|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-11-2009, 09:45 AM
|
#1 (permalink) |
|
Registered User
|
trojan program packed win32 tdss.z
hi guys this virus is troubling me alot...
i have kaspersky internet security 2010 installed(fully updated) this virus popped up in kaspersky and i deleted it but after restart there it was again mocking me:( i then checked it with spybot and it also mentioned some files which i deleted but after restart the came up again here is what KIS2010 says Status: Deleted (events: 1) 10/11/2009 7:40:44 PM Deleted Trojan program Packed.Win32.TDSS.z C:\windows\system32\drivers\gasfkyetcwwbne.sys Status: Detected (events: 3) 10/10/2009 8:17:05 PM Detected malicious URL http://212.117.183.13/D4.exe 10/11/2009 11:10:35 AM Detected network attack Intrusion.Win.NETAPI.buffer-overflow.exploit 10.45.96.149 10/11/2009 7:19:14 PM Detected malicious URL http://212.117.183.13/lzfxwwq.exe this is stated by kaspersky stand alone virus remover Infected: Trojan program Packed.Win32.TDSS.z c:\windows\system32\gasfkyoykxevob.dll 19 KB Infected: Trojan program Packed.Win32.TDSS.z c:\windows\system32\gasfkykrnkrjkg.dll 19 KB Infected: Trojan program Packed.Win32.TDSS.z c:\windows\system32\gasfkyiutfmwli.dll 19 KB and following is what spybot mentioned Error during check!: Vario.AntiVirus [87 - $901C9429] (TRegExpr(comp): ParseReg Unmatched () (pos 92)) (Status) Error during check!: Vario.AntiVirus [88 - $6BA04179] (TRegExpr(comp): ParseReg Unmatched () (pos 92)) (Status) Win32.TDSS.rtk: [SBI $CC549FA0] File (File, nothing done) C:\WINDOWS\system32\drivers\gasfkyetcwwbne.sys Properties.size=0 Properties.md5=A6865D5345CA7E46FAD74A4BE92A930D Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkybxrdksvg.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkycoregsiy.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkycrjqwbdr.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyexjcxdqq.dll Properties.size=0 Properties.md5=D9043037AC147068F59A1E6E9345A2CC Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyfvnsesmq.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyiktqunwt.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyinnvieix.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyiutfmwli.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyivksviri.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyiwwkfybw.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyjetkylui.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkykrnkrjkg.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkynemqrcim.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkynpcyefeg.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyobcvfuxt.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyohwwyari.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyojufjxvb.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyornsixge.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyowfjibcs.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyoykxevob.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkypfquoidx.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkypunkyfmp.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkypxvlyvxn.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkysumuckfr.dll Properties.size=0 Properties.md5=01A45C33177509AFC09D99BF05998639 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkysvrcjwib.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkytpeqqpfu.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkytuwonprx.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkytxdlxmuj.dll Properties.size=0 Properties.md5=1AE3B46E021D1C6E62F7A3233018BF74 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkywbutewiw.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkywcttmsmy.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkywfswecxv.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkywhbndqye.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkywqpuntee.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyxfvribap.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyxjunceec.dll Properties.size=0 Properties.md5=EE17596F2EDA1AC1EF9C75EC5879E582 Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyxvpwmdby.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyyeexevrc.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $44B45F45] File (File, nothing done) C:\WINDOWS\system32\gasfkyyuwfpxxy.dll Properties.size=0 Properties.md5=D1292530C5BF2D2F773AA53A4088158F Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyblypkkkl.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkybodstloo.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkybpfqxtit.dat Properties.size=0 Properties.md5=C5AF8945C88B59E2D21B844E21598651 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyduejvkxj.dat Properties.size=0 Properties.md5=CC4972BC6E14559ED32CDADFAE462B55 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyeixvmqsb.dat Properties.size=0 Properties.md5=3313D731AF76AA42DFA02968A9DCA901 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkygrwkpxrx.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyhpymctjq.dat Properties.size=0 Properties.md5=A30311D5A488B84A74CDE4DC3B596C5C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyjlspmkhx.dat Properties.size=0 Properties.md5=F844C07FD2F2A409F3B19C291147FF49 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkylydekrxm.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkymbfpyrts.dat Properties.size=0 Properties.md5=1CF1055172BB2FAE29400164872ED6F1 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkymycaaubu.dat Properties.size=0 Properties.md5=0A58F89A9751683FEE2D803C967E2001 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyntkayvvm.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyovebrsca.dat Properties.size=0 Properties.md5=88B987EB2E8B3F453E2819C8A10A0E85 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkypyebfkti.dat Properties.size=0 Properties.md5=3DB3CF268F9EE0C4F8D953A872A41244 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyqipyrbqh.dat Properties.size=0 Properties.md5=77879BF0E4F5232D9F213F6BFF95B605 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyqmhfkjwb.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyrchwhehx.dat Properties.size=0 Properties.md5=9B8AF33FA2C00AB0748630E052A62655 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyrcthxnmd.dat Properties.size=0 Properties.md5=EB66ACBADC12D31BBF45F0C7D52D9FB0 Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkytvfkjcns.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyvmkpjkda.dat Properties.size=0 Properties.md5=3789106ED6A875DC412BDE1C3074FC3F Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyxdpxmkbs.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyxobqhosi.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C Win32.TDSS.rtk: [SBI $4430B36D] File (File, nothing done) C:\WINDOWS\system32\gasfkyypiqvdnk.dat Properties.size=0 Properties.md5=692EA7DA4887503106955E762964705C --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-09-15 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-09-07 advcheck.dll (1.6.4.18) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2009-05-19 Includes\Adware.sbi (*) 2009-10-06 Includes\AdwareC.sbi (*) 2009-01-22 Includes\Cookies.sbi (*) 2009-05-19 Includes\Dialer.sbi (*) 2009-10-06 Includes\DialerC.sbi (*) 2009-01-22 Includes\HeavyDuty.sbi (*) 2009-05-26 Includes\Hijackers.sbi (*) 2009-10-06 Includes\HijackersC.sbi (*) 2009-09-29 Includes\Keyloggers.sbi (*) 2009-10-06 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2009-10-06 Includes\Malware.sbi (*) 2009-10-06 Includes\MalwareC.sbi (*) 2009-03-25 Includes\PUPS.sbi (*) 2009-10-06 Includes\PUPSC.sbi (*) 2009-01-22 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2009-10-06 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2009-04-07 Includes\Spyware.sbi (*) 2009-10-06 Includes\SpywareC.sbi (*) 2009-06-08 Includes\Tracks.uti 2009-10-06 Includes\Trojans.sbi (*) 2009-10-06 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll i downloaded dds.scr and dds.pif on the desktop but nothing happens as dds.scr opens in notepad and also when i ran gmer.exe it gave me blue screen of death(BSOD) hope i made it very clear and hope you help me here is dds.txt DDS (Ver_09-09-29.01) - NTFSx86 Run by (hu at 20:52:05.15 on Sun 10/11/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.491 [GMT 5:00] AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AntiPoisoner\AntiPoisoner.exe C:\Program Files\WordWeb\wweb32.exe C:\Documents and Settings\(hu\Desktop\Virus Removal Tool1\is-23JUB\is-23JUB.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\(hu\Desktop\dds.pif ============== Pseudo HJT Report =============== mStart Page = hxxp://www.mydreamworld.50webs.com BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL BHO: {7B47EB82-6CD9-416F-97EF-114C86B9F140} - No File BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [SpybotDeletingB3] command.com /c del "c:\windows\system32\drivers\gasfkyetcwwbne.sys_old" uRunOnce: [SpybotDeletingD3530] cmd.exe /c del "c:\windows\system32\drivers\gasfkyetcwwbne.sys_old" uRunOnce: [SpybotDeletingB4149] command.com /c del "c:\windows\system32\drivers\gasfkyetcwwbne.sys" uRunOnce: [SpybotDeletingD5182] cmd.exe /c del "c:\windows\system32\drivers\gasfkyetcwwbne.sys" uRunOnce: [SpybotDeletingB1139] command.com /c del "c:\windows\system32\gasfkybxrdksvg.dll_old" uRunOnce: [SpybotDeletingD8734] cmd.exe /c del "c:\windows\system32\gasfkybxrdksvg.dll_old" uRunOnce: [SpybotDeletingB5575] command.com /c del "c:\windows\system32\gasfkybxrdksvg.dll" uRunOnce: [SpybotDeletingD7753] cmd.exe /c del "c:\windows\system32\gasfkybxrdksvg.dll" uRunOnce: [SpybotDeletingB435] command.com /c del "c:\windows\system32\gasfkycoregsiy.dll_old" uRunOnce: [SpybotDeletingD2838] cmd.exe /c del "c:\windows\system32\gasfkycoregsiy.dll_old" uRunOnce: [SpybotDeletingB1083] command.com /c del "c:\windows\system32\gasfkycoregsiy.dll" uRunOnce: [SpybotDeletingD2899] cmd.exe /c del "c:\windows\system32\gasfkycoregsiy.dll" uRunOnce: [SpybotDeletingB4292] command.com /c del "c:\windows\system32\gasfkycrjqwbdr.dll_old" uRunOnce: [SpybotDeletingD1675] cmd.exe /c del "c:\windows\system32\gasfkycrjqwbdr.dll_old" uRunOnce: [SpybotDeletingB6634] command.com /c del "c:\windows\system32\gasfkycrjqwbdr.dll" uRunOnce: [SpybotDeletingD5133] cmd.exe /c del "c:\windows\system32\gasfkycrjqwbdr.dll" uRunOnce: [SpybotDeletingB6384] command.com /c del "c:\windows\system32\gasfkyexjcxdqq.dll_old" uRunOnce: [SpybotDeletingD7139] cmd.exe /c del "c:\windows\system32\gasfkyexjcxdqq.dll_old" uRunOnce: [SpybotDeletingB2357] command.com /c del "c:\windows\system32\gasfkyexjcxdqq.dll" uRunOnce: [SpybotDeletingD163] cmd.exe /c del "c:\windows\system32\gasfkyexjcxdqq.dll" uRunOnce: [SpybotDeletingB7542] command.com /c del "c:\windows\system32\gasfkyfvnsesmq.dll_old" uRunOnce: [SpybotDeletingD7295] cmd.exe /c del "c:\windows\system32\gasfkyfvnsesmq.dll_old" uRunOnce: [SpybotDeletingB3389] command.com /c del "c:\windows\system32\gasfkyfvnsesmq.dll" uRunOnce: [SpybotDeletingD995] cmd.exe /c del "c:\windows\system32\gasfkyfvnsesmq.dll" uRunOnce: [SpybotDeletingB6260] command.com /c del "c:\windows\system32\gasfkyiktqunwt.dll_old" uRunOnce: [SpybotDeletingD7981] cmd.exe /c del "c:\windows\system32\gasfkyhpymctjq.dat_old" uRunOnce: [SpybotDeletingB3398] command.com /c del "c:\windows\system32\gasfkyiktqunwt.dll" uRunOnce: [SpybotDeletingD6752] cmd.exe /c del "c:\windows\system32\gasfkyiktqunwt.dll" uRunOnce: [SpybotDeletingB6180] command.com /c del "c:\windows\system32\gasfkyinnvieix.dll_old" uRunOnce: [SpybotDeletingD9693] cmd.exe /c del "c:\windows\system32\gasfkyinnvieix.dll_old" uRunOnce: [SpybotDeletingB4596] command.com /c del "c:\windows\system32\gasfkyinnvieix.dll" uRunOnce: [SpybotDeletingD2009] cmd.exe /c del "c:\windows\system32\gasfkyinnvieix.dll" uRunOnce: [SpybotDeletingB6988] command.com /c del "c:\windows\system32\gasfkyiutfmwli.dll_old" uRunOnce: [SpybotDeletingD8390] cmd.exe /c del "c:\windows\system32\gasfkyiutfmwli.dll_old" uRunOnce: [SpybotDeletingB6507] command.com /c del "c:\windows\system32\gasfkyiutfmwli.dll" uRunOnce: [SpybotDeletingD5004] cmd.exe /c del "c:\windows\system32\gasfkyiutfmwli.dll" uRunOnce: [SpybotDeletingB7307] command.com /c del "c:\windows\system32\gasfkyivksviri.dll_old" uRunOnce: [SpybotDeletingD5487] cmd.exe /c del "c:\windows\system32\gasfkyivksviri.dll_old" uRunOnce: [SpybotDeletingB8668] command.com /c del "c:\windows\system32\gasfkyivksviri.dll" uRunOnce: [SpybotDeletingD3504] cmd.exe /c del "c:\windows\system32\gasfkyivksviri.dll" uRunOnce: [SpybotDeletingB9937] command.com /c del "c:\windows\system32\gasfkyiwwkfybw.dll_old" uRunOnce: [SpybotDeletingD5552] cmd.exe /c del "c:\windows\system32\gasfkyiwwkfybw.dll_old" uRunOnce: [SpybotDeletingB9661] command.com /c del "c:\windows\system32\gasfkyiwwkfybw.dll" uRunOnce: [SpybotDeletingD8608] cmd.exe /c del "c:\windows\system32\gasfkyiwwkfybw.dll" uRunOnce: [SpybotDeletingB5984] command.com /c del "c:\windows\system32\gasfkyjetkylui.dll_old" uRunOnce: [SpybotDeletingD4263] cmd.exe /c del "c:\windows\system32\gasfkyjetkylui.dll_old" uRunOnce: [SpybotDeletingB7600] command.com /c del "c:\windows\system32\gasfkyjetkylui.dll" uRunOnce: [SpybotDeletingD4536] cmd.exe /c del "c:\windows\system32\gasfkyjetkylui.dll" uRunOnce: [SpybotDeletingB6972] command.com /c del "c:\windows\system32\gasfkykrnkrjkg.dll_old" uRunOnce: [SpybotDeletingD5365] cmd.exe /c del "c:\windows\system32\gasfkykrnkrjkg.dll_old" uRunOnce: [SpybotDeletingB9781] command.com /c del "c:\windows\system32\gasfkykrnkrjkg.dll" uRunOnce: [SpybotDeletingD9752] cmd.exe /c del "c:\windows\system32\gasfkykrnkrjkg.dll" uRunOnce: [SpybotDeletingB3803] command.com /c del "c:\windows\system32\gasfkynemqrcim.dll_old" uRunOnce: [SpybotDeletingD7873] cmd.exe /c del "c:\windows\system32\gasfkynemqrcim.dll_old" uRunOnce: [SpybotDeletingB7592] command.com /c del "c:\windows\system32\gasfkynemqrcim.dll" uRunOnce: [SpybotDeletingD4725] cmd.exe /c del "c:\windows\system32\gasfkynemqrcim.dll" uRunOnce: [SpybotDeletingB7399] command.com /c del "c:\windows\system32\gasfkynpcyefeg.dll_old" uRunOnce: [SpybotDeletingD1819] cmd.exe /c del "c:\windows\system32\gasfkynpcyefeg.dll_old" uRunOnce: [SpybotDeletingB2604] command.com /c del "c:\windows\system32\gasfkynpcyefeg.dll" uRunOnce: [SpybotDeletingD7614] cmd.exe /c del "c:\windows\system32\gasfkynpcyefeg.dll" uRunOnce: [SpybotDeletingB7120] command.com /c del "c:\windows\system32\gasfkyobcvfuxt.dll_old" uRunOnce: [SpybotDeletingD6579] cmd.exe /c del "c:\windows\system32\gasfkyobcvfuxt.dll_old" uRunOnce: [SpybotDeletingB9358] command.com /c del "c:\windows\system32\gasfkyobcvfuxt.dll" uRunOnce: [SpybotDeletingD6726] cmd.exe /c del "c:\windows\system32\gasfkyobcvfuxt.dll" uRunOnce: [SpybotDeletingB5662] command.com /c del "c:\windows\system32\gasfkyohwwyari.dll_old" uRunOnce: [SpybotDeletingD3385] cmd.exe /c del "c:\windows\system32\gasfkyohwwyari.dll_old" uRunOnce: [SpybotDeletingB4565] command.com /c del "c:\windows\system32\gasfkyohwwyari.dll" uRunOnce: [SpybotDeletingD3205] cmd.exe /c del "c:\windows\system32\gasfkyohwwyari.dll" uRunOnce: [SpybotDeletingB4992] command.com /c del "c:\windows\system32\gasfkyrcthxnmd.dat" uRunOnce: [SpybotDeletingD1366] cmd.exe /c del "c:\windows\system32\gasfkyojufjxvb.dll_old" uRunOnce: [SpybotDeletingB4249] command.com /c del "c:\windows\system32\gasfkyojufjxvb.dll" uRunOnce: [SpybotDeletingD946] cmd.exe /c del "c:\windows\system32\gasfkyojufjxvb.dll" uRunOnce: [SpybotDeletingB1964] command.com /c del "c:\windows\system32\gasfkyornsixge.dll_old" uRunOnce: [SpybotDeletingD9657] cmd.exe /c del "c:\windows\system32\gasfkyornsixge.dll_old" uRunOnce: [SpybotDeletingB2944] command.com /c del "c:\windows\system32\gasfkyornsixge.dll" uRunOnce: [SpybotDeletingD616] cmd.exe /c del "c:\windows\system32\gasfkyornsixge.dll" uRunOnce: [SpybotDeletingB9813] command.com /c del "c:\windows\system32\gasfkyowfjibcs.dll_old" uRunOnce: [SpybotDeletingD6619] cmd.exe /c del "c:\windows\system32\gasfkyowfjibcs.dll_old" uRunOnce: [SpybotDeletingB5040] command.com /c del "c:\windows\system32\gasfkyowfjibcs.dll" uRunOnce: [SpybotDeletingD2280] cmd.exe /c del "c:\windows\system32\gasfkyowfjibcs.dll" uRunOnce: [SpybotDeletingB1197] command.com /c del "c:\windows\system32\gasfkyoykxevob.dll_old" uRunOnce: [SpybotDeletingD9497] cmd.exe /c del "c:\windows\system32\gasfkyoykxevob.dll_old" uRunOnce: [SpybotDeletingB293] command.com /c del "c:\windows\system32\gasfkyoykxevob.dll" uRunOnce: [SpybotDeletingD3337] cmd.exe /c del "c:\windows\system32\gasfkyoykxevob.dll" uRunOnce: [SpybotDeletingB5673] command.com /c del "c:\windows\system32\gasfkypfquoidx.dll_old" uRunOnce: [SpybotDeletingD3129] cmd.exe /c del "c:\windows\system32\gasfkypfquoidx.dll_old" uRunOnce: [SpybotDeletingB3835] command.com /c del "c:\windows\system32\gasfkypfquoidx.dll" uRunOnce: [SpybotDeletingD4785] cmd.exe /c del "c:\windows\system32\gasfkypfquoidx.dll" uRunOnce: [SpybotDeletingB7387] command.com /c del "c:\windows\system32\gasfkypunkyfmp.dll_old" uRunOnce: [SpybotDeletingD8105] cmd.exe /c del "c:\windows\system32\gasfkypunkyfmp.dll_old" uRunOnce: [SpybotDeletingB7807] command.com /c del "c:\windows\system32\gasfkypunkyfmp.dll" uRunOnce: [SpybotDeletingD9824] cmd.exe /c del "c:\windows\system32\gasfkypunkyfmp.dll" uRunOnce: [SpybotDeletingB6072] command.com /c del "c:\windows\system32\gasfkypxvlyvxn.dll_old" uRunOnce: [SpybotDeletingD2286] cmd.exe /c del "c:\windows\system32\gasfkypxvlyvxn.dll_old" uRunOnce: [SpybotDeletingB6465] command.com /c del "c:\windows\system32\gasfkypxvlyvxn.dll" uRunOnce: [SpybotDeletingD4472] cmd.exe /c del "c:\windows\system32\gasfkypxvlyvxn.dll" uRunOnce: [SpybotDeletingB5681] command.com /c del "c:\windows\system32\gasfkysumuckfr.dll_old" uRunOnce: [SpybotDeletingD7354] cmd.exe /c del "c:\windows\system32\gasfkysumuckfr.dll_old" uRunOnce: [SpybotDeletingB1548] command.com /c del "c:\windows\system32\gasfkysumuckfr.dll" uRunOnce: [SpybotDeletingD8009] cmd.exe /c del "c:\windows\system32\gasfkysumuckfr.dll" uRunOnce: [SpybotDeletingB8046] command.com /c del "c:\windows\system32\gasfkysvrcjwib.dll_old" uRunOnce: [SpybotDeletingD1566] cmd.exe /c del "c:\windows\system32\gasfkysvrcjwib.dll_old" uRunOnce: [SpybotDeletingB9173] command.com /c del "c:\windows\system32\gasfkysvrcjwib.dll" uRunOnce: [SpybotDeletingD1031] cmd.exe /c del "c:\windows\system32\gasfkysvrcjwib.dll" uRunOnce: [SpybotDeletingB3181] command.com /c del "c:\windows\system32\gasfkytpeqqpfu.dll_old" uRunOnce: [SpybotDeletingD2128] cmd.exe /c del "c:\windows\system32\gasfkytpeqqpfu.dll_old" uRunOnce: [SpybotDeletingB8380] command.com /c del "c:\windows\system32\gasfkytpeqqpfu.dll" uRunOnce: [SpybotDeletingD2035] cmd.exe /c del "c:\windows\system32\gasfkytpeqqpfu.dll" uRunOnce: [SpybotDeletingB840] command.com /c del "c:\windows\system32\gasfkytuwonprx.dll_old" uRunOnce: [SpybotDeletingD8508] cmd.exe /c del "c:\windows\system32\gasfkytuwonprx.dll_old" uRunOnce: [SpybotDeletingB9222] command.com /c del "c:\windows\system32\gasfkytuwonprx.dll" uRunOnce: [SpybotDeletingD5558] cmd.exe /c del "c:\windows\system32\gasfkytuwonprx.dll" uRunOnce: [SpybotDeletingB6461] command.com /c del "c:\windows\system32\gasfkytxdlxmuj.dll_old" uRunOnce: [SpybotDeletingD8223] cmd.exe /c del "c:\windows\system32\gasfkytxdlxmuj.dll_old" uRunOnce: [SpybotDeletingB6113] command.com /c del "c:\windows\system32\gasfkytxdlxmuj.dll" uRunOnce: [SpybotDeletingD8859] cmd.exe /c del "c:\windows\system32\gasfkytxdlxmuj.dll" uRunOnce: [SpybotDeletingB7415] command.com /c del "c:\windows\system32\gasfkywbutewiw.dll_old" uRunOnce: [SpybotDeletingD6329] cmd.exe /c del "c:\windows\system32\gasfkywbutewiw.dll_old" uRunOnce: [SpybotDeletingB8657] command.com /c del "c:\windows\system32\gasfkywbutewiw.dll" uRunOnce: [SpybotDeletingD3198] cmd.exe /c del "c:\windows\system32\gasfkywbutewiw.dll" uRunOnce: [SpybotDeletingB9147] command.com /c del "c:\windows\system32\gasfkywcttmsmy.dll_old" uRunOnce: [SpybotDeletingD391] cmd.exe /c del "c:\windows\system32\gasfkywcttmsmy.dll_old" uRunOnce: [SpybotDeletingB6110] command.com /c del "c:\windows\system32\gasfkywcttmsmy.dll" uRunOnce: [SpybotDeletingD5200] cmd.exe /c del "c:\windows\system32\gasfkywcttmsmy.dll" uRunOnce: [SpybotDeletingB8330] command.com /c del "c:\windows\system32\gasfkywfswecxv.dll_old" uRunOnce: [SpybotDeletingD3662] cmd.exe /c del "c:\windows\system32\gasfkywfswecxv.dll_old" uRunOnce: [SpybotDeletingB5597] command.com /c del "c:\windows\system32\gasfkywfswecxv.dll" uRunOnce: [SpybotDeletingD7370] cmd.exe /c del "c:\windows\system32\gasfkywfswecxv.dll" uRunOnce: [SpybotDeletingB1944] command.com /c del "c:\windows\system32\gasfkywhbndqye.dll_old" uRunOnce: [SpybotDeletingD7941] cmd.exe /c del "c:\windows\system32\gasfkywhbndqye.dll_old" uRunOnce: [SpybotDeletingB2525] command.com /c del "c:\windows\system32\gasfkywhbndqye.dll" uRunOnce: [SpybotDeletingD4249] cmd.exe /c del "c:\windows\system32\gasfkywhbndqye.dll" uRunOnce: [SpybotDeletingB4156] command.com /c del "c:\windows\system32\gasfkywqpuntee.dll_old" uRunOnce: [SpybotDeletingD8750] cmd.exe /c del "c:\windows\system32\gasfkywqpuntee.dll_old" uRunOnce: [SpybotDeletingB1077] command.com /c del "c:\windows\system32\gasfkywqpuntee.dll" uRunOnce: [SpybotDeletingD9575] cmd.exe /c del "c:\windows\system32\gasfkywqpuntee.dll" uRunOnce: [SpybotDeletingB6574] command.com /c del "c:\windows\system32\gasfkyxfvribap.dll_old" uRunOnce: [SpybotDeletingD8110] cmd.exe /c del "c:\windows\system32\gasfkyxfvribap.dll_old" uRunOnce: [SpybotDeletingB7697] command.com /c del "c:\windows\system32\gasfkyxfvribap.dll" uRunOnce: [SpybotDeletingD7603] cmd.exe /c del "c:\windows\system32\gasfkyxfvribap.dll" uRunOnce: [SpybotDeletingB9495] command.com /c del "c:\windows\system32\gasfkyxjunceec.dll_old" uRunOnce: [SpybotDeletingD138] cmd.exe /c del "c:\windows\system32\gasfkyxjunceec.dll_old" uRunOnce: [SpybotDeletingB4072] command.com /c del "c:\windows\system32\gasfkyxjunceec.dll" uRunOnce: [SpybotDeletingD9947] cmd.exe /c del "c:\windows\system32\gasfkyxjunceec.dll" uRunOnce: [SpybotDeletingB4014] command.com /c del "c:\windows\system32\gasfkyxvpwmdby.dll_old" uRunOnce: [SpybotDeletingD6256] cmd.exe /c del "c:\windows\system32\gasfkyxvpwmdby.dll_old" uRunOnce: [SpybotDeletingB3577] command.com /c del "c:\windows\system32\gasfkyxvpwmdby.dll" uRunOnce: [SpybotDeletingD1337] cmd.exe /c del "c:\windows\system32\gasfkyxvpwmdby.dll" uRunOnce: [SpybotDeletingB2291] command.com /c del "c:\windows\system32\gasfkyyeexevrc.dll_old" uRunOnce: [SpybotDeletingD8835] cmd.exe /c del "c:\windows\system32\gasfkyyeexevrc.dll_old" uRunOnce: [SpybotDeletingB6198] command.com /c del "c:\windows\system32\gasfkyyeexevrc.dll" uRunOnce: [SpybotDeletingD6982] cmd.exe /c del "c:\windows\system32\gasfkyyeexevrc.dll" uRunOnce: [SpybotDeletingB5770] command.com /c del "c:\windows\system32\gasfkyyuwfpxxy.dll_old" uRunOnce: [SpybotDeletingD9621] cmd.exe /c del "c:\windows\system32\gasfkyyuwfpxxy.dll_old" uRunOnce: [SpybotDeletingB8163] command.com /c del "c:\windows\system32\gasfkyyuwfpxxy.dll" uRunOnce: [SpybotDeletingD7006] cmd.exe /c del "c:\windows\system32\gasfkyyuwfpxxy.dll" uRunOnce: [SpybotDeletingB8917] command.com /c del "c:\windows\system32\gasfkyblypkkkl.dat_old" uRunOnce: [SpybotDeletingD9548] cmd.exe /c del "c:\windows\system32\gasfkyblypkkkl.dat_old" uRunOnce: [SpybotDeletingB4104] command.com /c del "c:\windows\system32\gasfkyblypkkkl.dat" uRunOnce: [SpybotDeletingD6838] cmd.exe /c del "c:\windows\system32\gasfkyblypkkkl.dat" uRunOnce: [SpybotDeletingB2191] command.com /c del "c:\windows\system32\gasfkybodstloo.dat_old" uRunOnce: [SpybotDeletingD4949] cmd.exe /c del "c:\windows\system32\gasfkybodstloo.dat_old" uRunOnce: [SpybotDeletingB6636] command.com /c del "c:\windows\system32\gasfkybodstloo.dat" uRunOnce: [SpybotDeletingD4847] cmd.exe /c del "c:\windows\system32\gasfkybodstloo.dat" uRunOnce: [SpybotDeletingB8388] command.com /c del "c:\windows\system32\gasfkybpfqxtit.dat_old" uRunOnce: [SpybotDeletingD2610] cmd.exe /c del "c:\windows\system32\gasfkybpfqxtit.dat_old" uRunOnce: [SpybotDeletingB6665] command.com /c del "c:\windows\system32\gasfkybpfqxtit.dat" uRunOnce: [SpybotDeletingD7975] cmd.exe /c del "c:\windows\system32\gasfkybpfqxtit.dat" uRunOnce: [SpybotDeletingB9393] command.com /c del "c:\windows\system32\gasfkyduejvkxj.dat_old" uRunOnce: [SpybotDeletingD7690] cmd.exe /c del "c:\windows\system32\gasfkyduejvkxj.dat_old" uRunOnce: [SpybotDeletingB3146] command.com /c del "c:\windows\system32\gasfkyduejvkxj.dat" uRunOnce: [SpybotDeletingD4754] cmd.exe /c del "c:\windows\system32\gasfkyduejvkxj.dat" uRunOnce: [SpybotDeletingB9142] command.com /c del "c:\windows\system32\gasfkyeixvmqsb.dat_old" uRunOnce: [SpybotDeletingD5451] cmd.exe /c del "c:\windows\system32\gasfkyeixvmqsb.dat_old" uRunOnce: [SpybotDeletingB2708] command.com /c del "c:\windows\system32\gasfkyeixvmqsb.dat" uRunOnce: [SpybotDeletingD1532] cmd.exe /c del "c:\windows\system32\gasfkyeixvmqsb.dat" uRunOnce: [SpybotDeletingB345] command.com /c del "c:\windows\system32\gasfkygrwkpxrx.dat_old" uRunOnce: [SpybotDeletingD6409] cmd.exe /c del "c:\windows\system32\gasfkygrwkpxrx.dat_old" uRunOnce: [SpybotDeletingB5255] command.com /c del "c:\windows\system32\gasfkygrwkpxrx.dat" uRunOnce: [SpybotDeletingD1407] cmd.exe /c del "c:\windows\system32\gasfkygrwkpxrx.dat" uRunOnce: [SpybotDeletingB5340] command.com /c del "c:\windows\system32\gasfkyhpymctjq.dat_old" uRunOnce: [SpybotDeletingB8491] command.com /c del "c:\windows\system32\gasfkyhpymctjq.dat" uRunOnce: [SpybotDeletingD3202] cmd.exe /c del "c:\windows\system32\gasfkyhpymctjq.dat" uRunOnce: [SpybotDeletingB4216] command.com /c del "c:\windows\system32\gasfkyjlspmkhx.dat_old" uRunOnce: [SpybotDeletingD5018] cmd.exe /c del "c:\windows\system32\gasfkyjlspmkhx.dat_old" uRunOnce: [SpybotDeletingB8239] command.com /c del "c:\windows\system32\gasfkyjlspmkhx.dat" uRunOnce: [SpybotDeletingD4097] cmd.exe /c del "c:\windows\system32\gasfkyjlspmkhx.dat" uRunOnce: [SpybotDeletingB2288] command.com /c del "c:\windows\system32\gasfkylydekrxm.dat_old" uRunOnce: [SpybotDeletingD8066] cmd.exe /c del "c:\windows\system32\gasfkylydekrxm.dat_old" uRunOnce: [SpybotDeletingB941] command.com /c del "c:\windows\system32\gasfkylydekrxm.dat" uRunOnce: [SpybotDeletingD5824] cmd.exe /c del "c:\windows\system32\gasfkylydekrxm.dat" uRunOnce: [SpybotDeletingB9016] command.com /c del "c:\windows\system32\gasfkymbfpyrts.dat_old" uRunOnce: [SpybotDeletingD9958] cmd.exe /c del "c:\windows\system32\gasfkymbfpyrts.dat_old" uRunOnce: [SpybotDeletingB9769] command.com /c del "c:\windows\system32\gasfkymbfpyrts.dat" uRunOnce: [SpybotDeletingD3331] cmd.exe /c del "c:\windows\system32\gasfkymbfpyrts.dat" uRunOnce: [SpybotDeletingB801] command.com /c del "c:\windows\system32\gasfkymycaaubu.dat_old" uRunOnce: [SpybotDeletingD4545] cmd.exe /c del "c:\windows\system32\gasfkymycaaubu.dat_old" uRunOnce: [SpybotDeletingB7429] command.com /c del "c:\windows\system32\gasfkymycaaubu.dat" uRunOnce: [SpybotDeletingD5790] cmd.exe /c del "c:\windows\system32\gasfkymycaaubu.dat" uRunOnce: [SpybotDeletingB9816] command.com /c del "c:\windows\system32\gasfkyntkayvvm.dat_old" uRunOnce: [SpybotDeletingD4146] cmd.exe /c del "c:\windows\system32\gasfkyntkayvvm.dat_old" uRunOnce: [SpybotDeletingB5112] command.com /c del "c:\windows\system32\gasfkyntkayvvm.dat" uRunOnce: [SpybotDeletingD5409] cmd.exe /c del "c:\windows\system32\gasfkyntkayvvm.dat" uRunOnce: [SpybotDeletingB5625] command.com /c del "c:\windows\system32\gasfkyovebrsca.dat_old" uRunOnce: [SpybotDeletingD7931] cmd.exe /c del "c:\windows\system32\gasfkyovebrsca.dat_old" uRunOnce: [SpybotDeletingB6327] command.com /c del "c:\windows\system32\gasfkyovebrsca.dat" uRunOnce: [SpybotDeletingD7451] cmd.exe /c del "c:\windows\system32\gasfkyovebrsca.dat" uRunOnce: [SpybotDeletingB4089] command.com /c del "c:\windows\system32\gasfkypyebfkti.dat_old" uRunOnce: [SpybotDeletingD8694] cmd.exe /c del "c:\windows\system32\gasfkypyebfkti.dat_old" uRunOnce: [SpybotDeletingB2982] command.com /c del "c:\windows\system32\gasfkypyebfkti.dat" uRunOnce: [SpybotDeletingD152] cmd.exe /c del "c:\windows\system32\gasfkypyebfkti.dat" uRunOnce: [SpybotDeletingB7407] command.com /c del "c:\windows\system32\gasfkyqipyrbqh.dat_old" uRunOnce: [SpybotDeletingD927] cmd.exe /c del "c:\windows\system32\gasfkyqipyrbqh.dat_old" uRunOnce: [SpybotDeletingB458] command.com /c del "c:\windows\system32\gasfkyqipyrbqh.dat" uRunOnce: [SpybotDeletingD2355] cmd.exe /c del "c:\windows\system32\gasfkyqipyrbqh.dat" uRunOnce: [SpybotDeletingB5178] command.com /c del "c:\windows\system32\gasfkyqmhfkjwb.dat_old" uRunOnce: [SpybotDeletingD102] cmd.exe /c del "c:\windows\system32\gasfkyqmhfkjwb.dat_old" uRunOnce: [SpybotDeletingB718] command.com /c del "c:\windows\system32\gasfkyqmhfkjwb.dat" uRunOnce: [SpybotDeletingD1696] cmd.exe /c del "c:\windows\system32\gasfkyqmhfkjwb.dat" uRunOnce: [SpybotDeletingB3980] command.com /c del "c:\windows\system32\gasfkyrchwhehx.dat_old" uRunOnce: [SpybotDeletingD2284] cmd.exe /c del "c:\windows\system32\gasfkyrchwhehx.dat_old" uRunOnce: [SpybotDeletingB4032] command.com /c del "c:\windows\system32\gasfkyrchwhehx.dat" uRunOnce: [SpybotDeletingD9206] cmd.exe /c del "c:\windows\system32\gasfkyrchwhehx.dat" uRunOnce: [SpybotDeletingB2150] command.com /c del "c:\windows\system32\gasfkyrcthxnmd.dat_old" uRunOnce: [SpybotDeletingD7612] cmd.exe /c del "c:\windows\system32\gasfkyrcthxnmd.dat_old" uRunOnce: [SpybotDeletingD5863] cmd.exe /c del "c:\windows\system32\gasfkyrcthxnmd.dat" uRunOnce: [SpybotDeletingB6715] command.com /c del "c:\windows\system32\gasfkytvfkjcns.dat_old" uRunOnce: [SpybotDeletingD6488] cmd.exe /c del "c:\windows\system32\gasfkytvfkjcns.dat_old" uRunOnce: [SpybotDeletingB3267] command.com /c del "c:\windows\system32\gasfkytvfkjcns.dat" uRunOnce: [SpybotDeletingD3183] cmd.exe /c del "c:\windows\system32\gasfkytvfkjcns.dat" uRunOnce: [SpybotDeletingB7669] command.com /c del "c:\windows\system32\gasfkyvmkpjkda.dat_old" uRunOnce: [SpybotDeletingD3229] cmd.exe /c del "c:\windows\system32\gasfkyvmkpjkda.dat_old" uRunOnce: [SpybotDeletingB911] command.com /c del "c:\windows\system32\gasfkyvmkpjkda.dat" uRunOnce: [SpybotDeletingD376] cmd.exe /c del "c:\windows\system32\gasfkyvmkpjkda.dat" uRunOnce: [SpybotDeletingB7118] command.com /c del "c:\windows\system32\gasfkyxdpxmkbs.dat_old" uRunOnce: [SpybotDeletingD4404] cmd.exe /c del "c:\windows\system32\gasfkyxdpxmkbs.dat_old" uRunOnce: [SpybotDeletingB710] command.com /c del "c:\windows\system32\gasfkyxdpxmkbs.dat" uRunOnce: [SpybotDeletingD9796] cmd.exe /c del "c:\windows\system32\gasfkyxdpxmkbs.dat" uRunOnce: [SpybotDeletingB2766] command.com /c del "c:\windows\system32\gasfkyxobqhosi.dat_old" uRunOnce: [SpybotDeletingD1519] cmd.exe /c del "c:\windows\system32\gasfkyxobqhosi.dat_old" uRunOnce: [SpybotDeletingB9920] command.com /c del "c:\windows\system32\gasfkyxobqhosi.dat" uRunOnce: [SpybotDeletingD3123] cmd.exe /c del "c:\windows\system32\gasfkyxobqhosi.dat" uRunOnce: [SpybotDeletingB6811] command.com /c del "c:\windows\system32\gasfkyypiqvdnk.dat_old" uRunOnce: [SpybotDeletingD9644] cmd.exe /c del "c:\windows\system32\gasfkyypiqvdnk.dat_old" uRunOnce: [SpybotDeletingB9804] command.com /c del "c:\windows\system32\gasfkyypiqvdnk.dat" uRunOnce: [SpybotDeletingD8486] cmd.exe /c del "c:\windows\system32\gasfkyypiqvdnk.dat" mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s mRun: [RTHDCPL] RTHDCPL.EXE this is the attach.zip but mind you ark is just the gmer result without the deepscan cause deepscan causes a BSOD if anything is missing kindly let me know and plzz if ark is important then tell me how to scan completely without having a BSOD
