Removed rogue (ave.exe); Still lacking some functions?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

wyoming101

Thread Starter
Joined
Apr 3, 2010
Messages
1
Hello,

First, I am a Mac user attempting to remove Malware (Trojans/Rogues) on a Windows XP SP3 system to help a friend. So I hope you'll forgive my lack of familiarity in regards to terminology etc.

I have included logs and I think the problems will be relatively easy to solve. I greatly appreciate any advice anyone can give.

The problem became apparent a few days ago when XP Defender 2010 (ave.exe) became the dominant presence upon my friend's desktop. I tried the most frequently suggested removal methods but could not launch Malwarebytes Anti-Malware and eventually could only boot in Safe Mode but still couldn't launch Malwarebytes. Finally, I was able to run ComboFix, which ran successfully from Safe Mode. Following the ComboFix automated reboot and log creation, I was able run Malwarebytes which performed a full scan. Malwarebytes found a few more infected objects and removed them. After Malwarebytes completed the scan Windows Automatic Updates requested that I restart, which I did. At that point, I assumed everything was resolved but no I am unsure.

I am 90% certain that I have successfully removed the rogue security application and possibly other malware but the system seems to lack some function. For instance, it can't seem to connect to the internet. This might be a result of my limited knowledge of Windows XP systems? Also, I would like return my friend's computer as streamlined as possible and I suspect there are many Startup Items and Applications which may not be malicious but should be removed. I would like suggestions as to what should be uninstalled/removed.

Below, I will post the logs and uninstall lists in the order they were created. If this post is too long I will post additional logs/lists in a subsequent post.

Again, I appreciate any help anyone can provide.

Thanks

ComboFix Log

ComboFix 10-04-01.02 - Administrator 04/03/2010 0:23.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1243 [GMT -6:00]
Running from: F:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\ave.exe
c:\documents and settings\Administrator\rundll32 .exe
c:\documents and settings\Administrator\rundll32.exe
c:\documents and settings\All Users\Application Data\_VOIDmfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Caro\agrsmmsg .exe
c:\documents and settings\Caro\Local Settings\Application Data\av.exe
c:\documents and settings\Caro\Local Settings\Application Data\ave.exe
c:\documents and settings\Caro\Local Settings\Application Data\MSASCui.exe
c:\documents and settings\Caro\ndstray .exe
c:\documents and settings\Caro\rundll32 .exe
c:\documents and settings\Caro\rundll32.exe
c:\documents and settings\Caro\tctrliohook .exe
c:\documents and settings\Caro\tfncky .exe
c:\documents and settings\Caro\tpsmain .exe
c:\documents and settings\Caro\zoominghook .exe
c:\program files\Adobe\acrotray .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\_VOIDkbccdxbvtp
c:\windows\_VOIDkbccdxbvtp\_VOIDd.sys
c:\windows\AppPatch\AcAdProc.dll
c:\windows\system32\_VOIDaouohsbckk.dat
c:\windows\system32\_VOIDfhixupxthw.dat
c:\windows\system32\_VOIDidieigrdbj.dll
c:\windows\system32\_VOIDiugnbclnru.dat
c:\windows\system32\_VOIDjrojsierri.dat
c:\windows\system32\_VOIDjuprrxvmpe.dll
c:\windows\system32\_VOIDtccdsipotu.dll
c:\windows\system32\_VOIDtkocqptuni.dll
c:\windows\system32\_VOIDutodmsmekl.dll
c:\windows\system32\_VOIDutqxewmtti.dat
c:\windows\system32\_VOIDxlgehtespp.dll
c:\windows\system32\_VOIDxmbfpufpxt.dat
c:\windows\system32\_VOIDyfulpsetqx.dat
c:\windows\system32\_VOIDypetnwkbwp.dat
c:\windows\system32\agrsmmsg .exe
c:\windows\system32\app_dll.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\jesafijo.dll
c:\windows\system32\ndstray .exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\tctrliohook .exe
c:\windows\system32\tfncky .exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tpsmain .exe
c:\windows\system32\zoominghook .exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy__VOIDKBCCDXBVTP
-------\Service__VOIDkbccdxbvtp


