winupgro virus has infected my comp

moshe u February 4, 2009 at 11:05:33
Specs: Windows XP
hi there people, need your help please!!

got infected by the winupgro.
cant install any antivirus program
can install any spywere and maleware remover
tried running combofix - doesnt work also
tried avz - doesnt work also

what can i do??

thanks you!!


See More: winupgro virus has infected my comp

Report •


#1
February 4, 2009 at 11:27:48
Go to this link http://www.spywareremovalblog.com/r...

Post back your results!


Report •

#2
February 5, 2009 at 04:48:14
Hi, please !!!! help!

already tried that - the doc cant work in my computer.
it installs well - but no button responds...

any other suggestions?


Report •

#3
February 5, 2009 at 17:19:42
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

For Hijack This if it will not run rename the Hijack This.exe file to somethingelse.exe and try installing it again.


Report •

Related Solutions

#4
February 6, 2009 at 00:37:46
Hi Jebuck!

first, thank you very much for helping!!

done all you wrote - most malewere were deleted, though it did encountered a problem deleting winupgro and 2 more. said it would do so on restsrt, but didn't succeed i guess, since the winupgro process appeared again.
below is the log file:

Malwarebytes' Anti-Malware 1.33
Database version: 1733
Windows 5.1.2600 Service Pack 3

06/02/2009 10:29:58
mbam-log-2009-02-06 (10-29-58).txt

Scan type: Quick Scan
Objects scanned: 65417
Time elapsed: 16 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 13

Memory Processes Infected:
C:\Documents and Settings\moshe\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Printing Driver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moshe\Application Data\m (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\doskeys.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rar.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\moshe\Local Settings\Temp\Setup+Patch.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\15028937.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\176859.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moshe\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\moshe\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\moshe\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllhosts.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Documents and Settings\moshe\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\moshe\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.

what's the next step?


Report •

#5
February 6, 2009 at 03:39:21
Please post the requested Hijack This log, bottom of response #3.

Report •

#6
February 6, 2009 at 06:19:10
oh sorry, thought i should use "hijack this" only if the anti malewere doesnt work.

got it downloaded, activated, and gave me a log (here below). as you might know, i still have the winupgro active process and file in my comp.
"hijack" worked only when process was diabled. i named it "ikillu 2" (just elaborating in case it has a meaning).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:55, on 06/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\moshe\Desktop\I KILL U\i kill u2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=m...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [MSKExe] c:\PROGRA~1\mcafee\SPAMKI~1\spamkiller.exe
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.2.1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O17 - HKLM\System\CS2\Services\Tcpip\..\{43B61E5E-3D49-44FF-8F29-672359A36A57}: NameServer = 212.150.48.10,212.150.48.169
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

--
End of file - 8900 bytes


Report •

#7
February 6, 2009 at 16:17:56
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, and any antispyware that you may have.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.


Report •

#8
February 7, 2009 at 10:18:22
dear Jabuck

thank you for all the help!!

ran combofix - below is the log. it worked well it seems - since my comp is back to business and no processes were activated. (winupgro etc)

ran my AV - which found lots of **it in my comp and deleted it all (malewere and files)

looking forward for your reply (may it be the last required)

thank you!! i really appreciate your help!