__________________
team work is essential it gives them other people to shoot at Last edited by amateur; 10-16-2009 at 04:33 AM. Reason: to retain 0-reply status |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-11-2009, 10:18 AM
|
#2 (permalink) |
|
Registered User
|
Re: trojan program packed win32 tdss.z
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRunOnce: [SpybotDeletingA9043] command.com /c del "c:\windows\system32\drivers\gasfkyetcwwbne.sys_old" mRunOnce: [SpybotDeletingC2792] cmd.exe /c del "c:\windows\system32\drivers\gasfkyetcwwbne.sys_old" mRunOnce: [SpybotDeletingA9936] command.com /c del "c:\windows\system32\drivers\gasfkyetcwwbne.sys" mRunOnce: [SpybotDeletingC191] cmd.exe /c del "c:\windows\system32\drivers\gasfkyetcwwbne.sys" mRunOnce: [SpybotDeletingA3002] command.com /c del "c:\windows\system32\gasfkybxrdksvg.dll_old" mRunOnce: [SpybotDeletingC7161] cmd.exe /c del "c:\windows\system32\gasfkybxrdksvg.dll_old" mRunOnce: [SpybotDeletingA6447] command.com /c del "c:\windows\system32\gasfkybxrdksvg.dll" mRunOnce: [SpybotDeletingC3905] cmd.exe /c del "c:\windows\system32\gasfkybxrdksvg.dll" mRunOnce: [SpybotDeletingA9545] command.com /c del "c:\windows\system32\gasfkycoregsiy.dll_old" mRunOnce: [SpybotDeletingC9397] cmd.exe /c del "c:\windows\system32\gasfkycoregsiy.dll_old" mRunOnce: [SpybotDeletingA1343] command.com /c del "c:\windows\system32\gasfkycoregsiy.dll" mRunOnce: [SpybotDeletingC2988] cmd.exe /c del "c:\windows\system32\gasfkycoregsiy.dll" mRunOnce: [SpybotDeletingA7363] command.com /c del "c:\windows\system32\gasfkycrjqwbdr.dll_old" mRunOnce: [SpybotDeletingC9450] cmd.exe /c del "c:\windows\system32\gasfkycrjqwbdr.dll_old" mRunOnce: [SpybotDeletingA5737] command.com /c del "c:\windows\system32\gasfkycrjqwbdr.dll" mRunOnce: [SpybotDeletingC6943] cmd.exe /c del "c:\windows\system32\gasfkycrjqwbdr.dll" mRunOnce: [SpybotDeletingA5795] command.com /c del "c:\windows\system32\gasfkyexjcxdqq.dll_old" mRunOnce: [SpybotDeletingC3337] cmd.exe /c del "c:\windows\system32\gasfkyexjcxdqq.dll_old" mRunOnce: [SpybotDeletingA2165] command.com /c del "c:\windows\system32\gasfkyexjcxdqq.dll" mRunOnce: [SpybotDeletingC3661] cmd.exe /c del "c:\windows\system32\gasfkyexjcxdqq.dll" mRunOnce: [SpybotDeletingA5501] command.com /c del "c:\windows\system32\gasfkyfvnsesmq.dll_old" mRunOnce: [SpybotDeletingC4926] cmd.exe /c del "c:\windows\system32\gasfkyfvnsesmq.dll_old" mRunOnce: [SpybotDeletingA7563] command.com /c del "c:\windows\system32\gasfkyfvnsesmq.dll" mRunOnce: [SpybotDeletingC6553] cmd.exe /c del "c:\windows\system32\gasfkyfvnsesmq.dll" mRunOnce: [SpybotDeletingA3358] command.com /c del "c:\windows\system32\gasfkyiktqunwt.dll_old" mRunOnce: [SpybotDeletingC3088] cmd.exe /c del "c:\windows\system32\gasfkyiktqunwt.dll_old" mRunOnce: [SpybotDeletingA8587] command.com /c del "c:\windows\system32\gasfkyiktqunwt.dll" mRunOnce: [SpybotDeletingC6452] cmd.exe /c del "c:\windows\system32\gasfkyiktqunwt.dll" mRunOnce: [SpybotDeletingA1698] command.com /c del "c:\windows\system32\gasfkyinnvieix.dll_old" mRunOnce: [SpybotDeletingC9305] cmd.exe /c del "c:\windows\system32\gasfkyinnvieix.dll_old" mRunOnce: [SpybotDeletingA2592] command.com /c del "c:\windows\system32\gasfkyinnvieix.dll" mRunOnce: [SpybotDeletingC8084] cmd.exe /c del "c:\windows\system32\gasfkyinnvieix.dll" mRunOnce: [SpybotDeletingA3903] command.com /c del "c:\windows\system32\gasfkyiutfmwli.dll_old" mRunOnce: [SpybotDeletingC9541] cmd.exe /c del "c:\windows\system32\gasfkyiutfmwli.dll_old" mRunOnce: [SpybotDeletingA7191] command.com /c del "c:\windows\system32\gasfkyiutfmwli.dll" mRunOnce: [SpybotDeletingC5513] cmd.exe /c del "c:\windows\system32\gasfkyiutfmwli.dll" mRunOnce: [SpybotDeletingA6119] command.com /c del "c:\windows\system32\gasfkyivksviri.dll_old" mRunOnce: [SpybotDeletingC5148] cmd.exe /c del "c:\windows\system32\gasfkyivksviri.dll_old" mRunOnce: [SpybotDeletingA7578] command.com /c del "c:\windows\system32\gasfkyivksviri.dll" mRunOnce: [SpybotDeletingC6330] cmd.exe /c del "c:\windows\system32\gasfkyivksviri.dll" mRunOnce: [SpybotDeletingA4233] command.com /c del "c:\windows\system32\gasfkyiwwkfybw.dll_old" mRunOnce: [SpybotDeletingC2684] cmd.exe /c del "c:\windows\system32\gasfkyiwwkfybw.dll_old" mRunOnce: [SpybotDeletingA8792] command.com /c del "c:\windows\system32\gasfkyiwwkfybw.dll" mRunOnce: [SpybotDeletingC6187] cmd.exe /c del "c:\windows\system32\gasfkyiwwkfybw.dll" mRunOnce: [SpybotDeletingA7040] command.com /c del "c:\windows\system32\gasfkyjetkylui.dll_old" mRunOnce: [SpybotDeletingC6777] cmd.exe /c del "c:\windows\system32\gasfkyjetkylui.dll_old" mRunOnce: [SpybotDeletingA8272] command.com /c del "c:\windows\system32\gasfkyjetkylui.dll" mRunOnce: [SpybotDeletingC7940] cmd.exe /c del "c:\windows\system32\gasfkyjetkylui.dll" mRunOnce: [SpybotDeletingA6295] command.com /c del "c:\windows\system32\gasfkykrnkrjkg.dll_old" mRunOnce: [SpybotDeletingC3998] cmd.exe /c del "c:\windows\system32\gasfkykrnkrjkg.dll_old" mRunOnce: [SpybotDeletingA6719] command.com /c del "c:\windows\system32\gasfkykrnkrjkg.dll" mRunOnce: [SpybotDeletingC2801] cmd.exe /c del "c:\windows\system32\gasfkykrnkrjkg.dll" mRunOnce: [SpybotDeletingA4369] command.com /c del "c:\windows\system32\gasfkynemqrcim.dll_old" mRunOnce: [SpybotDeletingC3700] cmd.exe /c del "c:\windows\system32\gasfkynemqrcim.dll_old" mRunOnce: [SpybotDeletingA1206] command.com /c del "c:\windows\system32\gasfkynemqrcim.dll" mRunOnce: [SpybotDeletingC132] cmd.exe /c del "c:\windows\system32\gasfkynemqrcim.dll" mRunOnce: [SpybotDeletingA5609] command.com /c del "c:\windows\system32\gasfkynpcyefeg.dll_old" mRunOnce: [SpybotDeletingC279] cmd.exe /c del "c:\windows\system32\gasfkynpcyefeg.dll_old" mRunOnce: [SpybotDeletingA8850] command.com /c del "c:\windows\system32\gasfkynpcyefeg.dll" mRunOnce: [SpybotDeletingC4346] cmd.exe /c del "c:\windows\system32\gasfkynpcyefeg.dll" mRunOnce: [SpybotDeletingA1065] command.com /c del "c:\windows\system32\gasfkyobcvfuxt.dll_old" mRunOnce: [SpybotDeletingC1735] cmd.exe /c del "c:\windows\system32\gasfkyobcvfuxt.dll_old" mRunOnce: [SpybotDeletingA9824] command.com /c del "c:\windows\system32\gasfkyobcvfuxt.dll" mRunOnce: [SpybotDeletingC7938] cmd.exe /c del "c:\windows\system32\gasfkyobcvfuxt.dll" mRunOnce: [SpybotDeletingA7582] command.com /c del "c:\windows\system32\gasfkyohwwyari.dll_old" mRunOnce: [SpybotDeletingC9257] cmd.exe /c del "c:\windows\system32\gasfkyohwwyari.dll_old" mRunOnce: [SpybotDeletingA3005] command.com /c del "c:\windows\system32\gasfkyohwwyari.dll" mRunOnce: [SpybotDeletingC5237] cmd.exe /c del "c:\windows\system32\gasfkyohwwyari.dll" mRunOnce: [SpybotDeletingA7923] command.com /c del "c:\windows\system32\gasfkyojufjxvb.dll_old" mRunOnce: [SpybotDeletingC6935] cmd.exe /c del "c:\windows\system32\gasfkywfswecxv.dll" mRunOnce: [SpybotDeletingA7152] command.com /c del "c:\windows\system32\gasfkyojufjxvb.dll" mRunOnce: [SpybotDeletingC2281] cmd.exe /c del "c:\windows\system32\gasfkyojufjxvb.dll" mRunOnce: [SpybotDeletingA7061] command.com /c del "c:\windows\system32\gasfkyornsixge.dll_old" mRunOnce: [SpybotDeletingC1528] cmd.exe /c del "c:\windows\system32\gasfkyornsixge.dll_old" mRunOnce: [SpybotDeletingA2736] command.com /c del "c:\windows\system32\gasfkyornsixge.dll" mRunOnce: [SpybotDeletingC1864] cmd.exe /c del "c:\windows\system32\gasfkyornsixge.dll" mRunOnce: [SpybotDeletingA8399] command.com /c del "c:\windows\system32\gasfkyowfjibcs.dll_old" mRunOnce: [SpybotDeletingC4086] cmd.exe /c del "c:\windows\system32\gasfkyowfjibcs.dll_old" mRunOnce: [SpybotDeletingA2370] command.com /c del "c:\windows\system32\gasfkyowfjibcs.dll" mRunOnce: [SpybotDeletingC3507] cmd.exe /c del "c:\windows\system32\gasfkyowfjibcs.dll" mRunOnce: [SpybotDeletingA5054] command.com /c del "c:\windows\system32\gasfkyoykxevob.dll_old" mRunOnce: [SpybotDeletingC3074] cmd.exe /c del "c:\windows\system32\gasfkyoykxevob.dll_old" mRunOnce: [SpybotDeletingA3374] command.com /c del "c:\windows\system32\gasfkyoykxevob.dll" mRunOnce: [SpybotDeletingC4812] cmd.exe /c del "c:\windows\system32\gasfkyoykxevob.dll" mRunOnce: [SpybotDeletingA9474] command.com /c del "c:\windows\system32\gasfkypfquoidx.dll_old" mRunOnce: [SpybotDeletingC4194] cmd.exe /c del "c:\windows\system32\gasfkypfquoidx.dll_old" mRunOnce: [SpybotDeletingA311] command.com /c del "c:\windows\system32\gasfkypfquoidx.dll" mRunOnce: [SpybotDeletingC2808] cmd.exe /c del "c:\windows\system32\gasfkypfquoidx.dll" mRunOnce: [SpybotDeletingA8152] command.com /c del "c:\windows\system32\gasfkypunkyfmp.dll_old" mRunOnce: [SpybotDeletingC8780] cmd.exe /c del "c:\windows\system32\gasfkypunkyfmp.dll_old" mRunOnce: [SpybotDeletingA5082] command.com /c del "c:\windows\system32\gasfkypunkyfmp.dll" mRunOnce: [SpybotDeletingC4579] cmd.exe /c del "c:\windows\system32\gasfkypunkyfmp.dll" mRunOnce: [SpybotDeletingA5745] command.com /c del "c:\windows\system32\gasfkypxvlyvxn.dll_old" mRunOnce: [SpybotDeletingC4545] cmd.exe /c del "c:\windows\system32\gasfkypxvlyvxn.dll_old" mRunOnce: [SpybotDeletingA5167] command.com /c del "c:\windows\system32\gasfkypxvlyvxn.dll" mRunOnce: [SpybotDeletingC2799] cmd.exe /c del "c:\windows\system32\gasfkypxvlyvxn.dll" mRunOnce: [SpybotDeletingA2427] command.com /c del "c:\windows\system32\gasfkysumuckfr.dll_old" mRunOnce: [SpybotDeletingC1908] cmd.exe /c del "c:\windows\system32\gasfkysumuckfr.dll_old" mRunOnce: [SpybotDeletingA2270] command.com /c del "c:\windows\system32\gasfkysumuckfr.dll" mRunOnce: [SpybotDeletingC595] cmd.exe /c del "c:\windows\system32\gasfkysumuckfr.dll" mRunOnce: [SpybotDeletingA9290] command.com /c del "c:\windows\system32\gasfkysvrcjwib.dll_old" mRunOnce: [SpybotDeletingC1486] cmd.exe /c del "c:\windows\system32\gasfkysvrcjwib.dll_old" mRunOnce: [SpybotDeletingA2109] command.com /c del "c:\windows\system32\gasfkysvrcjwib.dll" mRunOnce: [SpybotDeletingC6265] cmd.exe /c del "c:\windows\system32\gasfkysvrcjwib.dll" mRunOnce: [SpybotDeletingA8834] command.com /c del "c:\windows\system32\gasfkytpeqqpfu.dll_old" mRunOnce: [SpybotDeletingC3002] cmd.exe /c del "c:\windows\system32\gasfkytpeqqpfu.dll_old" mRunOnce: [SpybotDeletingA3306] command.com /c del "c:\windows\system32\gasfkytpeqqpfu.dll" mRunOnce: [SpybotDeletingC5057] cmd.exe /c del "c:\windows\system32\gasfkytpeqqpfu.dll" mRunOnce: [SpybotDeletingA1585] command.com /c del "c:\windows\system32\gasfkytuwonprx.dll_old" mRunOnce: [SpybotDeletingC4795] cmd.exe /c del "c:\windows\system32\gasfkytuwonprx.dll_old" mRunOnce: [SpybotDeletingA7419] command.com /c del "c:\windows\system32\gasfkytuwonprx.dll" mRunOnce: [SpybotDeletingC1889] cmd.exe /c del "c:\windows\system32\gasfkytuwonprx.dll" mRunOnce: [SpybotDeletingA7431] command.com /c del "c:\windows\system32\gasfkytxdlxmuj.dll_old" mRunOnce: [SpybotDeletingC4834] cmd.exe /c del "c:\windows\system32\gasfkytxdlxmuj.dll_old" mRunOnce: [SpybotDeletingA5195] command.com /c del "c:\windows\system32\gasfkytxdlxmuj.dll" mRunOnce: [SpybotDeletingC6431] cmd.exe /c del "c:\windows\system32\gasfkytxdlxmuj.dll" mRunOnce: [SpybotDeletingA8127] command.com /c del "c:\windows\system32\gasfkywbutewiw.dll_old" mRunOnce: [SpybotDeletingC2342] cmd.exe /c del "c:\windows\system32\gasfkywbutewiw.dll_old" mRunOnce: [SpybotDeletingA6815] command.com /c del "c:\windows\system32\gasfkywbutewiw.dll" mRunOnce: [SpybotDeletingC8606] cmd.exe /c del "c:\windows\system32\gasfkywbutewiw.dll" mRunOnce: [SpybotDeletingA957] command.com /c del "c:\windows\system32\gasfkywcttmsmy.dll_old" mRunOnce: [SpybotDeletingC3686] cmd.exe /c del "c:\windows\system32\gasfkywcttmsmy.dll_old" mRunOnce: [SpybotDeletingA1660] command.com /c del "c:\windows\system32\gasfkywcttmsmy.dll" mRunOnce: [SpybotDeletingC6302] cmd.exe /c del "c:\windows\system32\gasfkywcttmsmy.dll" mRunOnce: [SpybotDeletingA3113] command.com /c del "c:\windows\system32\gasfkywfswecxv.dll_old" mRunOnce: [SpybotDeletingC1859] cmd.exe /c del "c:\windows\system32\gasfkywfswecxv.dll_old" mRunOnce: [SpybotDeletingA93] command.com /c del "c:\windows\system32\gasfkywfswecxv.dll" mRunOnce: [SpybotDeletingA4184] command.com /c del "c:\windows\system32\gasfkywhbndqye.dll_old" mRunOnce: [SpybotDeletingC3286] cmd.exe /c del "c:\windows\system32\gasfkywhbndqye.dll_old" mRunOnce: [SpybotDeletingA481] command.com /c del "c:\windows\system32\gasfkywhbndqye.dll" mRunOnce: [SpybotDeletingC9468] cmd.exe /c del "c:\windows\system32\gasfkywhbndqye.dll" mRunOnce: [SpybotDeletingA5756] command.com /c del "c:\windows\system32\gasfkywqpuntee.dll_old" mRunOnce: [SpybotDeletingC5297] cmd.exe /c del "c:\windows\system32\gasfkywqpuntee.dll_old" mRunOnce: [SpybotDeletingA2868] command.com /c del "c:\windows\system32\gasfkywqpuntee.dll" mRunOnce: [SpybotDeletingC6030] cmd.exe /c del "c:\windows\system32\gasfkywqpuntee.dll" mRunOnce: [SpybotDeletingA9496] command.com /c del "c:\windows\system32\gasfkyxfvribap.dll_old" mRunOnce: [SpybotDeletingC7512] cmd.exe /c