((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-03 06:40 . 2010-04-03 06:40 -------- d-----w- c:\windows\LastGood
2010-03-31 18:24 . 2010-03-31 18:24 92504 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-31 13:35 . 2010-03-22 03:14 30720 ----a-w- c:\documents and settings\Caro\tpsmain.exe
2010-03-31 13:35 . 2010-03-22 03:14 30720 ----a-w- c:\documents and settings\Caro\zoominghook.exe
2010-03-31 13:35 . 2010-03-31 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\06cbc70
2010-03-31 13:35 . 2010-03-22 03:14 30720 ----a-w- c:\documents and settings\Caro\tfncky.exe
2010-03-31 13:35 . 2010-03-22 03:13 30720 ----a-w- c:\documents and settings\Caro\tctrliohook.exe
2010-03-31 13:35 . 2010-03-22 03:13 30720 ----a-w- c:\documents and settings\Caro\ndstray.exe
2010-03-31 13:35 . 2010-03-22 03:13 30720 ----a-w- c:\documents and settings\Caro\agrsmmsg.exe
2010-03-31 13:29 . 2010-03-24 01:18 30720 ----a-w- c:\windows\system32\tfncky.exe
2010-03-31 13:29 . 2010-03-24 01:19 30720 ----a-w- c:\windows\system32\ndstray.exe
2010-03-31 13:28 . 2010-03-24 01:19 30720 ----a-w- c:\windows\system32\agrsmmsg.exe
2010-03-31 13:27 . 2010-03-31 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-03-31 04:05 . 2010-03-31 04:05 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-31 04:05 . 2010-03-24 01:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-31 04:05 . 2010-03-31 04:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-24 05:34 . 2010-03-24 05:34 -------- d-----w- c:\program files\Trend Micro
2010-03-24 01:52 . 2010-03-24 01:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-24 01:51 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-22 18:50 . 2010-03-24 00:18 -------- d-----w- c:\program files\CCleaner
2010-03-10 20:09 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 06:36 . 2005-12-27 04:23 30720 ----a-w- c:\windows\system32\ctfmon.exe
2010-03-31 13:35 . 2010-03-31 13:35 2282496 ----a-w- c:\documents and settings\All Users\Application Data\06cbc70\SG06cb.exe
2010-03-31 13:29 . 2010-03-31 13:29 30720 ----a-w- c:\windows\system32\OLD23.tmp
2010-03-31 00:28 . 2005-12-27 18:02 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 00:22 . 2010-03-31 00:22 503808 ----a-w- c:\documents and settings\Caro\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dcf34ec-n\msvcp71.dll
2010-03-31 00:22 . 2010-03-31 00:22 499712 ----a-w- c:\documents and settings\Caro\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dcf34ec-n\jmc.dll
2010-03-31 00:22 . 2010-03-31 00:22 348160 ----a-w- c:\documents and settings\Caro\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dcf34ec-n\msvcr71.dll
2010-03-31 00:22 . 2010-03-31 00:22 61440 ----a-w- c:\documents and settings\Caro\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aa44b09-n\decora-sse.dll
2010-03-31 00:22 . 2010-03-31 00:22 12800 ----a-w- c:\documents and settings\Caro\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aa44b09-n\decora-d3d.dll
2010-03-31 00:21 . 2005-12-27 18:02 -------- d-----w- c:\program files\Java
2010-03-29 21:24 . 2010-03-24 01:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 21:24 . 2010-03-24 01:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 01:21 . 2009-02-20 02:43 -------- d-----w- c:\program files\Digsby
2010-03-25 16:05 . 2010-03-25 16:05 315354 ----a-w- c:\documents and settings\All Users\Application Data\Update\seupd.exe
2010-03-25 13:18 . 2010-03-25 13:18 1082244 ----a-w- c:\documents and settings\All Users\Application Data\Update\tbsk.exe
2010-03-24 05:47 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-24 05:38 . 2010-03-24 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 01:52 . 2009-11-03 06:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-03-24 01:47 . 2010-03-24 01:47 -------- d-----w- c:\program files\DCleaner
2010-03-24 01:23 . 2010-03-24 01:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-24 01:19 . 2005-12-28 00:18 30720 ----a-w- c:\windows\system32\hkcmd.exe
2010-03-24 01:19 . 2007-08-22 21:12 -------- d-----w- c:\program files\iTunes
