Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I cannot open ANY spyware/malware removal programs!


  • This topic is locked This topic is locked
6 replies to this topic

#1 sgm1117

sgm1117

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 25 July 2009 - 12:15 AM

Recently I have noticed I cannot open any antispyware/malware programs and my google searches will often redirect to random stuff that is not even close to what I googled. Here is my dds logs. If I did anything wrong please let me know.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Gablen at 1:11:32.01 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.674 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gablen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222455460077
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.153,85.255.112.92
TCP: {38C336A9-FA17-4BD0-BFD7-A141CEAF1398} = 85.255.112.153,85.255.112.92
TCP: {43DA01B1-B442-4DE5-9BB3-0CB150039B88} = 85.255.112.153,85.255.112.92
TCP: {E7C3D246-ABD8-4E5D-B61C-2B2216E1B2CC} = 85.255.112.153,85.255.112.92
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gablen\applic~1\mozilla\firefox\profiles\gd409vdw.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-26 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-26 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-26 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-26 40552]

=============== Created Last 30 ================

2009-07-25 00:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 00:34 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-25 00:34 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-25 00:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 00:31 <DIR> --d----- c:\docume~1\gablen\applic~1\AVG8
2009-07-24 06:04 2,094 a------- c:\windows\system32\tmp.reg
2009-07-24 05:42 <DIR> --d----- c:\docume~1\gablen\applic~1\GetRightToGo
2009-07-20 02:25 13,586 a------- c:\windows\system32\za279pywa5e206.ocx
2009-07-19 21:18 10,368 a------- c:\windows\123zthr5at191439.exe
2009-07-18 22:42 11,658 a------- c:\windows\255t5ie9402z.ocx
2009-07-17 21:04 12,218 a------- c:\windows\3ez4downloa95r1324.bin
2009-07-16 22:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-16 22:13 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-13 07:57 6,992 a------- c:\windows\system32\14a59pyware1z85.cpl
2009-07-11 07:08 5,615 a------- c:\windows\system32\5z9esparse13775.exe
2009-07-10 01:31 17,462 a------- c:\windows\5910steal20z5.ocx
2009-07-05 10:08 3,691 a------- c:\windows\479back5ozr1717.exe
2009-07-04 19:18 13,055 a------- c:\windows\system32\195155r9j7z6.cpl
2009-07-02 06:58 3,233 a------- c:\windows\system32\69z8ste9l9505.cpl
2009-07-02 03:59 16,832 a------- c:\windows\3378st9al1554z.ocx
2009-06-26 18:34 9,749 a------- c:\windows\system32\4944spyw5re2462z.cpl
2009-06-26 17:16 3,019 a------- c:\windows\system32\25d0do5nlo9der2z08.dll
2009-06-25 08:26 7,301 a------- c:\windows\system32\1295spamzot7a2.bin

==================== Find3M ====================

2009-07-11 23:34 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-07-11 23:34 17,212 a------t c:\windows\system32\SIntf32.dll
2009-07-11 23:34 12,067 a------t c:\windows\system32\SIntf16.dll
2009-06-24 19:26 4,450 a------- c:\windows\6f55down9oa5er261z.bin
2009-06-23 00:34 17,577 a------- c:\windows\system32\6809downloadzr28145.dll
2009-06-22 07:32 10,326 a------- c:\windows\system32\2a60s9ealz531.bin
2009-06-17 17:19 8,066 a------- c:\windows\9d20backdzor2655.bin
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-15 10:35 9,816 a------- c:\windows\system32\9f955hreat24003z.dll
2009-06-15 08:29 16,335 a------- c:\windows\system32\452cdownloazer1939.exe
2009-06-13 18:12 13,978 a------- c:\windows\system32\458zspamb9t32b.exe
2009-06-08 07:03 16,707 a------- c:\windows\system32\515aspy9are2z17.dll
2009-06-06 03:47 8,985 a------- c:\windows\system32\29355wozm6a1.exe
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-28 04:58 14,896 a------- c:\windows\system32\4eeb9ckdoor2555z.dll
2009-05-26 15:07 14,522 a------- c:\windows\4cf1d9wnlzader3054.exe
2009-05-26 04:03 9,722 a------- c:\windows\23805wz9m338.exe
2009-05-25 05:18 8,528 a------- c:\windows\system32\28419spam5otz57.exe
2009-05-23 18:03 16,469 a------- c:\windows\system32\f1d9zief5250.exe
2009-05-21 11:34 12,536 a------- c:\windows\system32\43c9backzoor3145.exe
2009-05-20 00:34 2,521 a------- c:\windows\system32\5565thz5at19320.bin
2009-05-18 11:16 5,822 a------- c:\windows\5bcthiez2994.dll
2009-05-18 09:33 5,946 a------- c:\windows\7925teal30z0.dll
2009-05-18 06:36 8,754 a------- c:\windows\27765spam9oz155.exe
2009-05-17 07:17 7,928 a------- c:\windows\59z739py1f2.bin
2009-05-16 10:54 7,110 a------- c:\windows\system32\92z5ba5kdoor1755.exe
2009-05-15 23:55 15,960 a------- c:\windows\system32\319z6virus516.exe
2009-05-15 02:07 16,916 a------- c:\windows\1977spa5ze2754.dll
2009-05-13 03:43 8,256 a------- c:\windows\49e5threat22z13.bin
2009-05-09 00:43 5,226 a------- c:\windows\system32\210b5ckdzor20829.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-06 14:38 15,623 a------- c:\windows\252evir9659z.exe
2009-05-05 22:16 5,020 a------- c:\windows\system32\4269wo5m6z.dll
2009-05-04 01:59 11,183 a------- c:\windows\5593vir1943z.exe
2009-05-04 00:44 17,424 a------- c:\windows\9a53ste5l5z6.exe
2009-05-03 14:43 9,922 a------- c:\windows\15825sp9mbztbe5.bin
2009-05-03 06:33 15,322 a------- c:\windows\system32\9664zot-a-vi59s3d5.exe
2009-05-02 15:00 17,788 a------- c:\windows\58298troz189.bin
2009-05-01 17:48 13,768 a------- c:\windows\28z95spamb5t78c.dll
2009-05-01 09:22 12,272 a------- c:\windows\system32\14259pambotzc.bin
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-28 18:38 15,387 a------- c:\windows\system32\22422ha9kto5l434z.dll
2009-04-27 15:53 11,508 a------- c:\windows\system32\zb79steal2596.bin