del "c:\windows\system32\gasfkyxfvribap.dll_old" mRunOnce: [SpybotDeletingA8264] command.com /c del "c:\windows\system32\gasfkyxfvribap.dll" mRunOnce: [SpybotDeletingC6696] cmd.exe /c del "c:\windows\system32\gasfkyxfvribap.dll" mRunOnce: [SpybotDeletingA2238] command.com /c del "c:\windows\system32\gasfkyxjunceec.dll_old" mRunOnce: [SpybotDeletingC9403] cmd.exe /c del "c:\windows\system32\gasfkyxjunceec.dll_old" mRunOnce: [SpybotDeletingA5096] command.com /c del "c:\windows\system32\gasfkyxjunceec.dll" mRunOnce: [SpybotDeletingC3123] cmd.exe /c del "c:\windows\system32\gasfkyxjunceec.dll" mRunOnce: [SpybotDeletingA9988] command.com /c del "c:\windows\system32\gasfkyxvpwmdby.dll_old" mRunOnce: [SpybotDeletingC2492] cmd.exe /c del "c:\windows\system32\gasfkyxvpwmdby.dll_old" mRunOnce: [SpybotDeletingA8107] command.com /c del "c:\windows\system32\gasfkyxvpwmdby.dll" mRunOnce: [SpybotDeletingC6322] cmd.exe /c del "c:\windows\system32\gasfkyxvpwmdby.dll" mRunOnce: [SpybotDeletingA6236] command.com /c del "c:\windows\system32\gasfkyyeexevrc.dll_old" mRunOnce: [SpybotDeletingC1315] cmd.exe /c del "c:\windows\system32\gasfkyyeexevrc.dll_old" mRunOnce: [SpybotDeletingA6584] command.com /c del "c:\windows\system32\gasfkyyeexevrc.dll" mRunOnce: [SpybotDeletingC3159] cmd.exe /c del "c:\windows\system32\gasfkyyeexevrc.dll" mRunOnce: [SpybotDeletingA3263] command.com /c del "c:\windows\system32\gasfkyyuwfpxxy.dll_old" mRunOnce: [SpybotDeletingC206] cmd.exe /c del "c:\windows\system32\gasfkyyuwfpxxy.dll_old" mRunOnce: [SpybotDeletingA3330] command.com /c del "c:\windows\system32\gasfkyyuwfpxxy.dll" mRunOnce: [SpybotDeletingC772] cmd.exe /c del "c:\windows\system32\gasfkyyuwfpxxy.dll" mRunOnce: [SpybotDeletingA3470] command.com /c del "c:\windows\system32\gasfkyblypkkkl.dat_old" mRunOnce: [SpybotDeletingC4211] cmd.exe /c del "c:\windows\system32\gasfkyblypkkkl.dat_old" mRunOnce: [SpybotDeletingA1294] command.com /c del "c:\windows\system32\gasfkyblypkkkl.dat" mRunOnce: [SpybotDeletingC4762] cmd.exe /c del "c:\windows\system32\gasfkyblypkkkl.dat" mRunOnce: [SpybotDeletingA7401] command.com /c del "c:\windows\system32\gasfkybodstloo.dat_old" mRunOnce: [SpybotDeletingC4845] cmd.exe /c del "c:\windows\system32\gasfkybodstloo.dat_old" mRunOnce: [SpybotDeletingA6878] command.com /c del "c:\windows\system32\gasfkybodstloo.dat" mRunOnce: [SpybotDeletingC88] cmd.exe /c del "c:\windows\system32\gasfkybodstloo.dat" mRunOnce: [SpybotDeletingA5525] command.com /c del "c:\windows\system32\gasfkybpfqxtit.dat_old" mRunOnce: [SpybotDeletingC9972] cmd.exe /c del "c:\windows\system32\gasfkybpfqxtit.dat_old" mRunOnce: [SpybotDeletingA2727] command.com /c del "c:\windows\system32\gasfkybpfqxtit.dat" mRunOnce: [SpybotDeletingC5036] cmd.exe /c del "c:\windows\system32\gasfkybpfqxtit.dat" mRunOnce: [SpybotDeletingA6742] command.com /c del "c:\windows\system32\gasfkyduejvkxj.dat_old" mRunOnce: [SpybotDeletingC535] cmd.exe /c del "c:\windows\system32\gasfkyduejvkxj.dat_old" mRunOnce: [SpybotDeletingA220] command.com /c del "c:\windows\system32\gasfkyduejvkxj.dat" mRunOnce: [SpybotDeletingC7450] cmd.exe /c del "c:\windows\system32\gasfkyduejvkxj.dat" mRunOnce: [SpybotDeletingA5281] command.com /c del "c:\windows\system32\gasfkyeixvmqsb.dat_old" mRunOnce: [SpybotDeletingC3972] cmd.exe /c del "c:\windows\system32\gasfkyeixvmqsb.dat_old" mRunOnce: [SpybotDeletingA4079] command.com /c del "c:\windows\system32\gasfkyeixvmqsb.dat" mRunOnce: [SpybotDeletingC6890] cmd.exe /c del "c:\windows\system32\gasfkyeixvmqsb.dat" mRunOnce: [SpybotDeletingA255] command.com /c del "c:\windows\system32\gasfkygrwkpxrx.dat_old" mRunOnce: [SpybotDeletingC5264] cmd.exe /c del "c:\windows\system32\gasfkygrwkpxrx.dat_old" mRunOnce: [SpybotDeletingA726] command.com /c del "c:\windows\system32\gasfkygrwkpxrx.dat" mRunOnce: [SpybotDeletingC2886] cmd.exe /c del "c:\windows\system32\gasfkygrwkpxrx.dat" mRunOnce: [SpybotDeletingA8988] command.com /c del "c:\windows\system32\gasfkyhpymctjq.dat_old" mRunOnce: [SpybotDeletingC7570] cmd.exe /c del "c:\windows\system32\gasfkyhpymctjq.dat_old" mRunOnce: [SpybotDeletingA6233] command.com /c del "c:\windows\system32\gasfkyhpymctjq.dat" mRunOnce: [SpybotDeletingC1965] cmd.exe /c del "c:\windows\system32\gasfkyhpymctjq.dat" mRunOnce: [SpybotDeletingA7755] command.com /c del "c:\windows\system32\gasfkyjlspmkhx.dat_old" mRunOnce: [SpybotDeletingC2023] cmd.exe /c del "c:\windows\system32\gasfkyjlspmkhx.dat_old" mRunOnce: [SpybotDeletingA1945] command.com /c del "c:\windows\system32\gasfkyjlspmkhx.dat" mRunOnce: [SpybotDeletingC7831] cmd.exe /c del "c:\windows\system32\gasfkyjlspmkhx.dat" mRunOnce: [SpybotDeletingA2460] command.com /c del "c:\windows\system32\gasfkylydekrxm.dat_old" mRunOnce: [SpybotDeletingC47] cmd.exe /c del "c:\windows\system32\gasfkylydekrxm.dat_old" mRunOnce: [SpybotDeletingA6247] command.com /c del "c:\windows\system32\gasfkylydekrxm.dat" mRunOnce: [SpybotDeletingC4937] cmd.exe /c del "c:\windows\system32\gasfkylydekrxm.dat" mRunOnce: [SpybotDeletingA257] command.com /c del "c:\windows\system32\gasfkymbfpyrts.dat_old" mRunOnce: [SpybotDeletingC838] cmd.exe /c del "c:\windows\system32\gasfkymbfpyrts.dat_old" mRunOnce: [SpybotDeletingA1670] command.com /c del "c:\windows\system32\gasfkymbfpyrts.dat" mRunOnce: [SpybotDeletingC5718] cmd.exe /c del "c:\windows\system32\gasfkymbfpyrts.dat" mRunOnce: [SpybotDeletingA3142] command.com /c del "c:\windows\system32\gasfkymycaaubu.dat_old" mRunOnce: [SpybotDeletingC692] cmd.exe /c del "c:\windows\system32\gasfkymycaaubu.dat_old" mRunOnce: [SpybotDeletingA1897] command.com /c del "c:\windows\system32\gasfkymycaaubu.dat" mRunOnce: [SpybotDeletingC3629] cmd.exe /c del "c:\windows\system32\gasfkymycaaubu.dat" mRunOnce: [SpybotDeletingA3046] command.com /c del "c:\windows\system32\gasfkyntkayvvm.dat_old" mRunOnce: [SpybotDeletingC1874] cmd.exe /c del "c:\windows\system32\gasfkyntkayvvm.dat_old" mRunOnce: [SpybotDeletingA7588] command.com /c del "c:\windows\system32\gasfkyntkayvvm.dat" mRunOnce: [SpybotDeletingC1259] cmd.exe /c del "c:\windows\system32\gasfkyntkayvvm.dat" mRunOnce: [SpybotDeletingA4912] command.com /c del "c:\windows\system32\gasfkyovebrsca.dat_old" mRunOnce: [SpybotDeletingC3625] cmd.exe /c del "c:\windows\system32\gasfkyovebrsca.dat_old" mRunOnce: [SpybotDeletingA2661] command.com /c del "c:\windows\system32\gasfkyovebrsca.dat" mRunOnce: [SpybotDeletingC3197] cmd.exe /c del "c:\windows\system32\gasfkyovebrsca.dat" mRunOnce: [SpybotDeletingA6545] command.com /c del "c:\windows\system32\gasfkypyebfkti.dat_old" mRunOnce: [SpybotDeletingC1722] cmd.exe /c del "c:\windows\system32\gasfkypyebfkti.dat_old" mRunOnce: [SpybotDeletingA9151] command.com /c del "c:\windows\system32\gasfkypyebfkti.dat" mRunOnce: [SpybotDeletingC1897] cmd.exe /c del "c:\windows\system32\gasfkypyebfkti.dat" mRunOnce: [SpybotDeletingA9778] command.com /c del "c:\windows\system32\gasfkyqipyrbqh.dat_old" mRunOnce: [SpybotDeletingC6185] cmd.exe /c del "c:\windows\system32\gasfkyqipyrbqh.dat_old" mRunOnce: [SpybotDeletingA8128] command.com /c del "c:\windows\system32\gasfkyqipyrbqh.dat" mRunOnce: [SpybotDeletingC5952] cmd.exe /c del "c:\windows\system32\gasfkyqipyrbqh.dat" mRunOnce: [SpybotDeletingA8275] command.com /c del "c:\windows\system32\gasfkyypiqvdnk.dat_old" mRunOnce: [SpybotDeletingC9508] cmd.exe /c del "c:\windows\system32\gasfkyqmhfkjwb.dat_old" mRunOnce: [SpybotDeletingA8995] command.com /c del "c:\windows\system32\gasfkyqmhfkjwb.dat" mRunOnce: [SpybotDeletingC9320] cmd.exe /c del "c:\windows\system32\gasfkyqmhfkjwb.dat" mRunOnce: [SpybotDeletingA5393] command.com /c del "c:\windows\system32\gasfkyrchwhehx.dat_old" mRunOnce: [SpybotDeletingC9018] cmd.exe /c del "c:\windows\system32\gasfkyrchwhehx.dat_old" mRunOnce: [SpybotDeletingA3992] command.com /c del "c:\windows\system32\gasfkyrchwhehx.dat" mRunOnce: [SpybotDeletingC1407] cmd.exe /c del "c:\windows\system32\gasfkyrchwhehx.dat" mRunOnce: [SpybotDeletingA5280] command.com /c del "c:\windows\system32\gasfkyrcthxnmd.dat_old" mRunOnce: [SpybotDeletingC6497] cmd.exe /c del "c:\windows\system32\gasfkyrcthxnmd.dat_old" mRunOnce: [SpybotDeletingA9323] command.com /c del "c:\windows\system32\gasfkyrcthxnmd.dat" mRunOnce: [SpybotDeletingC6898] cmd.exe /c del "c:\windows\system32\gasfkyrcthxnmd.dat" mRunOnce: [SpybotDeletingA4500] command.com /c del "c:\windows\system32\gasfkytvfkjcns.dat_old" mRunOnce: [SpybotDeletingC4414] cmd.exe /c del "c:\windows\system32\gasfkytvfkjcns.dat_old" mRunOnce: [SpybotDeletingA4908] command.com /c del "c:\windows\system32\gasfkytvfkjcns.dat" mRunOnce: [SpybotDeletingC1550] cmd.exe /c del "c:\windows\system32\gasfkytvfkjcns.dat" mRunOnce: [SpybotDeletingA2087] command.com /c del "c:\windows\system32\gasfkyvmkpjkda.dat_old" mRunOnce: [SpybotDeletingC6404] cmd.exe /c del "c:\windows\system32\gasfkyvmkpjkda.dat_old" mRunOnce: [SpybotDeletingA7028] command.com /c del "c:\windows\system32\gasfkyvmkpjkda.dat" mRunOnce: [SpybotDeletingC3916] cmd.exe /c del "c:\windows\system32\gasfkyvmkpjkda.dat" mRunOnce: [SpybotDeletingA3995] command.com /c del "c:\windows\system32\gasfkyxdpxmkbs.dat_old" mRunOnce: [SpybotDeletingC7163] cmd.exe /c del "c:\windows\system32\gasfkyxdpxmkbs.dat_old" mRunOnce: [SpybotDeletingA6213] command.com /c del "c:\windows\system32\gasfkyxdpxmkbs.dat" mRunOnce: [SpybotDeletingC4331] cmd.exe /c del "c:\windows\system32\gasfkyxdpxmkbs.dat" mRunOnce: [SpybotDeletingA3246] command.com /c del "c:\windows\system32\gasfkyxobqhosi.dat_old" mRunOnce: [SpybotDeletingC4788] cmd.exe /c del "c:\windows\system32\gasfkyxobqhosi.dat_old" mRunOnce: [SpybotDeletingA4052] command.com /c del "c:\windows\system32\gasfkyxobqhosi.dat" mRunOnce: [SpybotDeletingC610] cmd.exe /c del "c:\windows\system32\gasfkyxobqhosi.dat" mRunOnce: [SpybotDeletingC3641] cmd.exe /c del "c:\windows\system32\gasfkyypiqvdnk.dat_old" mRunOnce: [SpybotDeletingA8797] command.com /c del "c:\windows\system32\gasfkyypiqvdnk.dat" mRunOnce: [SpybotDeletingC8180] cmd.exe /c del "c:\windows\system32\gasfkyypiqvdnk.dat" StartupFolder: c:\docume~1\(hu\startm~1\programs\startup\antipo~1.lnk - c:\program files\antipoisoner\AntiPoisoner.exe StartupFolder: c:\docume~1\(hu\startm~1\programs\startup\is-23jub.lnk - c:\documents and settings\(hu\desktop\virus removal tool1\is-23jub\startup.exe StartupFolder: c:\docume~1\(hu\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252686822328 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\(hu\applic~1\mozilla\firefox\profiles\4qrix6ax.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\(hu\application data\idm\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll FF - component: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 ============= SERVICES / DRIVERS =============== R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] R1 is-23JUBdrv;is-23JUBdrv;c:\windows\system32\drivers\19996569.sys [2009-10-10 148496] R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [2009-10-10 148496] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-10-9 296976] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-11 615344] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-11 615344] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-24 603904] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472] S2 flxapffh;USB Mass Storage Monitor; [x] S2 jugbany;Config Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 lpxiqjpb;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 xiiliq;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-13 1684736] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 regfile=NOTEPAD.EXE %1 scrfile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-10-11 20:19 <DIR> --d-h--- c:\windows\PIF 2009-10-11 18:38 9,341 a------- c:\windows\system32\drivers\filedisk.sys 2009-10-11 18:38 <DIR> --d----- c:\program files\iolo 2009-10-11 17:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo 2009-10-11 17:49 <DIR> --d----- c:\docume~1\(hu\applic~1\iolo 2009-10-10 20:58 148,496 a------- c:\windows\system32\drivers\19996569.sys 2009-10-10 18:58 148,496 a------- c:\windows\system32\drivers\54146997.sys 2009-10-10 13:08 27,285 a------- c:\windows\wininit.ini 2009-10-09 23:57 <DIR> --d----- c:\program files\vghd 2009-10-09 22:43 107,547 a------- c:\windows\system32\drivers\klin.dat 2009-10-09 22:43 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-10-09 22:42 <DIR> --d----- c:\program files\Kaspersky Lab 2009-10-09 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-10-09 22:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2009-10-09 05:58 <DIR> --d-hr-- c:\documents and settings\(hu\Recent 2009-10-03 19:54 <DIR> --d----- c:\docume~1\(hu\applic~1\WordWeb 2009-10-03 19:12 <DIR> --d----- c:\program files\WordWeb 2009-10-03 19:12 1,050,296 -------- c:\windows\wweb32.dll 2009-09-27 21:20 <DIR> --d----- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2009-09-27 21:20 <DIR> --d----- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP 2009-09-27 21:20 <DIR> --d----- c:\program files\NVIDIA Corporation 2009-09-27 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2009-09-27 21:16 7,729,568 ac------ c:\windows\system32\dllcache\nv4_mini.sys 2009-09-27 21:16 7,729,568 a------- c:\windows\system32\drivers\nv4_mini.sys 2009-09-27 20:27 <DIR> --d----- c:\program files\Driver Sweeper 2009-09-26 05:25 2,707 a------- C:\PerfData{F0C5E3B8-871A-11DE-8043-806D6172696F}.xml 2009-09-25 22:43 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-09-24 21:29 <DIR> --d----- c:\docume~1\(hu\applic~1\TuneUp Software 2009-09-24 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software 2009-09-24 21:28 <DIR> --d----- c:\program files\TuneUp Utilities 2009 2009-09-24 21:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-24 19:18 <DIR> --d----- c:\program files\YourWare Solutions 2009-09-22 05:01 4,820 a------- C:\config.xml 2009-09-21 12:15 3,230 a------- c:\windows\system32\72.scr 2009-09-16 23:50 537 a------- c:\windows\eReg.dat 2009-09-16 16:15 305,664 a------- c:\windows\IsUn0415.exe 2009-09-15 21:55 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-09-15 21:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-09-15 19:22 305,152 a------- c:\windows\IsUn0419.exe 2009-09-15 19:22 <DIR> --d----- c:\documents and settings\(hu\WINDOWS 2009-09-12 12:24 <DIR> --d----- c:\program files\RivaTuner v2.24 2009-09-12 11:58 <DIR> --d----- c:\program files\oZone3D 2009-09-11 23:31 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll 2009-09-11 23:31 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe 2009-09-11 23:31 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll 2009-09-11 23:31 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll 2009-09-11 23:31 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe 2009-09-11 23:31 99,865 ac------ c:\windows\system32\dllcache\xlog.exe 2009-09-11 23:31 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys 2009-09-11 23:31 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys 2009-09-11 23:29 32,640 ac------ c:\windows\system32\dllcache\symc8xx.sys 2009-09-11 23:28 899,146 ac------ c:\windows\system32\dllcache\r2mdkxga.sys 2009-09-11 23:27 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys 2009-09-11 23:26 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys 2009-09-11 23:25 82,304 ac------ c:\windows\system32\dllcache\grclass.sys 2009-09-11 23:24 179,584 ac------ c:\windows\system32\dllcache\dac2w2k.sys 2009-09-11 23:23 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys 2009-09-11 22:08 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll 2009-09-11 22:08 2,189,056 ac------ c:\windows\system32\dllcache\ntoskrnl.exe ==================== Find3M ==================== 2009-09-12 13:36 9,228,320 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-09-12 12:55 110,792 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-09-11 17:24 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-02 19:05 22,328 a------- c:\docume~1\(hu\applic~1\PnkBstrK.sys 2009-08-13 02:28 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-13 02:22 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-08-13 01:34 685,816 a------- c:\windows\system32\drivers\sptd.sys 2009-08-13 01:26 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-07-29 09:37 81,920 a------- c:\windows\system32\fontsub.dll 2009-07-20 14:12 18,670,592 a------- c:\windows\RTHDCPL.EXE 2009-07-18 00:01 58,880 a------- c:\windows\system32\atl.dll ============= FINISH: 20:56:07.98 ===============
