winupgro trojan

Via694 / Awrdacpi
January 4, 2009 at 16:21:02
Specs: Microsoft Windows XP Home Edition, 1.154 GHz / 1023 MB
Got burnt by that winupgro bug the other day. Can't access Safe Mode, HijackThis, Spybot, Defender, or online scanners F-Secure and Kaspersky. Malwarebytes' Anti-Malware and ComboFix work.

I've run Anti-Malware several times. Each time it will detect 1 to 7 different trojans, of these, 1 to 3 require a reboot to delete, but when I restart, wimupgro.exe shows up in the Task Manager. Also, 'mule_st_key' keeps showing up in Anti-Malware scans.

What should I do next?


See More: winupgro trojan

Report •


#1
January 4, 2009 at 16:30:44
What Service pack are you running. If you don't know go to start> control panel> systems> it should be listed under system. I will be Service Pack 1, 2 or 3.

Report •

#2
January 4, 2009 at 17:10:09
Service Pack 3

Report •

#3
January 4, 2009 at 18:35:11
Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making Windows Registry Editor Version 5.00 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Next Boot into Safe Mode with Networking. Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select Safe Mode with Networking, then press "Enter".
Choose your usual account.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your Antivirus, and any Antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

Related Solutions

#4
January 4, 2009 at 21:09:07
ComboFix 09-01-01.02 - mc 2009-01-04 23:52:47.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.846 [GMT -5:00]
Running from: d:\new\FC.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mc\Application Data\drivers\downld
c:\documents and settings\mc\Application Data\drivers\downld\105541.exe
c:\documents and settings\mc\Application Data\drivers\downld\111750.exe
c:\documents and settings\mc\Application Data\drivers\downld\112621.exe
c:\documents and settings\mc\Application Data\drivers\downld\112692.exe
c:\documents and settings\mc\Application Data\drivers\downld\112722.exe
c:\documents and settings\mc\Application Data\drivers\downld\113022.exe
c:\documents and settings\mc\Application Data\drivers\downld\114184.exe
c:\documents and settings\mc\Application Data\drivers\downld\114254.exe
c:\documents and settings\mc\Application Data\drivers\downld\114504.exe
c:\documents and settings\mc\Application Data\drivers\downld\114564.exe
c:\documents and settings\mc\Application Data\drivers\downld\116587.exe
c:\documents and settings\mc\Application Data\drivers\downld\117719.exe
c:\documents and settings\mc\Application Data\drivers\downld\118179.exe
c:\documents and settings\mc\Application Data\drivers\downld\118250.exe
c:\documents and settings\mc\Application Data\drivers\downld\118460.exe
c:\documents and settings\mc\Application Data\drivers\downld\118480.exe
c:\documents and settings\mc\Application Data\drivers\downld\119341.exe
c:\documents and settings\mc\Application Data\drivers\downld\120122.exe
c:\documents and settings\mc\Application Data\drivers\downld\123637.exe
c:\documents and settings\mc\Application Data\drivers\downld\124348.exe
c:\documents and settings\mc\Application Data\drivers\downld\125340.exe
c:\documents and settings\mc\Application Data\drivers\downld\125480.exe
c:\documents and settings\mc\Application Data\drivers\downld\125530.exe
c:\documents and settings\mc\Application Data\drivers\downld\154682.exe
c:\documents and settings\mc\Application Data\drivers\downld\155403.exe
c:\documents and settings\mc\Application Data\drivers\downld\155483.exe
c:\documents and settings\mc\Application Data\drivers\downld\158177.exe
c:\documents and settings\mc\Application Data\drivers\downld\159809.exe
c:\documents and settings\mc\Application Data\drivers\downld\160030.exe
c:\documents and settings\mc\Application Data\drivers\downld\166739.exe
c:\documents and settings\mc\Application Data\drivers\downld\166779.exe
c:\documents and settings\mc\Application Data\drivers\downld\16678101.exe
c:\documents and settings\mc\Application Data\drivers\downld\16678632.exe
c:\documents and settings\mc\Application Data\drivers\downld\16678682.exe
c:\documents and settings\mc\Application Data\drivers\downld\16679654.exe
c:\documents and settings\mc\Application Data\drivers\downld\16683028.exe
c:\documents and settings\mc\Application Data\drivers\downld\16684220.exe
c:\documents and settings\mc\Application Data\drivers\downld\16684280.exe
c:\documents and settings\mc\Application Data\drivers\downld\16686994.exe
c:\documents and settings\mc\Application Data\drivers\downld\16688226.exe
c:\documents and settings\mc\Application Data\drivers\downld\16688496.exe