============= FINISH: 1:11:40.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 25 July 2009 - 11:06 AM

Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 sgm1117

sgm1117
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 25 July 2009 - 09:14 PM

I am attaching the sysprot log thanks for your help thus far.

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 25 July 2009 - 09:26 PM

I'll be unavailable for the next 48 hrs due to outstation job.. Please do the following..


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 sgm1117

sgm1117
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 25 July 2009 - 11:05 PM

Thanks a ton. Here is the last log.

ComboFix 09-07-25.04 - Gablen 07/25/2009 23:51.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.766 [GMT -4:00]
Running from: c:\documents and settings\Gablen\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gablen\My Documents\My Documents.url
c:\documents and settings\Gablen\My Documents\My Music\My Music.url
c:\documents and settings\Gablen\My Documents\My Videos\My Video.url
c:\windows\10204w9zm5dd.dll
c:\windows\1065spar9e308z.dll
c:\windows\1088zworm95.bin
c:\windows\10894hack5oolz87.exe
c:\windows\1099t5zef2794.dll
c:\windows\11915hzcktool79e.dll
c:\windows\123zthr5at191439.exe
c:\windows\12424w59m12z.cpl
c:\windows\12665zpam5ot339.cpl
c:\windows\1314z5ack9ool196.exe
c:\windows\13286h9cztool5c0.cpl
c:\windows\1335zteal9557.exe
c:\windows\1383zworm195.ocx
c:\windows\149825orm5e8z.exe
c:\windows\14f8stz5l9524.cpl
c:\windows\1517zteal15219.ocx
c:\windows\1552zs9y403.bin
c:\windows\15538sp9358z.cpl
c:\windows\15595not-a9vzrus1da.ocx
c:\windows\15596not-a-viru5z29.exe
c:\windows\156ado5nloade91z35.cpl
c:\windows\1571addwa9e231z.ocx
c:\windows\15825sp9mbztbe5.bin
c:\windows\15846tr9jz7b.ocx
c:\windows\15923worm7z4.ocx
c:\windows\16039woz5798.dll
c:\windows\163z5worm915.cpl
c:\windows\16532spamb9tz85.bin
c:\windows\1705spzrse977.exe
c:\windows\17271s9y5z9.dll
c:\windows\17922w5rm99z.bin
c:\windows\17z90troj395.ocx
c:\windows\184z3h5ck9ool5b5.bin
c:\windows\1862do9zloader29795.cpl
c:\windows\18815hzc9toolae.bin
c:\windows\1969zir255.ocx
c:\windows\1977spa5ze2754.dll
c:\windows\198055a9ztool2c1.exe
c:\windows\19947not-z-vir5sc5.cpl
c:\windows\199575azktool47.exe
c:\windows\19961hacztoo528f.exe
c:\windows\19z5ot-a-virus987.dll
c:\windows\1b4thief9538z.bin
c:\windows\1bf8th59f2321z.cpl
c:\windows\1c5fvzr1933.dll
c:\windows\1d50addwa9e58z.bin
c:\windows\1d51zac9d5or969.ocx
c:\windows\1d82zteal9530.dll
c:\windows\1dzbaddware1955.exe
c:\windows\1eb5threatz5659.dll
c:\windows\1f99thre5t26520z.cpl
c:\windows\1z359not-a-virusb85.dll
c:\windows\1z729n5t-a-virus474.cpl
c:\windows\1z77backdo9r5394.cpl
c:\windows\1z79spyware12295.ocx
c:\windows\1z7es5ars92251.dll
c:\windows\1z8645p9125.bin
c:\windows\1zc69teal29525.ocx
c:\windows\21397not-z-5irus490.exe
c:\windows\21590vzrus60e.exe
c:\windows\217z25pambot6429.cpl
c:\windows\218avi9156z.ocx
c:\windows\22596wormzbc.dll
c:\windows\2263no95a-viruz152.ocx
c:\windows\22971spam5ot69z9.exe
c:\windows\229fspaz5e1963.cpl
c:\windows\22d5v9rz265.cpl
c:\windows\22z03spy4195.dll
c:\windows\22z209iru54ed.bin
c:\windows\23019zot-a-virus65.bin
c:\windows\23805wz9m338.exe
c:\windows\23957w9rz595.ocx
c:\windows\2395zwor58c.ocx
c:\windows\2441zpy599.ocx
c:\windows\2495vir1954z.cpl
c:\windows\24a45ackz9or642.bin
c:\windows\24ecs9arse5812z.ocx
c:\windows\252evir9659z.exe
c:\windows\25319zirus6cd.bin
c:\windows\25401vizus7009.bin
c:\windows\255595py319z.bin