__________________
team work is essential it gives them other people to shoot at |
|
|
|
|
10-16-2009, 11:05 AM
|
#4 (permalink) |
|
Visiting Teacher/Analyst, Security Team
Join Date: Jun 2008
Location: Finland
Posts: 759
OS: Win XP, Vista 32-bit, Win7 64-bit
|
Re: trojan program packed win32 tdss.z
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New dds.txt log. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
__________________
 Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006 |
|
|
|
|
10-17-2009, 04:36 AM
|
#5 (permalink) |
|
Registered User
|
Re: trojan program packed win32 tdss.z
combofix also causes a BSOD..i think this is what eventvwr says about it
Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe, version 0.0.0.0, fault address 0x0004f9c4. have a look at this hard isnt being recognized but this problem of speedfan ,hdtune and diskeeper started after this virus attack at the moment my combo drive isnt working so running MHDD is difficult ...will try to get a usb to run it.... if you have any suggestion,i will be pleased to act upon it
__________________
team work is essential it gives them other people to shoot at |
|
|
|
|
10-17-2009, 04:50 AM
|
#6 (permalink) |
|
Visiting Teacher/Analyst, Security Team
Join Date: Jun 2008
Location: Finland
Posts: 759
OS: Win XP, Vista 32-bit, Win7 64-bit
|
Re: trojan program packed win32 tdss.z
Hi,
Run GMER again but before scanning deselect Devices and Sections from the options.
__________________
Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006 |
|
|
|
|
10-17-2009, 01:52 PM
|
#8 (permalink) |
|
Visiting Teacher/Analyst, Security Team
Join Date: Jun 2008
Location: Finland
Posts: 759
OS: Win XP, Vista 32-bit, Win7 64-bit
|
Re: trojan program packed win32 tdss.z
Let's not give up just yet.
Please download Malwarebytes' Anti-Malware to your desktop.
__________________
Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006 |
|
|
|
|
10-18-2009, 03:40 AM
|
#9 (permalink) |
|
Registered User
|
Re: trojan program packed win32 tdss.z
Blade81 you are a genius:):)!!!!!!!!!!!!!!!!
 i followed your instructions and downloaded the above mentioned program....updated it and performed full scan... as a result my diskeeper has started analyzing my drives again:):):):):happy: and after, i dont know what time during restart chkdsk ran on my drives:):):) Thank you..... here is the log Malwarebytes' Anti-Malware 1.41 Database version: 2967 Windows 5.1.2600 Service Pack 3 10/18/2009 3:17:26 PM mbam-log-2009-10-18 (15-17-26).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 151103 Time elapsed: 20 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\gasfkyjinidrbq.dll (Rootkit.TDSS) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\system32\gasfkyjinidrbq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. P.S:speedfan also gives me my S.M.A.R.T readings:)
__________________
team work is essential it gives them other people to shoot at Last edited by darklord_v; 10-18-2009 at 03:55 AM. |
|
|
|
|
10-18-2009, 04:01 AM
|
#10 (permalink) |
|
Visiting Teacher/Analyst, Security Team
Join Date: Jun 2008
Location: Finland
Posts: 759
OS: Win XP, Vista 32-bit, Win7 64-bit
|
Re: trojan program packed win32 tdss.z
Good. Please see if you're able to run ComboFix now. Post back its report & fresh dds.txt log.
__________________
Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006 |
|
|
|
|
10-18-2009, 09:50 AM
|
#11 (permalink) |
|
Registered User
|
Re: trojan program packed win32 tdss.z
here is what combofix gave and i am pleased to say after its scanning spybot couldn't find the trojan any more :)
ComboFix 09-10-16.01 - (hu 10/18/2009 21:05.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.591 [GMT 5:00] Running from: c:\documents and settings\(hu\Desktop\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\6813a0.msp c:\windows\logfile32.txt c:\windows\system32\_000011_.tmp.dll c:\windows\system32\_000020_.tmp.dll c:\windows\system32\gasfkyanqhpbph.dat c:\windows\system32\gasfkyapipyktf.dll c:\windows\system32\gasfkyapuxvkbr.dll c:\windows\system32\gasfkybcopcwki.dll c:\windows\system32\gasfkyblkomdst.dll c:\windows\system32\gasfkyblypkkkl.dat c:\windows\system32\gasfkybodstloo.dat c:\windows\system32\gasfkybpfqxtit.dat c:\windows\system32\gasfkybxrdksvg.dll c:\windows\system32\gasfkybyriltpr.dll c:\windows\system32\gasfkycjibpxvh.dll c:\windows\system32\gasfkycoregsiy.dll c:\windows\system32\gasfkycrjqwbdr.dll c:\windows\system32\gasfkycxgnwxbj.dat c:\windows\system32\gasfkydibcopfr.dll c:\windows\system32\gasfkydieexnor.dat c:\windows\system32\gasfkydkbwrtlw.dat c:\windows\system32\gasfkydticvpuy.dat c:\windows\system32\gasfkyduejvkxj.dat c:\windows\system32\gasfkydworecxr.dll c:\windows\system32\gasfkydxweetky.dat c:\windows\system32\gasfkyebdjklft.dat c:\windows\system32\gasfkyeeacimcr.dll c:\windows\system32\gasfkyegowptqf.dll c:\windows\system32\gasfkyeixvmqsb.dat c:\windows\system32\gasfkyeneeisrv.dat c:\windows\system32\gasfkyetqstnxn.dat c:\windows\system32\gasfkyevxvkost.dll c:\windows\system32\gasfkyexjcxdqq.dll c:\windows\system32\gasfkyflaefjqu.dat c:\windows\system32\gasfkyfufjwbmq.dll c:\windows\system32\gasfkyfvnsesmq.dll c:\windows\system32\gasfkyfwbdwqpi.dll c:\windows\system32\gasfkygguigrfo.dll c:\windows\system32\gasfkygrwkpxrx.dat c:\windows\system32\gasfkyhlsmnkfh.dat c:\windows\system32\gasfkyhpymctjq.dat c:\windows\system32\gasfkyhqfnnnsm.dll c:\windows\system32\gasfkyhynhboai.dat c:\windows\system32\gasfkyibcjxorj.dll c:\windows\system32\gasfkyieviwesp.dat c:\windows\system32\gasfkyigecxncb.dll c:\windows\system32\gasfkyiktqunwt.dll c:\windows\system32\gasfkyilolwlpx.dat c:\windows\system32\gasfkyimqibcet.dll c:\windows\system32\gasfkyinnvieix.dll c:\windows\system32\gasfkyiribcrqu.dat c:\windows\system32\gasfkyirxfnmdl.dll c:\windows\system32\gasfkyiutfmwli.dll c:\windows\system32\gasfkyivksviri.dll c:\windows\system32\gasfkyiwwkfybw.dll c:\windows\system32\gasfkyixnsetxo.dll c:\windows\system32\gasfkyjdpixynv.dat c:\windows\system32\gasfkyjetkylui.dll c:\windows\system32\gasfkyjfnyoxyy.dll c:\windows\system32\gasfkyjlspmkhx.dat c:\windows\system32\gasfkyjmodyidq.dat c:\windows\system32\gasfkykdwkmrmw.dll c:\windows\system32\gasfkykrnkrjkg.dll c:\windows\system32\gasfkyktrvivqp.dll c:\windows\system32\gasfkylcnvpinm.dat c:\windows\system32\gasfkylog.dat c:\windows\system32\gasfkylonyxjmt.dat c:\windows\system32\gasfkylovdnbml.dll c:\windows\system32\gasfkylrrndobo.dat c:\windows\system32\gasfkylsxmqsah.dll c:\windows\system32\gasfkyltlilrga.dll c:\windows\system32\gasfkylydekrxm.dat c:\windows\system32\gasfkymbfpyrts.dat c:\windows\system32\gasfkymegextpd.dat c:\windows\system32\gasfkymtthemnj.dat c:\windows\system32\gasfkymupyxewb.dat c:\windows\system32\gasfkymxtrmfhw.dll c:\windows\system32\gasfkymycaaubu.dat c:\windows\system32\gasfkynbdwpscc.dll c:\windows\system32\gasfkynemqrcim.dll c:\windows\system32\gasfkynexrmhfw.dll c:\windows\system32\gasfkynkmktxtv.dat c:\windows\system32\gasfkynknbyusi.dll c:\windows\system32\gasfkynmpfjsal.dat c:\windows\system32\gasfkynpcvkora.dat c:\windows\system32\gasfkynpcyefeg.dll c:\windows\system32\gasfkyntkayvvm.dat c:\windows\system32\gasfkynvrfepnl.dat c:\windows\system32\gasfkyobcvfuxt.dll c:\windows\system32\gasfkyobxxowqy.dll c:\windows\system32\gasfkyohwwyari.dll c:\windows\system32\gasfkyojufjxvb.dll c:\windows\system32\gasfkyomqltoyx.dat c:\windows\system32\gasfkyomtnxwem.dll c:\windows\system32\gasfkyornsixge.dll c:\windows\system32\gasfkyorvjibco.dll c:\windows\system32\gasfkyovebrsca.dat c:\windows\system32\gasfkyovmpfexm.dat c:\windows\system32\gasfkyowfjibcs.dll c:\windows\system32\gasfkyoykxevob.dll c:\windows\system32\gasfkypdpktymy.dat c:\windows\system32\gasfkypdqbphdb.dll c:\windows\system32\gasfkypfquoidx.dll c:\windows\system32\gasfkypgolkdpy.dll c:\windows\system32\gasfkypqmofjwq.dll c:\windows\system32\gasfkypqqombit.dat c:\windows\system32\gasfkypunkyfmp.dll c:\windows\system32\gasfkypxvlyvxn.dll c:\windows\system32\gasfkypyebfkti.dat c:\windows\system32\gasfkyqdwptnex.dll c:\windows\system32\gasfkyqipyrbqh.dat c:\windows\system32\gasfkyqjxpmtlf.dll c:\windows\system32\gasfkyqmhfkjwb.dat c:\windows\system32\gasfkyqowuyybo.dll c:\windows\system32\gasfkyrchwhehx.dat c:\windows\system32\gasfkyrcthxnmd.dat c:\windows\system32\gasfkyrfqjffky.dat c:\windows\system32\gasfkyribitcwq.dll c:\windows\system32\gasfkyrmopcwbd.dll c:\windows\system32\gasfkyrncyeciq.dll c:\windows\system32\gasfkyrqtkynhl.dat c:\windows\system32\gasfkyrscdjnsq.dll c:\windows\system32\gasfkyrsnvxvky.dat c:\windows\system32\gasfkysirnbdme.dll c:\windows\system32\gasfkysixlltiv.dat c:\windows\system32\gasfkysumuckfr.dll c:\windows\system32\gasfkysvrcjwib.dll c:\windows\system32\gasfkysyctfhwm.dll c:\windows\system32\gasfkytavtdjvc.dat c:\windows\system32\gasfkytobwqvre.dll c:\windows\system32\gasfkytpeqqpfu.dll c:\windows\system32\gasfkytrdmxrnc.dll c:\windows\system32\gasfkytspwixvs.dll c:\windows\system32\gasfkyttkorfuw.dll c:\windows\system32\gasfkytuwonprx.dll c:\windows\system32\gasfkytvfkjcns.dat c:\windows\system32\gasfkytvkawylt.dat c:\windows\system32\gasfkytxdlxmuj.dll c:\windows\system32\gasfkytytcvpix.dll c:\windows\system32\gasfkyufhwhxbd.dat c:\windows\system32\gasfkyulbfvkpy.dll c:\windows\system32\gasfkyunkiqqpf.dll c:\windows\system32\gasfkyusiycvni.dll c:\windows\system32\gasfkyvirbrpvo.dll c:\windows\system32\gasfkyviyrnanq.dat c:\windows\system32\gasfkyvkyfvkse.dll c:\windows\system32\gasfkyvmkpjkda.dat c:\windows\system32\gasfkyvnfvyfdi.dat c:\windows\system32\gasfkyvnmevecr.dll c:\windows\system32\gasfkyvpdwidet.dll c:\windows\system32\gasfkyvrgdfbod.dat c:\windows\system32\gasfkyvxvbdipo.dll c:\windows\system32\gasfkywbutewiw.dll c:\windows\system32\gasfkywcttmsmy.dll c:\windows\system32\gasfkywfswecxv.dll c:\windows\system32\gasfkywhbndqye.dll c:\windows\system32\gasfkywofjjqpm.dll c:\windows\system32\gasfkywoibcrir.dll c:\windows\system32\gasfkywqpibcoc.dll c:\windows\system32\gasfkywqpuntee.dll c:\windows\system32\gasfkyxcphtxys.dll c:\windows\system32\gasfkyxdpxmkbs.dat c:\windows\system32\gasfkyxfvribap.dll c:\windows\system32\gasfkyxilrqblo.dll c:\windows\system32\gasfkyxjbaivrv.dat c:\windows\system32\gasfkyxjunceec.dll c:\windows\system32\gasfkyxnqoravb.dll c:\windows\system32\gasfkyxobqhosi.dat c:\windows\system32\gasfkyxoqobcxv.dll c:\windows\system32\gasfkyxrqaimkt.dat c:\windows\system32\gasfkyxtfpxtmd.dat c:\windows\system32\gasfkyxviuwies.dll c:\windows\system32\gasfkyxvkbpxdk.dat c:\windows\system32\gasfkyxvmegnbv.dat c:\windows\system32\gasfkyxvpwmdby.dll c:\windows\system32\gasfkyxwevxvni.dll c:\windows\system32\gasfkyxycrjkip.dll c:\windows\system32\gasfkyxyefmcrj.dll c:\windows\system32\gasfkyycbcxphe.dll c:\windows\system32\gasfkyyeexevrc.dll c:\windows\system32\gasfkyymcxtyes.dll c:\windows\system32\gasfkyymxrxior.dll c:\windows\system32\gasfkyypiqvdnk.dat c:\windows\system32\gasfkyyriqfasf.dat c:\windows\system32\gasfkyyuwfpxxy.dll c:\windows\system32\gasfkyyvtepfmk.dat c:\windows\system32\ifkbbyr.dll . ((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 ))))))))))))))))))))))))))))))) . 2009-10-18 10:26 . 2009-10-18 10:26 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\(hu\Application Data\Malwarebytes 2009-10-18 09:53 . 2009-09-10 09:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-18 09:53 . 2009-09-10 09:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-17 10:26 . 2009-10-18 11:41 -------- d-----w- c:\documents and settings\(hu\Application Data\vlc 2009-10-17 10:25 . 2009-10-17 10:25 -------- d-----w- c:\program files\VideoLAN 2009-10-15 11:04 . 2009-10-15 11:04 -------- d-----w- c:\program files\Trend Micro 2009-10-15 09:09 . 2009-10-15 13:52 -------- d-----w- c:\program files\MagicISO 2009-10-15 08:45 . 2009-10-15 08:45 7168 ----a-w- c:\windows\system32\drivers\utmyntaz.sys 2009-10-14 19:51 . 2009-10-14 19:51 -------- d-----w- c:\program files\Seagate 2009-10-14 13:38 . 2009-10-14 13:54 -------- d-----w- c:\windows\BDOSCAN8 2009-10-12 18:19 . 2009-10-12 18:19 -------- d-----w- c:\program files\AGEIA Technologies 2009-10-12 18:15 . 2009-10-12 18:15 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-10-12 18:14 . 2009-10-12 18:14 -------- d-----w- c:\program files\MSECACHE 2009-10-11 15:19 . 2009-10-11 15:19 -------- d--h--w- c:\windows\PIF 2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo 2009-10-11 13:38 . 2009-08-28 06:30 93096 ----a-w- c:\windows\system32\IncContxMenu.dll 2009-10-11 13:38 . 2009-08-28 06:30 2116008 ----a-w- c:\windows\system32\Incinerator.dll 2009-10-11 13:38 . 2006-07-24 13:51 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys 2009-10-11 13:38 . 2009-08-26 10:42 30208 ----a-w- c:\windows\system32\iolobtdfg.exe 2009-10-11 13:38 . 2009-08-26 10:42 12288 ----a-w- c:\windows\system32\smrgdf.exe 2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\program files\iolo 2009-10-11 13:27 . 2009-10-11 13:27 74703 ----a-w- c:\windows\system32\mfc45.dll 2009-10-11 12:49 . 2009-10-15 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2009-10-11 12:49 . 2009-10-15 08:16 -------- d-----w- c:\documents and settings\(hu\Application Data\iolo 2009-10-10 13:58 . 2008-07-08 09:54 148496 ----a-w- c:\windows\system32\drivers\54146997.sys 2009-10-09 18:57 . 2009-10-10 16:05 -------- d-----w- c:\program files\vghd 2009-10-09 18:57 . 