Jump to content

Malwarebytes

Help - can't run MBAM run time error, and cant open hjt log files

- - - - -
Started by fully27, Jun 03 2009 12:59 AM

11 replies to this topic

#1
fully27
Posted 03 June 2009 - 12:59 AM

    New Member

  • Members
  • Pip
  • 6 posts
Hi, I'm infected with WinBLuesoft, however cant open MBAM as i get runtime erros 0 and runtime error 440 automation error when i try to.

also ran a HJT scan but cant open the log file having saved it, WinBluesoft is killing every activity I try to do.

should I try and upload the log file rather than copy and paste from within it?

Please help

#2
AdvancedSetup
Posted 03 June 2009 - 08:49 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Please take a look at the following posts and see if they help you to resolve this or not.

Potential Malware infection issues to review to get MBAM running


If so then please update and run MBAM and do a Quick Scan.


Update and Scan with Malwarebytes' Anti-Malware
  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Then post back the MBAM log and a new Hijackthis log.


Then run DDS

[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#3
fully27
Posted 03 June 2009 - 09:19 AM

    New Member

  • Members
  • Pip
  • 6 posts
Hi, I tried to follow those steps but it is blocking the unzipping of any files,hence I was unable to install and run any of the programmes, process explorer rootrepeal etc.

What can I do now?

#4
AdvancedSetup
Posted 03 June 2009 - 09:21 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#5
fully27
Posted 03 June 2009 - 09:34 AM

    New Member

  • Members
  • Pip
  • 6 posts
Ahhhh! Again it cancelled the process when I tried to run it.
next step?
thanks

#6
AdvancedSetup
Posted 03 June 2009 - 10:21 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
This is a generic script to attempt to remove all types of possible Malware related files that may be on the system blocking your attempts at removal.

Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C. or right click Copy
    Files to delete:
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Ryipesuzupijaf.bin
C:\WINDOWS\SpywareProtect2009.exe
C:\WINDOWS\SpywareProtection2009.exe
c:\windows\system32\afnoinkdsfe.dll
C:\WINDOWS\System32\bakepifa.dll
C:\WINDOWS\System32\bipehozo.dll
C:\WINDOWS\system32\dowuvedo.dll
c:\windows\system32\drivers\gaopdxpboanpnehdecahmfwofaydcgnyelfhje.sys
C:\WINDOWS\System32\drivers\gaopdxserv.sys
C:\WINDOWS\system32\drivers\gxvxcaithwuhtprrwopxgilalbaobwucrdslx.sys
c:\windows\system32\drivers\gxvxcibtqvfstemettprdqhvgxmhqfpyetarc.sys
C:\WINDOWS\system32\drivers\gxvxcserv.sys
c:\windows\system32\drivers\iarjkmxm.sys
c:\windows\system32\drivers\msqpdxserv.sys
C:\WINDOWS\system32\drivers\TDSSmact.sys
C:\WINDOWS\system32\drivers\TDSSmqlt.sys
C:\windows\system32\drivers\tdssserv.sys
c:\windows\system32\drivers\UACdgiyoyob.sys
c:\windows\system32\drivers\UACenchgfht.sys
c:\windows\system32\drivers\UACgsapjnkd.sys
C:\Windows\system32\drivers\UAChecasyiiemdiffy.sys
c:\windows\system32\drivers\UACisimvxke.sys
C:\WINDOWS\SYSTEM32\DRIVERS\UACKBEGXWMI.SYS
c:\windows\system32\drivers\UACkyprqxblxmqlvbw.sys
C:\WINDOWS\system32\drivers\UACltmxfakbqbarttj.sys
c:\windows\system32\drivers\UACqdrxexfiabowomy.sys
C:\WINDOWS\system32\drivers\UACqpxevdnr.sys
c:\windows\system32\drivers\UACsibgrxly.sys
c:\windows\system32\drivers\UACwbutobws.sys
C:\WINDOWS\system32\drivers\UACxdqgrqlx.sys
c:\windows\system32\drivers\UACxwaoylvdyigskwp.sys
c:\windows\system32\drivers\uogqat.sys
c:\windows\system32\drivers\uzy3nzy2.sys
c:\windows\system32\dvtmcbfl.dll
c:\windows\system32\edcLllUt.ini
c:\windows\system32\edcLllUt.ini2
C:\WINDOWS\System32\ehupojuz.ini
c:\windows\system32\fjxstndl.ini
C:\WINDOWS\System32\fuhazepi.dll
c:\windows\system32\gaopdxcounter
C:\WINDOWS\system32\gaopdxl.dll
c:\windows\system32\gaopdxoguuaykerjdqkqfqqejwcdgjrmlmkdgg.dll
C:\WINDOWS\System32\gayiloba.dll
c:\windows\system32\gqcdxadn.dll
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxccxcwgorirvmmbwvfqdkwucpjnyvrvppj.dll
C:\WINDOWS\system32\gxvxcxkfpxfxurntewmrfttjyqtsmsenqwgiw.dll
C:\WINDOWS\System32\heyakiko.dll
c:\windows\system32\iehelper.dll
c:\windows\system32\inf\svchoct.exe
c:\windows\system32\inform.dat
C:\WINDOWS\System32\jisasiti.dll
c:\windows\system32\lfbcmtvd.ini
c:\windows\system32\lsynetgm.ini
C:\WINDOWS\System32\mapefubo.dll
C:\WINDOWS\System32\memotoga.dll
C:\WINDOWS\System32\momawuma.dll
C:\WINDOWS\system32\mosoraza.dll
c:\windows\system32\mxhkoo.dll
c:\windows\system32\nadojizu.dll
c:\windows\system32\nwooaetu.ini
C:\WINDOWS\System32\ojeninal.ini
C:\WINDOWS\System32\pawovuda.dll
c:\windows\system32\qxsdhoji.ini
C:\WINDOWS\System32\ramobugu.dll
c:\windows\system32\sdra64.exe
C:\WINDOWS\System32\sodimafe.dll
C:\WINDOWS\system32\TDSSbvqh.dll
C:\WINDOWS\system32\TDSScfum.dll
C:\WINDOWS\system32\TDSScrrn.dll
C:\WINDOWS\system32\TDSSfpmp.dll
c:\windows\system32\TDSShrxr.dll
C:\WINDOWS\SYSTEM32\TDSSixgp.dll
C:\WINDOWS\system32\TDSSjnmx.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlrvd.dat
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnirj.dat
c:\windows\system32\TDSSnmxh.log
C:\WINDOWS\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoiqt.dll
C:\WINDOWS\system32\TDSSosvd.dat