cant post the log - may b too long..ill try in pieces

ComboFix 09-02-06.02 - moshe 02/07/2009 11:29:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1255.1.1033.18.959.681 [GMT 2:00]
Running from: c:\documents and settings\moshe\Desktop\I KILL U\abc.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\moshe\Application Data\drivers\downld
c:\documents and settings\moshe\Application Data\drivers\downld\1002015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1002250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\100250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\100562.exe
c:\documents and settings\moshe\Application Data\drivers\downld\101125.exe
c:\documents and settings\moshe\Application Data\drivers\downld\101453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\101687.exe
c:\documents and settings\moshe\Application Data\drivers\downld\102062.exe
c:\documents and settings\moshe\Application Data\drivers\downld\102921.exe
c:\documents and settings\moshe\Application Data\drivers\downld\103765.exe
c:\documents and settings\moshe\Application Data\drivers\downld\103968.exe
c:\documents and settings\moshe\Application Data\drivers\downld\107406.exe
c:\documents and settings\moshe\Application Data\drivers\downld\110781.exe
c:\documents and settings\moshe\Application Data\drivers\downld\112328.exe
c:\documents and settings\moshe\Application Data\drivers\downld\112671.exe
c:\documents and settings\moshe\Application Data\drivers\downld\113843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\116390.exe
c:\documents and settings\moshe\Application Data\drivers\downld\119171.exe
c:\documents and settings\moshe\Application Data\drivers\downld\119718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\119828.exe
c:\documents and settings\moshe\Application Data\drivers\downld\123000.exe
c:\documents and settings\moshe\Application Data\drivers\downld\123609.exe
c:\documents and settings\moshe\Application Data\drivers\downld\124453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\125640.exe
c:\documents and settings\moshe\Application Data\drivers\downld\125843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\125859.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1272968.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1274812.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1274843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\127515.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1290500.exe
c:\documents and settings\moshe\Application Data\drivers\downld\129187.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1292156.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1292875.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1301968.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1302921.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1303421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1324718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1339609.exe
c:\documents and settings\moshe\Application Data\drivers\downld\134546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13969562.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13970687.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13970718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13982562.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13984125.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13984859.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13993171.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13993843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\13994234.exe
c:\documents and settings\moshe\Application Data\drivers\downld\140140.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14061156.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14070671.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14071093.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14071187.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1410046.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1410531.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1410546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1413109.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1414218.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1414343.exe
c:\documents and settings\moshe\Application Data\drivers\downld\143062.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1433140.exe
c:\documents and settings\moshe\Application Data\drivers\downld\143484.exe
c:\documents and settings\moshe\Application Data\drivers\downld\143593.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1438234.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1439046.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1440078.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1440906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1441390.exe
c:\documents and settings\moshe\Application Data\drivers\downld\144203.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14684921.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14685093.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14685156.exe
c:\documents and settings\moshe\Application Data\drivers\downld\146953.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14705281.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14710500.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14712171.exe
c:\documents and settings\moshe\Application Data\drivers\downld\147187.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14723843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14724656.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14725437.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14734703.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14735250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14735375.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14755812.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14756546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14757843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14758421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14766375.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14767843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14768390.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14773796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14774015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14774109.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1477531.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14775375.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1478500.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14786578.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14786687.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14786796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1478968.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14807718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14807750.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14807796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14808437.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14810250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14810843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14811984.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14812953.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14821312.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14822453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14822718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14822734.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14822765.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14822906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14825718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14826281.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14826765.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14835328.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14835781.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14836156.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14837343.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14837640.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14837671.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14840437.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14840453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14840484.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14856843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14864203.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14874031.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14874343.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14874468.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14877796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14877859.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14888187.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14905328.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14905765.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14906109.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14907765.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14908000.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14908140.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14916015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1493031.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14932796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14954734.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14956890.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14957796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14959125.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14959296.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14960093.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14960750.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14960765.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14961734.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14963015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14963968.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14964859.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14979296.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14979453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14979578.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14984093.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14984656.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14984687.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14984703.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14984828.exe
c:\documents and settings\moshe\Application Data\drivers\downld\14985343.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15015078.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15015296.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15015406.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15018421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15018515.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15018593.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15020765.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15029437.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15030515.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15032234.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15033046.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15033453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15034234.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15034359.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15035234.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15036000.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15038281.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15039890.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15040078.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15041921.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15042921.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15063265.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15064031.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15064484.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15069453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15084546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15085171.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15085328.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15085390.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15085906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15086546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15096671.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15096734.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15096796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15115750.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15115953.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15116125.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15120250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15120750.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15121343.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15121640.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15122515.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15122843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15123187.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15123281.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15156468.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15156906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15157421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15173265.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15193984.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15196343.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15197984.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15198000.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15198109.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15198640.exe
c:\documents and settings\moshe\Application Data\drivers\downld\152015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\152031.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15225468.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15225593.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15225656.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15239015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15253500.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15253625.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15253718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15298859.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15304359.exe
c:\documents and settings\moshe\Application Data\drivers\downld\153062.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15309375.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15310328.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15310843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15315718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15316484.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15316937.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15337265.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15353062.exe
c:\documents and settings\moshe\Application Data\drivers\downld\153562.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1540734.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1545515.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1547484.exe
c:\documents and settings\moshe\Application Data\drivers\downld\1547796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15481328.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15481484.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15481546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15489359.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15489453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15489515.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15502421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15503921.exe
c:\documents and settings\moshe\Application Data\drivers\downld\15504531.exe