c:\documents and settings\mc\Application Data\drivers\downld\16688887.exe
c:\documents and settings\mc\Application Data\drivers\downld\16694435.exe
c:\documents and settings\mc\Application Data\drivers\downld\16694575.exe
c:\documents and settings\mc\Application Data\drivers\downld\16694585.exe
c:\documents and settings\mc\Application Data\drivers\downld\16696207.exe
c:\documents and settings\mc\Application Data\drivers\downld\16696237.exe
c:\documents and settings\mc\Application Data\drivers\downld\16696257.exe
c:\documents and settings\mc\Application Data\drivers\downld\16737637.exe
c:\documents and settings\mc\Application Data\drivers\downld\16741422.exe
c:\documents and settings\mc\Application Data\drivers\downld\16741563.exe
c:\documents and settings\mc\Application Data\drivers\downld\167510.exe
c:\documents and settings\mc\Application Data\drivers\downld\16751627.exe
c:\documents and settings\mc\Application Data\drivers\downld\16752098.exe
c:\documents and settings\mc\Application Data\drivers\downld\16752118.exe
c:\documents and settings\mc\Application Data\drivers\downld\167751.exe
c:\documents and settings\mc\Application Data\drivers\downld\167761.exe
c:\documents and settings\mc\Application Data\drivers\downld\167851.exe
c:\documents and settings\mc\Application Data\drivers\downld\16802981.exe
c:\documents and settings\mc\Application Data\drivers\downld\16804103.exe
c:\documents and settings\mc\Application Data\drivers\downld\16804233.exe
c:\documents and settings\mc\Application Data\drivers\downld\168171.exe
c:\documents and settings\mc\Application Data\drivers\downld\168642.exe
c:\documents and settings\mc\Application Data\drivers\downld\169143.exe
c:\documents and settings\mc\Application Data\drivers\downld\169373.exe
c:\documents and settings\mc\Application Data\drivers\downld\171626.exe
c:\documents and settings\mc\Application Data\drivers\downld\172287.exe
c:\documents and settings\mc\Application Data\drivers\downld\172457.exe
c:\documents and settings\mc\Application Data\drivers\downld\172538.exe
c:\documents and settings\mc\Application Data\drivers\downld\173489.exe
c:\documents and settings\mc\Application Data\drivers\downld\173629.exe
c:\documents and settings\mc\Application Data\drivers\downld\189192.exe
c:\documents and settings\mc\Application Data\drivers\downld\189852.exe
c:\documents and settings\mc\Application Data\drivers\downld\189863.exe
c:\documents and settings\mc\Application Data\drivers\downld\192076.exe
c:\documents and settings\mc\Application Data\drivers\downld\196993.exe
c:\documents and settings\mc\Application Data\drivers\downld\198685.exe
c:\documents and settings\mc\Application Data\drivers\downld\200558.exe
c:\documents and settings\mc\Application Data\drivers\downld\200748.exe
c:\documents and settings\mc\Application Data\drivers\downld\201890.exe
c:\documents and settings\mc\Application Data\drivers\downld\202130.exe
c:\documents and settings\mc\Application Data\drivers\downld\205605.exe
c:\documents and settings\mc\Application Data\drivers\downld\206767.exe
c:\documents and settings\mc\Application Data\drivers\downld\206967.exe
c:\documents and settings\mc\Application Data\drivers\downld\215379.exe
c:\documents and settings\mc\Application Data\drivers\downld\216060.exe
c:\documents and settings\mc\Application Data\drivers\downld\216230.exe
c:\documents and settings\mc\Application Data\drivers\downld\217002.exe
c:\documents and settings\mc\Application Data\drivers\downld\223341.exe
c:\documents and settings\mc\Application Data\drivers\downld\224532.exe
c:\documents and settings\mc\Application Data\drivers\downld\224763.exe
c:\documents and settings\mc\Application Data\drivers\downld\227437.exe
c:\documents and settings\mc\Application Data\drivers\downld\232874.exe
c:\documents and settings\mc\Application Data\drivers\downld\234126.exe
c:\documents and settings\mc\Application Data\drivers\downld\234346.exe
c:\documents and settings\mc\Application Data\drivers\downld\235488.exe
c:\documents and settings\mc\Application Data\drivers\downld\236019.exe
c:\documents and settings\mc\Application Data\drivers\downld\236109.exe
c:\documents and settings\mc\Application Data\drivers\downld\236249.exe
c:\documents and settings\mc\Application Data\drivers\downld\236840.exe
c:\documents and settings\mc\Application Data\drivers\downld\237361.exe
c:\documents and settings\mc\Application Data\drivers\downld\237451.exe
c:\documents and settings\mc\Application Data\drivers\downld\243470.exe
c:\documents and settings\mc\Application Data\drivers\downld\244431.exe
c:\documents and settings\mc\Application Data\drivers\downld\244621.exe