C:\WINDOWS\system32\TDSSotxb.dll
C:\WINDOWS\SYSTEM32\TDSSproc.log
c:\windows\system32\TDSSrhyp.log
C:\WINDOWS\system32\TDSSriqp.dll
c:\windows\system32\TDSSrtqp.dll
c:\windows\system32\TDSSsihc.dll
C:\WINDOWS\system32\TDSStkdv.log
c:\windows\system32\TDSSweat.dat
C:\WINDOWS\SYSTEM32\TDSSwkod.log
C:\WINDOWS\system32\TDSSwpyd.dat
c:\windows\system32\TDSSxfum.dll
C:\WINDOWS\System32\tijawani.dll
C:\WINDOWS\System32\tipulaya.dll
c:\windows\system32\tpszxyd.sys
C:\WINDOWS\SYSTEM32\TWEXT.EXE
c:\windows\system32\UACasdjxtps.dll
c:\windows\system32\UACavnpbdwk.dll
c:\windows\system32\UACbacnsdlk.log
c:\windows\system32\UACbavyiyha.log
c:\windows\system32\UACbcvbrsun.dat
c:\windows\system32\UACbdftjsxgcqyorxy.log
c:\windows\system32\UACbpqhagvulwwohxf.log
c:\windows\system32\UACbqcqpmepcbatlex.dat
C:\WINDOWS\system32\UACbvxtlwky.log
C:\WINDOWS\system32\UACckbaxgix.dll
c:\windows\system32\UACcxwmereglovewho.log
c:\windows\system32\UACdbipvxwo.dll
C:\WINDOWS\system32\UACdhrgqylm.dll
c:\windows\system32\UACdipbfsun.dll
c:\windows\system32\UACdvmyniay.db
c:\windows\system32\UACeatfqrvpuyhymit.dat
C:\WINDOWS\system32\UACebbuxqbc.dll
c:\windows\system32\UACeemnosil.dll
c:\windows\system32\UACeewipjlk.log
C:\WINDOWS\system32\UACenhhmnuk.dll
c:\windows\system32\UACepdsgngedehpsxe.log
c:\windows\system32\UACerfldyvi.log
c:\windows\system32\UACeuwiaivakdyuous.log
C:\WINDOWS\system32\UACevsldkss.dll
c:\windows\system32\UACewxlypdm.dll
c:\windows\system32\UACewypalkl.dll
c:\windows\system32\UACewyykric.log
C:\WINDOWS\system32\UACfrodkbmiqjbppkd.dll
C:\WINDOWS\system32\UACgevfmoch.dll
C:\WINDOWS\system32\UACgnsjnvxgpkugoyr.log
C:\WINDOWS\system32\UACharubrfo.log
C:\Windows\system32\UAChiqwjcnxgdqottx.dll
C:\WINDOWS\system32\UAChjtxmeyl.log
C:\WINDOWS\system32\UAChjxjylqt.log
c:\windows\system32\UAChsrnyuht.log
C:\WINDOWS\system32\uacinit.dll
c:\windows\system32\UACixnsrumlxemrwro.dll
C:\WINDOWS\system32\UACjapvtorc.dll
c:\windows\system32\UACjdlmthnf.dll
c:\windows\system32\UACjimlysdf.dat
c:\windows\system32\UACjjvmwyut.dat
c:\windows\system32\UACjkvyqhwp.dll
C:\WINDOWS\system32\UACjlnqloep.dll
c:\windows\system32\UACkkjbgodp.log
c:\windows\system32\UACksxwdvuc.dll.XXX
c:\windows\system32\UACktkxwoae.dll.XXX
c:\windows\system32\UACkvrhvmxy.dll.XXX
c:\windows\system32\UACledottqt.dll
c:\windows\system32\UAClempqmaf.dat
c:\windows\system32\UACljplnxec.dll
C:\WINDOWS\system32\UACluevoklw.dll
c:\windows\system32\UAClxfqqbnh.dll
c:\windows\system32\UACmcniuaxieomeysi.dll
c:\windows\system32\UACmjgwqsew.log
c:\windows\system32\UACmqkpsajaesighkr.dll
c:\windows\system32\UACmrmpxuti.log
c:\windows\system32\UACmryonvdlulubwwx.dll
C:\WINDOWS\system32\UACmxfmjcjg.dat
C:\WINDOWS\system32\UACmxrqtkmqpxmkhiv.dll
c:\windows\system32\UACnmbphqtg.log
c:\windows\system32\UACnoeddvli.log
c:\windows\system32\UACnrjyodpktwligoj.dll
c:\windows\system32\UACnycyeyik.dll
C:\WINDOWS\system32\UACoejgjkft.log
C:\WINDOWS\system32\UACohqrbknb.log
c:\windows\system32\UACokkayygndeowyit.dll
c:\windows\system32\UACopnxpocejbsvvag.log
c:\windows\system32\UACoyipfpbd.dll
C:\Windows\system32\UACpfrvgribhqntkvp.log
c:\windows\system32\UACpgqxpakijxuvedi.dll
c:\windows\system32\UACppbdnthwasrkjap.dll
c:\windows\system32\UACptakxvni.dll
C:\Windows\system32\UACpxwjxhcefxldrys.dll
C:\WINDOWS\system32\uacqciqunodfnlghrv.dll