Report •

#9
February 7, 2009 at 10:55:08
The log is located and C:\Combofix.txt. Post it in segments over two or three post if needed. We really need to see the sections after "Other Deletions" in the Combofix log.

Report •

#10
February 7, 2009 at 13:59:42
hi!

tried a few times with no luck, hope this time it will post the 3rd part

oshe\Application Data\drivers\downld\85046.exe
c:\documents and settings\moshe\Application Data\drivers\downld\85328.exe
c:\documents and settings\moshe\Application Data\drivers\downld\85437.exe
c:\documents and settings\moshe\Application Data\drivers\downld\85828.exe
c:\documents and settings\moshe\Application Data\drivers\downld\86250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\86281.exe
c:\documents and settings\moshe\Application Data\drivers\downld\863875.exe
c:\documents and settings\moshe\Application Data\drivers\downld\86671.exe
c:\documents and settings\moshe\Application Data\drivers\downld\868546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\86906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\87140.exe
c:\documents and settings\moshe\Application Data\drivers\downld\87421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\87890.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88031.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88437.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88468.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88860625.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88861906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88861984.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88880937.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88883187.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88884031.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88894796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88896500.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88897031.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88921.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88932546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88948046.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88957078.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88957531.exe
c:\documents and settings\moshe\Application Data\drivers\downld\88957546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89011796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89012703.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89012843.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89016109.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89016750.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89031406.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89045468.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89048718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89049671.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89051109.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89052390.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89053375.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89079906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89081531.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89082000.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89096250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89158562.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89159015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89159234.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89218.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89589046.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89591531.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89591625.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89687.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89699828.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89703718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89705312.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89778734.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89838781.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89967687.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89971531.exe