c:\windows\255t5ie9402z.ocx
c:\windows\255z395oje5.exe
c:\windows\256519acztool49d.ocx
c:\windows\257zdownlo9der743.exe
c:\windows\25917vizus6885.exe
c:\windows\25d0zi523709.exe
c:\windows\25z55not-a-virus4539.dll
c:\windows\266z5i9f1811.cpl
c:\windows\26967hazktool15c.cpl
c:\windows\27765spam9oz155.exe
c:\windows\27933w9r511z.exe
c:\windows\2805z9oj4dc.dll
c:\windows\280z5t9al1935.ocx
c:\windows\28426trojz955.cpl
c:\windows\28773not-a9zirus556.ocx
c:\windows\28995te9z2544.ocx
c:\windows\28z95spamb5t78c.dll
c:\windows\29093worz54e9.bin
c:\windows\290aspazse1275.bin
c:\windows\2921troz21a5.ocx
c:\windows\2940z9ot-a-5irus20b.cpl
c:\windows\29596zir951ef.ocx
c:\windows\29765hzck9ool33e.cpl
c:\windows\297885aczto9l744.bin
c:\windows\297c5pywa9e29z7.cpl
c:\windows\29877s9y1c5z.exe
c:\windows\29928spambz9115.dll
c:\windows\29d6spz59re482.ocx
c:\windows\2z804viru5930.ocx
c:\windows\2z99hacktoo5528.bin
c:\windows\30109not-a-vizus5a5.exe
c:\windows\3085stea9305z.dll
c:\windows\30953spamzot45c.ocx
c:\windows\313495zr918f.dll
c:\windows\319559iruzc2.ocx
c:\windows\31acsp5rse959z.dll
c:\windows\32080sp5596z.bin
c:\windows\320ebac9zo5r1699.exe
c:\windows\3235vzr1909.cpl
c:\windows\324z4sp95c5.cpl
c:\windows\32703not-a95irus23bz.bin
c:\windows\3295zr9j5e.ocx
c:\windows\3378st9al1554z.ocx
c:\windows\3478z95us271.dll
c:\windows\34fbb9ckdoor518z.ocx
c:\windows\34z2th5eat27968.bin
c:\windows\3503thrza914611.dll
c:\windows\35849tezl512.exe
c:\windows\3596t9ie5z65.ocx
c:\windows\359zdownloa9er649.bin
c:\windows\36479hie526z9.ocx
c:\windows\3759v9rus57z.ocx
c:\windows\3799bacz9oor595.ocx
c:\windows\3813hack5ool59z9.ocx
c:\windows\383bdzwnl9ader5617.exe
c:\windows\39025zrm521.dll
c:\windows\393athi5f2z90.dll
c:\windows\39555spa5bot345z.dll
c:\windows\39685troj15z.ocx
c:\windows\39z0steal9085.exe
c:\windows\3a07sp5war91z18.exe
c:\windows\3az69ownloa5er1080.cpl
c:\windows\3b75thie94z0.ocx
c:\windows\3cb5t9reatz776.cpl
c:\windows\3dz5vir3292.cpl
c:\windows\3efzb5ck9oor1867.ocx
c:\windows\3ez4downloa95r1324.bin
c:\windows\3f635hief9626z.cpl
c:\windows\3z022s5y398.cpl
c:\windows\405dback9oor2386z.exe
c:\windows\4075ste9l1859z.bin
c:\windows\40795ackdoor2z92.bin
c:\windows\429fspzware17505.dll
c:\windows\436059t-a-vizus41f.cpl
c:\windows\43zcaddwar91555.ocx
c:\windows\4491zh5ef442.dll
c:\windows\44z0spy9are1537.bin
c:\windows\451ftzief7859.ocx
c:\windows\45465ack9ozr2592.bin
c:\windows\4560thi5f9299z.dll
c:\windows\45689ownloazer1155.cpl
c:\windows\4587spyz9.cpl
c:\windows\4591n9t-a5virus351z.exe
c:\windows\4759szyware3190.ocx
c:\windows\4769hack5ooz519.dll
c:\windows\479back5ozr1717.exe
c:\windows\48569ownloader2z80.cpl
c:\windows\492azp5w9re35.dll
c:\windows\4975threatz9707.ocx
c:\windows\49bath9ezt13356.bin
c:\windows\49e3threa928z53.exe
c:\windows\49e5threat22z13.bin
c:\windows\49ead5warz2898.dll
c:\windows\4b27downlzad591391.cpl
c:\windows\4bd9szy5are1696.cpl
c:\windows\4c9fbackdoor1z58.ocx
c:\windows\4cf1d9wnlzader3054.exe
c:\windows\4d40baczdo9r25965.exe
c:\windows\4d82s9e5l1z3.cpl
c:\windows\4z57vir2995.ocx
c:\windows\50157sp9mbotzf2.cpl
c:\windows\50azthi9f1960.bin
c:\windows\51258zroj593.ocx
c:\windows\5147adzw5re593.ocx
c:\windows\51697zpambot956.exe
c:\windows\518spy79z.bin
c:\windows\5199thiez2559.exe
c:\windows\52589zief955.dll
c:\windows\52719viru96cz.cpl
c:\windows\5351zhief591.ocx
c:\windows\5359vi9z300.ocx
c:\windows\5431not9a-virus1fz.exe
c:\windows\54369hief19z6.exe
c:\windows\54615spy9z4.exe
c:\windows\549sparse139z.ocx
c:\windows\54dazt95l738.ocx