2009-10-09 18:57 152904 ----a-w- c:\windows\system32\vghd.scr 2009-10-09 18:23 . 2009-10-09 18:23 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-09 17:43 . 2009-10-10 08:32 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-10-09 17:43 . 2009-10-10 08:32 107547 ----a-w- c:\windows\system32\drivers\klin.dat 2009-10-09 17:42 . 2009-10-18 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-10-09 17:42 . 2009-10-09 17:42 -------- d-----w- c:\program files\Kaspersky Lab 2009-10-09 17:41 . 2009-10-09 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-10-04 20:40 . 2009-10-04 20:40 -------- d-----w- c:\documents and settings\(hu\Local Settings\Application Data\PCHealth 2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\documents and settings\(hu\Application Data\WordWeb 2009-10-03 14:12 . 2009-10-11 17:10 -------- d-----w- c:\program files\WordWeb 2009-10-03 14:12 . 2008-10-18 09:08 1050296 ------w- c:\windows\wweb32.dll 2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2009-09-27 16:20 . 2009-10-14 12:30 -------- d-----w- c:\program files\NVIDIA Corporation 2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-09-27 16:16 . 2009-09-27 11:12 7655872 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys 2009-09-27 16:16 . 2009-09-27 11:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-09-27 15:27 . 2009-09-27 16:16 -------- d-----w- c:\program files\Driver Sweeper 2009-09-27 13:20 . 2009-09-27 13:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe 2009-09-27 13:20 . 2009-09-27 13:20 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-09-27 13:19 . 2009-09-27 13:19 3166208 ----a-w- c:\windows\system32\nvwss.dll 2009-09-27 13:19 . 2009-09-27 13:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-09-27 13:19 . 2009-09-27 13:19 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-09-27 13:19 . 2009-09-27 13:19 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-09-27 13:19 . 2009-09-27 13:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-09-27 13:19 . 2009-09-27 13:19 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-09-27 13:19 . 2009-09-27 13:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll 2009-09-27 13:19 . 2009-09-27 13:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe 2009-09-27 13:19 . 2009-09-27 13:19 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-09-27 13:19 . 2009-09-27 13:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll 2009-09-27 13:19 . 2009-09-27 13:19 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-09-27 11:12 . 2009-09-27 11:12 888832 ----a-w- c:\windows\system32\nvapi.dll 2009-09-27 11:12 . 2009-09-27 11:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll 2009-09-27 11:12 . 2009-09-27 11:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll 2009-09-27 11:12 . 2009-09-27 11:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcodins.dll 2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcod.dll 2009-09-27 11:12 . 2009-09-27 11:12 1604482 ----a-w- c:\windows\system32\nvdata.bin 2009-09-27 11:12 . 2009-09-27 11:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll 2009-09-24 16:29 . 2009-09-24 16:29 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-09-24 16:29 . 2008-11-12 11:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll 2009-09-24 16:29 . 2009-09-24 16:29 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-09-24 16:29 . 2009-09-24 16:29 -------- d-----w- c:\documents and settings\(hu\Application Data\TuneUp Software 2009-09-24 16:28 . 2009-09-24 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-09-24 16:28 . 2009-10-09 17:36 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-09-24 16:27 . 2009-09-24 16:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-24 14:18 . 2009-09-24 14:18 -------- d-----w- c:\program files\YourWare Solutions 2009-09-21 15:33 . 2009-09-21 15:33 -------- d-----w- c:\program files\Real 2009-09-21 07:15 . 2009-09-21 07:15 3230 ----a-w- c:\windows\system32\72.scr . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-18 16:12 . 2009-08-18 07:56 14864416 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-10-18 16:10 . 2009-08-18 07:56 176912 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-10-18 11:20 . 2009-08-12 22:05 -------- d-----w- c:\program files\SpeedFan 2009-10-18 09:49 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\DMCache 2009-10-17 07:53 . 2009-08-12 21:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-16 13:58 . 2009-08-17 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-14 19:50 . 2009-08-12 21:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-12 16:19 . 2009-08-12 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-10-11 18:58 . 2009-08-12 21:44 -------- d-----w- c:\program files\EVGA Precision 2009-10-11 13:56 . 2009-08-12 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-05 08:38 . 2009-09-02 14:05 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-09-30 14:08 . 2009-09-15 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-30 07:42 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\IDM 2009-09-27 11:12 . 2009-08-12 21:25 5900416 ----a-w- c:\windows\system32\nv4_disp.dll 2009-09-25 05:37 . 2004-08-03 22:56 667136 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:37 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-24 16:40 . 2009-08-12 21:53 69232 ----a-w- c:\documents and settings\(hu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-21 15:33 . 2009-08-12 21:34 -------- d-----w- c:\program files\Common Files\InstallShield 2009-09-16 18:50 . 2009-09-16 18:50 537 ----a-w- c:\windows\eReg.dat 2009-09-15 17:11 . 2009-09-15 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-12 07:24 . 2009-09-12 07:24 -------- d-----w- c:\program files\RivaTuner v2.24 2009-09-12 06:58 . 2009-09-12 06:58 -------- d-----w- c:\program files\oZone3D 2009-09-11 14:18 . 2004-08-03 22:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 12:24 . 2009-09-02 14:05 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-11 12:24 . 2009-09-02 14:05 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-11 11:52 . 2009-09-11 11:52 -------- d-----w- c:\documents and settings\(hu\Application Data\Leadertech 2009-09-10 17:01 . 2009-09-10 17:01 -------- d-----w- c:\program files\ffdshow 2009-09-10 16:27 . 2009-09-10 16:25 -------- d-----w- c:\program files\Internet Download Manager 2009-09-10 16:21 . 2009-09-10 16:21 -------- d-----w- c:\program files\BitTorrent 2009-09-10 16:18 . 2009-08-12 21:34 -------- d-----w- c:\program files\Realtek 2009-09-07 17:18 . 2009-09-07 17:18 0 ----a-w- c:\windows\nsreg.dat 2009-09-04 21:03 . 2004-08-03 22:56 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 19:10 . 2009-09-03 19:10 -------- d-----w- c:\program files\HD Tune 2009-09-02 14:05 . 2009-09-02 14:05 22328 ----a-w- c:\documents and settings\(hu\Application Data\PnkBstrK.sys 2009-09-02 14:05 . 2009-09-02 14:05 682280 ----a-w- c:\windows\system32\pbsvc.exe 2009-08-28 14:22 . 2009-08-28 14:22 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-26 08:00 . 2004-08-03 22:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-22 20:56 . 2009-08-22 20:56 -------- d-----w- c:\program files\directx 2009-08-18 19:17 . 2009-08-12 21:22 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-16 07:57 . 2009-08-16 07:57 418480 ----a-w- c:\windows\system32\wrap_oal.dll 2009-08-16 07:57 . 2009-08-16 07:57 115432 ----a-w- c:\windows\system32\OpenAL32.dll 2009-08-14 08:36 . 2009-08-14 08:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-12 21:22 . 2009-08-12 21:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-08-12 20:34 . 2009-08-12 20:34 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-12 20:26 . 2009-08-12 20:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-05 09:01 . 2004-08-03 22:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2004-08-03 21:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-07-29 04:37 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-20 17:08 . 2009-08-12 21:34 5795328 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-12-22 240656] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-20 18670592] c:\documents and settings\(hu\Start Menu\Programs\Startup\ AntiPoisoner.lnk - c:\program files\AntiPoisoner\AntiPoisoner.exe [2008-5-24 203929] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo Messengger [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "PnkBstrA"=2 (0x2) "idsvc"=3 (0x3) "PnkBstrB"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "f:\\waw\\CoDWaWmp.exe"= "f:\\waw\\CoDWaW.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7487:TCP"= 7487:TCP:uqticun "8080:TCP"= 8080:TCP:PORT R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808] R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [10/10/2009 6:58 PM 148496] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/24/2009 9:29 PM 603904] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472] S0 nskjyr;nskjyr;c:\windows\system32\drivers\rlusog.sys --> c:\windows\system32\drivers\rlusog.sys [?] S2 flxapffh;USB Mass Storage Monitor; [x] S2 jugbany;Config Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336] S2 lpxiqjpb;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336] S2 xiiliq;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/13/2009 2:34 AM 1684736] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs flxapffh UxTuneUp jugbany xiiliq lpxiqjpb . Contents of the 'Scheduled Tasks' folder 2009-10-18 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 11:28] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.mydreamworld.50webs.com IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\(hu\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - Notify-ywatnkso - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-18 21:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jugbany] -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lpxiqjpb] -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xiiliq] . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1078081533-1644491937-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:7f,55,9f,1c,de,f7,35,37,ea,07,59,f3,4f,89,24,a0,13,e5,bd,21,a0, a6,bc,9a,39,c1,5c,e3,09,dc,c6,e8,c6,7d,c8,b7,30,ec,84,42,2f,72,23,4a,10,1f,\ "rkeysecu"=hex:4a,d0,ef,33,71,c7,06,34,d5,a4,95,55,4b,f8,b8,cf . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3540) c:\windows\system32\hnetcfg.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-10-18 21:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-18 16:15 Pre-Run: 3,573,874,688 bytes free Post-Run: 3,467,177,984 bytes free 478 --- E O F --- 2009-10-16 22:46
__________________
team work is essential it gives them other people to shoot at |
|
|
|
|
10-18-2009, 10:24 AM
|
#12 (permalink) |
|
Visiting Teacher/Analyst, Security Team
Join Date: Jun 2008
Location: Finland
Posts: 759
OS: Win XP, Vista 32-bit, Win7 64-bit
|
Re: trojan program packed win32 tdss.z
Please post a fresh dds log too :)
__________________
Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006 |
|
|
|
|
10-19-2009, 04:16 AM
|
#13 (permalink) |
|
Registered User
|
Re: trojan program packed win32 tdss.z
ooooooopppppps sorry:)
here it is DDS (Ver_09-10-13.01) - NTFSx86 Run by (hu at 16:09:30.40 on Mon 10/19/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.408 [GMT 5:00] AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AntiPoisoner\AntiPoisoner.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\SpeedFan\speedfan.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\(hu\Desktop\dds.scr ============== Pseudo HJT Report =============== mStart Page = hxxp://www.mydreamworld.50webs.com BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s mRun: [RTHDCPL] RTHDCPL.EXE mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" StartupFolder: c:\docume~1\(hu\startm~1\programs\startup\antipo~1.lnk - c:\program files\antipoisoner\AntiPoisoner.exe IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252686822328 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL Notify: klogon - c:\windows\system32\klogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\(hu\applic~1\mozilla\firefox\profiles\4qrix6ax.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\(hu\application data\idm\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll FF - component: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [2009-10-10 148496] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-11 615344] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-11 615344] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-24 603904] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472] S0 nskjyr;nskjyr;c:\windows\system32\drivers\rlusog.sys --> c:\windows\system32\drivers\rlusog.sys [?] S2 flxapffh;USB Mass Storage Monitor; [x] S2 jugbany;Config Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 lpxiqjpb;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 xiiliq;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-13 1684736] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-10-18 15:26 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat 2009-10-18 14:53 <DIR> --d----- c:\docume~1\(hu\applic~1\Malwarebytes 2009-10-18 14:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-18 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-18 14:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-18 14:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-17 15:26 <DIR> --d----- c:\docume~1\(hu\applic~1\vlc 2009-10-17 15:25 <DIR> --d----- c:\program files\VideoLAN 2009-10-17 03:42 <DIR> --d-hr-- c:\documents and settings\(hu\Recent 2009-10-16 22:53 <DIR> a-dshr-- C:\cmdcons 2009-10-16 22:48 236,544 a------- c:\windows\PEV.exe 2009-10-16 22:48 161,792 a------- c:\windows\SWREG.exe 2009-10-16 22:48 98,816 a------- c:\windows\sed.exe 2009-10-16 18:57 1,393 a------- c:\windows\imsins.BAK 2009-10-15 16:04 <DIR> --d----- c:\program files\Trend Micro 2009-10-15 14:09 <DIR> --d----- c:\program files\MagicISO 2009-10-15 13:45 7,168 a------- c:\windows\system32\drivers\utmyntaz.sys 2009-10-15 00:51 <DIR> --d----- c:\program files\Seagate 2009-10-12 23:15 <DIR> --d----- c:\program files\Windows Installer Clean Up 2009-10-12 23:14 <DIR> --d----- c:\program files\MSECACHE 2009-10-11 22:10 271 a------- c:\windows\SysMech.INI 2009-10-11 20:19 <DIR> --d-h--- c:\windows\PIF 2009-10-11 18:39 406 a------- c:\windows\system32\ioloBootDefrag.cfg 2009-10-11 18:38 2,116,008 a------- c:\windows\system32\Incinerator.dll 2009-10-11 18:38 93,096 a------- c:\windows\system32\IncContxMenu.dll 2009-10-11 18:38 9,341 a------- c:\windows\system32\drivers\filedisk.sys 2009-10-11 18:38 30,208 a------- c:\windows\system32\iolobtdfg.exe 2009-10-11 18:38 12,288 a------- c:\windows\system32\smrgdf.exe 2009-10-11 18:38 <DIR> --d----- c:\program files\iolo 2009-10-11 18:27 74,703 a------- c:\windows\system32\mfc45.dll 2009-10-11 17:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo 2009-10-11 