c:\documents and settings\moshe\Application Data\drivers\downld\89971593.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90113125.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90117421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90119156.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90122156.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90125421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90127562.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90212906.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90219687.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90224453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90254656.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90399046.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90436343.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90443656.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90446718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90447250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90515.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90604468.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90604921.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90604968.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90683343.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90685421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90686250.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90694328.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90695796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90699375.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90727593.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90770187.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90833781.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90834578.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90834640.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90838078.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90839359.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90862500.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90867593.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90868593.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90869718.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90870515.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90871000.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90907671.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90912062.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90912812.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90935453.exe
c:\documents and settings\moshe\Application Data\drivers\downld\90984.exe
c:\documents and settings\moshe\Application Data\drivers\downld\91006796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\91010765.exe
c:\documents and settings\moshe\Application Data\drivers\downld\91012703.exe
c:\documents and settings\moshe\Application Data\drivers\downld\91013015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\95546.exe
c:\documents and settings\moshe\Application Data\drivers\downld\97015.exe
c:\documents and settings\moshe\Application Data\drivers\downld\97703.exe
c:\documents and settings\moshe\Application Data\drivers\downld\98078.exe
c:\documents and settings\moshe\Application Data\drivers\downld\98875.exe
c:\documents and settings\moshe\Application Data\drivers\downld\98953.exe
c:\documents and settings\moshe\Application Data\drivers\downld\99234.exe
c:\documents and settings\moshe\Application Data\drivers\downld\99406.exe
c:\documents and settings\moshe\Application Data\drivers\downld\99421.exe
c:\documents and settings\moshe\Application Data\drivers\downld\99796.exe
c:\documents and settings\moshe\Application Data\drivers\downld\998156.exe
c:\documents and settings\moshe\Application Data\drivers\downld\99875.exe
c:\documents and settings\moshe\Application Data\drivers\srosa.sys
c:\documents and settings\moshe\Application Data\drivers\srosa2.sys
c:\documents and settings\moshe\Application Data\drivers\winupgro.exe
c:\documents and settings\moshe\Application Data\m
c:\documents and settings\moshe\Application Data\m\data.oct
c:\documents and settings\moshe\Application Data\m\flec006.exe
c:\documents and settings\moshe\Application Data\m\list.oct
c:\documents and settings\moshe\Application Data\m\shared\#1 History Eraser 2.0.zip
c:\documents and settings\moshe\Application Data\m\shared\3D Control Magic for .NET 2.0.1.13.zip
c:\documents and settings\moshe\Application Data\m\shared\A-Media Scanner 1.6.3.485.zip
c:\documents and settings\moshe\Application Data\m\shared\Access-to-Oracle 1.5.zip
c:\documents and settings\moshe\Application Data\m\shared\Actual Web Album 1.6.zip
c:\documents and settings\moshe\Application Data\m\shared\Acura RSX Screensaver 2.zip
c:\documents and settings\moshe\Application Data\m\shared\Amiga Screensaver 1.6.2.2.zip
c:\documents and settings\moshe\Application Data\m\shared\Analog Clock Opera Widget 1.3.zip
c:\documents and settings\moshe\Application Data\m\shared\Application Aspect Hierarchical DataGridView 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Audio CD Ripper Plus 2.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Auto Maintenance Plus 7.2.zip
c:\documents and settings\moshe\Application Data\m\shared\AVG.ANTIESPYWARE.7.5.0.47+.serial.zip
c:\documents and settings\moshe\Application Data\m\shared\AZ Paint Pro 8.1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Calendarscope 4.0.zip
c:\documents and settings\moshe\Application Data\m\shared\CapahoMDB 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Carroll 1.03.zip