c:\windows\system32\UACqcivgvqkgigifbh.log
c:\windows\system32\UACqlcmyqbi.log
c:\windows\system32\UACqlokrgbo.log
c:\windows\system32\UACqobwbaql.log
c:\windows\system32\UACqppcbodkslsguij.dll
c:\windows\system32\UACqquxiuxn.dll
c:\windows\system32\UACqxeuyxridxwmtti.dll
c:\windows\system32\UACrfjkltve.dat
c:\windows\system32\UACrornoaal.dll
C:\WINDOWS\system32\UACrtwnvhmqsnlrfsq.dat
c:\windows\system32\UACrujoregs.dll
C:\Windows\system32\UACrxebbtfrvuqtpka.dat
C:\WINDOWS\system32\UACrxrsmgbn.dat
C:\Windows\system32\UACsecouhnjmcfspop.dll
C:\WINDOWS\system32\UACsiqlrbbo.ddl
c:\windows\system32\UACsiqlrbbo.dll
c:\windows\system32\UACspuccmvx.log
c:\windows\system32\UACsr.dat
C:\WINDOWS\system32\UACswwykrih.dll
c:\windows\system32\UACsxaeapiuodaurlc.log
C:\WINDOWS\system32\UACsxtwhjga.log
C:\WINDOWS\system32\UACtemiqppb.dll
c:\windows\system32\UACtevdbosd.dat
c:\windows\system32\UACtidapptr.dll
c:\windows\system32\UACtjavxsiw.dat
c:\windows\system32\UACtjbvocseearpyot.dll
c:\windows\system32\UACtkkwbthespwprrs.dll
C:\WINDOWS\system32\UACtpsneodjoewprqu.dll
C:\Windows\system32\UACtskpgubrpjrdyah.dll
c:\windows\system32\UACudmvtfnjpacdckh.log
c:\windows\system32\UACufvusokvarkmnug.dat
c:\windows\system32\UACulbowipfwbjfxvm.dll
C:\WINDOWS\system32\UACuljbdmehqmkjgga.dll
C:\Windows\system32\UACuvxafffwaienjts.log
C:\WINDOWS\system32\UACuxtqqqvo.dll
C:\WINDOWS\system32\UACvdoywcuwkipxbfa.dll
c:\windows\system32\UACvjdndocy.log
c:\windows\system32\UACvpxxlmel.dat
C:\WINDOWS\system32\UACvrhkypdm.dll
c:\windows\system32\UACvvmpqvmy.log
C:\WINDOWS\system32\uacvymnbtboeayohhs.dll
C:\Windows\system32\UACwrirvmxcfwxiwet.dll
C:\WINDOWS\system32\UACxdltukhpyqmodeu.dll
C:\WINDOWS\system32\UACxiwnloyg.dll
c:\windows\system32\UACxpowgjnv.dll
c:\windows\system32\UACxtavmprn.dll
c:\windows\system32\UACxycmykmpjxbujev.dll
c:\windows\system32\UACydvikmfk.dll
c:\windows\system32\UACyoefehxaybltiws.dll
C:\WINDOWS\system32\UACyojvxibi.dat
C:\Windows\system32\UACyptqwslqupovvpn.log
c:\windows\system32\ufigivas.ini
c:\windows\system32\unbmpt.dll
c:\windows\system32\usxoqq.dll
c:\windows\system32\uvasahed.ini
c:\windows\system32\vepuxyyg.dll
C:\WINDOWS\System32\veyetidi.dll
c:\windows\system32\vfwozm.dll
c:\windows\system32\vjrjiqsd.dll
c:\windows\system32\vlwzkgy.dll
c:\windows\system32\vusogufa.dll
c:\windows\system32\vxdhwp.dll
c:\windows\system32\wiqaqlja.dll
c:\windows\system32\wsxxwyvc.dll
C:\WINDOWS\System32\wuyojogi.dll
c:\windows\system32\xvxeibfd.dll
C:\WINDOWS\System32\yasijote.dll
c:\windows\system32\ygludplt.dll
c:\windows\system32\ygszva.dll
c:\windows\system32\yhytmurg.dll
C:\WINDOWS\System32\yorerufo.dll
c:\windows\system32\ypdunoqs.dll
c:\windows\system32\zbchtb.dll
c:\windows\system32\zgdvsd.dll
c:\windows\system32\zpazrg.dll
C:\WINDOWS\system32\zujopuhe.dll
c:\windows\system32\zujsnx.dll
c:\windows\system32\zzvbue.dll
C:\WINDOWS\tasks\ABAB21069184D23A.job
c:\windows\Tasks\weskgacp.job
C:\WINDOWS\Temp\UAC2778.tmp
C:\WINDOWS\Temp\UAC2e2f.tmp
C:\WINDOWS\Temp\UAC2ff4.tmp
C:\WINDOWS\Temp\UAC31aa.tmp
C:\WINDOWS\Temp\UAC33ad.tmp
C:\WINDOWS\Temp\UAC3592.tmp
C:\WINDOWS\Temp\UAC625.tmp
C:\WINDOWS\Temp\UACa9cc.tmp
C:\WINDOWS\Temp\UACde4a.tmp
C:\WINDOWS\Temp\UACedcb.tmp
C:\WINDOWS\Temp\UACf193.tmp
C:\WINDOWS\Temp\UACf51e.tmp
C:\WINDOWS\Temp\UACfba1.tmp
c:\windows\Thinigafeyuzub.dat