17:49 <DIR> --d----- c:\docume~1\(hu\applic~1\iolo 2009-10-10 18:58 148,496 a------- c:\windows\system32\drivers\54146997.sys 2009-10-10 13:08 40,730 a------- c:\windows\wininit.ini 2009-10-09 23:57 152,904 a------- c:\windows\system32\vghd.scr 2009-10-09 23:57 <DIR> --d----- c:\program files\vghd 2009-10-09 22:43 107,547 a------- c:\windows\system32\drivers\klin.dat 2009-10-09 22:43 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-10-09 22:42 <DIR> --d----- c:\program files\Kaspersky Lab 2009-10-09 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-10-09 22:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2009-10-03 19:54 <DIR> --d----- c:\docume~1\(hu\applic~1\WordWeb 2009-10-03 19:12 <DIR> --d----- c:\program files\WordWeb 2009-10-03 19:12 1,050,296 -------- c:\windows\wweb32.dll 2009-09-27 21:20 <DIR> --d----- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2009-09-27 21:20 <DIR> --d----- c:\program files\NVIDIA Corporation 2009-09-27 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2009-09-27 21:16 7,655,872 ac------ c:\windows\system32\dllcache\nv4_mini.sys 2009-09-27 21:16 7,655,872 a------- c:\windows\system32\drivers\nv4_mini.sys 2009-09-27 20:27 <DIR> --d----- c:\program files\Driver Sweeper 2009-09-27 18:20 2,173,544 a------- c:\windows\system32\nvcplui.exe 2009-09-27 18:20 420,456 a------- c:\windows\system32\nvcpl.cpl 2009-09-27 18:20 81,920 a------- c:\windows\system32\nvwddi.dll 2009-09-27 16:12 10,756,096 a------- c:\windows\system32\nvoglnt.dll 2009-09-27 16:12 2,194,024 a------- c:\windows\system32\nvcuvid.dll 2009-09-27 16:12 2,007,040 a------- c:\windows\system32\nvcuda.dll 2009-09-27 16:12 1,714,792 a------- c:\windows\system32\nvcuvenc.dll 2009-09-27 16:12 1,604,482 a------- c:\windows\system32\nvdata.bin 2009-09-27 16:12 888,832 a------- c:\windows\system32\nvapi.dll 2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcodins.dll 2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcod.dll 2009-09-26 05:25 2,707 a------- C:\PerfData{F0C5E3B8-871A-11DE-8043-806D6172696F}.xml 2009-09-25 22:43 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-09-24 21:29 603,904 a------- c:\windows\system32\TUProgSt.exe 2009-09-24 21:29 27,904 a------- c:\windows\system32\uxtuneup.dll 2009-09-24 21:29 362,240 a------- c:\windows\system32\TuneUpDefragService.exe 2009-09-24 21:29 <DIR> --d----- c:\docume~1\(hu\applic~1\TuneUp Software 2009-09-24 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software 2009-09-24 21:28 <DIR> --d----- c:\program files\TuneUp Utilities 2009 2009-09-24 21:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-24 19:18 <DIR> --d----- c:\program files\YourWare Solutions 2009-09-23 17:48 118 a------- c:\windows\system32\MRT.INI 2009-09-22 05:01 4,820 a------- C:\config.xml 2009-09-21 12:15 3,230 a------- c:\windows\system32\72.scr ==================== Find3M ==================== 2009-10-19 16:09 19,521,568 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-10-19 06:03 229,184 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-10-05 13:38 66,872 a------- c:\windows\system32\PnkBstrA.exe 2009-09-27 18:19 3,166,208 a------- c:\windows\system32\nvwss.dll 2009-09-27 18:19 4,026,368 a------- c:\windows\system32\nvvitvs.dll 2009-09-27 18:19 3,547,136 a------- c:\windows\system32\nvgames.dll 2009-09-27 18:19 1,286,144 a------- c:\windows\system32\nvmobls.dll 2009-09-27 18:19 188,416 a------- c:\windows\system32\nvmccss.dll 2009-09-27 18:19 13,918,208 a------- c:\windows\system32\nvcpl.dll 2009-09-27 18:19 4,935,680 a------- c:\windows\system32\nvdisps.dll 2009-09-27 18:19 172,100 a------- c:\windows\system32\nvsvc32.exe 2009-09-27 18:19 143,360 a------- c:\windows\system32\nvcolor.exe 2009-09-27 18:19 86,016 a------- c:\windows\system32\nvmctray.dll 2009-09-27 18:19 229,376 a------- c:\windows\system32\nvmccs.dll 2009-09-27 16:12 5,900,416 a------- c:\windows\system32\nv4_disp.dll 2009-09-25 10:37 667,136 -------- c:\windows\system32\wininet.dll 2009-09-25 10:37 81,920 a------- c:\windows\system32\ieencode.dll 2009-09-11 19:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-11 17:24 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-11 17:24 183,112 a------- c:\windows\system32\PnkBstrB.exe 2009-09-05 02:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-09-02 19:05 22,328 a------- c:\docume~1\(hu\applic~1\PnkBstrK.sys 2009-09-02 19:05 682,280 a------- c:\windows\system32\pbsvc.exe 2009-08-26 13:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-16 12:57 418,480 a------- c:\windows\system32\wrap_oal.dll 2009-08-16 12:57 115,432 a------- c:\windows\system32\OpenAL32.dll 2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll 2009-08-13 02:28 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-13 02:22 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-08-13 01:26 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-08-05 14:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 20:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe 2009-08-04 19:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe 2009-07-29 09:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-29 09:37 81,920 a------- c:\windows\system32\fontsub.dll ============= FINISH: 16:10:03.46 ===============
__________________
team work is essential it gives them other people to shoot at |
|
|
|
|
10-19-2009, 08:07 AM
|
#14 (permalink) |
|
Visiting Teacher/Analyst, Security Team
Join Date: Jun 2008
Location: Finland
Posts: 759
OS: Win XP, Vista 32-bit, Win7 64-bit
|
Re: trojan program packed win32 tdss.z
Could you attach fresh attach.txt file too?
__________________
Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006 |
|
|
|
|
10-19-2009, 12:25 PM
|
#17 (permalink) | |
|
Visiting Teacher/Analyst, Security Team
Join Date: Jun 2008
Location: Finland
Posts: 759
OS: Win XP, Vista 32-bit, Win7 64-bit
|
Re: trojan program packed win32 tdss.z
Hi,
Quote:
Upload following file to http://www.virustotal.com and post back a link to the results: c:\windows\system32\72.scr Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Open notepad and copy/paste the text in the quotebox below into it: Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/421415-trojan-program-packed-win32-tdss-z.html#post2399307 Driver:: nskjyr flxapffh jugbany lpxiqjpb xiiliq NetSvc:: flxapffh jugbany xiiliq lpxiqjpb Collect:: c:\windows\system32\drivers\utmyntaz.sys c:\windows\system32\drivers\rlusog.sys DDS:: mStart Page = hxxp://www.mydreamworld.50webs.com Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7487:TCP"=- "8080:TCP"=- Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.  Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. Keep system connected to net during the process. You'll be asked to follow instructions to get some samples submitted. Then post the resultant log. Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here. Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. If you use Firefox: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you use Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. * Go here to run an online scanner from ESET.
__________________
Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006 |
|
|
|
|
|
10-20-2009, 06:00 AM
|
#18 (permalink) |
|
Registered User
|
Re: trojan program packed win32 tdss.z
(((Keep system connected to net during the process. You'll be asked to follow instructions to get some samples submitted.)))
it did nothing of that sort just .......just did the scanning, rebooted and gave me the log here is the combo fix log ... ComboFix 09-10-16.01 - (hu 10/20/2009 17:43.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.511 [GMT 5:00] Running from: c:\documents and settings\(hu\Desktop\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 ))))))))))))))))))))))))))))))) . 2009-10-20 05:58 . 2009-10-20 05:58 -------- d-----w- c:\program files\WIDCOMM 2009-10-20 05:58 . 2009-10-20 05:58 -------- d-----w- C:\SWSetup 2009-10-19 21:36 . 2009-10-20 08:23 -------- d-----w- c:\documents and settings\(hu\Tracing 2009-10-19 21:34 . 2009-10-19 21:36 -------- d-----w- c:\program files\Microsoft 2009-10-19 21:34 . 2009-10-19 21:34 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-10-19 21:33 . 2009-10-19 21:36 -------- d-----w- c:\program files\Windows Live 2009-10-19 21:31 . 2009-10-19 21:31 -------- d-----w- c:\program files\Common Files\Windows Live 2009-10-19 21:28 . 2009-10-19 21:28 -------- d-----w- c:\documents and settings\(hu\Contacts 2009-10-19 11:57 . 2005-05-02 16:15 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys 2009-10-18 10:26 . 2009-10-18 10:26 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\(hu\Application Data\Malwarebytes 2009-10-18 09:53 . 2009-09-10 09:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-18 09:53 . 2009-09-10 09:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-17 10:26 . 2009-10-19 16:42 -------- d-----w- c:\documents and settings\(hu\Application Data\vlc 2009-10-17 10:25 . 2009-10-17 10:25 -------- d-----w- c:\program files\VideoLAN 2009-10-15 11:04 . 2009-10-15 11:04 -------- d-----w- c:\program files\Trend Micro 2009-10-15 09:09 . 2009-10-15 13:52 -------- d-----w- c:\program files\MagicISO 2009-10-15 08:45 . 2009-10-15 08:45 7168 ----a-w- c:\windows\system32\drivers\utmyntaz.sys 2009-10-14 19:51 . 2009-10-14 19:51 -------- d-----w- c:\program files\Seagate 2009-10-14 13:38 . 2009-10-14 13:54 -------- d-----w- c:\windows\BDOSCAN8 2009-10-12 18:19 . 2009-10-12 18:19 -------- d-----w- c:\program files\AGEIA Technologies 2009-10-12 18:15 . 2009-10-12 18:15 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-10-12 18:14 . 2009-10-12 18:14 -------- d-----w- c:\program files\MSECACHE 2009-10-11 15:19 . 2009-10-11 15:19 -------- d--h--w- c:\windows\PIF 2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo 2009-10-11 13:38 . 2009-08-28 06:30 93096 ----a-w- c:\windows\system32\IncContxMenu.dll 2009-10-11 13:38 . 2009-08-28 06:30 2116008 ----a-w- c:\windows\system32\Incinerator.dll 2009-10-11 13:38 . 2006-07-24 13:51 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys 2009-10-11 13:38 . 2009-08-26 10:42 30208 ----a-w- c:\windows\system32\iolobtdfg.exe 2009-10-11 13:38 . 2009-08-26 10:42 12288 ----a-w- c:\windows\system32\smrgdf.exe 2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\program files\iolo 2009-10-11 13:27 . 2009-10-11 13:27 74703 ----a-w- c:\windows\system32\mfc45.dll 2009-10-11 12:49 . 2009-10-15 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2009-10-11 12:49 . 2009-10-15 08:16 -------- d-----w- c:\documents and settings\(hu\Application Data\iolo 2009-10-10 13:58 . 2008-07-08 09:54 148496 ----a-w- c:\windows\system32\drivers\54146997.sys 2009-10-09 18:57 . 2009-10-10 16:05 -------- d-----w- c:\program files\vghd 2009-10-09 18:57 . 2009-10-09 18:57 152904 ----a-w- c:\windows\system32\vghd.scr 2009-10-09 18:23 . 2009-10-09 18:23 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-09 17:43 . 2009-10-10 08:32 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-10-09 17:43 . 2009-10-10 08:32 107547 ----a-w- c:\windows\system32\drivers\klin.dat 2009-10-09 17:42 . 2009-10-20 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-10-09 17:42 . 2009-10-09 17:42 -------- d-----w- c:\program files\Kaspersky Lab 2009-10-09 17:41 . 2009-10-09 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-10-04 20:40 . 2009-10-04 20:40 -------- d-----w- c:\documents and settings\(hu\Local Settings\Application Data\PCHealth 2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\documents and settings\(hu\Application Data\WordWeb 2009-10-03 14:12 . 2009-10-11 17:10 -------- d-----w- c:\program files\WordWeb 2009-10-03 14:12 . 2008-10-18 09:08 1050296 ------w- c:\windows\wweb32.dll 2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2009-09-27 16:20 . 2009-10-14 12:30 -------- d-----w- c:\program files\NVIDIA Corporation 2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-09-27 16:16 . 2009-09-27 11:12 7655872 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys 2009-09-27 16:16 . 2009-09-27 11:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-09-27 15:27 . 2009-10-20 08:55 -------- d-----w- c:\program files\Driver Sweeper 2009-09-27 13:20 . 2009-09-27 13:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe 2009-09-27 13:20 . 2009-09-27 13:20 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-09-27 13:19 . 2009-09-27 13:19 3166208 ----a-w- c:\windows\system32\nvwss.dll 2009-09-27 13:19 . 2009-09-27 13:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-09-27 13:19 . 2009-09-27 13:19 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-09-27 13:19 . 2009-09-27 13:19 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-09-27 13:19 . 2009-09-27 13:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-09-27 13:19 . 2009-09-27 13:19 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-09-27 13:19 . 2009-09-27 13:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll 2009-09-27 13:19 . 2009-09-27 13:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe 2009-09-27 13:19 . 2009-09-27 13:19 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-09-27 13:19 . 2009-09-27 13:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll 2009-09-27 13:19 . 2009-09-27 13:19 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-09-27 11:12 . 2009-09-27 11:12 888832 ----a-w- c:\windows\system32\nvapi.dll 2009-09-27 11:12 . 2009-09-27 11:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll 2009-09-27 11:12 . 2009-09-27 11:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll 2009-09-27 11:12 . 2009-09-27 11:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcodins.dll 2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcod.dll 2009-09-27 11:12 . 2009-09-27 11:12 1604482 ----a-w- c:\windows\system32\nvdata.bin 2009-09-27 11:12 . 2009-09-27 11:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll 2009-09-24 16:29 . 2009-09-24 16:29 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-09-24 16:29 . 2008-11-12 11:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll 2009-09-24 16:29 . 2009-09-24 16:29 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-09-24 16:29 . 2009-09-24 16:29 -------- d-----w- c:\documents and settings\(hu\Application Data\TuneUp Software 2009-09-24 16:28 . 2009-09-24 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-09-24 16:28 . 2009-10-09 17:36 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-09-24 16:27 . 2009-09-24 16:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-24 14:18 . 2009-09-24 14:18 -------- d-----w- c:\program files\YourWare Solutions 2009-09-21 15:33 . 2009-09-21 15:33 -------- d-----w- c:\program files\Real 2009-09-21 07:15 . 2009-09-21 07:15 3230 ----a-w- c:\windows\system32\72.scr . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-20 12:48 . 2009-08-18 07:56 28895264 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-10-20 12:47 . 