c:\documents and settings\moshe\Application Data\m\shared\CATVids 8.05.zip
c:\documents and settings\moshe\Application Data\m\shared\CD2MP3 PM 1.14.zip
c:\documents and settings\moshe\Application Data\m\shared\Chord Finder 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Christmas Village 1.0.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Clipboard Magic 4.01.zip
c:\documents and settings\moshe\Application Data\m\shared\coComment! 2.0.zip
c:\documents and settings\moshe\Application Data\m\shared\CryptoTools 3.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Cucusoft Apple TV Video Converter Suite 7.6.7.5.zip
c:\documents and settings\moshe\Application Data\m\shared\CVOne 1.3.2.zip
c:\documents and settings\moshe\Application Data\m\shared\Dcat ScreenSaver 1.61 build 821.zip
c:\documents and settings\moshe\Application Data\m\shared\Deep Freeze Server Enterprise 6.01.231.1592.zip
c:\documents and settings\moshe\Application Data\m\shared\DJ Audio Mixer 1.3.zip
c:\documents and settings\moshe\Application Data\m\shared\dwTerm 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Easy Leaves 1.1.zip
c:\documents and settings\moshe\Application Data\m\shared\EasyFinder 3.0 Beta8.zip
c:\documents and settings\moshe\Application Data\m\shared\Email Director .NET 2.7.zip
c:\documents and settings\moshe\Application Data\m\shared\Evaluate 1.2.zip
c:\documents and settings\moshe\Application Data\m\shared\Filedoyen 1.4.zip
c:\documents and settings\moshe\Application Data\m\shared\Focused Reader 2.0.0.zip
c:\documents and settings\moshe\Application Data\m\shared\FoodCalc 1.0.2.zip
c:\documents and settings\moshe\Application Data\m\shared\Free Java 1.01T2006.08.08.zip
c:\documents and settings\moshe\Application Data\m\shared\Gmail.zip
c:\documents and settings\moshe\Application Data\m\shared\GMSI.NET Marquee LED Component 1.1.zip
c:\documents and settings\moshe\Application Data\m\shared\Golden Leaves 3D Screensaver 1.0.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Greek textbox 0.6.zip
c:\documents and settings\moshe\Application Data\m\shared\Health Boosters & Longevity 2.0.zip
c:\documents and settings\moshe\Application Data\m\shared\HPI Converter 0.0518.zip
c:\documents and settings\moshe\Application Data\m\shared\HS Win32COM Library 1.1.zip
c:\documents and settings\moshe\Application Data\m\shared\ImagoMPEG-Muxer 1.1.zip
c:\documents and settings\moshe\Application Data\m\shared\Imobis R2 1.5.4.zip
c:\documents and settings\moshe\Application Data\m\shared\Imobiz 2.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Interaction 1.0.1280.zip
c:\documents and settings\moshe\Application Data\m\shared\Iridescent 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\iZoomMouse 1.02.zip
c:\documents and settings\moshe\Application Data\m\shared\JackFlash Gadget Factory 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\kaspersky.anti-virus.6.0.key.56.zip
c:\documents and settings\moshe\Application Data\m\shared\Kaspersky.Antivirus.Personal.Pro.5.0.20.KEYGEN.czip.zip
c:\documents and settings\moshe\Application Data\m\shared\Kaspersky.AV.Personal.(5.0.142).zip
c:\documents and settings\moshe\Application Data\m\shared\Key Extender 3.9.zip
c:\documents and settings\moshe\Application Data\m\shared\LED Banner 2.2.zip
c:\documents and settings\moshe\Application Data\m\shared\LingvoSoft Dictionary 2008 English - Greek 4.1.29.zip
c:\documents and settings\moshe\Application Data\m\shared\LiquidGuardian 1.0.5.zip
c:\documents and settings\moshe\Application Data\m\shared\Magic Deformer 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Magic Mail Monitor 2.94b18.zip
c:\documents and settings\moshe\Application Data\m\shared\Matrix Plugin 1.1.zip
c:\documents and settings\moshe\Application Data\m\shared\MaxShredder 1.0.0.zip
c:\documents and settings\moshe\Application Data\m\shared\MB Taurus Astrology 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\MessageBoxGo 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Metal Slug 3 Nokia 5200 By Takumi Trueno.zip
c:\documents and settings\moshe\Application Data\m\shared\Microsoft Forefront Codename Stirling Beta.zip
c:\documents and settings\moshe\Application Data\m\shared\Microsoft Robotics Studio 1.5.507.0 Refresh.zip
c:\documents and settings\moshe\Application Data\m\shared\Mijoy Pro 3.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Monthly Expense 1.1.zip
c:\documents and settings\moshe\Application Data\m\shared\MorphVOX Classic Voice Changer 2.1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\MP3Fitness 2.0.3.zip
c:\documents and settings\moshe\Application Data\m\shared\myFacebook 1.2.2.0.zip
c:\documents and settings\moshe\Application Data\m\shared\NBC Today Show 7.08.27.zip
c:\documents and settings\moshe\Application Data\m\shared\NetChorus 001.zip
c:\documents and settings\moshe\Application Data\m\shared\New Orleans Daily Photo Pics 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Numeral 1.1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Online Media channels 1.0.0.1.zip
