Jump to content

some files don't delete after reboot

Reach

By Reach
in Resolved Malware Removal Logs

 Share

Recommended Posts

Reach

Reach

Posted
Posted

First of all, thanks you for taking the time to read this.

My problem started with a trojan Sheur that I couldnt get rid off definitively with my antivirus AVG and Ad-Aware... nor maually... as it kept comming back... so I got MWAM and it seemed as if it got rid of it... even after i rebooted. Redid a scan and now it was a svchost problem.... even after rebooting it's still there... and now while I was scanning again to post the MWAM log to this post... My AVG detected the SHeur again... but MWAM didn;t detect it..

My other problem is my computer won't boot normally... I have to hit F8 after post to be able to choose debugging mode to log onto my computer... safe mode, last known configuration and all the other options won't work and give me a BSOD of irql_not_less_or_equal error... and i might be wrong... but it seems to be linked to my trojan problem cause both problems showed up at the same time...

Anyways, here are my MWAM and hijackthis logs...

Malwarebytes' Anti-Malware 1.41

Database version: 3060

Windows 5.1.2600 Service Pack 3

30/10/2009 12:50:29 PM

mbam-log-2009-10-30 (12-50-29).txt

Scan type: Full Scan (C:\|)

Objects scanned: 248118

Time elapsed: 53 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{B80B6999-E70D-4F33-88AA-3F3D588C98E9}\RP905\A0129185.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B80B6999-E70D-4F33-88AA-3F3D588C98E9}\RP906\A0129304.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:39:35 PM, on 30/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\dldfcoms.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://sympatico.zone.msn.com/bingame/zpag...of.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bw+0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: offline-8876480 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--

End of file - 19868 bytes

Awaiting your instructions!

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

Please download and run WUS_Fix.exe: http://users.telenet.be/marcvn/tools/WUS_Fix.exe

This should restore the default registry settings related with BITS and Automatic updates.

Then, Flush your system restore points:

To do this, you have to disable systemrestore and enable it afterwards again.

(note: this will delete all your system restore points and malware that were present in it).

How to disable system restore in XP <= click me for instructions with screenshots

After you disabled System Restore.... Reboot.. and after rebooting, enable it again, so a new systemrestorepoint will be made. A clean one now! <_<

Let me know if that fixed your issue.

Link to post
Share on other sites
Reach

Reach

Posted
  • Author
Posted

it seems to have taken care of the malware since after doing what you asked and rebooted, i did a quick scan with MWAM and it found nothing... I stilll however get a BSOD if i boot normally, in otherwords... the only way for me to log on is to go through debugging mode.... and I already tried a chkdsk /r command with my OS CD in... should I do a fixmbr and or fixboot command? any other suggestions?

In any case, thanks you very very much for your help with the malware and here are the MWAM log and HijackThis log

Malwarebytes' Anti-Malware 1.41

Database version: 3060

Windows 5.1.2600 Service Pack 3

31/10/2009 5:42:52 AM

mbam-log-2009-10-31 (05-42-52).txt

Scan type: Quick Scan

Objects scanned: 104855

Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:43:59 AM, on 31/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\dldfcoms.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://sympatico.zone.msn.com/bingame/zpag...of.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bw+0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: offline-8876480 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe

--

End of file - 19472 bytes

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites
Reach

Reach

Posted
  • Author
Posted

That was quicker than expected.... here's the ComboFix Log file...

ComboFix 09-10-30.01 - Frederick Dumaresq 31/10/2009 6:32.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2758 [GMT -4:00]

Running from: c:\documents and settings\Frederick Dumaresq\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Frederick Dumaresq\Application Data\inst.exe

