http://swandog46.gee...com/avenger.zip
Note: The Avenger must be run from a user account with administrator privileges,
and ONLY works on Windows 2000 and XP, and only on 32-bit versions!
If yours is a 64 bit version, do not use it, let me know.
Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK. Don't add the Quotes.
Click Format, and ensure Word Wrap is unchecked.
Copy and Paste all the text inside the box below into Notepad.
Now save the file as RemoveFiles.txt in a location where you can find it.
Files to delete:
C:\WINDOWS\System32\awtrqrs.dll
C:\WINDOWS\System32\mllif.dll
C:\WINDOWS\system32\fillm.ini2
C:\WINDOWS\system32\fillm.ini
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\ypkmvnnx.dll
C:\WINDOWS\system32\cumuepqb.dll
C:\WINDOWS\SYSTEM32\winkei32.dll
C:\TTC.dll
C:\WINDOWS\system32\mkacgjxn.dll
C:\WINDOWS\system32\tdghugph.dll
C:\WINDOWS\system32\gpfirrea.dll
C:\WINDOWS\system32\nldiqvuu.dll
C:\WINDOWS\system32\llqhdgkg.dll
C:\WINDOWS\system32\nhvfmpn.dll
C:\WINDOWS\system32\oajrwbh.dll
C:\WINDOWS\system32\rqrpqpn.dll
C:\WINDOWS\system32\vbrdhrb.dll
C:\WINDOWS\system32\ebysjkm.dll
C:\WINDOWS\system32\vturonl.dll
C:\WINDOWS\system32\bmgncde.dll
C:\WINDOWS\system32\wgjcvmrm.dll
C:\WINDOWS\system32\oplcghot.dll
C:\WINDOWS\system32\fillm.bak2
C:\WINDOWS\system32\drivera.exe
C:\WINDOWS\system32\monterreya_sc.exe<MONTER~1.EXE
C:\WINDOWS\system32\itgydwj.dll
C:\WINDOWS\system32\dlh9jkd1q8.exe<DLH9JK~1.EXE
C:\WINDOWS\TTC.exe
C:\WINDOWS\system32\grbqcdl.dll
C:\WINDOWS\system32\sporder.dll
C:\WINDOWS\TEMP\stdrun1.exe
Folders to delete:
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
Start Avenger by double clicking on Avenger.exe.
Check Load script from file:
Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
Double click it to enter it into Avenger.
Click the green traffic light symbol.
You will be asked if you want to execute the script, answer Yes.
At this point you may get prompts from your protection systems, allow them please.
Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
Answer Yes, and allow your computer to re-boot.
Upon re-boot a command window will briefly appear on screen (this is normal).
A Notepad text file will be created C:\avenger.txt.
Copy and Paste it into your next post please, along with a new HJT log.
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O2 - BHO: (no name) - {01D6DF35-DDE1-4FAF-A3C8-301D7ED0BFD5} - \
O2 - BHO: (no name) - {022C0918-8965-47FF-9663-19E9549244B3} - \
O2 - BHO: (no name) - {04677740-8D24-456B-93A8-9234494F38F7} - \
O2 - BHO: (no name) - {12FDBA36-508D-4DED-9B0F-5EBCB2D50C1F} - \
O2 - BHO: (no name) - {1425CB4C-BE1A-403F-932D-824626F64935} - \
O2 - BHO: 0 - {1A91C860-D382-4BE6-23BE-22E91B490054} - C:\Program Files\Outlook Express\rydimyz.dll (file missing)
O2 - BHO: (no name) - {37D267F2-72B3-4A9B-A32D-60F808A8BE71} - \
O2 - BHO: (no name) - {405AED7B-648B-CD31-D8D6-085EAEA5A579} - C:\WINDOWS\System32\nhvfmpn.dll
O2 - BHO: (no name) - {44216188-77A0-6189-F04B-03A6DA2AE438} - C:\WINDOWS\System32\vbrdhrb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll (file missing)
O2 - BHO: (no name) - {59CC9B03-6161-449A-9D3D-AA7EEB8E52B9} - \
O2 - BHO: (no name) - {5D8C3ED9-7346-41A1-B478-5F445D8B7394} - \
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\cumuepqb.dll
O2 - BHO: (no name) - {6D1A2FF3-1ADF-4935-A2A7-CA9DCE67D450} - C:\WINDOWS\System32\awtrqrs.dll
O2 - BHO: (no name) - {7F3F9FA9-9B2A-46F7-A3B3-0AC7AABC9AFD} - \
O2 - BHO: (no name) - {80F37839-8643-41E6-9195-6472AD8B14E1} - C:\WINDOWS\System32\mllif.dll
O2 - BHO: (no name) - {8DCA00D6-AFAF-45F9-BB65-ACF5CA9732D7} - \
O2 - BHO: (no name) - {9C2443C9-BA89-4044-9DF2-F4B4D184B59F} - \
O2 - BHO: 0 - {A9FB0FE5-537D-4A4C-CC9F-510370668740} - C:\Program Files\Outlook Express\rydimyz.dll (file missing)
O2 - BHO: (no name) - {C5FC8332-F8D3-4BEF-8C8E-15CD7E7467DF} - \
O2 - BHO: (no name) - {C708E199-1A40-48FC-A90F-16A07FEBA337} - \
O2 - BHO: (no name) - {D3A0E59E-DA6C-4ACD-8147-85AF711B4429} - \
O2 - BHO: (no name) - {D5328ED0-97FF-48FD-9EDA-309A16454E84} - \
O2 - BHO: (no name) - {DD21BA76-CBD6-4B8E-8F8D-9AA2BE59E58F} - \
O2 - BHO: (no name) - {DE1F4F0E-EA2C-45FF-9BEF-FFE9F4DF6EEB} - \
O2 - BHO: (no name) - {DE95B2DC-556A-4A71-8EAB-CC8E49CB3297} - \
O2 - BHO: (no name) - {E50EF314-66B7-4685-A64B-DA72105C34FE} - \
O2 - BHO: (no name) - {E8C0CC66-8438-4236-92CD-3811FC143767} - \
O20 - Winlogon Notify: awtrqrs - C:\WINDOWS\SYSTEM32\awtrqrs.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: mllif - C:\WINDOWS\System32\mllif.dll
O20 - Winlogon Notify: winkei32 - winkei32.dll (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Empty Recycle Bin
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.