c:\documents and settings\mc\Application Data\drivers\downld\248397.exe
c:\documents and settings\mc\Application Data\drivers\downld\248777.exe
c:\documents and settings\mc\Application Data\drivers\downld\249088.exe
c:\documents and settings\mc\Application Data\drivers\downld\249138.exe
c:\documents and settings\mc\Application Data\drivers\downld\249378.exe
c:\documents and settings\mc\Application Data\drivers\downld\249669.exe
c:\documents and settings\mc\Application Data\drivers\downld\249779.exe
c:\documents and settings\mc\Application Data\drivers\downld\249989.exe
c:\documents and settings\mc\Application Data\drivers\downld\250189.exe
c:\documents and settings\mc\Application Data\drivers\downld\250329.exe
c:\documents and settings\mc\Application Data\drivers\downld\250420.exe
c:\documents and settings\mc\Application Data\drivers\downld\250510.exe
c:\documents and settings\mc\Application Data\drivers\downld\250810.exe
c:\documents and settings\mc\Application Data\drivers\downld\251050.exe
c:\documents and settings\mc\Application Data\drivers\downld\255016.exe
c:\documents and settings\mc\Application Data\drivers\downld\255657.exe
c:\documents and settings\mc\Application Data\drivers\downld\255807.exe
c:\documents and settings\mc\Application Data\drivers\downld\279992.exe
c:\documents and settings\mc\Application Data\drivers\downld\280853.exe
c:\documents and settings\mc\Application Data\drivers\downld\281104.exe
c:\documents and settings\mc\Application Data\drivers\downld\281564.exe
c:\documents and settings\mc\Application Data\drivers\downld\281644.exe
c:\documents and settings\mc\Application Data\drivers\downld\281825.exe
c:\documents and settings\mc\Application Data\drivers\downld\285140.exe
c:\documents and settings\mc\Application Data\drivers\downld\285971.exe
c:\documents and settings\mc\Application Data\drivers\downld\286391.exe
c:\documents and settings\mc\Application Data\drivers\downld\291118.exe
c:\documents and settings\mc\Application Data\drivers\downld\291699.exe
c:\documents and settings\mc\Application Data\drivers\downld\291729.exe
c:\documents and settings\mc\Application Data\drivers\downld\302715.exe
c:\documents and settings\mc\Application Data\drivers\downld\303306.exe
c:\documents and settings\mc\Application Data\drivers\downld\303346.exe
c:\documents and settings\mc\Application Data\drivers\downld\307321.exe
c:\documents and settings\mc\Application Data\drivers\downld\315703.exe
c:\documents and settings\mc\Application Data\drivers\downld\316545.exe
c:\documents and settings\mc\Application Data\drivers\downld\317666.exe
c:\documents and settings\mc\Application Data\drivers\downld\317877.exe
c:\documents and settings\mc\Application Data\drivers\downld\318027.exe
c:\documents and settings\mc\Application Data\drivers\downld\318107.exe
c:\documents and settings\mc\Application Data\drivers\downld\360017.exe
c:\documents and settings\mc\Application Data\drivers\downld\365575.exe
c:\documents and settings\mc\Application Data\drivers\downld\365735.exe
c:\documents and settings\mc\Application Data\drivers\downld\45805.exe
c:\documents and settings\mc\Application Data\drivers\downld\46106.exe
c:\documents and settings\mc\Application Data\drivers\downld\47958.exe
c:\documents and settings\mc\Application Data\drivers\downld\48049.exe
c:\documents and settings\mc\Application Data\drivers\downld\48119.exe
c:\documents and settings\mc\Application Data\drivers\downld\48229.exe
c:\documents and settings\mc\Application Data\drivers\downld\49761.exe
c:\documents and settings\mc\Application Data\drivers\downld\516863.exe
c:\documents and settings\mc\Application Data\drivers\downld\51754.exe
c:\documents and settings\mc\Application Data\drivers\downld\517604.exe
c:\documents and settings\mc\Application Data\drivers\downld\517624.exe
c:\documents and settings\mc\Application Data\drivers\downld\52315.exe
c:\documents and settings\mc\Application Data\drivers\downld\529992.exe
c:\documents and settings\mc\Application Data\drivers\downld\53076.exe
c:\documents and settings\mc\Application Data\drivers\downld\531003.exe
c:\documents and settings\mc\Application Data\drivers\downld\53126.exe
c:\documents and settings\mc\Application Data\drivers\downld\531404.exe
c:\documents and settings\mc\Application Data\drivers\downld\531944.exe
c:\documents and settings\mc\Application Data\drivers\downld\532425.exe
c:\documents and settings\mc\Application Data\drivers\downld\532736.exe
c:\documents and settings\mc\Application Data\drivers\downld\55569.exe
c:\documents and settings\mc\Application Data\drivers\downld\566134.exe