c:\windows\10059nzt-9-vir5s129.cpl

c:\windows\104595zrus9a9.exe

c:\windows\1119ad9w5re445z.cpl

c:\windows\119evir5092z.dll

c:\windows\119steal503z.ocx

c:\windows\12125sp5mz9t93.exe

c:\windows\12352not-a-zirus329.ocx

c:\windows\12526troj159z.bin

c:\windows\12597n9t-5-virus5zc.cpl

c:\windows\1259thzeat5052.dll

c:\windows\13292zo5m91b.bin

c:\windows\134979pambzt7c5.cpl

c:\windows\1385adzware1918.cpl

c:\windows\13a5b5ckdooz9983.cpl

c:\windows\1405not-9-vzrus5d4.cpl

c:\windows\146335pambot299z.dll

c:\windows\14931h5zktool699.exe

c:\windows\150069ot-z-virus21f.cpl

c:\windows\15092zir9s45.cpl

c:\windows\15203spamboz595.cpl

c:\windows\15496zpy70f.ocx

c:\windows\1559azdware3117.dll

c:\windows\155cstza9317.ocx

c:\windows\15721haczt9ol1c.cpl

c:\windows\15775tr9j55z.exe

c:\windows\158evzr9256.cpl

c:\windows\15995vi9us56z.bin

c:\windows\15f5zte5l1963.exe

c:\windows\15z9sparse2614.exe

c:\windows\161es9yw5ze1237.ocx

c:\windows\1620downl5az9r2658.exe

c:\windows\1644zo9m573.exe

c:\windows\16z58troj34a9.exe

c:\windows\17392worz5ce.dll

c:\windows\17398v9ruz5c6.dll

c:\windows\17ez9hreat54747.ocx

c:\windows\17f99pzrse852.ocx

c:\windows\1816zn9t-a-viru53d7.cpl

c:\windows\18315w9rze5.dll

c:\windows\184069rojzc15.dll

c:\windows\18695ha5ktool29z.cpl

c:\windows\188z9ir27735.dll

c:\windows\18c9tea51z7.bin

c:\windows\19055zirus382.dll

c:\windows\1913s5a9botzfa.bin

c:\windows\19239zot5a-virus7ed.dll

c:\windows\19447trojzd5.dll

c:\windows\19505spambo9z4e.cpl

c:\windows\19548virus1z0.bin

c:\windows\19550zr5j273.cpl

c:\windows\19576vir5z1c3.dll

c:\windows\1958spamz5t6f.exe

c:\windows\195cviz3135.dll

c:\windows\19816viz5s522.bin

c:\windows\19907h5ck9ooz3f6.exe

c:\windows\19f5threat917z8.bin

c:\windows\1b135ddwa9e150z.cpl

c:\windows\1b9spy5zre2547.ocx

c:\windows\1ca5bazkdoor2395.ocx

c:\windows\1d15vz915.dll

c:\windows\1e95vir2541z.bin

c:\windows\1e98addwar51z1.bin

c:\windows\1eb7d59nloader917z.bin

c:\windows\1z005spy89.ocx

c:\windows\1z175not-5-9irus30b.ocx

c:\windows\1z1cspyw5re26879.dll

c:\windows\1z49259rus4f3.ocx

c:\windows\1z535hacktool975.dll

c:\windows\1z6905o9-a-virus11f.cpl

c:\windows\1z82t9ief1959.cpl

c:\windows\1zd6th5e9673.ocx

c:\windows\202425pambot9z7.bin

c:\windows\2058spy95rez022.cpl

c:\windows\208495ackt9ol7za.ocx

c:\windows\209959rzj309.bin

c:\windows\209985or943z.cpl

c:\windows\21595worz29.ocx

c:\windows\21996not-a-vi9us157z.dll

c:\windows\21z27w5rm976.exe

c:\windows\21z45orm79c.bin

c:\windows\22034szambot39e5.bin

c:\windows\22173s5a9boz68d.cpl

c:\windows\22285w9rm15z.bin

c:\windows\2240zt9oj5af.dll

c:\windows\22447no9-a-vir5z77c.exe

c:\windows\229685pamzot3fa.ocx

c:\windows\235695irzs2de.cpl

c:\windows\23928spamzo553.bin

c:\windows\23991s5y59z.ocx

c:\windows\24198t5oj5z0.bin

c:\windows\2419stzal5995.exe

c:\windows\2429thre5tz5157.exe

c:\windows\248519pamboz39f.ocx

c:\windows\24z45pywar9471.bin

c:\windows\25154vi95ze8.bin

c:\windows\25172zp598.ocx

c:\windows\25340w5zm9ab.ocx

c:\windows\25501not-a9viruz178.cpl

c:\windows\2587threat29z34.ocx

c:\windows\2589v9r589z.dll

c:\windows\25959wormze8.cpl

c:\windows\2599stealz15.cpl

c:\windows\25ethief19z.ocx

c:\windows\26961zot-a-virus359.bin

c:\windows\27341w9rz4835.bin

c:\windows\27374n5t-azvirus19c.ocx

c:\windows\27599pambotzac.dll

c:\windows\27z98spy15e.ocx

c:\windows\28419zpa5bot789.dll

c:\windows\28505spazbot29f.bin

c:\windows\2858zsp95c9.ocx

c:\windows\28900hac5t9olza5.exe

c:\windows\28z40spa9bot435.ocx

c:\windows\29557troz135.cpl

c:\windows\29605not-z-virus1d0.exe

c:\windows\297znot-a-virus559.bin

c:\windows\29919sp5zbot65b.exe

c:\windows\29996sp5m9zt28b.ocx

c:\windows\29abthizf1593.exe

c:\windows\29czth5eat165649.bin

c:\windows\2df3a95wzre1625.dll

c:\windows\2e1fs95ware2z1.ocx

c:\windows\2fa5addwaz92621.dll

c:\windows\2z59spa5se2799.cpl

c:\windows\2z5a9ir2521.bin

c:\windows\2z625ir3095.bin

c:\windows\2z947worm185.exe

c:\windows\2z9539pam5ote3.cpl

c:\windows\2zc9own5oader1249.cpl

c:\windows\30453zp979.exe

c:\windows\30519noz-a-virus125.exe

c:\windows\308719oz-a5virus695.bin

c:\windows\309z7tr9j4345.bin

c:\windows\30z40tr592fd.ocx

c:\windows\31067s9z5a1.bin

c:\windows\31391wo5z5fe9.dll

c:\windows\314149py545z.ocx

c:\windows\31522spy97z.dll

c:\windows\31574s9z27c.bin

c:\windows\31859trojz8b.bin

c:\windows\325529zoj54d.cpl

c:\windows\3303spa5bz943c.cpl

c:\windows\3435spz9se2951.ocx

c:\windows\35345orz95.dll

c:\windows\35450not-a-9zrus120.ocx

c:\windows\35749szy65e.ocx

c:\windows\35b9zhreat18683.bin

c:\windows\35zspar5e1969.bin

c:\windows\366bspywa5e2z95.cpl

c:\windows\3694doznlo95er704.dll

c:\windows\371cthr59tz9916.dll

c:\windows\3796wor5ze9.exe

c:\windows\39235ownloadez738.exe

c:\windows\39371wor56z8.ocx

c:\windows\3951downzoader23299.exe

c:\windows\3995spambot505z.cpl

c:\windows\39ccba5kzoo92657.ocx

c:\windows\39z9thief758.bin

c:\windows\3a49downloazer1915.ocx

c:\windows\3b89z95kdoor505.bin

c:\windows\3c379ownlza5er748.exe

c:\windows\3cezthr9at239765.exe

c:\windows\3cz4a5dwar92475.dll

c:\windows\3d7a5dwar9111z.ocx

c:\windows\3z530s5y596.cpl

c:\windows\3zdcvir599.cpl

c:\windows\4156vir48z9.ocx

c:\windows\42e3dow5zo9der1247.bin

c:\windows\447ethzeat18975.bin

c:\windows\45za9hief1597.bin

c:\windows\46789roj500z.bin

c:\windows\4715thiz52995.exe

c:\windows\4739backdzo919505.dll

c:\windows\4756vir599z.exe

c:\windows\481b9azkdoor5284.cpl

c:\windows\4930steaz5981.exe

c:\windows\4945t9reat3055z5.cpl

c:\windows\49469pars51z89.bin

c:\windows\4985virz965.ocx

c:\windows\49bbdownl5adz9254.ocx

c:\windows\4a5zthreat52792.dll

c:\windows\4a64a5dwa9z1210.cpl

c:\windows\4az5b5ckdoo93258.exe

c:\windows\4d57zpa5s91616.ocx

c:\windows\4d7e9hie5277z.cpl

c:\windows\4dacth9ea51676z.ocx

c:\windows\4dec9aczd5or2395.cpl

c:\windows\4z98sp5ware5629.exe

c:\windows\5097tzief9494.exe

c:\windows\50z6worm4219.cpl

c:\windows\510z5hreat5906.cpl

c:\windows\51229worm27dz.ocx

c:\windows\513559pz569.dll

c:\windows\514zs9arse2435.cpl

c:\windows\5159ztroj9cb.bin

c:\windows\519fbackd9oz18205.ocx

c:\windows\52409roz4f5.ocx

c:\windows\5251zow5load9r3233.bin

c:\windows\5270sp9mzot71d.exe