c:\documents and settings\moshe\Application Data\m\shared\Optimal Mandelbrot 3.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Orbiscope Observer 1.7.2.zip
c:\documents and settings\moshe\Application Data\m\shared\PC Inspector File Recovery 4.0.zip
c:\documents and settings\moshe\Application Data\m\shared\PDF Conversion Series - Text to PDF 1.0 Build 0425.zip
c:\documents and settings\moshe\Application Data\m\shared\PDFSprite PDF Driver advanced version 9.0.zip
c:\documents and settings\moshe\Application Data\m\shared\PhotoMail 4.0.zip
c:\documents and settings\moshe\Application Data\m\shared\PicoStick 0.1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Picture Watermarker 2.zip
c:\documents and settings\moshe\Application Data\m\shared\Pin2 0.1.7.zip
c:\documents and settings\moshe\Application Data\m\shared\PowerPoint DVD Converter 2.6.zip
c:\documents and settings\moshe\Application Data\m\shared\PresStart 1.3.zip
c:\documents and settings\moshe\Application Data\m\shared\PROACTIME 4.55.zip
c:\documents and settings\moshe\Application Data\m\shared\PutAFile 2.0.zip
c:\documents and settings\moshe\Application Data\m\shared\PwdHash 1.5.zip
c:\documents and settings\moshe\Application Data\m\shared\QuickNFO 0.77.zip
c:\documents and settings\moshe\Application Data\m\shared\R-Drive Image 4.3 Build 4318.zip
c:\documents and settings\moshe\Application Data\m\shared\RER WMA Converter 3.5.1.1126.zip
c:\documents and settings\moshe\Application Data\m\shared\RPN Engineering Calculator 9.0.1.zip
c:\documents and settings\moshe\Application Data\m\shared\SFTPBlackbox (.NET) 6.1.zip
c:\documents and settings\moshe\Application Data\m\shared\Site Capture 3.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Space Tunnels 3D Screensaver 1.1.zip
c:\documents and settings\moshe\Application Data\m\shared\SpyBoss Pro 4.2.zip
c:\documents and settings\moshe\Application Data\m\shared\StartupSelector 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\StatWin Total 7.8.zip
c:\documents and settings\moshe\Application Data\m\shared\StopMotion Camera 1.3.zip
c:\documents and settings\moshe\Application Data\m\shared\Sumatra PDF 0.9.3.zip
c:\documents and settings\moshe\Application Data\m\shared\SuperCool PIM 1.00 build 8.zip
c:\documents and settings\moshe\Application Data\m\shared\SuperNotecard 2.8.6.zip
c:\documents and settings\moshe\Application Data\m\shared\symantec.mobile.security.virus.definition.14-12-2006.by.danyFORZA.CATANIA.zip
c:\documents and settings\moshe\Application Data\m\shared\TAC Remote 1.1.zip
c:\documents and settings\moshe\Application Data\m\shared\Travel Dictionary Spanish PC 5.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Travel Hour 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\TuFtp 1.42.zip
c:\documents and settings\moshe\Application Data\m\shared\Ultrawave Guitar Tuner 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\UniCrypt 4.1.zip
c:\documents and settings\moshe\Application Data\m\shared\Uptime Snapshot 1.0.0.0.zip
c:\documents and settings\moshe\Application Data\m\shared\VAPXP 1.1.18.zip
c:\documents and settings\moshe\Application Data\m\shared\Virtual Disk Folder 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\VirtualMEC 1.7.2.zip
c:\documents and settings\moshe\Application Data\m\shared\VS.NETcodePrint 2008 10.0.1.zip
c:\documents and settings\moshe\Application Data\m\shared\Web Document Packager 1.0 Beta 1003.zip
c:\documents and settings\moshe\Application Data\m\shared\WebScreenShot 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\wGoom 1.9.4.zip
c:\documents and settings\moshe\Application Data\m\shared\widescapeWeather 2.1.zip
c:\documents and settings\moshe\Application Data\m\shared\Windows Quick Launch Gadget 0.9.1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Winlirc Launcher 1.0.zip
c:\documents and settings\moshe\Application Data\m\shared\Winter Dream 3D 1.zip
c:\documents and settings\moshe\Application Data\m\shared\WrabbitFTP 1.0 Alpha 5.zip
c:\documents and settings\moshe\Application Data\m\shared\xSQL Object Command Line 3.0.1.5.zip
c:\documents and settings\moshe\Application Data\m\shared\zzStars 1.0.zip
c:\documents and settings\moshe\Application Data\m\srvlist.oct
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
c:\windows\system32\ban_list.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 09:34 --------- d--h--w c:\documents and settings\moshe\Application Data\drivers
2009-02-06 14:20 --------- d-----w c:\program files\McAfee
2009-02-06 14:20 --------- d-----w c:\documents and settings\moshe\Application Data\McAfee
2009-02-06 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-06 08:04 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-06 08:04 --------- d-----w c:\documents and settings\moshe\Application Data\Malwarebytes
2009-02-06 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-05 22:21 97 ----a-w C:\tt.bat