c:\documents and settings\mc\Application Data\drivers\downld\568026.exe
c:\documents and settings\mc\Application Data\drivers\downld\568387.exe
c:\documents and settings\mc\Application Data\drivers\downld\57152.exe
c:\documents and settings\mc\Application Data\drivers\downld\57242.exe
c:\documents and settings\mc\Application Data\drivers\downld\57632.exe
c:\documents and settings\mc\Application Data\drivers\downld\578231.exe
c:\documents and settings\mc\Application Data\drivers\downld\578962.exe
c:\documents and settings\mc\Application Data\drivers\downld\579002.exe
c:\documents and settings\mc\Application Data\drivers\downld\58574.exe
c:\documents and settings\mc\Application Data\drivers\downld\58804.exe
c:\documents and settings\mc\Application Data\drivers\downld\594895.exe
c:\documents and settings\mc\Application Data\drivers\downld\59555.exe
c:\documents and settings\mc\Application Data\drivers\downld\595686.exe
c:\documents and settings\mc\Application Data\drivers\downld\595936.exe
c:\documents and settings\mc\Application Data\drivers\downld\596407.exe
c:\documents and settings\mc\Application Data\drivers\downld\596978.exe
c:\documents and settings\mc\Application Data\drivers\downld\597238.exe
c:\documents and settings\mc\Application Data\drivers\downld\59906.exe
c:\documents and settings\mc\Application Data\drivers\downld\59926.exe
c:\documents and settings\mc\Application Data\drivers\downld\60366.exe
c:\documents and settings\mc\Application Data\drivers\downld\60376.exe
c:\documents and settings\mc\Application Data\drivers\downld\628343.exe
c:\documents and settings\mc\Application Data\drivers\downld\629144.exe
c:\documents and settings\mc\Application Data\drivers\downld\629485.exe
c:\documents and settings\mc\Application Data\drivers\downld\63591.exe
c:\documents and settings\mc\Application Data\drivers\downld\63601.exe
c:\documents and settings\mc\Application Data\drivers\downld\639429.exe
c:\documents and settings\mc\Application Data\drivers\downld\639880.exe
c:\documents and settings\mc\Application Data\drivers\downld\639980.exe
c:\documents and settings\mc\Application Data\drivers\downld\651737.exe
c:\documents and settings\mc\Application Data\drivers\downld\655452.exe
c:\documents and settings\mc\Application Data\drivers\downld\658226.exe
c:\documents and settings\mc\Application Data\drivers\downld\659518.exe
c:\documents and settings\mc\Application Data\drivers\downld\659718.exe
c:\documents and settings\mc\Application Data\drivers\downld\66405.exe
c:\documents and settings\mc\Application Data\drivers\downld\666989.exe
c:\documents and settings\mc\Application Data\drivers\downld\66745.exe
c:\documents and settings\mc\Application Data\drivers\downld\668020.exe
c:\documents and settings\mc\Application Data\drivers\downld\668331.exe
c:\documents and settings\mc\Application Data\drivers\downld\690022.exe
c:\documents and settings\mc\Application Data\drivers\downld\690663.exe
c:\documents and settings\mc\Application Data\drivers\downld\690703.exe
c:\documents and settings\mc\Application Data\drivers\downld\705454.exe
c:\documents and settings\mc\Application Data\drivers\downld\706415.exe
c:\documents and settings\mc\Application Data\drivers\downld\706736.exe
c:\documents and settings\mc\Application Data\drivers\downld\707307.exe
c:\documents and settings\mc\Application Data\drivers\downld\707837.exe
c:\documents and settings\mc\Application Data\drivers\downld\708098.exe
c:\documents and settings\mc\Application Data\drivers\downld\739773.exe
c:\documents and settings\mc\Application Data\drivers\downld\740384.exe
c:\documents and settings\mc\Application Data\drivers\downld\740494.exe
c:\documents and settings\mc\Application Data\drivers\downld\746032.exe
c:\documents and settings\mc\Application Data\drivers\downld\75258.exe
c:\documents and settings\mc\Application Data\drivers\downld\758070.exe
c:\documents and settings\mc\Application Data\drivers\downld\759321.exe
c:\documents and settings\mc\Application Data\drivers\downld\759932.exe
c:\documents and settings\mc\Application Data\drivers\downld\775775.exe
c:\documents and settings\mc\Application Data\drivers\downld\787452.exe
c:\documents and settings\mc\Application Data\drivers\downld\788984.exe
c:\documents and settings\mc\Application Data\drivers\downld\789154.exe
c:\documents and settings\mc\Application Data\drivers\downld\91802.exe
c:\documents and settings\mc\Application Data\drivers\downld\92763.exe
c:\documents and settings\mc\Application Data\drivers\downld\92923.exe
c:\documents and settings\mc\Application Data\drivers\downld\97720.exe
c:\documents and settings\mc\Application Data\drivers\downld\98531.exe