c:\windows\54s5y98z.bin
c:\windows\5519sparse566z.ocx
c:\windows\553zs9yd5.cpl
c:\windows\5553sze9l1530.cpl
c:\windows\5559stezl2123.ocx
c:\windows\55699zief2318.cpl
c:\windows\55800wo9m5z3.cpl
c:\windows\55859ot-a-vizus33a.cpl
c:\windows\5590stezl1030.cpl
c:\windows\5593vir1943z.exe
c:\windows\559adow5zoader1948.ocx
c:\windows\559cszywar5937.dll
c:\windows\55a3threa91970z.exe
c:\windows\55c9thzef490.cpl
c:\windows\55z1spam59t659.cpl
c:\windows\55zcad5w9re683.cpl
c:\windows\5607sza5s9499.exe
c:\windows\5645vi9u5121z.dll
c:\windows\5685worz2dd9.bin
c:\windows\568z5ddw9re336.dll
c:\windows\56f9thiez2513.exe
c:\windows\56z1vir9288.ocx
c:\windows\570bzp9ware620.ocx
c:\windows\58298troz189.bin
c:\windows\5885hac9toolz50.dll
c:\windows\58z3do5nloa9er2872.ocx
c:\windows\5910steal20z5.ocx
c:\windows\594ftzi9f5811.exe
c:\windows\5954spy9arez73.bin
c:\windows\5959troj1ez.exe
c:\windows\5981s9a5sez030.dll
c:\windows\59b9downloader9019z.bin
c:\windows\59d2addwaze777.ocx
c:\windows\59fethzef1595.exe
c:\windows\59z739py1f2.bin
c:\windows\5a9zthreat25785.bin
c:\windows\5b2thre9t744z.dll
c:\windows\5bcthiez2994.dll
c:\windows\5czthief2976.dll
c:\windows\5d39thi5fz499.exe
c:\windows\5d59adzware379.ocx
c:\windows\5d9aspywaz91659.bin
c:\windows\5dczaddware3295.exe
c:\windows\5e2bbaczdo5r796.ocx
c:\windows\5e5espar5e980z.cpl
c:\windows\5e70downl9a5erz811.ocx
c:\windows\5f24vir7z09.exe
c:\windows\5z11b9ckdoor2293.bin
c:\windows\5z985parse9621.exe
c:\windows\5zd95ddware996.bin
c:\windows\610eth9zat58673.exe
c:\windows\6155sp9ware2z26.cpl
c:\windows\615zspa5s9598.exe
c:\windows\61bfdownloz9er2753.bin
c:\windows\634spyzare8995.ocx
c:\windows\6351w9r565z.dll
c:\windows\650addwar9861z.bin
c:\windows\651dback9zor9255.exe
c:\windows\657fthzeat285059.cpl
c:\windows\6894downloade5z195.ocx
c:\windows\6951sparsez29.exe
c:\windows\6aa659zware1925.dll
c:\windows\6f12thi9f155z.ocx
c:\windows\6f55down9oa5er261z.bin
c:\windows\6fz4add9a5e949.ocx
c:\windows\6z8bvir98135.ocx
c:\windows\6ze3thie9454.cpl
c:\windows\7048sz9mbot4005.exe
c:\windows\717fs59zl3016.exe
c:\windows\7394z5r1108.bin
c:\windows\73bza5dware2098.ocx
c:\windows\7475a9kdozr2822.exe
c:\windows\7504zt9al60.dll
c:\windows\758back5ozr9979.dll
c:\windows\75azddware195.dll
c:\windows\75f5threatz5999.exe
c:\windows\767z5pam9ot2ee.ocx
c:\windows\76az9ir135.ocx
c:\windows\7732addzare20995.exe
c:\windows\778dtz9ef3055.bin
c:\windows\7810z5ck9oor2724.dll
c:\windows\7925teal30z0.dll
c:\windows\79fes5eal26z9.dll
c:\windows\79z35irus7d6.cpl
c:\windows\7c5zthre5t268529.dll
c:\windows\7d52doznloade923155.dll
c:\windows\7z5s9arse2882.cpl
c:\windows\7zact5i9f1775.ocx
c:\windows\7zcvir5090.dll
c:\windows\80as5ars926z3.dll
c:\windows\849szyware5774.cpl
c:\windows\8728spamboz35d9.dll
c:\windows\8823s9az5ot27f.ocx
c:\windows\8860hackt5zl31e9.cpl
c:\windows\89daddwaz5817.dll
c:\windows\9010z5roj7d5.ocx
c:\windows\90b0s5ealz036.bin
c:\windows\91072wo5m586z.bin
c:\windows\911spaz5e407.ocx
c:\windows\9155zir1566.bin
c:\windows\91915izu956f.ocx
c:\windows\92155hacktool1zd.cpl
c:\windows\92525worm7z9.ocx
c:\windows\92955wzrm586.dll
c:\windows\92dcthreat17852z.bin
c:\windows\92z1vi52965.dll
c:\windows\931hack5o9z511.bin
c:\windows\934425orm191z.dll
c:\windows\936fdownloader4z85.dll
c:\windows\9375w9rm442z.ocx
c:\windows\93z9not-a-vir5s653.ocx
c:\windows\9468downloaderz6835.ocx
c:\windows\95513no5-a-virus70z.bin
c:\windows\955fsteal1142z.cpl
c:\windows\96035acktzoldb9.dll
c:\windows\9609vz9us65b.dll
c:\windows\9610viz5294.ocx
c:\windows\98578virus6zf.cpl