c:\windows\52841w9rm7z4.bin

c:\windows\529z8troj5a8.dll

c:\windows\52d5virz889.dll

c:\windows\52f89ackdooz84.cpl

c:\windows\5347zpy490.exe

c:\windows\53559pzrse2872.ocx

c:\windows\538spyzare2859.dll

c:\windows\53f7spa9se30z2.ocx

c:\windows\53zbspar9e1525.dll

c:\windows\54eas5zal3099.dll

c:\windows\54f3a9dwaze150.cpl

c:\windows\54zdba5k9oor1317.bin

c:\windows\552bzteal1991.dll

c:\windows\5541dzwnl9ader2832.exe

c:\windows\5593zworm9c3.dll

c:\windows\559addza9e181.cpl

c:\windows\559c9ddwzre1575.bin

c:\windows\55ddaddwarz2901.cpl

c:\windows\55z4backd9or1779.ocx

c:\windows\55z9troj2f.dll

c:\windows\55zeth9eat5560.dll

c:\windows\5636backdo9r5z19.dll

c:\windows\56556z9cktool4a.bin

c:\windows\5666vir394z.exe

c:\windows\56bzvir22799.bin

c:\windows\57164spamboz9b9.cpl

c:\windows\572thie9595z.exe

c:\windows\5750s9eaz5055.cpl

c:\windows\579z5hief542.cpl

c:\windows\5835sp5rsz2749.ocx

c:\windows\58e5zte9l1551.ocx

c:\windows\5911not-a-v9ruszaf.bin

c:\windows\59165spazbot179.dll

c:\windows\59479virus547z.dll

c:\windows\5975vi9usz3e.ocx

c:\windows\5999vir3z98.exe

c:\windows\599thizf5795.ocx

c:\windows\59e5sparse95z1.cpl

c:\windows\5a15backd59r11z.ocx

c:\windows\5a15backdoo930z4.cpl

c:\windows\5a31downloa9zr2384.cpl

c:\windows\5a69spzrse546.exe

c:\windows\5b6vi9z1.ocx

c:\windows\5bb7vzr16159.ocx

c:\windows\5bd7stezl1095.dll

c:\windows\5c1zaddw9re416.cpl

c:\windows\5ca9zhr5at31827.bin

c:\windows\5d05zteal94.cpl

c:\windows\5d299hreat2575z.exe

c:\windows\5d85zteal9945.ocx

c:\windows\5d89stz5l1657.cpl

c:\windows\5da6zddwar92508.ocx

c:\windows\5db9thief10z.cpl

c:\windows\5ddzback9oor3225.dll

c:\windows\5e7ebz9kd5or154.exe

c:\windows\5ebzvir9195.bin

c:\windows\5f0cdowzload9r5191.cpl

c:\windows\5f9fbackdoo9z054.dll

c:\windows\5fc5thiefz199.exe

c:\windows\5fcazhief2990.bin

c:\windows\5z29thief869.exe

c:\windows\5z5fv9r944.dll

c:\windows\5z68t9ief585.cpl

c:\windows\5zd9st5al915.bin

c:\windows\60dbspywzre1935.exe

c:\windows\615dzhreat103839.exe

c:\windows\618azddwar91885.bin

c:\windows\6192hacktool5cz.exe

c:\windows\61d5zhief2299.ocx

c:\windows\6399z5ckdoor2811.cpl

c:\windows\63fzste591386.ocx

c:\windows\6445bzckdoor349.cpl

c:\windows\6512bac9dooz3169.exe

c:\windows\6529zpy9e.bin

c:\windows\6572s9arsez574.cpl

c:\windows\65abspywaze12109.dll

c:\windows\65z95hief9144.ocx

c:\windows\6851sp9461z.cpl

c:\windows\6875vir25z9.exe

c:\windows\68e0thiz5963.bin

c:\windows\692spamzot5fc.exe

c:\windows\6954threaz227599.exe

c:\windows\6a05t9rzat24429.exe

c:\windows\6cfadoznloader5697.ocx

c:\windows\6e4fthiefz5559.dll

c:\windows\6f5fsz9al1547.bin

c:\windows\6fe5spyware9662z.dll

c:\windows\6z59ackdoor1050.dll

c:\windows\7009sp54z8.dll

c:\windows\725bdownloade9z519.ocx

c:\windows\7355thiez119.cpl

c:\windows\7529downlozd5r1374.exe

c:\windows\7547tz9ef2554.dll

c:\windows\7552not-a-virzs159.exe

c:\windows\757c9z52246.dll

c:\windows\75z995dware2886.exe

c:\windows\76czspars910245.ocx

c:\windows\7708thr5at12z59.cpl

c:\windows\77zethr5at92623.cpl

c:\windows\7895vzr394.dll

c:\windows\78ees9eal2599z.ocx

c:\windows\792zth59f905.cpl

c:\windows\7977spaz591537.cpl

c:\windows\79875tzal2880.bin

c:\windows\79fasteal59z.dll

c:\windows\7a11sp9wzr51612.ocx

c:\windows\7az9downl59der1997.cpl

c:\windows\7c0b5ownloazer2970.bin

c:\windows\7f0ad9warz591.ocx

c:\windows\7f84spar5z18919.exe

c:\windows\7z4fs9a5se1286.cpl

c:\windows\8233spa5bo94cz.cpl

c:\windows\825zro562e9.bin

c:\windows\865doznload9r907.dll

c:\windows\8759spa5bot7zf.dll

c:\windows\875sparz59921.ocx

c:\windows\8z21t9oj554.dll

c:\windows\8z519py351.dll

c:\windows\904edownlozder2574.exe

c:\windows\9050zteal675.dll

c:\windows\9084not-a-v5z9se0.ocx

c:\windows\90992tzoj15b.bin

c:\windows\9152stzal389.exe

c:\windows\9155virz439.dll

c:\windows\929zt5oj33c.dll

c:\windows\92d7addzare55.dll

c:\windows\9349owzl5ader2386.bin

c:\windows\93dthzeat325519.ocx

c:\windows\94055nz5-a-virus359.dll

c:\windows\944dvir535z.ocx

c:\windows\945z9troj7c7.bin

c:\windows\9523zvirus95.exe

c:\windows\9554vir304z.exe

c:\windows\95cbaddwzre5448.cpl

c:\windows\95z2spar5e83.ocx

c:\windows\96515spambzt7cc.dll

c:\windows\9714spazbo596f.cpl

c:\windows\9734adzwa5e106.dll

c:\windows\9738t9oj51z.dll

c:\windows\975z5ot-a-vi9us3b9.exe

c:\windows\9773spa5boz7b29.cpl

c:\windows\9805spy36dz.ocx

c:\windows\994add5are1z59.dll

c:\windows\9977spzm5ot103.cpl

c:\windows\99825teal62z.exe

c:\windows\999259y7zd.cpl

c:\windows\9b22bzckd5or3085.cpl

c:\windows\9c7zack59or1986.ocx

c:\windows\9e04vz52145.dll

c:\windows\9e5virz649.cpl

c:\windows\9ed7steal1z50.cpl

c:\windows\9f335tezl205.cpl

c:\windows\9z27downloa5er2215.exe

c:\windows\9z8aspyware3532.ocx

c:\windows\a799o5nloaderz38.exe

c:\windows\caaad9war514z7.dll

c:\windows\de19ddwzre2513.exe

c:\windows\eza95r1696.bin

c:\windows\system32\11399s5y245z.dll

c:\windows\system32\1743ba5zdoor759.dll

c:\windows\system32\17569hacktozl67a.exe

c:\windows\system32\30551virzs5fa9.dll

c:\windows\system32\31954spamboz535.dll

c:\windows\system32\34db5zyware2719.dll

c:\windows\system32\3a19zeal590.exe

c:\windows\system32\4196h5cztool188.dll

c:\windows\system32\48efdownl5ad9rz767.bin

c:\windows\system32\4995sp5649z.dll

c:\windows\system32\509threaz9000.dll

c:\windows\system32\513ezir2995.exe

c:\windows\system32\5285ste9l213z.bin

c:\windows\system32\5815vir29z7.dll

c:\windows\system32\59azspy59re676.dll

c:\windows\system32\65fazteal13439.dll

c:\windows\system32\799addwz5e1499.bin

c:\windows\system32\9a4zhreat14550.exe

c:\windows\system32\9e5spyzare9537.bin

c:\windows\system32\b1b5ddware292z.dll

c:\windows\system32\z5f5pyware956.dll

c:\windows\system32\z85529orm7fb.exe

c:\windows\system32\z9505virus2af9.bin

c:\windows\system32\z995sp5999.exe

c:\windows\z125s9y55.exe

c:\windows\z2005acktool9b.dll

c:\windows\z455threa92734.exe

c:\windows\z518spyware9147.exe

c:\windows\z5706sp52d99.bin

c:\windows\z61spyw9re854.cpl

c:\windows\z9080no5-a-virus37.cpl

c:\windows\z9239troj13f5.bin

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it <_<

.

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))

.