Folders to delete:
C:\resycled
D:\resycled
e:\resycled
f:\resycled
g:\resycled
h:\resycled

Drivers to delete:
gaopdxl
gaopdxserv
gaopdxserv.sys
GXVXCSERV.SYS
Legacy_TDSSSERV.SYS
msqpdxserv
msqpdxserv.sys
rtghwcuz
Service_TDSSSERV.SYS
tdss
tdssserv
TDSSserv.SYS
UACd
UACd.sys
vzkky
vzkky.sys

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
HKEY_LOCAL_MACHINE\SOFTWARE\tdss
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\gaopdxl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\gaopdxserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules\gaopdxl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules\gaopdxserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv
    In the avenger window, click the Paste Script from Clipboard icon, Posted Image button.
  • Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.
If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.
and then reboot the system again.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#7
fully27
Posted 03 June 2009 - 10:43 AM

    New Member

  • Members
  • Pip
  • 6 posts
Hi, Thanks again for the response but I cant extract, all winrar and wizip processes are being terminated. I tried to explore and run the programme but it killed that process too.

Is there anything I can "fix" when doing a HJT scan that could allow me to take some of the actions you have recommended, i.e. run processes again as HJT seems to be the only thing that can run, saying that it wont let me open any logs, it terminates all notepad processes too.

Really appreciate the help.

#8
fully27
Posted 03 June 2009 - 11:14 AM

    New Member

  • Members
  • Pip
  • 6 posts
It is now stopping me opening MS Word as well. Just as an update.

#9
fully27
Posted 03 June 2009 - 05:56 PM

    New Member

  • Members
  • Pip
  • 6 posts
Managed to delete bloker.dll with killbox, then ran comobofix. The background is gone and am I able to open everything as per before. However still receiving the various "warnings".

Can't run MBAM due to run time error 0 and run time error 440 automation error.