c:\windows\9929ztro5745.cpl
c:\windows\9995iz604.cpl
c:\windows\999zpywa9e32765.exe
c:\windows\9a53ste5l5z6.exe
c:\windows\9b5ezhief50.bin
c:\windows\9d20backdzor2655.bin
c:\windows\9d5bthzef1951.bin
c:\windows\9dzaddware2555.dll
c:\windows\9f25doz5loader1558.ocx
c:\windows\9z8vi5841.cpl
c:\windows\aecbaczd5or2929.bin
c:\windows\b59backd5or803z.dll
c:\windows\c8zpa9se14455.exe
c:\windows\d76back59orz506.dll
c:\windows\e7th5ea9z2366.bin
c:\windows\e945hreatz1799.ocx
c:\windows\ecfb9ckdo5r2z29.bin
c:\windows\ef3d95nlzader72.exe
c:\windows\f2a5iz949.exe
c:\windows\system32\10141h5cktoolz99.exe
c:\windows\system32\10519zroj1e8.cpl
c:\windows\system32\10753not-azv9rus435.dll
c:\windows\system32\10798ha9kzool50a.bin
c:\windows\system32\109dspyw5re198z9.ocx
c:\windows\system32\10z51not-a-vi9us5135.bin
c:\windows\system32\110fadd5aze9189.dll
c:\windows\system32\1113v9ruzd5.exe
c:\windows\system32\1152zownloader9506.ocx
c:\windows\system32\1173s9arse157z.ocx
c:\windows\system32\12213worm9z85.ocx
c:\windows\system32\12659hacktool69z.dll
c:\windows\system32\1295spamzot7a2.bin
c:\windows\system32\130559r5jz77.cpl
c:\windows\system32\135239i5uz481.cpl
c:\windows\system32\13957n9t-a-vizus425.ocx
c:\windows\system32\1396z5t-a-virus4d1.exe
c:\windows\system32\1399spywaze1357.dll
c:\windows\system32\14259pambotzc.bin
c:\windows\system32\149625ot-azvirus9fe.dll
c:\windows\system32\14a59pyware1z85.cpl
c:\windows\system32\1522z9roj479.cpl
c:\windows\system32\1534szywar59199.dll
c:\windows\system32\15379trzj69b.exe
c:\windows\system32\155075pz9bot1a3.ocx
c:\windows\system32\155z9pars52685.dll
c:\windows\system32\15686virus4e9z.cpl
c:\windows\system32\15914virzs5e2.cpl
c:\windows\system32\15927wormz49.ocx
c:\windows\system32\161465ot-a-zirus3ae9.ocx
c:\windows\system32\16919spy51z.exe
c:\windows\system32\17459spyzd.cpl
c:\windows\system32\17f65teaz948.dll
c:\windows\system32\189z2spam5ot35a.cpl
c:\windows\system32\18bzad9ware528.cpl
c:\windows\system32\191z4sp96f95.exe
c:\windows\system32\195155r9j7z6.cpl
c:\windows\system32\1956threatz8554.ocx
c:\windows\system32\19610spa5boz979.bin
c:\windows\system32\1998zspambot2b5.exe
c:\windows\system32\19cezownloa5er3068.ocx
c:\windows\system32\19z3s5eal408.ocx
c:\windows\system32\1a9z5reat18216.dll
c:\windows\system32\1b56spywarz15299.dll
c:\windows\system32\1cdownzoader2395.bin
c:\windows\system32\1cz0stea91523.ocx
c:\windows\system32\1e39addw5re15z3.ocx
c:\windows\system32\1ecdspzwa5e2593.bin
c:\windows\system32\1f4559eal1858z.bin
c:\windows\system32\1fast9a51z25.cpl
c:\windows\system32\1fd8dowzloade51992.ocx
c:\windows\system32\1z408worm959.bin
c:\windows\system32\1z4979pambot565.cpl
c:\windows\system32\1zccadd9are2553.bin
c:\windows\system32\20366worz9325.exe
c:\windows\system32\20419hacztool659.dll
c:\windows\system32\2071zn9t-a-virus1245.bin
c:\windows\system32\20932t59j7cz.cpl
c:\windows\system32\21090w5rz425.ocx
c:\windows\system32\210b5ckdzor20829.dll
c:\windows\system32\21171not-a-vi9u576fz.ocx
c:\windows\system32\2139zpambot151.ocx
c:\windows\system32\215729orm5z3.ocx
c:\windows\system32\21637wo9z39b5.exe
c:\windows\system32\218c9dd5are6z6.ocx
c:\windows\system32\22039vizu9495.exe
c:\windows\system32\22105no9-5-virzs1be.ocx
c:\windows\system32\222205ot-azvi9us11b.dll
c:\windows\system32\22422ha9kto5l434z.dll
c:\windows\system32\225009ac5zool452.bin
c:\windows\system32\22558z9oj465.dll
c:\windows\system32\22758wo9m59ez.cpl
c:\windows\system32\234275ozm93f.bin
c:\windows\system32\23540hackz9ol5bf.dll
c:\windows\system32\23593wo9570z.ocx
