
c:\windows\system32\6234.exe
c:\windows\system32\6270.exe
c:\windows\system32\6287.exe
c:\windows\system32\6304.exe
c:\windows\system32\6334.exe
c:\windows\system32\6359.exe
c:\windows\system32\64.exe
c:\windows\system32\6410.exe
c:\windows\system32\6411.exe
c:\windows\system32\6422.exe
c:\windows\system32\6439.exe
c:\windows\system32\6467.exe
c:\windows\system32\6477.exe
c:\windows\system32\6483.exe
c:\windows\system32\6493.exe
c:\windows\system32\6511.exe
c:\windows\system32\6540.exe
c:\windows\system32\6559.exe
c:\windows\system32\6617.exe
c:\windows\system32\6618.exe
c:\windows\system32\6652.exe
c:\windows\system32\6654.exe
c:\windows\system32\6657.exe
c:\windows\system32\6698.exe
c:\windows\system32\6704.exe
c:\windows\system32\6705.exe
c:\windows\system32\6729.exe
c:\windows\system32\6735.exe
c:\windows\system32\6813.exe
c:\windows\system32\6868.exe
c:\windows\system32\690.exe
c:\windows\system32\6900.exe
c:\windows\system32\6902.exe
c:\windows\system32\6923.exe
c:\windows\system32\6962.exe
c:\windows\system32\6987.exe
c:\windows\system32\7038.exe
c:\windows\system32\7040.exe
c:\windows\system32\7129.exe
c:\windows\system32\7164.exe
c:\windows\system32\7228.exe
c:\windows\system32\7262.exe
c:\windows\system32\7285.exe
c:\windows\system32\7376.exe
c:\windows\system32\7391.exe
c:\windows\system32\7441.exe
c:\windows\system32\7445.exe
c:\windows\system32\7448.exe
c:\windows\system32\748.exe
c:\windows\system32\7487.exe
c:\windows\system32\750.exe
c:\windows\system32\7518.exe
c:\windows\system32\7591.exe
c:\windows\system32\7605.exe
c:\windows\system32\7616.exe
c:\windows\system32\7619.exe
c:\windows\system32\7627.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\7815.exe
c:\windows\system32\7882.exe
c:\windows\system32\7900.exe
c:\windows\system32\7949.exe
c:\windows\system32\7958.exe
c:\windows\system32\8075.exe
c:\windows\system32\8100.exe
c:\windows\system32\8116.exe
c:\windows\system32\8133.exe
c:\windows\system32\8177.exe
c:\windows\system32\8196.exe
c:\windows\system32\8213.exe
c:\windows\system32\8219.exe
c:\windows\system32\8254.exe
c:\windows\system32\8256.exe
c:\windows\system32\8260.exe
c:\windows\system32\8281.exe
c:\windows\system32\8313.exe
c:\windows\system32\8360.exe
c:\windows\system32\8365.exe
c:\windows\system32\8480.exe
c:\windows\system32\8492.exe
c:\windows\system32\8519.exe
c:\windows\system32\8526.exe
c:\windows\system32\8551.exe
c:\windows\system32\8683.exe
c:\windows\system32\8723.exe
c:\windows\system32\875.exe
c:\windows\system32\8759.exe
c:\windows\system32\8777.exe
c:\windows\system32\8909.exe
c:\windows\system32\8932.exe
c:\windows\system32\8942.exe
c:\windows\system32\8f6d4cpj.dat
c:\windows\system32\900.exe
c:\windows\system32\9010.exe
c:\windows\system32\9040.exe
c:\windows\system32\9052.exe
c:\windows\system32\911.exe
c:\windows\system32\912.exe
c:\windows\system32\9152.exe
c:\windows\system32\9161.exe
c:\windows\system32\9232.exe