This is the combofix log, what should I do now?
ComboFix 09-06-01.03 - Richard 03/06/2009 18:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1432 [GMT 1:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Richard\Start Menu\Programs\DigitalLabs
c:\documents and settings\Richard\Start Menu\Programs\DigitalLabs\Uninstall.lnk
c:\program files\DigitalLabs
c:\program files\DigitalLabs\Uninstall.exe
c:\windows\10099vzrus656.exe
c:\windows\101z7no5-a-v9rus105.exe
c:\windows\1052v9rus72z.bin
c:\windows\10853noz9a-virus4de.bin
c:\windows\10z53spy971.cpl
c:\windows\11105nzt-a-virus6965.bin
c:\windows\11165sz5799.exe
c:\windows\1168959rm2z1.dll
c:\windows\11758hazk9ool4b2.dll
c:\windows\1186zvir5s691.ocx
c:\windows\1189azd5are2077.bin
c:\windows\11d59za5se1255.cpl
c:\windows\1223zspambo53d9.bin
c:\windows\12705spy6c9z.bin
c:\windows\12999szy775.dll
c:\windows\12b9z9r355.bin
c:\windows\13193sp53zd.ocx
c:\windows\1419vi915z6.dll
c:\windows\1487not-azvi9us725.exe
c:\windows\14f4zp5rse2169.cpl
c:\windows\151559zrm43d.dll
c:\windows\1527259y2z3.bin
c:\windows\152965rojzb9.ocx
c:\windows\152cb59kdzor3213.exe
c:\windows\153zbackd9or959.cpl
c:\windows\1553zspambo59.ocx
c:\windows\15739oz541d.exe
c:\windows\15910sp9mbot1z.dll
c:\windows\15987spambot2zf.bin
c:\windows\159eviz1659.dll
c:\windows\16524ziru936a.exe
c:\windows\16934spza5.bin
c:\windows\16957not-a-59ruz66f.cpl
c:\windows\1695baczdoor1732.ocx
c:\windows\16d9z5ief195.exe
c:\windows\16z595orm7ae.exe
c:\windows\17153wzrm976.bin
c:\windows\17694no9-z-virus4755.bin
c:\windows\17925worz1675.dll
c:\windows\184505orz96b.cpl
c:\windows\18559worm41cz.ocx
c:\windows\18625n5t-azv9rus1f6.dll
c:\windows\18654virus690z.bin
c:\windows\18695n9t-a-vzrus8e.exe
c:\windows\1882zs9a5bot5f1.ocx
c:\windows\19045szy109.exe
c:\windows\19139hazkt5ol695.bin
c:\windows\19255virus7ze9.ocx
c:\windows\19410vi5z921f.exe
c:\windows\194539p5396z.bin
c:\windows\19555spy7z.bin
c:\windows\1967ztroj7f5.exe
c:\windows\1969dowzload591972.bin
c:\windows\196zvir995.cpl
c:\windows\19727t5oz96f.cpl
c:\windows\1975adzware100.bin
c:\windows\19857szambot2ba.dll
c:\windows\199ezir9650.dll
c:\windows\199z0troj535.dll
c:\windows\1a5b9hie52z05.ocx
c:\windows\1a7d5parz91154.ocx
c:\windows\1a84add9are1z52.dll
c:\windows\1aecv9r5z67.dll
c:\windows\1c54zpars59410.exe
c:\windows\1f4zs9eal8375.bin
c:\windows\1z10spywa5e9074.cpl
c:\windows\1z39595t-a-virus5bc.bin
c:\windows\1z5595ac9tool100.ocx
c:\windows\1z592v5rus53.exe
c:\windows\1z679ackdoo5842.exe
c:\windows\1z9995ot-a-vi9us227.cpl
c:\windows\205619zc5tool383.ocx
c:\windows\20z44spam5o96ef.exe
c:\windows\2107z95oj461.dll
c:\windows\21172zackto9l11f5.bin