c:\windows\system32\2385spy9arz542.bin
c:\windows\system32\238759iruz21c.exe
c:\windows\system32\240589orm43z.exe
c:\windows\system32\251599pazbot4e9.cpl
c:\windows\system32\252bvir95z4.dll
c:\windows\system32\2568d5wnloa9er230z.exe
c:\windows\system32\25816vi5z91e3.cpl
c:\windows\system32\25929parsez172.dll
c:\windows\system32\259379zoj265.bin
c:\windows\system32\25d0do5nlo9der2z08.dll
c:\windows\system32\25z7v9r5282.exe
c:\windows\system32\263475ot-z-viru915.cpl
c:\windows\system32\26604zot9a-5irus667.exe
c:\windows\system32\2695viz590.exe
c:\windows\system32\26zbd9wnlo5der613.bin
c:\windows\system32\271859orm6z0.exe
c:\windows\system32\27409ha5ktooz7ba.bin
c:\windows\system32\2741495rusze.exe
c:\windows\system32\27565not-a-zirus9bf.bin
c:\windows\system32\28155zr5j5f99.ocx
c:\windows\system32\28159ackdoorz194.exe
c:\windows\system32\283635zrm9.dll
c:\windows\system32\28419spam5otz57.exe
c:\windows\system32\287z2vi5us5d9.exe
c:\windows\system32\28f5v5r13z9.cpl
c:\windows\system32\28zdspyw5re9140.ocx
c:\windows\system32\29026not-a59irus1z9.ocx
c:\windows\system32\292z5spy1ef.dll
c:\windows\system32\29355wozm6a1.exe
c:\windows\system32\2936dzw5loader2986.cpl
c:\windows\system32\29947sp562z.dll
c:\windows\system32\29c9ztea52890.ocx
c:\windows\system32\29z57v9rus7e5.ocx
c:\windows\system32\2a60s9ealz531.bin
c:\windows\system32\2a75h9ef25z6.exe
c:\windows\system32\2ab3stezl9359.bin
c:\windows\system32\2d445h9eaz29084.cpl
c:\windows\system32\2d5zdownloa9er1494.bin
c:\windows\system32\2e53d9wnzoader1689.ocx
c:\windows\system32\2f56stzal2904.dll
c:\windows\system32\2z398troj59d5.exe
c:\windows\system32\2z58vi9us44a.bin
c:\windows\system32\2z992v5rus56d.bin
c:\windows\system32\3055bac9dozr433.dll
c:\windows\system32\30776n9t-a-5irus7fz.cpl
c:\windows\system32\30854zorm590.ocx
c:\windows\system32\30905n9t5azvirus532.exe
c:\windows\system32\30z29tr9j55.dll
c:\windows\system32\31339h5ef4z9.cpl
c:\windows\system32\319z6virus516.exe
c:\windows\system32\32190s5z699.bin
c:\windows\system32\32580no9-azviru53cf.bin
c:\windows\system32\3365b9zkdoo51881.cpl
c:\windows\system32\34069pyw5rz501.ocx
c:\windows\system32\3579szambot511.cpl
c:\windows\system32\358fdownz9ader2499.cpl
c:\windows\system32\35d2vir9692z.ocx
c:\windows\system32\35z79not9a-virus6a1.exe
c:\windows\system32\36f6stezl9205.ocx
c:\windows\system32\3705sparse7z39.cpl
c:\windows\system32\374a59wnlzader53.bin
c:\windows\system32\374f5hie91z20.cpl
c:\windows\system32\378t5z9f1668.cpl
c:\windows\system32\393czparse5889.cpl
c:\windows\system32\3ad0downloazer295.dll
c:\windows\system32\3bc29ack5oorz741.cpl
c:\windows\system32\3z90vir5995.cpl
c:\windows\system32\3z98stea916535.bin
c:\windows\system32\drivers\ESQULfbbkmhdrnnnuxfnptlvywmpnfubaynqd.sys
c:\windows\system32\ESQULbnaivvvflrcdevbvhqobuhinrojadbbp.dll
c:\windows\system32\ESQULoxgwetkedrfuaojwksnqmwcnrsvqfurb.dll
c:\windows\system32\ESQULzcounter
c:\windows\system32\tmp.reg
c:\windows\z138add5ar9706.cpl
c:\windows\z19529ormc65.cpl
c:\windows\z2cspy9a5e621.bin
c:\windows\z3018troj35b9.bin
c:\windows\z3619not-9-5irus4df.exe
c:\windows\z4612not-a5virus29d.exe
c:\windows\z599stea9354.exe
c:\windows\z6a5t9reat8556.bin
c:\windows\z722dow5loader2759.cpl
c:\windows\z7cbdownloa9er535.exe
c:\windows\z8steal3569.cpl
c:\windows\z95469py740.ocx
c:\windows\z95ethie52595.dll
c:\windows\za59st9al1577.exe
c:\windows\zb51v5r4289.cpl
c:\windows\zbeds9a5se2212.exe
c:\windows\zd1fspyware5798.cpl
c:\windows\ze69th9ef14385.cpl
c:\windows\zf1fthie92452.bin