c:\windows\system32\9313.exe
c:\windows\system32\9314.exe
c:\windows\system32\9357.exe
c:\windows\system32\9365.exe
c:\windows\system32\9374.exe
c:\windows\system32\9496.exe
c:\windows\system32\9503.exe
c:\windows\system32\9512.exe
c:\windows\system32\9514.exe
c:\windows\system32\9515.exe
c:\windows\system32\9576.exe
c:\windows\system32\9601.exe
c:\windows\system32\9741.exe
c:\windows\system32\9758.exe
c:\windows\system32\9781.exe
c:\windows\system32\9789.exe
c:\windows\system32\9832.exe
c:\windows\system32\9853.exe
c:\windows\system32\9856.exe
c:\windows\system32\9894.exe
c:\windows\system32\9905.exe
c:\windows\system32\9930.exe
c:\windows\system32\9961.exe
c:\windows\system32\berijona.exe
c:\windows\system32\bujusafu.exe
c:\windows\system32\buyozilo.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus
c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\windows\system32\dahobidi.exe
c:\windows\system32\Data
c:\windows\system32\degepake.exe
c:\windows\system32\derasafe.exe
c:\windows\system32\diripeyi.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\fejiwunu.exe
c:\windows\system32\fesosenu.exe
c:\windows\system32\fufakehe.dll
c:\windows\system32\gigozura.exe
c:\windows\system32\gobefeza.exe
c:\windows\system32\gowepazo.exe
c:\windows\system32\hodidege.exe
c:\windows\system32\hofogiyi.exe
c:\windows\system32\honuhiyi.exe
c:\windows\system32\jewonere.exe
c:\windows\system32\kapineye.exe
c:\windows\system32\lurigeti.exe
c:\windows\system32\lutuhafa.exe
c:\windows\system32\mewosije.exe
c:\windows\system32\mosikeyu.exe
c:\windows\system32\mudahono.exe
c:\windows\system32\nageduge.exe
c:\windows\system32\nalusihe.exe
c:\windows\system32\nereteva.exe
c:\windows\system32\pihimage.dll
c:\windows\system32\pituguda.exe
c:\windows\system32\posoveva.dll
c:\windows\system32\Process.exe
c:\windows\system32\retupodi.exe
c:\windows\system32\ropasaje.exe
c:\windows\system32\sabiyogi.exe
c:\windows\system32\service
c:\windows\system32\service\03032010_TIS17_SfFniAU.log
c:\windows\system32\service\14122009_TIS17_SfFniAU.log
c:\windows\system32\service\29112009_TIS17_SfFniAU.log
c:\windows\system32\sifonera.exe
c:\windows\system32\somazoje.exe
c:\windows\system32\soyopefi.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\suvasedi.exe
c:\windows\system32\tinotobu.exe
c:\windows\system32\tokimime.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vebazifa.exe
c:\windows\system32\vefufise.exe
c:\windows\system32\vitesado.exe
c:\windows\system32\vovuzidi.exe
c:\windows\system32\vufafere.exe
c:\windows\system32\vuwizodi.exe
c:\windows\system32\wininit.dll
c:\windows\system32\yibufozi.exe
c:\windows\system32\yokefewa.exe
c:\windows\system32\yonozise.exe
c:\windows\system32\zabekeho.exe
c:\windows\system32\zagosawa.exe
c:\windows\system32\zemogife.exe
c:\windows\system32\zenanori.exe
c:\windows\Tasks\dgimwcpe.job
c:\windows\Tasks\ljegsokq.job
c:\windows\Tasks\vpqykljw.job