2010-03-24 01:19 . 2005-12-27 17:23 -------- d-----w- c:\program files\ltmoh
2010-03-24 01:18 . 2006-07-12 19:22 -------- d-----w- c:\program files\Protector Suite QL
2010-03-24 01:18 . 2010-02-20 00:44 -------- d-----w- c:\program files\QuickTime
2010-03-24 01:18 . 2005-12-05 22:50 30720 ----a-w- c:\windows\system32\tctrliohook.exe
2010-03-24 01:18 . 2005-12-27 18:31 30720 ----a-w- c:\windows\system32\tpsmain.exe
2010-03-24 01:18 . 2005-06-06 17:58 30720 ----a-w- c:\windows\system32\zoominghook.exe
2010-03-24 01:18 . 2005-12-27 16:51 -------- d-----w- c:\program files\Apoint2K
2010-03-24 00:54 . 2010-03-24 00:54 30720 ----a-w- c:\documents and settings\Administrator\agrsmmsg.exe
2010-03-24 00:54 . 2010-03-24 00:54 30720 ----a-w- c:\documents and settings\Administrator\ndstray.exe
2010-03-24 00:54 . 2010-03-24 00:54 30720 ----a-w- c:\documents and settings\Administrator\tctrliohook.exe
2010-03-24 00:54 . 2010-03-24 00:54 30720 ----a-w- c:\documents and settings\Administrator\tfncky.exe
2010-03-24 00:54 . 2010-03-24 00:54 30720 ----a-w- c:\documents and settings\Administrator\tpsmain.exe
2010-03-24 00:54 . 2010-03-24 00:54 30720 ----a-w- c:\documents and settings\Administrator\zoominghook.exe
2010-03-23 01:27 . 2007-06-28 02:40 -------- d-----w- c:\program files\utorrent
2010-03-23 01:27 . 2007-06-28 02:40 -------- d-----w- c:\documents and settings\Caro\Application Data\uTorrent
2010-03-22 03:19 . 2007-06-28 02:46 -------- d-----w- c:\documents and settings\Caro\Application Data\Skype
2010-03-22 01:51 . 2005-12-28 00:18 30720 ----a-w- c:\windows\system32\igfxpers.exe
2010-03-21 23:18 . 2009-02-02 05:22 -------- d-----w- c:\program files\Ninja
2010-03-21 22:05 . 2009-01-04 23:18 -------- d-----w- c:\documents and settings\Caro\Application Data\skypePM
2010-03-09 10:28 . 2009-03-24 00:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 00:13 . 2009-10-22 20:57 217088 ----a-w- c:\documents and settings\Caro\Application Data\Mozilla\Firefox\Profiles\1y3q76em.default\extensions\[email protected]\components\Shim.dll
2010-02-24 16:16 . 2009-10-02 22:29 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 00:49 . 2010-02-20 00:49 -------- d-----w- c:\program files\iPod
2010-02-20 00:48 . 2007-07-05 04:19 -------- d-----w- c:\program files\Common Files\Apple
2010-02-20 00:36 . 2010-02-20 00:36 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-06 19:08 . 2010-01-16 21:54 4726272 ----a-w- c:\documents and settings\Caro\Application Data\Mozilla\Firefox\Profiles\1y3q76em.default\extensions\[email protected]\libs\cooliris190.dll
2010-01-06 19:08 . 2010-01-16 21:54 57856 ----a-w- c:\documents and settings\Caro\Application Data\Mozilla\Firefox\Profiles\1y3q76em.default\extensions\[email protected]\components\coolirisstub.dll
2010-01-06 19:08 . 2010-01-16 21:54 545280 ----a-w- c:\documents and settings\Caro\Application Data\Mozilla\Firefox\Profiles\1y3q76em.default\extensions\[email protected]\libs\PicLensHelper.exe
2010-01-06 19:08 . 2010-01-16 21:54 4725760 ----a-w- c:\documents and settings\Caro\Application Data\Mozilla\Firefox\Profiles\1y3q76em.default\extensions\[email protected]\libs\cooliris192.dll
2010-01-06 19:08 . 2010-01-16 21:54 344064 ----a-w- c:\documents and settings\Caro\Application Data\Mozilla\Firefox\Profiles\1y3q76em.default\extensions\[email protected]\libs\LaunchCooliris.exe
2010-01-06 19:08 . 2010-01-16 21:54 153600 ----a-w- c:\documents and settings\Caro\Application Data\Mozilla\Firefox\Profiles\1y3q76em.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
2010-01-06 19:08 . 2010-01-16 21:54 103424 ----a-w- c:\documents and settings\Caro\Application Data\Mozilla\Firefox\Profiles\1y3q76em.default\extensions\[email protected]\libs\pixomatic.dll
2010-01-05 10:00 . 2005-12-27 04:23 832512 ------w- c:\windows\system32\wininet.dll
2010-01-03 16:36 . 2010-01-03 16:36 56827 ----a-w- c:\documents and settings\All Users\Application Data\Update\tbupd.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
1601-01-01 00:03 . 1601-01-01 00:03 201728 --sha-w- c:\windows\system32\fipuyuko.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top