2009-12-27 23:04 . 2009-12-27 23:04 7366 ----a-w- c:\windows\system32\7b5d9ir165z.dll

2009-12-24 08:06 . 2009-12-24 08:06 4385 ----a-w- c:\windows\system32\6837hack5o9l1e6z.exe

2009-12-22 18:50 . 2009-12-22 18:50 6921 ----a-w- c:\windows\system32\15032tz5j396.dll

2009-12-21 23:07 . 2009-12-21 23:07 4133 ----a-w- c:\windows\system32\30567spamb9t5z9.bin

2009-12-05 22:53 . 2009-12-05 22:53 6011 ----a-w- c:\windows\system32\9282not-5-zirus391.bin

2009-12-02 22:59 . 2009-12-02 22:59 2839 ----a-w- c:\windows\system32\50a9vzr2562.bin

2009-11-16 23:32 . 2009-11-16 23:32 3239 ----a-w- c:\windows\system32\11742z5ambot75a9.dll

2009-11-08 02:35 . 2009-11-08 02:35 5949 ----a-w- c:\windows\system32\184znot-a-vir9s4af5.dll

2009-10-31 10:28 . 2007-06-13 15:47 48256 ----a-w- c:\windows\system32\drivers\jraid.sys

2009-10-31 10:28 . 2005-06-20 22:53 60928 ----a-w- c:\windows\system32\drivers\viamraid.sys

2009-10-30 16:39 . 2009-10-30 16:39 -------- d-----w- c:\program files\Trend Micro

2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Malwarebytes

2009-10-30 14:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-30 14:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-14 19:07 . 2009-10-14 19:07 5275 ----a-w- c:\windows\system32\77fespa9ze6875.dll

2009-10-12 10:50 . 2009-10-12 10:50 6015 ----a-w- c:\windows\system32\z9715virus5e9.bin

2009-10-11 09:46 . 2009-10-11 02:41 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-11 02:41 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-10-11 02:39 . 2009-10-11 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-10-09 16:30 . 2009-10-09 16:30 -------- d-----w- c:\program files\CAPCOM

2009-10-09 16:29 . 2009-10-09 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2009-10-03 16:44 . 2009-10-03 16:44 2910 ----a-w- c:\windows\z6a9downlo9der456.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-30 12:20 . 2008-06-19 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-10-27 23:57 . 2007-11-22 04:12 -------- d-----w- c:\program files\GTR2

2009-10-27 23:56 . 2008-12-13 15:08 -------- d-----w- c:\program files\Rummy Royal

2009-10-27 23:55 . 2008-11-01 12:28 -------- d-----w- c:\program files\Fallout 3

2009-10-27 23:54 . 2007-08-02 21:09 -------- d-----w- c:\program files\Ubisoft

2009-10-27 04:19 . 2008-10-02 14:10 -------- d-----w- c:\program files\MagicISO

2009-10-25 21:45 . 2009-06-30 15:03 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Vso

2009-10-15 23:43 . 2009-01-29 18:54 3532 ----a-w- C:\drmHeader.bin

2009-10-11 02:41 . 2007-08-02 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-10-11 02:39 . 2007-08-02 11:11 -------- d-----w- c:\program files\Lavasoft

2009-10-05 15:22 . 2009-10-05 15:22 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlB.tmp

2009-10-05 15:22 . 2009-07-20 00:29 2311 ----a-w- c:\documents and settings\All Users\Application Data\xml23.tmp

2009-10-05 15:22 . 2009-07-20 00:29 0 ----a-w- c:\documents and settings\All Users\Application Data\xml22.tmp

2009-10-05 15:22 . 2009-07-20 00:29 8710 ----a-w- c:\documents and settings\All Users\Application Data\xml21.tmp

2009-09-26 22:14 . 2009-09-26 22:14 4830 ----a-w- c:\windows\system32\21f6ba9kdo5z2738.bin

2009-09-21 22:03 . 2009-09-21 22:03 8380 ----a-w- c:\windows\system32\3ez2thre5t14295.bin

2009-09-20 22:07 . 2009-09-20 22:07 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Sony Corporation

2009-09-20 22:02 . 2007-08-02 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\program files\Sony

2009-09-19 14:12 . 2009-09-19 14:12 17930 ----a-w- c:\windows\system32\ezvir9573.exe

2009-09-19 07:31 . 2009-09-19 07:31 3760 ----a-w- c:\windows\system32\225589a5kzool46d.dll

2009-09-18 01:06 . 2007-08-02 09:07 19368 ------w- c:\documents and settings\Frederick Dumaresq\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Microsoft

2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live

2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-09-18 00:54 . 2009-09-18 00:54 -------- d-----w- c:\program files\Common Files\Windows Live

2009-09-12 19:37 . 2009-09-12 19:37 17518 ----a-w- c:\windows\system32\f27spywar915z4.exe

2009-09-12 01:36 . 2009-09-12 01:36 11614 ----a-w- c:\windows\a99stezl1576.bin

2009-09-11 11:00 . 2009-09-11 11:00 10219 ----a-w- c:\windows\system32\4654t5ief139z.exe

2009-09-09 15:58 . 2009-09-09 15:58 7875 ----a-w- c:\windows\system32\13525z5rus4e9.bin

2009-09-09 02:03 . 2009-09-09 02:03 6320 ----a-w- c:\windows\system32\270505p930cz.bin

2009-09-07 23:16 . 2009-09-07 23:16 15084 ----a-w- c:\windows\system32\10090s9ambot4z5.dll

2009-09-05 16:30 . 2009-09-05 16:30 16029 ----a-w- c:\windows\system32\72zc5pywar982.bin

2009-09-02 02:46 . 2009-09-02 02:46 11974 ----a-w- c:\windows\system32\2779zs5y97.exe

2009-08-24 01:22 . 2009-08-24 01:22 5780 ----a-w- c:\windows\system32\1439zte591175.exe

2009-08-23 06:59 . 2007-08-04 12:34 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-08-23 06:59 . 2007-08-03 12:38 189104 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-08-20 03:19 . 2009-08-20 03:19 5956 ----a-w- c:\windows\system32\14b9sz5rse89.bin

2009-08-19 12:53 . 2008-06-19 17:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-19 12:53 . 2008-06-19 17:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-19 12:53 . 2007-08-02 10:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-18 03:09 . 2009-08-18 03:09 13662 ----a-w- c:\windows\system32\24955s9yafz.dll

2009-08-16 00:31 . 2009-08-16 00:31 18258 ----a-w- c:\windows\system32\722zhre5t1596.exe

2009-08-14 20:06 . 2009-08-14 20:06 9641 ----a-w- c:\windows\system32\5z58downloa9er73.dll

2009-08-13 02:39 . 2009-08-13 02:39 14863 ----a-w- c:\windows\system32\1z849troj4955.exe

2009-08-08 02:57 . 2009-08-08 02:57 7233 ----a-w- c:\windows\system32\31314not-a-vi5uz79a.dll

2009-08-07 04:43 . 2009-08-07 04:43 6975 ----a-w- c:\windows\z669not-a-virus615.bin

2009-08-06 03:21 . 2009-08-06 03:21 5242 ----a-w- c:\windows\system32\95z0spy49c.bin

2009-08-06 01:57 . 2009-08-06 01:57 18292 ----a-w- c:\windows\system32\131z2hackt95l7cd.bin

2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-2 450560]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-2 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-19 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"=

"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=

"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\WINDOWS\\system32\\dldfcoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=

"c:\\Program Files\\Lost Via Domus\\Yeti_Final_Win32.exe"=

"c:\\Program Files\\Left 4 Dead\\left4dead.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Teamspeak2_RC2\\server_windows.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/10/2009 10:41 PM 64160]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/06/2008 1:12 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/06/2008 1:12 PM 108552]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [02/08/2007 9:29 PM 13696]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/06/2009 9:42 AM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2008 12:19 PM 297752]

R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]

R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1028432]

R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [11/07/2001 11:06 AM 23153]

S1 98795ea2;98795ea2;c:\windows\system32\drivers\98795ea2.sys --> c:\windows\system32\drivers\98795ea2.sys [?]