c:\documents and settings\mc\Application Data\drivers\downld\98741.exe
c:\documents and settings\mc\Application Data\drivers\srosa2.sys
c:\documents and settings\mc\Application Data\drivers\winupgro.exe
c:\program files\Messenger\msmsgs.exe
c:\windows2\system32\ban_list.txt
c:\windows2\system32\mdelk.exe
c:\windows2\system32\wintems.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-04 19:42 . 2009-01-04 19:45 <DIR> d-------- c:\program files\Exterminate It!
2009-01-03 11:50 . 2009-01-03 11:50 <DIR> d-------- c:\documents and settings\mc\Application Data\SUPERAntiSpyware.com
2009-01-03 11:19 . 2009-01-03 11:19 <DIR> d-------- C:\fsaua.data
2009-01-03 11:11 . 2009-01-03 11:11 <DIR> d-------- c:\program files\N
2009-01-03 11:03 . 2009-01-03 11:03 <DIR> d-------- c:\windows2\tbcdata
2009-01-03 10:54 . 2003-06-23 12:15 425,472 --a------ c:\windows2\system32\tbc10.tmp
2009-01-02 15:52 . 2009-01-02 15:52 <DIR> d-------- c:\documents and settings\mc\Application Data\Ahead
2009-01-02 15:50 . 2009-01-02 15:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\Ahead
2009-01-02 15:50 . 2003-12-16 15:36 1,331,200 --------- c:\windows2\UNNeroVision.exe
2009-01-02 15:50 . 2003-12-22 12:34 72,743 --------- c:\windows2\UNNeroVision.cfg
2009-01-02 15:50 . 2001-03-08 18:30 24,064 --a------ c:\windows2\system32\msxml3a.dll
2009-01-02 15:36 . 2009-01-04 20:18 49 --a------ c:\windows2\NeroDigital.ini
2009-01-02 15:35 . 2009-01-02 15:35 <DIR> d-------- C:\CoverDesigner
2009-01-02 15:35 . 2001-07-06 13:41 569,344 --a------ c:\windows2\system32\imagr5.dll
2009-01-02 15:35 . 2001-07-06 11:44 544,768 --a------ c:\windows2\system32\imagx5.dll
2009-01-02 15:35 . 2001-07-06 17:24 283,920 --a------ c:\windows2\system32\ImagXpr5.dll
2009-01-02 15:35 . 2001-07-09 10:50 155,648 --a------ c:\windows2\system32\NeroCheck.exe
2009-01-02 15:35 . 2003-12-19 19:48 89,184 --a------ c:\windows2\system32\drivers\imagedrv.sys
2009-01-02 15:35 . 2003-12-23 15:40 57,344 --a------ c:\windows2\system32\ImageDrive.cpl
2009-01-02 15:35 . 2001-06-26 07:15 38,912 --a------ c:\windows2\system32\picn20.dll
2009-01-02 15:29 . 2009-01-02 15:29 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-02 12:08 . 2009-01-02 12:08 <DIR> d-------- c:\windows2\Sun
2009-01-02 12:07 . 2009-01-02 12:06 410,984 --a------ c:\windows2\system32\deploytk.dll
2009-01-02 12:07 . 2009-01-02 12:06 73,728 --a------ c:\windows2\system32\javacpl.cpl
2009-01-02 05:47 . 2009-01-02 05:47 12 --a------ c:\windows2\WinInit.INI
2009-01-02 05:46 . 2003-06-23 11:15 425,472 --a------ c:\windows2\system32\tbc4.tmp
2009-01-01 20:07 . 2004-06-11 10:15 796 --a------ C:\__IS6__.tmp
2009-01-01 19:57 . 2009-01-04 23:55 <DIR> d--h----- c:\documents and settings\mc\Application Data\drivers
2009-01-01 19:42 . 2009-01-01 20:19 610 --a------ c:\windows2\RegGenie.ini
2009-01-01 19:06 . 2009-01-01 20:21 <DIR> d-------- c:\program files\RegGenie
2009-01-01 19:06 . 2008-11-27 04:35 158,720 --a------ c:\windows2\RegGenieOnUninstall.exe
2009-01-01 18:12 . 2009-01-01 18:12 <DIR> d-------- c:\documents and settings\Administrator.RALLOMCKOY
2009-01-01 16:00 . 2009-01-01 17:44 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy
2009-01-01 14:41 . 2009-01-01 14:41 <DIR> d-------- c:\documents and settings\mc\Application Data\Media Player Classic
2009-01-01 06:58 . 2009-01-01 06:58 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-01 06:42 . 2009-01-01 06:42 <DIR> d-------- c:\documents and settings\mc\Application Data\vlc
2008-12-31 04:48 . 2008-12-31 04:48 <DIR> d-------- c:\documents and settings\mc\Application Data\Publish Providers
2008-12-31 04:39 . 2008-12-12 12:01 3,067,904 -----c--- c:\windows2\system32\dllcache\mshtml.dll
2008-12-31 04:39 . 2008-10-15 20:00 1,499,136 -----c--- c:\windows2\system32\dllcache\shdocvw.dll
2008-12-31 04:39 . 2008-10-15 20:00 666,112 -----c--- c:\windows2\system32\dllcache\wininet.dll
2008-12-31 04:39 . 2008-10-15 20:00 619,520 -----c--- c:\windows2\system32\dllcache\urlmon.dll
2008-12-31 04:38 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows2\system32\dllcache\ntoskrnl.exe
2008-12-31 04:38 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows2\system32\dllcache\ntkrnlmp.exe
2008-12-31 04:38 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows2\system32\dllcache\ntkrnlpa.exe
2008-12-31 04:38 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows2\system32\dllcache\ntkrpamp.exe
2008-12-31 04:38 . 2008-09-08 05:41 333,824 -----c--- c:\windows2\system32\dllcache\srv.sys
2008-12-31 04:38 . 2008-08-14 05:04 138,496 -----c--- c:\windows2\system32\dllcache\afd.sys