2009-08-18 07:56 341576 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-10-20 12:46 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\DMCache 2009-10-19 17:03 . 2009-08-12 22:05 -------- d-----w- c:\program files\SpeedFan 2009-10-19 12:45 . 2009-08-12 21:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-16 13:58 . 2009-08-17 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-14 19:50 . 2009-08-12 21:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-12 16:19 . 2009-08-12 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-10-11 18:58 . 2009-08-12 21:44 -------- d-----w- c:\program files\EVGA Precision 2009-10-11 13:56 . 2009-08-12 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-05 08:38 . 2009-09-02 14:05 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-09-30 14:08 . 2009-09-15 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-30 07:42 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\IDM 2009-09-27 11:12 . 2009-08-12 21:25 5900416 ----a-w- c:\windows\system32\nv4_disp.dll 2009-09-25 05:37 . 2004-08-03 22:56 667136 ------w- c:\windows\system32\wininet.dll 2009-09-25 05:37 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-24 16:40 . 2009-08-12 21:53 69232 ----a-w- c:\documents and settings\(hu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-21 15:33 . 2009-08-12 21:34 -------- d-----w- c:\program files\Common Files\InstallShield 2009-09-16 18:50 . 2009-09-16 18:50 537 ----a-w- c:\windows\eReg.dat 2009-09-15 17:11 . 2009-09-15 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-12 07:24 . 2009-09-12 07:24 -------- d-----w- c:\program files\RivaTuner v2.24 2009-09-12 06:58 . 2009-09-12 06:58 -------- d-----w- c:\program files\oZone3D 2009-09-11 14:18 . 2004-08-03 22:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 12:24 . 2009-09-02 14:05 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-11 12:24 . 2009-09-02 14:05 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-11 11:52 . 2009-09-11 11:52 -------- d-----w- c:\documents and settings\(hu\Application Data\Leadertech 2009-09-10 17:01 . 2009-09-10 17:01 -------- d-----w- c:\program files\ffdshow 2009-09-10 16:27 . 2009-09-10 16:25 -------- d-----w- c:\program files\Internet Download Manager 2009-09-10 16:18 . 2009-08-12 21:34 -------- d-----w- c:\program files\Realtek 2009-09-07 17:18 . 2009-09-07 17:18 0 ----a-w- c:\windows\nsreg.dat 2009-09-04 21:03 . 2004-08-03 22:56 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 19:10 . 2009-09-03 19:10 -------- d-----w- c:\program files\HD Tune 2009-09-02 14:05 . 2009-09-02 14:05 22328 ----a-w- c:\documents and settings\(hu\Application Data\PnkBstrK.sys 2009-09-02 14:05 . 2009-09-02 14:05 682280 ----a-w- c:\windows\system32\pbsvc.exe 2009-08-28 14:22 . 2009-08-28 14:22 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-26 08:00 . 2004-08-03 22:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-22 20:56 . 2009-08-22 20:56 -------- d-----w- c:\program files\directx 2009-08-18 19:17 . 2009-08-12 21:22 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-16 07:57 . 2009-08-16 07:57 418480 ----a-w- c:\windows\system32\wrap_oal.dll 2009-08-16 07:57 . 2009-08-16 07:57 115432 ----a-w- c:\windows\system32\OpenAL32.dll 2009-08-14 08:36 . 2009-08-14 08:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-12 21:22 . 2009-08-12 21:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-08-12 20:34 . 2009-08-12 20:34 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-12 20:26 . 2009-08-12 20:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-05 09:01 . 2004-08-03 22:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2004-08-03 21:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2009-07-29 04:37 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-26 11:44 . 2009-07-26 11:44 48448 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-18_16.11.42 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-20 12:48 . 2009-10-20 12:48 16384 c:\windows\temp\Perflib_Perfdata_2f8.dat + 2001-08-23 12:00 . 2009-10-19 16:49 68024 c:\windows\system32\perfc009.dat - 2001-08-23 12:00 . 2009-10-16 22:46 68024 c:\windows\system32\perfc009.dat + 2006-05-12 08:17 . 2006-05-12 08:17 30363 c:\windows\system32\drivers\btport.sys + 2004-09-17 08:55 . 2004-09-17 08:55 50176 c:\windows\system32\CSH.DLL + 2006-05-12 08:20 . 2006-05-12 08:20 24576 c:\windows\system32\BtXpShell.dll + 2006-05-12 08:22 . 2006-05-12 08:22 45056 c:\windows\system32\btwpimif.dll + 2006-05-12 08:35 . 2006-05-12 08:35 90112 c:\windows\system32\BtWiaExt.dll + 2006-05-12 08:24 . 2006-05-12 08:24 77824 c:\windows\system32\btw_ci.dll + 2006-05-12 08:25 . 2006-05-12 08:25 69632 c:\windows\system32\btsendto_wab.dll + 2006-05-12 08:24 . 2006-05-12 08:24 49152 c:\windows\system32\btsendto_notes.dll + 2006-05-12 08:26 . 2006-05-12 08:26 73728 c:\windows\system32\btsendto_ie.dll + 2006-05-12 08:15 . 2006-05-12 08:15 90112 c:\windows\system32\btrezxp.dll + 2006-05-12 08:23 . 2006-05-12 08:23 90112 c:\windows\system32\btprn2k.dll + 2006-05-12 08:15 . 2006-05-12 08:15 65536 c:\windows\system32\BTNCopy.dll + 2006-05-12 08:16 . 2006-05-12 08:16 32768 c:\windows\system32\btdev.dll + 2006-05-12 08:20 . 2006-05-12 08:20 65536 c:\windows\system32\BtAudioHelper.dll + 2009-10-19 21:35 . 2009-10-19 21:35 22016 c:\windows\Installer\66cc4d.msi + 2009-10-19 21:34 . 2009-10-19 21:34 27136 c:\windows\Installer\66cbf0.msi + 2009-10-19 21:33 . 2009-10-19 21:33 83456 c:\windows\Installer\66cbc8.msi + 2009-10-19 21:33 . 2009-10-19 21:33 59904 c:\windows\Installer\66cbc0.msi + 2009-10-19 21:34 . 2009-10-19 21:34 62304 c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe + 2009-10-19 21:34 . 2009-10-19 21:34 80395 c:\windows\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe + 2009-10-19 21:35 . 2009-10-19 21:35 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe + 2009-10-20 05:58 . 2009-10-20 05:58 33982 c:\windows\Installer\{3F4EC965-28EF-45C3-B063-04B25D4E9679}\ARPPRODUCTICON.exe + 2009-10-20 06:33 . 2009-10-20 06:33 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\a31f5136a236dae58c03db56ea2a1a7a\WindowsLiveWriter.ni.exe + 2009-10-20 06:33 . 2009-10-20 06:33 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0cce8134aebab15d6c31143f850af1a7\WindowsLive.Writer.Api.ni.dll + 2006-05-12 08:11 . 2006-05-12 08:11 561152 c:\windows\system32\WidcommSdk.dll + 2006-05-12 08:13 . 2006-05-12 08:13 569405 c:\windows\system32\wbtapi.dll - 2001-08-23 12:00 . 2009-10-16 22:46 435150 c:\windows\system32\perfh009.dat + 2001-08-23 12:00 . 2009-10-19 16:49 435150 c:\windows\system32\perfh009.dat + 2006-05-12 08:13 . 2006-05-12 08:13 148168 c:\windows\system32\drivers\btwdndis.sys + 2006-05-12 08:21 . 2006-05-12 08:21 401664 c:\windows\system32\drivers\btaudio.sys + 2002-11-15 07:15 . 2002-11-15 07:15 148794 c:\windows\system32\drivers\bcbthub.sys + 2006-05-12 08:20 . 2006-05-12 08:20 102400 c:\windows\system32\BTXPPanel.dll + 2006-05-12 08:30 . 2006-05-12 08:30 827392 c:\windows\system32\BtWizard.dll + 2006-05-12 08:31 . 2006-05-12 08:31 225280 c:\windows\system32\btwhidcs.dll + 2006-05-12 08:26 . 2006-05-12 08:26 167936 c:\windows\system32\btsendto_office.dll + 2006-05-12 08:21 . 2006-05-12 08:21 176128 c:\windows\system32\btsendto.dll + 2006-05-12 08:28 . 2006-05-12 08:28 196608 c:\windows\system32\btsec.dll + 2006-05-12 08:24 . 2006-05-12 08:24 139264 c:\windows\system32\btosif_olx.dll + 2006-05-12 08:24 . 2006-05-12 08:24 200704 c:\windows\system32\btosif_ol.dll + 2006-05-12 08:23 . 2006-05-12 08:23 159744 c:\windows\system32\btosif_notes.dll + 2006-05-12 08:21 . 2006-05-12 08:21 118784 c:\windows\system32\btosif.dll + 2006-05-12 08:16 . 2006-05-12 08:16 442368 c:\windows\system32\btins.dll + 2006-05-12 08:23 . 2006-05-12 08:23 126976 c:\windows\system32\bthcrpui.dll + 2006-05-12 08:22 . 2006-05-12 08:22 106496 c:\windows\system32\bthcrp.dll + 2006-05-12 08:27 . 2006-05-12 08:27 389179 c:\windows\system32\btcss.dll + 2006-05-12 08:12 . 2006-05-12 08:12 155648 c:\windows\system32\btbip.dll + 2006-05-12 08:20 . 2006-05-12 08:20 135168 c:\windows\system32\btbigbmp.dll + 2006-05-12 08:17 . 2006-05-12 08:17 131137 c:\windows\system32\bt2k_ins.dll + 2009-10-19 21:36 . 2009-10-19 21:36 549888 c:\windows\Installer\66cc65.msi + 2009-10-19 21:36 . 2009-10-19 21:36 569344 c:\windows\Installer\66cc5d.msi + 2009-10-19 21:35 . 2009-10-19 21:35 735744 c:\windows\Installer\66cc55.msi + 2009-10-19 21:34 . 2009-10-19 21:34 430080 c:\windows\Installer\66cc04.msi + 2009-10-19 21:34 . 2009-10-19 21:34 155648 c:\windows\Installer\66cbf8.msi + 2009-10-19 21:34 . 2009-10-19 21:34 140288 c:\windows\Installer\66cbe8.msi + 2009-10-19 21:34 . 2009-10-19 21:34 202752 c:\windows\Installer\66cbd8.msi + 2009-10-19 21:34 . 2009-10-19 21:34 152576 c:\windows\Installer\66cbd0.msi + 2009-10-19 21:33 . 2009-10-19 21:33 107008 c:\windows\Installer\66cbb8.msi + 2009-10-19 21:33 . 2009-10-19 21:33 301056 c:\windows\Installer\66cbb0.msi + 2009-10-20 06:33 . 2009-10-20 06:33 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\9d1a36d51bb6a24f943e73c0011e342a\WindowsLiveLocal.WriterPlugin.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\feb5009ee6406995983c67d61254b713\WindowsLive.Writer.Extensibility.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef0daf9b5b7002d4d3493671db79fec5\WindowsLive.Writer.HtmlEditor.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ea3b7fc0ae639a2cd268d9a0aab47d15\WindowsLive.Writer.BrowserControl.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd20f981722448ea96d2c0995eeaf9b7\WindowsLive.Writer.Mshtml.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac50120d9dfafb4868aa4531456cf2e7\WindowsLive.Writer.BlogClient.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9603a068ba2de2c7ec244454e8ad0763\WindowsLive.Writer.SpellChecker.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8b674da2d622aec8a9c150e4f7437c4f\WindowsLive.Writer.Controls.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7ca3eb94ab1ae6867d35382ecf407260\WindowsLive.Writer.Passport.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7c494448c732a975d727098bad24f42b\WindowsLive.Writer.Localization.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\75a1c524a87004611e911be710454234\WindowsLive.Writer.Interop.Mshtml.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\63d852a9374556240906cbd19946f7b0\WindowsLive.Writer.Instrumentation.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\627621628abc220fd9c02f442178e41c\WindowsLive.Writer.FileDestinations.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\60e6ca35b86ce10970a63fa5ea8b1d9c\WindowsLive.Writer.HtmlParser.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\551d4211cde9574615ad847741667699\WindowsLive.Writer.Interop.SHDocVw.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\311874611f12ea8440bc760c3203cbd3\WindowsLive.Writer.Interop.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\f5d7a7417ffcd9af285e64946ba48f74\WindowsLive.Client.ni.dll + 2001-11-14 08:56 . 2001-11-14 08:56 1802240 c:\windows\system32\lcppn21.dll + 2006-05-12 08:19 . 2006-05-12 08:19 1342602 c:\windows\system32\drivers\btkrnl.sys + 2006-05-12 08:15 . 2006-05-12 08:15 3100672 c:\windows\system32\btrez.dll + 2006-05-12 08:29 . 2006-05-12 08:29 1024077 c:\windows\system32\BTNeighborhood.dll + 2009-10-20 05:58 . 2009-10-20 05:58 2465280 c:\windows\Installer\2568fb.msi + 2009-10-20 06:33 . 2009-10-20 06:33 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f431bc9e7c51a50035c19abea4cbcaa2\WindowsLive.Writer.ApplicationFramework.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf704776939a6c4d0fac5ad70099300b\WindowsLive.Writer.CoreServices.ni.dll + 2009-10-20 06:33 . 2009-10-20 06:33 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e735c4d2b299eb78cf8cb2c70865978\WindowsLive.Writer.PostEditor.ni.dll + 2009-10-19 21:27 . 2006-07-29 15:38 15524352 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-12-22 240656] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-20 18670592] c:\documents and settings\(hu\Start Menu\Programs\Startup\ AntiPoisoner.lnk - c:\program files\AntiPoisoner\AntiPoisoner.exe [2008-5-24 203929] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywatnkso] [BU] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "PnkBstrA"=2 (0x2) "idsvc"=3 (0x3) "PnkBstrB"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "f:\\waw\\CoDWaWmp.exe"= "f:\\waw\\CoDWaW.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7487:TCP"= 7487:TCP:uqticun "8080:TCP"= 8080:TCP:PORT R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808] R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [10/10/2009 6:58 PM 148496] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/24/2009 9:29 PM 603904] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472] S0 nskjyr;nskjyr;c:\windows\system32\drivers\rlusog.sys --> c:\windows\system32\drivers\rlusog.sys [?] S2 flxapffh;USB Mass Storage Monitor; [x] S2 jugbany;Config Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336] S2 lpxiqjpb;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336] S2 xiiliq;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/13/2009 2:34 AM 1684736] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs flxapffh UxTuneUp jugbany xiiliq lpxiqjpb . Contents of the 'Scheduled Tasks' folder 2009-10-20 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 11:28] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.mydreamworld.50webs.com IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\(hu\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-20 17:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jugbany] -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lpxiqjpb] -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xiiliq] . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1078081533-1644491937-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:7f,55,9f,1c,de,f7,35,37,ea,07,59,f3,4f,89,24,a0,13,e5,bd,21,a0, a6,bc,9a,39,c1,5c,e3,09,dc,c6,e8,c6,7d,c8,b7,30,ec,84,42,2f,72,23,4a,10,1f,\ "rkeysecu"=hex:4a,d0,ef,33,71,c7,06,34,d5,a4,95,55,4b,f8,b8,cf . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2756) c:\windows\system32\hnetcfg.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-10-20 17:52 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-20 12:52 ComboFix2.txt 2009-10-18 16:15 Pre-Run: 3,511,681,024 bytes free Post-Run: 3,491,328,000 bytes free 394 --- E O F --- 2009-10-16 22:46
__________________
team work is essential it gives them other people to shoot at |
|
|
|
|
10-20-2009, 07:59 AM
|
#19 (permalink) |
|
Visiting Teacher/Analyst, Security Team
Join Date: Jun 2008
Location: Finland
Posts: 759
OS: Win XP, Vista 32-bit, Win7 64-bit
|
Re: trojan program packed win32 tdss.z
According to the log you didn't run ComboFix with the script as shown in the picture. Please create the script and then do as instructed there.
__________________
Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006 |
|
|
|
| Thread Tools | |
|
|