----- BITS: Possible infected sites -----

hxxp://82.98.231.102
hxxp://82.98.235.208
hxxp://77.74.48.116
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-04 07:22 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-04 07:22 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-04 07:22 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-04 07:22 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-04 07:22 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-04 07:22 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-04 07:22 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 07:21 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-04 07:21 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-04 07:21 . 2010-03-04 07:21 -------- d-----w- c:\program files\Alwil Software
2010-03-04 07:21 . 2010-03-04 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-04 07:03 . 2010-03-04 07:03 -------- d-----w- c:\program files\Enigma Software Group
2010-03-04 03:59 . 2010-03-04 03:59 -------- d-----w- C:\ERDNT
2010-03-04 03:59 . 2010-03-04 03:59 -------- d-----w- c:\windows\ERUNT
2010-03-04 03:58 . 2010-03-04 03:59 -------- d-----w- C:\!FixIEDef

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 01:06 . 2007-12-07 05:23 1 ----a-w- c:\documents and settings\Heather\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-03-05 01:06 . 2007-11-28 07:06 -------- d-----w- c:\documents and settings\Heather\Application Data\OpenOffice.org2
2010-03-04 22:07 . 2009-10-29 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-04 22:04 . 2007-09-12 05:15 -------- d-----w- c:\program files\Common Files\Apple
2010-03-04 21:59 . 2007-08-21 21:05 -------- d-----w- c:\documents and settings\Heather\Application Data\Move Networks
2010-03-04 21:59 . 2005-12-07 01:48 -------- d-----w- c:\program files\Yahoo!
2010-03-04 21:58 . 2007-10-13 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-04 21:52 . 2009-10-23 03:18 -------- d-----w- c:\program files\Project64 1.6
2010-03-04 15:51 . 2009-11-29 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-01-07 23:07 . 2009-11-29 20:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-11-29 20:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 04:18 . 2009-12-08 04:18 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-08-17 06:19 . 2009-08-17 06:19 22528 --sha-w- c:\windows\SYSTEM32\yijazowi.exe
.

------- Sigcheck -------

[7] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[7] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-22 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\SYSTEM32\mshtml.dll
[-] 2007-08-22 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
[7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . c:\windows\$NtUninstallKB939653$\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2002-08-29 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB890923-IE6SP1-20050225.103456$\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-07-27 180269]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 143360]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-03-19 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-18 149280]
"lxdkmon.exe"="c:\program files\Lexmark 5300 Series\lxdkmon.exe" [2007-06-22 455344]
"lxdkamon"="c:\program files\Lexmark 5300 Series\lxdkamon.exe" [2007-06-01 20480]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