S3 iteio;iteio;\??\c:\windows\system32\drivers\iteio.sys --> c:\windows\system32\drivers\iteio.sys [?]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [19/07/2009 8:28 PM 98488]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 02:41]

2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{954CFAEC-E4E0-42D4-8965-1BF279566081}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-31 06:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:94,85,26,81,5b,9c,1d,e7,5d,06,61,38,7b,b8,c3,e1,66,b8,ad,fc,d8,38,74,

4a,57,5f,0e,58,5b,84,45,45,e4,03,4f,1c,a1,aa,9e,60,b1,5c,cf,5b,55,32,29,71,\

"??"=hex:c6,15,46,c6,be,5d,18,91,dc,c8,d0,c2,7d,87,e6,c1

[HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\license information*]

"datasecu"=hex:a6,ff,86,e6,1f,ca,49,54,30,90,08,6d,3d,1b,aa,f2,15,ba,fe,c9,01,

6b,42,df,7a,63,77,f1,e1,a4,ff,9d,5a,cf,09,f5,63,83,e0,4b,0e,fe,c4,3d,b4,a7,\

"rkeysecu"=hex:78,00,ce,66,0a,8c,aa,90,88,57,b9,51,bd,90,bf,6a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-10-31 6:42

ComboFix-quarantined-files.txt 2009-10-31 10:42

Pre-Run: 41,854,070,784 bytes free

Post-Run: 41,970,520,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 1FB80584EA790AA38B1C435152376BFE

So, what do i do now?

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
That was the cause of your BSODs.

Anyway, we still need to cleanup some files here.. Most are dummy files created by a Rogue scanner, that's why scanners don't pick them up since these files don't do anything.

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\system32\7b5d9ir165z.dll

c:\windows\system32\6837hack5o9l1e6z.exe

c:\windows\system32\15032tz5j396.dll

c:\windows\system32\30567spamb9t5z9.bin

c:\windows\system32\9282not-5-zirus391.bin

c:\windows\system32\50a9vzr2562.bin

c:\windows\system32\11742z5ambot75a9.dll

c:\windows\system32\184znot-a-vir9s4af5.dll

c:\windows\system32\77fespa9ze6875.dll

c:\windows\system32\z9715virus5e9.bin

c:\windows\z6a9downlo9der456.exe

c:\documents and settings\All Users\Application Data\xmlB.tmp

c:\documents and settings\All Users\Application Data\xml23.tmp

c:\documents and settings\All Users\Application Data\xml22.tmp

c:\documents and settings\All Users\Application Data\xml21.tmp

c:\windows\system32\21f6ba9kdo5z2738.bin

c:\windows\system32\3ez2thre5t14295.bin

c:\windows\system32\ezvir9573.exe

c:\windows\system32\225589a5kzool46d.dll

c:\windows\system32\f27spywar915z4.exe

c:\windows\a99stezl1576.bin

c:\windows\system32\4654t5ief139z.exe

c:\windows\system32\13525z5rus4e9.bin

c:\windows\system32\270505p930cz.bin

c:\windows\system32\10090s9ambot4z5.dll

c:\windows\system32\72zc5pywar982.bin

c:\windows\system32\2779zs5y97.exe

c:\windows\system32\1439zte591175.exe

c:\windows\system32\14b9sz5rse89.bin

c:\windows\system32\24955s9yafz.dll

c:\windows\system32\722zhre5t1596.exe

c:\windows\system32\5z58downloa9er73.dll

c:\windows\system32\1z849troj4955.exe

c:\windows\system32\31314not-a-vi5uz79a.dll

c:\windows\z669not-a-virus615.bin

c:\windows\system32\95z0spy49c.bin

c:\windows\system32\131z2hackt95l7cd.bin

Driver::

iteio

98795ea2

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites
Reach

Reach

Posted
  • Author
Posted

ComboFix 09-10-30.01 - Frederick Dumaresq 31/10/2009 7:04.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2756 [GMT -4:00]

Running from: c:\documents and settings\Frederick Dumaresq\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Frederick Dumaresq\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\documents and settings\All Users\Application Data\xml21.tmp"

"c:\documents and settings\All Users\Application Data\xml22.tmp"

"c:\documents and settings\All Users\Application Data\xml23.tmp"

"c:\documents and settings\All Users\Application Data\xmlB.tmp"

"c:\windows\a99stezl1576.bin"

"c:\windows\system32\10090s9ambot4z5.dll"

"c:\windows\system32\11742z5ambot75a9.dll"

"c:\windows\system32\131z2hackt95l7cd.bin"

"c:\windows\system32\13525z5rus4e9.bin"

"c:\windows\system32\1439zte591175.exe"

"c:\windows\system32\14b9sz5rse89.bin"

"c:\windows\system32\15032tz5j396.dll"

"c:\windows\system32\184znot-a-vir9s4af5.dll"

"c:\windows\system32\1z849troj4955.exe"

"c:\windows\system32\21f6ba9kdo5z2738.bin"

"c:\windows\system32\225589a5kzool46d.dll"

"c:\windows\system32\24955s9yafz.dll"

"c:\windows\system32\270505p930cz.bin"

"c:\windows\system32\2779zs5y97.exe"

"c:\windows\system32\30567spamb9t5z9.bin"

"c:\windows\system32\31314not-a-vi5uz79a.dll"

"c:\windows\system32\3ez2thre5t14295.bin"

"c:\windows\system32\4654t5ief139z.exe"

"c:\windows\system32\50a9vzr2562.bin"

"c:\windows\system32\5z58downloa9er73.dll"

"c:\windows\system32\6837hack5o9l1e6z.exe"

"c:\windows\system32\722zhre5t1596.exe"

"c:\windows\system32\72zc5pywar982.bin"

"c:\windows\system32\77fespa9ze6875.dll"

"c:\windows\system32\7b5d9ir165z.dll"

"c:\windows\system32\9282not-5-zirus391.bin"

"c:\windows\system32\95z0spy49c.bin"

"c:\windows\system32\ezvir9573.exe"

"c:\windows\system32\f27spywar915z4.exe"

"c:\windows\system32\z9715virus5e9.bin"

"c:\windows\z669not-a-virus615.bin"

"c:\windows\z6a9downlo9der456.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\xml21.tmp