2009-02-05 21:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-05 21:56 --------- d-----w c:\program files\Spyware Doctor
2009-02-05 21:56 --------- d-----w c:\documents and settings\moshe\Application Data\PC Tools
2009-02-05 21:46 --------- d-----w c:\program files\Common Files\Download Manager
2009-02-03 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-03 09:25 --------- d-----w c:\program files\eMule
2009-02-03 05:49 --------- d-----w c:\documents and settings\moshe\Application Data\AVGTOOLBAR
2009-02-02 07:00 --------- d-----w c:\documents and settings\moshe\Application Data\Babylon
2009-02-02 06:22 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-01-30 16:09 --------- d-----w c:\program files\Common Files\eSellerate
2009-01-25 06:36 60,416 ----a-w C:\md5deep.exe
2009-01-17 17:16 --------- d-----w c:\program files\Nokia
2009-01-17 17:16 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-17 17:16 --------- d-----w c:\program files\Common Files\Nokia
2009-01-17 17:14 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-09 06:36 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-09 06:36 --------- d-----w c:\program files\Java
2009-01-06 21:21 --------- d-----w c:\program files\iTunes
2009-01-06 21:21 --------- d-----w c:\program files\iPod
2009-01-06 21:21 --------- d-----w c:\program files\Common Files\Apple
2009-01-06 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-06 21:20 --------- d-----w c:\program files\QuickTime
2009-01-06 21:20 --------- d-----w c:\program files\Bonjour
2009-01-06 21:19 --------- d-----w c:\program files\Apple Software Update
2009-01-06 21:19 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-06 21:16 --------- d-----w c:\documents and settings\moshe\Application Data\U3
2008-12-31 07:42 --------- d-----w c:\documents and settings\moshe\Application Data\Windows Search
2008-12-31 06:52 --------- d-----w c:\documents and settings\moshe\Application Data\Windows Desktop Search
2008-12-31 06:46 --------- d-----w c:\program files\Windows Desktop Search
2008-12-29 06:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-29 06:44 --------- d-----w c:\program files\MSBuild
2008-12-29 06:44 --------- d-----w c:\program files\Microsoft Works
2008-12-27 10:21 --------- d-----w c:\documents and settings\moshe\Application Data\Nero
2008-12-27 10:16 --------- d-----w c:\program files\Common Files\Nero
2008-12-27 10:07 --------- d-----w c:\program files\Nero
2008-12-27 10:05 --------- d-----w c:\program files\Windows Sidebar
2008-12-27 10:01 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-26 21:08 --------- d-----w c:\program files\McAfee.com
2008-12-20 11:45 --------- d-----w c:\documents and settings\moshe\Application Data\PC Suite
2008-12-20 11:45 --------- d-----w c:\documents and settings\moshe\Application Data\Nokia
2008-12-20 11:45 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-12-20 11:44 --------- d-----w c:\program files\DIFX
2008-12-20 11:43 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2007-07-04 16:22 22,768 ----a-w c:\documents and settings\moshe\usbsermpt.sys
2006-11-13 14:41 24,192 ----a-w c:\documents and settings\moshe\usbsermptxp.sys
2005-02-25 02:22 208,896 ----a-w c:\windows\inf\MSI\SlowDownCPU\SlowDownCPU.exe
2005-02-22 06:47 39,040 ----a-w c:\windows\inf\MSI\SlowDownCPU\RushTop.sys
2005-02-22 06:47 143,360 ----a-w c:\windows\inf\MSI\SlowDownCPU\RushTop.dll
2004-11-01 09:12 23,424 ----a-w c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS
2004-11-01 09:11 94,208 ----a-w c:\windows\inf\MSI\SlowDownCPU\GLM7x.dll
2008-10-25 16:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102520081026\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 02:12 AM 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"="c:\windows\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [02/25/2005 04:22 AM 208896]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [12/07/2001 06:05 PM 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM 204800]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM 172032]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [09/30/2004 08:44 AM 7957504]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [12/07/2007 07:27 AM 3032800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [01/09/2009 08:36 AM 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/15/2008 01:04 AM 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [11/04/2008 10:30 AM 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [11/20/2008 01:20 PM 290088]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [02/07/2009 11:12 AM 1166216]
"VTTrayp"="VTtrayp.exe" [06/21/2004 08:57 PM 143360 c:\windows\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [10/01/2004 10:31 AM 53248 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 02:12 AM 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
05/24/2007 10:13 AM 24665 c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52349:TCP"= 52349:TCP:eMule : TCP Incoming
"28929:UDP"= 28929:UDP:*:Disabled:eMule : UDPIncoming