Infected copy of c:\windows\system32\perfmon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\perfmon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-12-26 05:19 . 2009-12-26 05:19 11887 ----a-w- c:\windows\system32\6e5zs9arse1916.exe
2009-12-06 07:42 . 2009-12-06 07:42 7759 ----a-w- c:\windows\system32\z4429troj9c95.bin
2009-12-02 09:57 . 2009-12-02 09:57 2574 ----a-w- c:\windows\system32\5355viz9s1de.dll
2009-11-25 18:53 . 2009-11-25 18:53 7646 ----a-w- c:\windows\system32\6z35sp95bot4ea.bin
2009-11-20 18:47 . 2009-11-20 18:47 4165 ----a-w- c:\windows\system32\5e8fad5waze907.dll
2009-11-10 07:02 . 2009-11-10 07:02 7932 ----a-w- c:\windows\system32\z793t5o919e.dll
2009-11-03 17:17 . 2009-11-03 17:17 18170 ----a-w- c:\windows\system32\41949hi5f12z7.exe
2009-10-26 01:20 . 2009-10-26 01:20 14725 ----a-w- c:\windows\system32\519c5pywaze2839.dll
2009-10-23 10:52 . 2009-10-23 10:52 17455 ----a-w- c:\windows\system32\9914virzs865.exe
2009-10-20 16:46 . 2009-10-20 16:46 12792 ----a-w- c:\windows\system32\409zsp5ware3260.dll
2009-10-13 17:04 . 2009-10-13 17:04 8498 ----a-w- c:\windows\system32\70bcz9e5l186.dll
2009-10-06 06:38 . 2009-10-06 06:38 10609 ----a-w- c:\windows\system32\6069wz592b9.bin
2009-09-22 15:49 . 2009-09-22 15:49 11975 ----a-w- c:\windows\system32\5349ztroj508.bin
2009-09-19 17:55 . 2009-09-19 17:55 15469 ----a-w- c:\windows\system32\7a59downloadez9720.dll
2009-09-15 12:39 . 2009-09-15 12:39 6887 ----a-w- c:\windows\system32\ab9sp5ware29z9.bin
2009-09-14 15:51 . 2009-09-14 15:51 5845 ----a-w- c:\windows\system32\5cccth9eat1516z.dll
2009-09-10 05:30 . 2009-09-10 05:30 12250 ----a-w- c:\windows\system32\9803troz5df.exe
2009-09-08 18:26 . 2009-09-08 18:26 5416 ----a-w- c:\windows\system32\4505thzeat39449.dll
2009-09-03 04:57 . 2009-09-03 04:57 4563 ----a-w- c:\windows\system32\z758bac9door3252.exe
2009-08-06 21:16 . 2009-08-06 21:16 14870 ----a-w- c:\windows\system32\95zt9r5at25698.exe
2009-07-25 04:34 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 04:34 . 2009-07-25 04:34 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
2009-07-25 04:34 . 2009-07-25 04:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 04:34 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 04:31 . 2009-07-25 04:31 -------- d-----w- c:\docume~1\Gablen\APPLIC~1\AVG8
2009-07-24 09:42 . 2009-07-24 23:48 -------- d-----w- c:\docume~1\Gablen\APPLIC~1\GetRightToGo
2009-07-19 09:51 . 2009-07-20 07:35 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
2009-07-17 02:14 . 2009-07-17 02:14 -------- d-----w- c:\windows\Sun
2009-07-17 02:13 . 2009-07-17 02:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 02:13 . 2009-07-17 02:13 -------- d-----w- c:\program files\Java
2009-07-11 11:08 . 2009-07-11 11:08 5615 ----a-w- c:\windows\system32\5z9esparse13775.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 10:19 . 2008-12-05 23:37 -------- d---a-w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2009-07-20 02:35 . 2009-05-06 20:26 -------- d-----w- c:\program files\Yahoo!
2009-07-19 09:56 . 2009-05-06 20:26 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Yahoo!
2009-07-12 03:34 . 2008-10-31 04:23 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-07-12 03:34 . 2008-10-31 04:23 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-07-12 03:34 . 2008-10-31 04:23 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-06-23 19:23 . 2008-09-26 20:30 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\McAfee
2009-06-23 04:34 . 2009-06-23 04:34 17577 ----a-w- c:\windows\system32\6809downloadzr28145.dll
2009-06-21 03:16 . 2008-09-26 20:37 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-21 03:16 . 2008-09-26 20:37 -------- d-----w- c:\program files\McAfee