2008-12-31 04:37 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows2\system32\dllcache\win32k.sys
2008-12-31 04:37 . 2008-10-24 06:21 455,296 -----c--- c:\windows2\system32\dllcache\mrxsmb.sys
2008-12-31 04:36 . 2008-05-01 09:33 331,776 -----c--- c:\windows2\system32\dllcache\msadce.dll
2008-12-31 04:35 . 2008-04-11 14:04 691,712 -----c--- c:\windows2\system32\dllcache\inetcomm.dll
2008-12-31 04:35 . 2008-10-15 11:34 337,408 -----c--- c:\windows2\system32\dllcache\netapi32.dll
2008-12-31 04:35 . 2008-06-13 06:05 272,128 -----c--- c:\windows2\system32\dllcache\bthport.sys
2008-12-31 04:35 . 2008-05-08 09:02 203,136 -----c--- c:\windows2\system32\dllcache\rmcast.sys
2008-12-31 04:34 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows2\system32\dllcache\msxml3.dll
2008-12-31 04:22 . 2008-12-31 04:22 <DIR> d-------- c:\windows2\system32\scripting
2008-12-31 04:22 . 2008-12-31 04:22 <DIR> d-------- c:\windows2\system32\en
2008-12-31 04:22 . 2008-12-31 04:22 <DIR> d-------- c:\windows2\l2schemas
2008-12-31 04:03 . 2008-09-09 20:14 1,307,648 --a------ c:\windows2\system32\msxml6.dll
2008-12-31 04:02 . 2008-04-13 19:11 136,192 --------- c:\windows2\system32\aaclient.dll
2008-12-31 03:59 . 2008-12-31 03:59 <DIR> d-------- c:\documents and settings\mc\Application Data\Sony
2008-12-31 03:37 . 2008-12-31 03:37 <DIR> d-------- c:\documents and settings\mc\Application Data\Sony Setup
2008-12-31 03:34 . 2008-12-31 04:57 <DIR> d--h----- c:\windows2\$hf_mig$
2008-12-31 03:21 . 2008-12-31 03:21 <DIR> d-------- c:\windows2\provisioning
2008-12-31 03:21 . 2008-12-31 04:22 <DIR> d-------- c:\windows2\peernet
2008-12-31 03:17 . 2008-12-31 03:17 <DIR> d-------- c:\windows2\ServicePackFiles
2008-12-31 02:53 . 2008-12-31 02:53 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\nView_Profiles
2008-12-31 02:45 . 2008-12-31 02:49 <DIR> d--h-c--- c:\windows2\$xpsp1hfm$
2008-12-31 02:45 . 2008-04-13 19:12 239,104 --a------ c:\windows2\system32\srrstr.dll
2008-12-31 02:45 . 2003-08-01 23:14 25,600 --a------ c:\windows2\system32\xpsp1hfm.exe
2008-12-30 21:04 . 2008-04-13 13:45 10,624 --a------ c:\windows2\system32\drivers\gameenum.sys
2008-12-30 21:04 . 2008-04-13 13:45 10,624 --a--c--- c:\windows2\system32\dllcache\gameenum.sys
2008-12-30 21:03 . 2009-01-04 20:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 21:03 . 2008-12-30 21:03 <DIR> d-------- c:\documents and settings\mc\Application Data\Malwarebytes
2008-12-30 21:03 . 2008-12-30 21:03 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\Malwarebytes
2008-12-30 20:45 . 2008-12-30 20:45 0 --------- c:\windows2\system32\HFX168.tmp
2008-12-30 20:42 . 2008-12-31 04:12 <DIR> d-------- c:\windows2\EHome
2008-12-30 19:53 . 2008-12-30 19:53 2,400 --a------ c:\windows2\system32\wpa.bak
2008-12-30 19:05 . 2008-04-14 05:42 11,264 --------- c:\windows2\system32\spnpinst.exe
2008-12-30 19:05 . 2004-08-02 14:20 7,208 --------- c:\windows2\system32\secupd.sig
2008-12-30 19:05 . 2004-08-02 14:20 4,569 --------- c:\windows2\system32\secupd.dat
2008-12-30 18:30 . 2008-12-31 04:31 316,640 --a------ c:\windows2\WMSysPr9.prx
2008-12-30 18:27 . 2008-12-30 18:27 <DIR> d-------- c:\windows2\Downloaded Installations
2008-12-30 17:49 . 2008-12-31 04:22 <DIR> d-------- c:\windows2\system32\bits
2008-12-30 17:47 . 2008-10-16 14:12 561,688 --a------ c:\windows2\system32\wuapi.dll
2008-12-30 17:47 . 2008-10-16 14:12 323,608 --a------ c:\windows2\system32\wucltui.dll
2008-12-30 17:47 . 2008-10-16 14:12 213,528 --a------ c:\windows2\system32\wuaucpl.cpl
2008-12-30 17:47 . 2008-10-16 14:09 43,544 --a------ c:\windows2\system32\wups2.dll
2008-12-30 17:47 . 2008-10-16 14:08 34,328 --a------ c:\windows2\system32\wups.dll
2008-12-30 17:47 . 2008-10-16 14:09 31,768 --a------ c:\windows2\system32\wucltui.dll.mui
2008-12-30 17:47 . 2008-10-16 14:07 23,576 --a------ c:\windows2\system32\wuaucpl.cpl.mui
2008-12-30 17:47 . 2008-10-16 14:07 23,576 --a------ c:\windows2\system32\wuapi.dll.mui
2008-12-30 17:47 . 2008-10-16 14:07 18,456 --a------ c:\windows2\system32\wuaueng.dll.mui
2008-12-30 17:46 . 2008-12-30 17:46 <DIR> d---s---- c:\documents and settings\mc\UserData
2008-12-30 17:16 . 2005-11-24 19:51 245,248 --a------ c:\windows2\system32\rt73.sys
2008-12-30 17:16 . 2005-11-24 19:51 245,248 --a------ c:\windows2\system32\drivers\rt73.sys
2008-12-30 17:16 . 2003-10-13 15:30 94,208 --a------ c:\windows2\system32\GTW32N50.dll
2008-12-30 17:16 . 2005-11-03 17:41 32,768 --a------ c:\windows2\system32\GTGina.dll
2008-12-30 17:16 . 2003-09-25 23:28 31,930 --a------ c:\windows2\system32\GTNDIS3.VXD