R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/24/2007 10:13:54 AM 2234800]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [5/24/2007 10:13:58 AM 36368]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [6/2/2007 7:55:37 PM 2368]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [5/24/2007 10:13:52 AM 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/24/2007 10:13:50 AM 673456]
S3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [11/10/2006 6:01:43 PM 23424]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890184c1-2113-11dd-9df8-547c96424f03}]
\Shell\AutoRun\command - H:\lpksetup.exe /AUTORUN
\Shell\configure\command - H:\lpksetup.exe
\Shell\install\command - H:\lpksetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94bbfa8a-e69c-11dc-9d8f-547c96424f03}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AUTORUN\run_me_first.bat
.
Contents of the 'Scheduled Tasks' folder

2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [07/30/2008 12:34 PM]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-MSKExe - c:\progra~1\mcafee\SPAMKI~1\spamkiller.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKCU-Explorer_Run-NT Printing Services6 - dllhosts.exe
SafeBoot-mfehidk
SafeBoot-mfehidk.sys
SafeBoot-mferkdk
SafeBoot-mferkdk.sys
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 11:35:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 02/07/2009 11:39:25
ComboFix-quarantined-files.txt 2009-02-07 09:39:23

Pre-Run: 6,652,350,464 bytes free
Post-Run: 6,979,665,920 bytes free

1846 --- E O F --- 2008-12-20 00:52:49

thats ALL

thanks for the care!


Report •

#11
February 7, 2009 at 15:43:14
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#12
February 8, 2009 at 22:18:43
Dear Jabuck

thanks again for all your help till now.

did all that, the bitdefender (which i used before) found lots of **it in a folder named "Avenger" which i never had! tried to delete it can couldn't!
the kapersky found also 2 infections there. i guess its a folder created by the virus, got into it and its full of junk RAR files.
how can i delete it please?

below is the kapersky log

---------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 08, 2009 20:36:40
Records in database: 1770445
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 80287
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:07:18


File name / Threat name / Threats count
C:\Avenger\m\shared\Dhaatu Infected: Trojan-Downloader.Win32.Bagle.amz 1
C:\Avenger\m\shared\xero Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\moshe\My Documents\My Received Files\Antivirus&system progs\Windows Xp Home & Pro Cracks (Key Generator & Activation Crack).zip Infected: Trojan.BAT.Small.ai 2
C:\Documents and Settings\moshe\My Documents\My Received Files\Antivirus&system progs\WinXP Windows XP activation (works with pro, home and home upgrd) crack keygen serial.zip Infected: Trojan.BAT.Small.ai 2

The selected area was scanned.


Report •

#13
February 11, 2009 at 03:24:26
dear Jabuck

i also deleted all files quarentined by my AV and all possible junk files from the Avenger folder

i can manage deleting two files: dhaatu, xerox. does it has any meaning?

thank you!


Report •

#14
February 11, 2009 at 03:35:40
Navigate to and delete this folder:

C:\Avenger

If it will no delete in normal mode delete it from safe mode.

To get into safe mode do the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Restart the computer to get back to normal mode.


Report •


Ask Question