c:\documents and settings\All Users\Application Data\xml22.tmp

c:\documents and settings\All Users\Application Data\xml23.tmp

c:\documents and settings\All Users\Application Data\xmlB.tmp

c:\windows\a99stezl1576.bin

c:\windows\b10vir15z59.ocx

c:\windows\ee1z5ief1169.ocx

c:\windows\ee9s5eal9943z.bin

c:\windows\system32\10090s9ambot4z5.dll

c:\windows\system32\10531hack5zo92eb.ocx

c:\windows\system32\10746z5r9s126.ocx

c:\windows\system32\11195notza-vir9s151.bin

c:\windows\system32\1125downlozder1397.bin

c:\windows\system32\11548hackto951z7.bin

c:\windows\system32\11742z5ambot75a9.dll

c:\windows\system32\11c5spyw9re56z.ocx

c:\windows\system32\12219not5azviru94f.cpl

c:\windows\system32\122979i5us4az.exe

c:\windows\system32\1229dow5loade92681z.cpl

c:\windows\system32\123685r9z439.bin

c:\windows\system32\12609not-a-viruz125.cpl

c:\windows\system32\12821s9ambo512z.exe

c:\windows\system32\12951zroj3b2.ocx

c:\windows\system32\12z5downloade525599.exe

c:\windows\system32\131z2hackt95l7cd.bin

c:\windows\system32\13260t9oj53z.bin

c:\windows\system32\13525z5rus4e9.bin

c:\windows\system32\13619virz5693.dll

c:\windows\system32\1439zte591175.exe

c:\windows\system32\14552spa9zot1cc.cpl

c:\windows\system32\14b9sz5rse89.bin

c:\windows\system32\15032tz5j396.dll

c:\windows\system32\15069sz5mbot74.ocx

c:\windows\system32\15084wz5m7fd9.exe

c:\windows\system32\1534szy9are1924.exe

c:\windows\system32\15409spa9boz4c8.bin

c:\windows\system32\15521hac9tooz3eb.ocx

c:\windows\system32\15569iruz5805.exe

c:\windows\system32\15623zpambo54289.ocx

c:\windows\system32\15631trzj4a89.dll

c:\windows\system32\156769pa5zot1a5.ocx

c:\windows\system32\15684hac5tzo938b.cpl

c:\windows\system32\15fav5r1399z.bin

c:\windows\system32\15z665o9m3c4.ocx

c:\windows\system32\15zes5ar9e961.dll

c:\windows\system32\16265w9rm2d5z.bin

c:\windows\system32\16642wor5z09.dll

c:\windows\system32\16691tro55az.bin

c:\windows\system32\1719vir2350z.cpl

c:\windows\system32\171z8s95mbot4f0.ocx

c:\windows\system32\17207spy5z9.dll

c:\windows\system32\172875roj939z.dll

c:\windows\system32\17295ot-a9viruzf8.dll

c:\windows\system32\17536hac95ool52z.bin

c:\windows\system32\18179not-5-virzse8.bin

c:\windows\system32\184znot-a-vir9s4af5.dll

c:\windows\system32\18656zroj3e9.exe

c:\windows\system32\18908hackto9lz1a5.bin

c:\windows\system32\18e9zpa5se8909.dll

c:\windows\system32\1922zhreat942185.dll

c:\windows\system32\19294wzrm5b9.cpl

c:\windows\system32\1943thi5fz57.ocx

c:\windows\system32\19565haz5tool605.bin

c:\windows\system32\19729sp5zbot1c9.cpl

c:\windows\system32\19751h9c5toolzc4.ocx

c:\windows\system32\19994wo5m2z5.ocx

c:\windows\system32\199z3vir5s6e19.cpl

c:\windows\system32\19a1vz5999.bin

c:\windows\system32\1be5i91z75.cpl

c:\windows\system32\1cb5tzr9at737.ocx

c:\windows\system32\1cf65zreat5952.exe

c:\windows\system32\1ec8zh59at30351.exe

c:\windows\system32\1z519virus6a5.ocx

c:\windows\system32\1z555spy43b9.dll

c:\windows\system32\1z5thief2973.bin

c:\windows\system32\1z849troj4955.exe

c:\windows\system32\1ze95ownloader2386.dll

c:\windows\system32\20452t9oj1az.ocx

c:\windows\system32\20476viz9s915.cpl

c:\windows\system32\20572spamzo9656.dll

c:\windows\system32\209z8spy9985.ocx

c:\windows\system32\211969ot-a-v5rus190z.ocx

c:\windows\system32\21684s5ambzt3239.cpl

c:\windows\system32\21859vzrus5ce.dll

c:\windows\system32\21d3baczdoor905.exe

c:\windows\system32\21f6ba9kdo5z2738.bin

c:\windows\system32\22055s9ambot5f7z.ocx

c:\windows\system32\22111vzrus2195.exe

c:\windows\system32\2231z9ir5s7b.bin

c:\windows\system32\22515teaz1191.ocx

c:\windows\system32\225589a5kzool46d.dll

c:\windows\system32\22629tr5jzb99.ocx

c:\windows\system32\23599not-a5vi9uz409.exe

c:\windows\system32\238fdownlo9zer25965.ocx

c:\windows\system32\23941tr9j75z.bin

c:\windows\system32\2398sp55d3z.ocx

c:\windows\system32\249335rojz5c.ocx

c:\windows\system32\24955s9yafz.dll

c:\windows\system32\25042viz9s534.exe

c:\windows\system32\2510stea5z589.cpl

c:\windows\system32\25152sp9z91.cpl

c:\windows\system32\253115ot-a-v9rusz5a.exe

c:\windows\system32\253819zcktool663.cpl

c:\windows\system32\2558zownloade9599.cpl

c:\windows\system32\255dviz229.cpl

c:\windows\system32\25739ir2z14.exe

c:\windows\system32\2596zhacktool50d.bin

c:\windows\system32\25adtzie9509.bin

c:\windows\system32\25c2thief179z9.ocx

c:\windows\system32\265519pambot7d0z.exe

c:\windows\system32\2671download5r9901z.exe

c:\windows\system32\26b55hiefz29.ocx

c:\windows\system32\270505p930cz.bin

c:\windows\system32\2779zs5y97.exe

c:\windows\system32\27802hack9o5l4a5z.cpl

c:\windows\system32\27995spyz05.cpl

c:\windows\system32\28951viru9z1c.bin

c:\windows\system32\289zs953c7.cpl

c:\windows\system32\2908szeal535.ocx

c:\windows\system32\2926addw5re165z.bin

c:\windows\system32\29393viruz5995.bin

c:\windows\system32\294709ac5tzol241.exe

c:\windows\system32\29515vizus6e0.bin

c:\windows\system32\29557vzru93b.ocx

c:\windows\system32\2959spywaze972.ocx

c:\windows\system32\296195pz91e.bin

c:\windows\system32\2963zviru515c.cpl

c:\windows\system32\29655spy1zf.bin

c:\windows\system32\29835spy72z.bin

c:\windows\system32\298sz5rse2299.dll

c:\windows\system32\2c79spywaz5248.bin

c:\windows\system32\2e09azdware459.cpl

c:\windows\system32\2ebez5eal2493.dll

c:\windows\system32\2ed15zreat14395.bin

c:\windows\system32\2f25b9ckdzo52191.dll

c:\windows\system32\2z47spamb9tf15.cpl

c:\windows\system32\2z590worm5099.cpl

c:\windows\system32\3050szarse18429.bin

c:\windows\system32\30565t9zj545.dll

c:\windows\system32\30567spamb9t5z9.bin

c:\windows\system32\305cszarse1399.bin

c:\windows\system32\306z7hac95ool618.bin

c:\windows\system32\3077wo9m50z.cpl

c:\windows\system32\31089wz9m50.ocx

c:\windows\system32\31146ha59tool7ze.dll

c:\windows\system32\31314not-a-vi5uz79a.dll

c:\windows\system32\313729pambot450z.exe

c:\windows\system32\3174nz5-a-v9rus759.ocx

c:\windows\system32\31955spaz9ot276.exe

c:\windows\system32\31z959ot-5-virus135.bin

c:\windows\system32\3236thief9275z.cpl

c:\windows\system32\323eb9ckdoor2594z.exe

c:\windows\system32\32584tzo9519.cpl

c:\windows\system32\32591zot-a-virus10e.dll

c:\windows\system32\32915dzware180.cpl

c:\windows\system32\3392zackdoor2285.ocx

c:\windows\system32\3415virzs6bb9.bin

c:\windows\system32\34d7a5dwarz959.bin

c:\windows\system32\3529vi52597z.ocx

c:\windows\system32\3534downloadez69.cpl

c:\windows\system32\359sparsez719.ocx

c:\windows\system32\3609viz5669.bin

c:\windows\system32\3676dz9nload5r67.cpl

c:\windows\system32\3695add9ar517z9.bin

c:\windows\system32\3770downloadz92325.exe

c:\windows\system32\383cthrea985z2.dll

c:\windows\system32\3859a5dware2576z.exe

c:\windows\system32\38a4thr5az90199.cpl

c:\windows\system32\392as5zrse3977.ocx

c:\windows\system32\3951backdooz1479.bin

c:\windows\system32\3958vir2z86.cpl