c:\documents and settings\Heather\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-4-30 189952]
Sprint media monitor.lnk - c:\windows\RM.exe [2009-8-4 222552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-5-6 270336]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\pmremind.exe [2004-1-19 331776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\McAfee.com\\VSO\\mcvsrte.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdkserv.exe"=
"c:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/30/2009 9:27 PM 64288]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [3/4/2010 12:22 AM 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [3/4/2010 12:22 AM 19024]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\SYSTEM32\DRIVERS\EAPPkt.sys [4/16/2009 2:46 PM 38144]
R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe -service --> c:\windows\system32\lxdkcoms.exe -service [?]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdkserv.exe [3/3/2008 11:44 PM 99248]
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [6/12/2005 8:37 PM 23888]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\BLKWGU.sys [4/16/2009 2:45 PM 273280]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-03-05 c:\windows\Tasks\{A9344839-163B-4811-B73D-F1A183126761}_HILDA_Heather.job
- c:\windows\system32\MOBSYNC.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.msn.com
mSearch Bar = hxxp://s-redirect.com/?a=2&b=n-ex
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchURL = hxxp://s-redirect.com/?a=2&b=n-ex
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {B7129AB2-5031-430B-897D-E081708A3316} = 208.67.220.220,208.67.222.222
TCP: {FF3FB411-66FF-4945-937C-CDBFE0CEEB3D} = 208.67.220.220,208.67.222.222
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} - hxxp://67.42.70.157/webpages/DMWebX.ocx
FF - ProfilePath - c:\documents and settings\Heather\Application Data\Mozilla\Firefox\Profiles\sq0udbqf.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{6ceab020-2889-4d6c-9926-ae2a86ba70b5} - nagowigi.dll
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-lxdcamon - c:\program files\Lexmark 1300 Series\lxdcamon.exe
SharedTaskScheduler-{c12744b3-a9c8-40ac-b9a7-1e1d9684d53b} - c:\windows\system32\posoveva.dll
SharedTaskScheduler-{558dad7f-5045-4d11-8ba2-54ebc9939f1d} - c:\windows\system32\posoveva.dll
SharedTaskScheduler-{eecbc555-7441-41e8-8563-e20151ae89f9} - c:\windows\system32\wimohigi.dll
SharedTaskScheduler-{567a7504-e557-4101-a2b2-7c49e048fd1a} - c:\windows\system32\pihimage.dll
SharedTaskScheduler-{416132f9-85b7-4053-81a5-72aeeed9117f} - c:\windows\system32\pihimage.dll
SharedTaskScheduler-{65e272ab-df41-4e3b-8f9f-03c2710440a8} - c:\windows\system32\fufakehe.dll
SharedTaskScheduler-{e32f8c29-69e9-4719-b019-8c1f93cd7f4a} - c:\windows\system32\fufakehe.dll
SharedTaskScheduler-{0f6ba009-004a-4edd-88e0-0505ab9ddc22} - c:\windows\system32\nitalopo.dll
SharedTaskScheduler-{a6f72602-c9d6-4021-8267-2d686fd630dd} - c:\windows\system32\fufakehe.dll
SharedTaskScheduler-{23969adb-9a53-46b5-9d1f-e95ab4066b65} - c:\windows\system32\dopituzi.dll
SSODL-nufupotey-{a6f72602-c9d6-4021-8267-2d686fd630dd} - c:\windows\system32\fufakehe.dll
SSODL-dolifalod-{23969adb-9a53-46b5-9d1f-e95ab4066b65} - c:\windows\system32\dopituzi.dll
Notify-jkhfe - c:\windows\system32\jkhfe.dll
AddRemove-Absolute Poker - c:\program files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
AddRemove-BearShare - c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 08:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\netdde.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdkcoms.exe
c:\progra~1\mcafee.com\vso\mcvsrte.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\fxssvc.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\program files\Sprint Instinct Applications\MEMonitor.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-05 08:46:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-05 15:45
ComboFix2.txt 2007-09-12 03:11

Pre-Run: 43,819,266,048 bytes free
Post-Run: 43,763,769,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="q" 1

- - End Of File - - A037070B26F0FC821F56B53A4E36FC49


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:57 PM

Posted 05 March 2010 - 11:43 AM

ComboFix removed a lot too. I haven't so much baddies on one system for a while.

You should upgrade Internet Explorer later on.


Open notepad and copy/paste the text in the code box below into it:

CODE
http://www.bleepingcomputer.com/forums/t/300167/can-only-start-up-in-debugging-mode-major-virus-issues/

Collect::[4]
c:\windows\SYSTEM32\yijazowi.exe


Save this as CFScript.txt





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Please copy and paste that log in your next reply.

**Important Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

#15 puckguy81

puckguy81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 05 March 2010 - 12:29 PM

ComboFix 10-03-04.06 - Heather 03/05/2010 9:58.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.161 [GMT -7:00]
Running from: c:\documents and settings\Heather\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Heather\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\SYSTEM32\yijazowi.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\yijazowi.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-04 07:22 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-04 07:22 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-04 07:22 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-04 07:22 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-04 07:22 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-04 07:22 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-04 07:22 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 07:21 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-04 07:21 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-04 07:21 . 2010-03-04 07:21 -------- d-----w- c:\program files\Alwil Software
2010-03-04 07:21 . 2010-03-04 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-04 07:03 . 2010-03-04 07:03 -------- d-----w- c:\program files\Enigma Software Group
2010-03-04 03:59 . 2010-03-04 03:59 -------- d-----w- C:\ERDNT
2010-03-04 03:59 . 2010-03-04 03:59 -------- d-----w- c:\windows\ERUNT
2010-03-04 03:58 . 2010-03-04 03:59 -------- d-----w- C:\!FixIEDef