2008-12-30 17:16 . 2008-12-30 17:16 20,747 --a------ c:\windows2\system32\drivers\AegisP.sys
2008-12-30 17:16 . 2005-02-01 18:18 17,992 --a------ c:\windows2\system32\drivers\bcm42rly.sys
2008-12-30 17:16 . 2005-02-01 18:18 17,992 --a------ c:\windows2\system32\bcm42rly.sys
2008-12-30 17:16 . 2005-02-01 18:18 17,992 --a------ c:\windows2\bcm42rly.sys
2008-12-30 17:16 . 2003-09-25 22:15 15,872 --a------ c:\windows2\system32\GTNDIS5.sys
2008-12-30 17:16 . 2005-12-06 04:24 7,846 --a------ c:\windows2\system32\rt73.cat
2008-12-30 17:15 . 2008-12-30 17:15 1,361 --a------ c:\windows2\system32\WLAN.INI
2008-12-30 16:54 . 2008-12-30 16:54 639,224 --a------ c:\windows2\system32\drivers\sptd.sys
2008-12-30 10:17 . 2008-12-30 10:17 <DIR> d---s---- c:\windows2\system32\Microsoft
2008-12-29 09:07 . 2008-12-29 09:07 <DIR> d-------- c:\documents and settings\rallomckoy\Application Data\SUPERAntiSpyware.com
2008-12-29 09:06 . 2008-12-29 09:06 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-29 05:51 . 2008-12-29 05:51 <DIR> d-------- c:\documents and settings\Administrator.MC\Application Data\Malwarebytes
2008-12-29 04:59 . 2008-12-29 04:59 <DIR> d-------- c:\documents and settings\rallomckoy\Application Data\Malwarebytes
2008-12-21 23:50 . 2008-12-21 23:50 <DIR> d-------- c:\documents and settings\rallomckoy\WINDOWS
2008-12-20 00:58 . 2008-12-20 00:58 <DIR> d---s---- c:\documents and settings\rallomckoy\UserData
2008-12-20 00:54 . 2008-12-20 00:56 <DIR> d-------- c:\program files\Google
2008-12-18 00:57 . 2008-12-18 00:58 <DIR> d-------- c:\program files\Driver Sweeper
2008-12-16 16:45 . 2008-12-16 16:45 <DIR> d-------- c:\program files\winbond
2008-12-15 23:17 . 2008-12-15 23:17 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-14 02:30 . 2008-12-14 02:30 <DIR> d-------- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 04:59 --------- d-----w c:\program files\eMule
2009-01-04 23:38 38,496 ----a-w c:\windows2\system32\drivers\mbamswissarmy.sys
2009-01-04 23:38 15,504 ----a-w c:\windows2\system32\drivers\mbam.sys
2009-01-03 16:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 17:29 --------- d-----w c:\program files\Sony
2009-01-02 17:28 --------- d-----w c:\program files\Vstplugins
2008-12-30 22:16 --------- d-----w c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-12-29 14:07 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-16 05:55 --------- d-----w c:\program files\MagicDVDRipper
2008-12-16 05:54 --------- d-----w c:\program files\AviSynth 2.5
2008-12-15 21:18 --------- d-----w c:\program files\JM
2008-12-09 01:30 --------- d-----w c:\program files\Canon Creative
2008-12-03 18:18 --------- d-----w c:\program files\Debugging Tools for Windows (x86)
2008-12-03 03:56 --------- d-----w c:\program files\Lavalys
2008-12-03 03:05 --------- d-----w c:\program files\RegCleaner
2008-12-02 04:54 --------- d-----w c:\program files\Common Files\ACD Systems
2008-12-02 04:54 --------- d-----w c:\program files\ACD Systems
2008-11-24 19:31 --------- d-----w c:\program files\Gabest
2008-11-24 16:56 --------- d-----w c:\documents and settings\mchappelle\Application Data\dvdcss
2008-11-20 06:01 --------- d-----w c:\program files\Replay AV 8
2008-11-10 05:47 --------- d-----w c:\program files\Replay Media Catcher
2008-11-05 13:07 --------- d-----w c:\program files\Spybot - Search & Destroy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows2\System32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows2\System32\NvMcTray.dll" [2004-10-29 86016]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"NeroFilterCheck"="c:\windows2\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2004-10-29 c:\windows2\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 tbcspud;Santa Cruz Driver;c:\windows2\system32\drivers\tbcspud.sys [2003-06-23 149632]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows2\system32\drivers\tbcwdm.sys [2003-06-23 554304]
S3 vtdg46xx;vtdg46xx;\??\c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2003-06-13 19232]
S4 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows2\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKLM-Run-winssvc - c:\documents and settings\mc\Application Data\Google\pzpsp23511834.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 23:59:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
r Running Proce
.
d:\program files\Java\jre6\bin\jqs.exe
c:\windows2\system32\nvsvc32.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
.
**************************************************************************
.
Completion time: 2009-01-05 0:03:31 - machine was rebooted [mc]
ComboFix-quarantined-files.txt 2009-01-05 05:03:28