c:\windows\system32\395z5spy6ce.dll

c:\windows\system32\39ddowzlo5der2790.ocx

c:\windows\system32\39fszy5are16799.cpl

c:\windows\system32\39z2thr5at96092.exe

c:\windows\system32\39zcvi5669.cpl

c:\windows\system32\3a29sparse11z5.exe

c:\windows\system32\3a76spzrse1935.cpl

c:\windows\system32\3a95zackdoo51797.cpl

c:\windows\system32\3bbadownloa9er2315z.ocx

c:\windows\system32\3bcft9izf354.bin

c:\windows\system32\3de9thz5f60.exe

c:\windows\system32\3ea6ste9l59z5.cpl

c:\windows\system32\3ez2thre5t14295.bin

c:\windows\system32\3fc65ddwaze9049.dll

c:\windows\system32\3z457sp9mbot5bc.dll

c:\windows\system32\3zd0threa954817.dll

c:\windows\system32\40eaaddw95z2935.cpl

c:\windows\system32\410859yz61.cpl

c:\windows\system32\4179doznlo5der3162.ocx

c:\windows\system32\41995hiez223.dll

c:\windows\system32\41a3spzrse27985.bin

c:\windows\system32\42b0spz5are1964.dll

c:\windows\system32\4492zh5ef2279.dll

c:\windows\system32\449fbackd5or12z4.exe

c:\windows\system32\4654t5ief139z.exe

c:\windows\system32\473athr5atz619.ocx

c:\windows\system32\4760zir97705.ocx

c:\windows\system32\47c1b95kdozr2932.cpl

c:\windows\system32\486cdown9oade56z5.cpl

c:\windows\system32\4955spazb9t621.ocx

c:\windows\system32\4996w5rm7ze.exe

c:\windows\system32\49a7adzw5re1555.exe

c:\windows\system32\49zfaddwa5e2542.exe

c:\windows\system32\4e46bac5do9r2z68.exe

c:\windows\system32\4f9th5eat289z9.exe

c:\windows\system32\4z7evi9590.bin

c:\windows\system32\4z97sparse544.exe

c:\windows\system32\502a9dwarz1877.ocx

c:\windows\system32\50a9vzr2562.bin

c:\windows\system32\51849ha9ktool2ez.ocx

c:\windows\system32\51baadzw9re12.exe

c:\windows\system32\5226not-a5vzr9s33e.ocx

c:\windows\system32\52699zorm3e3.cpl

c:\windows\system32\5339z5eal31069.ocx

c:\windows\system32\5357t9oz3e0.exe

c:\windows\system32\544tr9j778z.cpl

c:\windows\system32\54a25te9lz996.dll

c:\windows\system32\5585sp9rse1z62.cpl

c:\windows\system32\5589spywarez395.exe

c:\windows\system32\5590steal81z.ocx

c:\windows\system32\55999t9oj4zf.bin

c:\windows\system32\561spyz59.ocx

c:\windows\system32\56985w9rmfz.exe

c:\windows\system32\56e19pywarz5895.exe

c:\windows\system32\5705tz5eat93074.exe

c:\windows\system32\5755haczt9ol3a4.ocx

c:\windows\system32\57692spambot135z.cpl

c:\windows\system32\57857spamboz923.ocx

c:\windows\system32\579z9py3f2.exe

c:\windows\system32\591dthrezt16419.exe

c:\windows\system32\59524virus939z.ocx

c:\windows\system32\59997spy605z.bin

c:\windows\system32\599daddware628z.dll

c:\windows\system32\599zv5r1985.cpl

c:\windows\system32\59e7sparse59z.dll

c:\windows\system32\5aebspywa951z37.dll

c:\windows\system32\5b2zbac9door1249.bin

c:\windows\system32\5d8dvzr9574.bin

c:\windows\system32\5d9dad5w9ze1097.cpl

c:\windows\system32\5z58downloa9er73.dll

c:\windows\system32\5z988spambo97bf.cpl

c:\windows\system32\5z998hackt9ol10.dll

c:\windows\system32\5zc3t5reat97864.cpl

c:\windows\system32\6020zac95ool194.exe

c:\windows\system32\6101do5nloadez2909.exe

c:\windows\system32\62ces5y9are114z.bin

c:\windows\system32\640bac5dzor2519.ocx

c:\windows\system32\6465spz9are2025.bin

c:\windows\system32\65685ozm7059.cpl

c:\windows\system32\6593spyware2075z.dll

c:\windows\system32\65fa59r292z.exe

c:\windows\system32\6629s9zal27255.cpl

c:\windows\system32\6702downl5ad9z1684.bin

c:\windows\system32\6837hack5o9l1e6z.exe

c:\windows\system32\6855vir89z.exe

c:\windows\system32\689zs5arse11969.bin

c:\windows\system32\68f29hreat285z4.exe

c:\windows\system32\6991zorm559.cpl

c:\windows\system32\69f9dow9loazer2055.exe

c:\windows\system32\6a84thre9t435z.cpl

c:\windows\system32\6b79tzie52949.ocx

c:\windows\system32\6be75zr9at25900.bin

c:\windows\system32\6bz1steal20795.ocx

c:\windows\system32\6c00backd59rz080.cpl

c:\windows\system32\6cd3spzrs918945.dll

c:\windows\system32\6ed5s9yware1519z.ocx

c:\windows\system32\6z5fthrea923575.bin

c:\windows\system32\6z9bsteal5582.ocx

c:\windows\system32\6zbbt95eat12676.exe

c:\windows\system32\7092tr5950z.exe

c:\windows\system32\70c1zpar9e1525.exe

c:\windows\system32\71c0szyw5re9507.dll

c:\windows\system32\71za9tea51126.ocx

c:\windows\system32\722zhre5t1596.exe

c:\windows\system32\7275b9ckdoor29z3.exe

c:\windows\system32\72zc5pywar982.bin

c:\windows\system32\74c7s5ywaz9165.ocx

c:\windows\system32\7554zhreat39779.exe

c:\windows\system32\7591worm2z.dll

c:\windows\system32\75a5virz299.cpl

c:\windows\system32\7651zirus5f99.bin

c:\windows\system32\7652thr9zt16467.cpl

c:\windows\system32\7665pyware3049z.ocx

c:\windows\system32\7727spars93z25.ocx

c:\windows\system32\779es5zrse1739.ocx

c:\windows\system32\77b3tzief21059.dll

c:\windows\system32\77fespa9ze6875.dll

c:\windows\system32\7849backzoo52666.cpl

c:\windows\system32\792za5dware3949.dll

c:\windows\system32\79349pamboz523.ocx

c:\windows\system32\798b5iz2547.exe

c:\windows\system32\79d2back5oor3z25.ocx

c:\windows\system32\79dzspa5se1109.bin

c:\windows\system32\7b5d9ir165z.dll

c:\windows\system32\7c9eaddzare595.ocx

c:\windows\system32\7czbspars918205.exe

c:\windows\system32\7e5aste9z539.dll

c:\windows\system32\7z41downloa5e92953.cpl

c:\windows\system32\7z5fthi9f2923.exe

c:\windows\system32\8076w5rz191.cpl

c:\windows\system32\829w5rm7z6.ocx

c:\windows\system32\867h9cktozl544.cpl

c:\windows\system32\8z45sp9475.ocx

c:\windows\system32\905z5ddware1294.exe

c:\windows\system32\91559szambotdc.ocx

c:\windows\system32\922thie521z3.cpl

c:\windows\system32\9282not-5-zirus391.bin

c:\windows\system32\92991trzj6855.dll

c:\windows\system32\93002not-a-virzs5c1.exe

c:\windows\system32\9372w5rz286.dll

c:\windows\system32\9458steaz2696.ocx

c:\windows\system32\945cvir1345z.ocx

c:\windows\system32\951threzt26331.cpl

c:\windows\system32\953e5ownloadzr2701.bin

c:\windows\system32\95z0spy49c.bin

c:\windows\system32\95z5thief2709.exe

c:\windows\system32\960stea52z98.dll

c:\windows\system32\9815downzoader3180.cpl

c:\windows\system32\9875s9amzot7c45.ocx

c:\windows\system32\98z55spambot5c9.bin

c:\windows\system32\995zno9-5-virus309.exe

c:\windows\system32\9c51vir1z95.cpl

c:\windows\system32\9d0daddwaze2954.cpl

c:\windows\system32\9z95hief9496.ocx

c:\windows\system32\9zebspywar5710.cpl

c:\windows\system32\b48dzwnloader98755.dll

c:\windows\system32\d07sp5rse9574z.dll

c:\windows\system32\d49steal5z39.dll

c:\windows\system32\e35sparze2795.cpl

c:\windows\system32\ezvir9573.exe

c:\windows\system32\f27spywar915z4.exe

c:\windows\system32\fdabackdzor35819.bin

c:\windows\system32\z26cspars51690.cpl

c:\windows\system32\z4994tr5j159.ocx

c:\windows\system32\z562tro9150.bin

c:\windows\system32\z5725s95735.ocx

c:\windows\system32\z581down9oader2400.bin

c:\windows\system32\z657spa5bo97bb.cpl

c:\windows\system32\z7565teal9929.bin

c:\windows\system32\z8895spam5ot284.ocx

c:\windows\system32\z94bs5yware2337.dll