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 01:06 . 2007-12-07 05:23 1 ----a-w- c:\documents and settings\Heather\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-03-05 01:06 . 2007-11-28 07:06 -------- d-----w- c:\documents and settings\Heather\Application Data\OpenOffice.org2
2010-03-04 22:07 . 2009-10-29 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-04 22:04 . 2007-09-12 05:15 -------- d-----w- c:\program files\Common Files\Apple
2010-03-04 21:59 . 2007-08-21 21:05 -------- d-----w- c:\documents and settings\Heather\Application Data\Move Networks
2010-03-04 21:59 . 2005-12-07 01:48 -------- d-----w- c:\program files\Yahoo!
2010-03-04 21:58 . 2007-10-13 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-04 21:52 . 2009-10-23 03:18 -------- d-----w- c:\program files\Project64 1.6
2010-03-04 15:51 . 2009-11-29 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-01-07 23:07 . 2009-11-29 20:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-11-29 20:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 04:18 . 2009-12-08 04:18 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

------- Sigcheck -------

[7] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[7] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-22 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\SYSTEM32\mshtml.dll
[-] 2007-08-22 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
[7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . c:\windows\$NtUninstallKB939653$\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2002-08-29 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB890923-IE6SP1-20050225.103456$\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-07-27 180269]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 143360]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-03-19 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-18 149280]
"lxdkmon.exe"="c:\program files\Lexmark 5300 Series\lxdkmon.exe" [2007-06-22 455344]
"lxdkamon"="c:\program files\Lexmark 5300 Series\lxdkamon.exe" [2007-06-01 20480]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

c:\documents and settings\Heather\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-4-30 189952]
Sprint media monitor.lnk - c:\windows\RM.exe [2009-8-4 222552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-5-6 270336]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\pmremind.exe [2004-1-19 331776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\McAfee.com\\VSO\\mcvsrte.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdkserv.exe"=
"c:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/30/2009 9:27 PM 64288]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [3/4/2010 12:22 AM 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [3/4/2010 12:22 AM 19024]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\SYSTEM32\DRIVERS\EAPPkt.sys [4/16/2009 2:46 PM 38144]
R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe -service --> c:\windows\system32\lxdkcoms.exe -service [?]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdkserv.exe [3/3/2008 11:44 PM 99248]
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [6/12/2005 8:37 PM 23888]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\BLKWGU.sys [4/16/2009 2:45 PM 273280]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-03-05 c:\windows\Tasks\{A9344839-163B-4811-B73D-F1A183126761}_HILDA_Heather.job
- c:\windows\system32\MOBSYNC.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.msn.com
mSearch Bar = hxxp://s-redirect.com/?a=2&b=n-ex
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchURL = hxxp://s-redirect.com/?a=2&b=n-ex
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {B7129AB2-5031-430B-897D-E081708A3316} = 208.67.220.220,208.67.222.222
TCP: {FF3FB411-66FF-4945-937C-CDBFE0CEEB3D} = 208.67.220.220,208.67.222.222
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} - hxxp://67.42.70.157/webpages/DMWebX.ocx
FF - ProfilePath - c:\documents and settings\Heather\Application Data\Mozilla\Firefox\Profiles\sq0udbqf.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 10:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-05 10:16:40
ComboFix-quarantined-files.txt 2010-03-05 17:16
ComboFix2.txt 2010-03-05 15:46
ComboFix3.txt 2007-09-12 03:11

Pre-Run: 43,764,150,272 bytes free
Post-Run: 43,748,347,904 bytes free

- - End Of File - - E50987582074CD6CECDA7F9D317E3CA9
Upload was successful





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users