2009-06-21 03:03 . 2008-12-26 06:53 -------- d-----w- c:\program files\Google
2009-06-21 02:55 . 2009-06-21 02:55 -------- d-----w- c:\program files\Trend Micro
2009-06-21 02:51 . 2009-04-02 03:59 -------- d-----w- c:\program files\Canon
2009-06-21 02:44 . 2009-06-21 02:44 -------- d-----w- c:\program files\CCleaner
2009-06-21 01:41 . 2009-04-02 00:13 -------- d-----w- c:\docume~1\Gablen\APPLIC~1\Exo
2009-06-21 01:39 . 2008-09-26 20:22 -------- d-----w- c:\program files\Intel
2009-06-18 13:01 . 2009-06-18 13:01 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-16 16:25 . 2008-11-06 01:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-16 16:03 . 2009-06-16 16:03 -------- d-----w- c:\docume~1\Gablen\APPLIC~1\Apple Computer
2009-06-16 16:01 . 2009-06-16 16:00 -------- d-----w- c:\program files\QuickTime
2009-06-16 16:00 . 2009-06-16 16:00 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
2009-06-16 15:59 . 2009-06-16 15:59 -------- d-----w- c:\program files\Apple Software Update
2009-06-16 15:59 . 2009-06-16 15:59 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Apple
2009-06-16 14:36 . 2002-06-25 19:28 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-06-25 19:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:35 . 2009-06-15 14:35 9816 ----a-w- c:\windows\system32\9f955hreat24003z.dll
2009-06-15 12:29 . 2009-06-15 12:29 16335 ----a-w- c:\windows\system32\452cdownloazer1939.exe
2009-06-13 22:12 . 2009-06-13 22:12 13978 ----a-w- c:\windows\system32\458zspamb9t32b.exe
2009-06-08 11:03 . 2009-06-08 11:03 16707 ----a-w- c:\windows\system32\515aspy9are2z17.dll
2009-06-03 19:09 . 2002-06-25 19:22 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 08:58 . 2009-05-28 08:58 14896 ----a-w- c:\windows\system32\4eeb9ckdoor2555z.dll
2009-05-23 22:03 . 2009-05-23 22:03 16469 ----a-w- c:\windows\system32\f1d9zief5250.exe
2009-05-21 15:34 . 2009-05-21 15:34 12536 ----a-w- c:\windows\system32\43c9backzoor3145.exe
2009-05-20 04:34 . 2009-05-20 04:34 2521 ----a-w- c:\windows\system32\5565thz5at19320.bin
2009-05-16 14:54 . 2009-05-16 14:54 7110 ----a-w- c:\windows\system32\92z5ba5kdoor1755.exe
2009-05-07 15:32 . 2002-06-25 19:12 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 02:16 . 2009-05-06 02:16 5020 ----a-w- c:\windows\system32\4269wo5m6z.dll
2009-05-03 10:33 . 2009-05-03 10:33 15322 ----a-w- c:\windows\system32\9664zot-a-vi59s3d5.exe
2009-04-29 04:56 . 2002-03-05 15:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-27 19:53 . 2009-04-27 19:53 11508 ----a-w- c:\windows\system32\zb79steal2596.bin
2009-06-13 23:23 . 2009-04-27 01:44 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-07 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-07 118784]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-03-17 1392640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-17 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\docume~1\Gablen\APPLIC~1\Mozilla\Firefox\Profiles\gd409vdw.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 00:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1836)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-26 0:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 04:02

Pre-Run: 34,177,875,968 bytes free
Post-Run: 34,167,508,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

668 --- E O F --- 2009-07-17 07:00

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 25 July 2009 - 11:42 PM

Now update and run Malwarebytes' >> remove everything that it found >> reboot the computer >> post the log here

Then run ComboFix once again and post the log here too :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 05 August 2009 - 12:22 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users