c:\windows\system32\z9715virus5e9.bin

c:\windows\system32\zb14sp9rse5345.ocx

c:\windows\system32\zb4d9pyw5re1220.cpl

c:\windows\system32\zd869hief8505.dll

c:\windows\system32\zf89s9yware24805.ocx

c:\windows\z033ad5wa9e609.dll

c:\windows\z17d5hr9at3969.cpl

c:\windows\z1d3spyware3159.exe

c:\windows\z258ste5l1749.cpl

c:\windows\z455spyd09.ocx

c:\windows\z472spy1e95.exe

c:\windows\z5298worm9b8.bin

c:\windows\z5635s958.ocx

c:\windows\z5968tro9426.bin

c:\windows\z669not-a-virus615.bin

c:\windows\z679troj457.bin

c:\windows\z6a9downlo9der456.exe

c:\windows\z7635hackto5lea9.bin

c:\windows\z8963ha59tool695.cpl

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_98795ea2

-------\Service_iteio

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))

.

2009-10-31 10:28 . 2007-06-13 15:47 48256 ----a-w- c:\windows\system32\drivers\jraid.sys

2009-10-31 10:28 . 2005-06-20 22:53 60928 ----a-w- c:\windows\system32\drivers\viamraid.sys

2009-10-30 16:39 . 2009-10-30 16:39 -------- d-----w- c:\program files\Trend Micro

2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Malwarebytes

2009-10-30 14:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-30 14:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-11 09:46 . 2009-10-11 02:41 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-11 02:41 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-10-11 02:39 . 2009-10-11 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-10-09 16:30 . 2009-10-09 16:30 -------- d-----w- c:\program files\CAPCOM

2009-10-09 16:29 . 2009-10-09 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-30 12:20 . 2008-06-19 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-10-27 23:57 . 2007-11-22 04:12 -------- d-----w- c:\program files\GTR2

2009-10-27 23:56 . 2008-12-13 15:08 -------- d-----w- c:\program files\Rummy Royal

2009-10-27 23:55 . 2008-11-01 12:28 -------- d-----w- c:\program files\Fallout 3

2009-10-27 23:54 . 2007-08-02 21:09 -------- d-----w- c:\program files\Ubisoft

2009-10-27 04:19 . 2008-10-02 14:10 -------- d-----w- c:\program files\MagicISO

2009-10-25 21:45 . 2009-06-30 15:03 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Vso

2009-10-15 23:43 . 2009-01-29 18:54 3532 ----a-w- C:\drmHeader.bin

2009-10-11 02:41 . 2007-08-02 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-10-11 02:39 . 2007-08-02 11:11 -------- d-----w- c:\program files\Lavasoft

2009-09-20 22:07 . 2009-09-20 22:07 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Sony Corporation

2009-09-20 22:02 . 2007-08-02 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\program files\Sony

2009-09-18 01:06 . 2007-08-02 09:07 19368 ------w- c:\documents and settings\Frederick Dumaresq\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Microsoft

2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live

2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-09-18 00:54 . 2009-09-18 00:54 -------- d-----w- c:\program files\Common Files\Windows Live

2009-08-23 06:59 . 2007-08-04 12:34 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-08-23 06:59 . 2007-08-03 12:38 189104 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-08-19 12:53 . 2008-06-19 17:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-19 12:53 . 2008-06-19 17:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-19 12:53 . 2007-08-02 10:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_10.41.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-31 11:09 . 2009-10-31 11:09 16384 c:\windows\temp\Perflib_Perfdata_530.dat

+ 2006-02-28 12:00 . 2009-10-31 10:43 71264 c:\windows\system32\perfc009.dat

- 2006-02-28 12:00 . 2009-10-31 10:36 71264 c:\windows\system32\perfc009.dat

+ 2006-02-28 12:00 . 2009-10-31 10:43 441454 c:\windows\system32\perfh009.dat

- 2006-02-28 12:00 . 2009-10-31 10:36 441454 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-2 450560]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-2 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-19 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"=

"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=

"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\WINDOWS\\system32\\dldfcoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=

"c:\\Program Files\\Lost Via Domus\\Yeti_Final_Win32.exe"=

"c:\\Program Files\\Left 4 Dead\\left4dead.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Teamspeak2_RC2\\server_windows.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/10/2009 10:41 PM 64160]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/06/2008 1:12 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/06/2008 1:12 PM 108552]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [02/08/2007 9:29 PM 13696]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/06/2009 9:42 AM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2008 12:19 PM 297752]

R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]

R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1028432]

R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [11/07/2001 11:06 AM 23153]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [19/07/2009 8:28 PM 98488]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2

*Deregistered* - CLASSPNP_2

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 02:41]

2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{954CFAEC-E4E0-42D4-8965-1BF279566081}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-31 07:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:94,85,26,81,5b,9c,1d,e7,5d,06,61,38,7b,b8,c3,e1,66,b8,ad,fc,d8,38,74,

4a,57,5f,0e,58,5b,84,45,45,e4,03,4f,1c,a1,aa,9e,60,b1,5c,cf,5b,55,32,29,71,\

"??"=hex:c6,15,46,c6,be,5d,18,91,dc,c8,d0,c2,7d,87,e6,c1

[HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\license information*]

"datasecu"=hex:a6,ff,86,e6,1f,ca,49,54,30,90,08,6d,3d,1b,aa,f2,15,ba,fe,c9,01,

6b,42,df,7a,63,77,f1,e1,a4,ff,9d,5a,cf,09,f5,63,83,e0,4b,0e,fe,c4,3d,b4,a7,\

"rkeysecu"=hex:78,00,ce,66,0a,8c,aa,90,88,57,b9,51,bd,90,bf,6a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(868)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\KEMHook.dll

c:\docume~1\FREDER~1\LOCALS~1\Temp\IadHide5.dll

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

c:\windows\system32\MSI.DLL

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\dldfcoms.exe

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE

c:\windows\system32\wbem\unsecapp.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2009-10-31 7:14 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-31 11:14

ComboFix2.txt 2009-10-31 10:42

Pre-Run: 41,979,203,584 bytes free

Post-Run: 41,857,232,896 bytes free

- - End Of File - - E4D086F74418FFB1232F23378045EDA7

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Glad I could help. <_<

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.