Pre-Run: 2,600,464,384 bytes free
Post-Run: 3,344,150,528 bytes free

474 --- E O F --- 2009-01-01 18:08:40


Report •

#5
January 5, 2009 at 15:42:32
Everything's working fine now. Thank you so much for your expertise and assistance.

Report •

#6
January 5, 2009 at 16:28:26
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#7
January 8, 2009 at 14:31:36
Part 1 of Kaspersky report


Thursday, January 8, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, January 08, 2009 07:36:15
Records in database: 1585675


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 1375520
Threat name 15
Infected objects 385
Suspicious objects 0
Duration of the scan 12:27:41

File name Threat name Threats count
C:\Avenger\m\shared\(アプリ).[システム].Symantec.Norton.Ghost.9.0(日本語版Keygen付).zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\255 Magic Animating Buttons 5.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Access Denied 4.00.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\ADMLink ESD 1.81.2.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\AimAtSite IE Toolbar 3.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\ALTools Lunar Zodiac Mouse Wallpaper 2005.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Aqua Icons.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\AvailiTime 2.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\AVG.Anti-Virus.Professional.Edition.v7.1.392.743.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Bison Fute 2007 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Bookmark Toolbar 1.3.5.5.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\California 2 Screensaver.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Capture .NET Pro 9.6.3221.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Celframe Sync 6.0.4.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\CloseWin 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Comic Vectorial Icons 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Crack Norton SystemWorks 2005 Premium Spanish by Indio_Keygen by Millenium.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Cresotech PhotoPoint 1.1.0.17.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\CyberMatrix Point Of Sale 2.01.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Diagnostics 4.42.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\DropBox Image Processor 1.00.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Easy Diskette Formatter 7-09A.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\EclipsePalette 2.0.20.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Email Avenger 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\EyeSpy 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\EZ MPEG TO AVI Converter 3.30.0405.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Fast Video Indexer 1.11.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\FastSatfinder 2.7.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Fat Burners 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\FlaPops - Flash Wizard 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Flash Video Converter 2.1.8.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Floppies Icon Set 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\FocusViewer 2.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\FrAid 1.4.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Free Ringtones Using Voices and Sounds 1.01.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\French Vocab 1.1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\GLSee 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Golf Tracker 3.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Hard Disk drive explorer 1.0.1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Healthy Living 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\HTML Cipher 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\HTTHost SDK 1.8.4.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Instant Unzip 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Iron SPAM Eraser 1.00.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\iStegano 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Kaspersky.Antivirus.Personal.5.0.227.ITA.+.KEY.shared.by.PEPPE.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Kill Docs 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\KingConvert For MP3 4.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Kurt's NetSend 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Lalim MYOB Password Recovery 1.1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\MailMaint 3.3.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Marketing and Advertising Screensaver 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\MB Free Psychic Number Test 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\MB Free Zodiac Love Sign 1.10.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Mcafee.Spamkiller.2004.v5.0.-.Full.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\McAfee.VirusScan.v10.0.25.Professional.NoCD.Patch.-.Crack.-.Serial.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\McTOSD 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Melt 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\MetaInstaller 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\MP3 Disc Burner 1.83.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\MpSoft Internet Cafe Guard 9.01.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\MSN Messenger Monitor Sniffer 3.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\MX Kollection 3.6.5.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\My Daily Friend 2.0.2.11.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\My Easycounter 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\NeDesMo 1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\NeroSoft TimeTrax 3.4.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Net Viewer 4.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Newton's Interpolation Beta 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\NOKIA-Symantec.Antivirus.for.Nokia_S60.6600-6630-6680_cr.a.cked_by_pennello.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Official Signs 2 Icon Collection 1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\OneClick iPhone Video Converter.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\openPim 2.4.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\OverDisk 0.11 beta.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Password Manager 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Password Manager Deluxe 3.75.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\PC File Tracker 2.1.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\PDF Editor Objects 2.5.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\pdfColorConvert 1.2.117.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Pet Sitting 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Phone Mnemonics 4.7.7.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Portable Database Browser 2.3.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Portable Home Accounts 1.2.8.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\PPC-PROTECT 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Prestwood Ping Server 1.35.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\probabilm_fallato_SYMANTEC.NORTON.GHOST.V9.0-TDA.Bootable.Fix.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Quark 1.0.40.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Quick Recovery for Mac 11.06.07.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Raidar 0.2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\RailwayStation Art Gallery 1 1.0.6.2634.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Razordesk 3.2.00 Build 80706A.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\RigResident 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Roleplaying Assistant 7.13c.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Savage Erazor 1.4.3.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\ScreenRecord 1.6.2.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Simnor Note 2006.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\SketchPad 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\SmartBackup 3.4.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\SmartMinimizer 2.2.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Sound Laundry Compact Edition 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\SoundBoard 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\SP JPEG 3.00.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Speaking Clock 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Steuby Soft Time Sync 5.10.2200.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Super DVD ripper 2.11.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Symantec.Antivirus.Corporate.Edition.V10.64bit.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Symantec.Mobile.Security.v.4.0.37.(UPDATE_05-04-06).zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\t2h 1.0.10.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\The Form Letter Machine 1.07.01.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\TIREAL WEBCAM GUARD 1.2.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Trivya - Online Trivia 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\TTA Plugin for Winamp 3.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\UXTheme Patch For Windows XP SP2 Final.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Virtual Commander 1.54 Release 1 Build 3.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Vista Sidebar 2.5 Build 2514.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\VMC Remote 1.0.3123 Beta.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\Walking on Mars Screensaver 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\WavePad 4.02.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\WheelTag ID3 Editor 1.2.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\WinDeskTools 4.3.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\WinFF 0.43.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\World Clock Vista Gadget 1.2.4.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\YoyoCut 2.5.0.158.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m\shared\ZipLock 2.0.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\A.F.1 Shut down your computer 1.6.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Abykus SE 2.00.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Account Pro Invoice 2.0.325.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\AL Screensaver and Slideshow Builder 1.9.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Anacortes Telescope Picture of the Day 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Anchor CRM 1.2.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Antonio Banderas 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Atanua 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\AVG_Anti-Virus_Plus_Firewall_7.5.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Buddhist Thought of the Day.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\CAD Image 6.1.0.54.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Codewheel Generator 1.1.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Collectibles ieBook 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Dark Age of Camelot Population Viewer 3.00.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Data Tracker for Research 1.09.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Deep Log Analyzer 3.5.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\DXF 2 PDF 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\E-Mail Extraction 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Eagle Screensaver.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Easy Input 1.0.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Ecardiy 5.91.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\EverydayWallpaper 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Exif Pilot Pro 3.4.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\FLAME 1.34.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\FTPSync 2.06.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Generic Mod Enabler 2.1.0.107.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Gradient iCool 1.0.4.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Hercules SETUP 2.7.3.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Hitradio Oe3 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\HS GPSDLL Library 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\iFlysoft Flash Converter 1.2.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\IL Multidesktop 2.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\InBoxer for Outlook Spam 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\InstallAnywhere Standard Edition 8.0 build 3063.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Invitt LE 1.3.3.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\iPod shuffle 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\Jabber plugin for Trillian 3.1.2.1003.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1

C:\Avenger\m-ren-562\shared\JCards 5.1.zip Infected: Trojan-Downloader.Win32.Bagle.ajn 1



Report •

#8
January 8, 2009 at 20:13:57
Navigate to and delete this folder:

C:\Avenger

Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes

Eset

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •


Ask Question