c:\windows\21278t5oz6d39.dll
c:\windows\2142backd5or279z.exe
c:\windows\21535nz9-a-virus6f6.ocx
c:\windows\21992zpy195.dll
c:\windows\21z1t5reat92.cpl
c:\windows\22337no5-a-v9rzs6a8.exe
c:\windows\2257spa5zo9760.cpl
c:\windows\2274t9oj1a5z.ocx
c:\windows\23150szambot953.cpl
c:\windows\2325hackt9olcz.bin
c:\windows\233495roz5ca.ocx
c:\windows\2339zhacktool1d35.dll
c:\windows\23b3do95loader22z6.dll
c:\windows\24147vizus5985.dll
c:\windows\24318troj9ez5.dll
c:\windows\24485worz6e9.bin
c:\windows\24594not-a-virus7z5.bin
c:\windows\249729pz75f.bin
c:\windows\2506z5ot-a-virus279.exe
c:\windows\2519backd5o9z860.cpl
c:\windows\256hacktz5l597.cpl
c:\windows\25799vi5zs54d.ocx
c:\windows\2581zw9rm540.ocx
c:\windows\25979vzr9s178.exe
c:\windows\25z979pamb5t757.dll
c:\windows\26485zirus4539.bin
c:\windows\2659dz5are192.exe
c:\windows\27076not-a-v95zs7f9.bin
c:\windows\27096s5amboz417.dll
c:\windows\27945zorm67c.dll
c:\windows\27995hacztool25.dll
c:\windows\280985ot-a-zirus97.dll
c:\windows\28263spa9zot7e5.ocx
c:\windows\28519spyz9.bin
c:\windows\2861zt9o55e5.bin
c:\windows\28766not-5-9irzs5e3.bin
c:\windows\28z5threa925392.cpl
c:\windows\290789ackz5ol633.exe
c:\windows\29156spy3z7.exe
c:\windows\29159hacz5ool6e6.bin
c:\windows\29255wzrm51c.ocx
c:\windows\2958zir1286.ocx
c:\windows\295viz2575.dll
c:\windows\297019orm5a5z.exe
c:\windows\2985adzware1485.ocx
c:\windows\29z49wor5352.exe
c:\windows\2acbackdzor5951.exe
c:\windows\2d56zackdoor5659.ocx
c:\windows\2dzcback5o9r230.bin
c:\windows\2e95vzr865.cpl
c:\windows\2ez5vi92381.bin
c:\windows\2f50tz5ef2939.bin
c:\windows\2z053vir9s2ec.cpl
c:\windows\2z879spy459.ocx
c:\windows\2z95spywa5e24779.cpl
c:\windows\2za6spy9are26495.cpl
c:\windows\2zccth5ea910656.ocx
c:\windows\2zd7st9a52679.dll
c:\windows\304zworm593.ocx
c:\windows\307aspywarz5907.ocx
c:\windows\31163sp5mzo9342.ocx
c:\windows\313z4s9am5ot775.exe
c:\windows\31546spambot9b7z.dll
c:\windows\31573sp9mbotz14.cpl
c:\windows\31590virus6zb.bin
c:\windows\318z959oj6f1.exe
c:\windows\31919py5aze2756.ocx
c:\windows\3196spzm5ot4bf.dll
c:\windows\31995acktooz522.exe
c:\windows\31zspa5se9242.cpl
c:\windows\325z5worm969.ocx
c:\windows\32653vi9usz7f.dll
c:\windows\32739spa5zot6bb.exe
c:\windows\32afbackdzo91547.bin
c:\windows\334bs5ywaze9960.dll
c:\windows\3509wozm7c.bin
c:\windows\358z9worm418.cpl
c:\windows\35azthie5996.cpl
c:\windows\35b4z9dware1415.bin
c:\windows\35bedownloa5e91340z.cpl
c:\windows\35fe9hrzat2189.ocx
c:\windows\3620not-a-9izus2a5.ocx
c:\windows\377dadd9arz1456.bin
c:\windows\3801stea529z5.ocx
c:\windows\380dback9oor5491z.cpl
c:\windows\38b1downloa9zr32095.exe
c:\windows\3906not-a-vi5us3d6z.bin
c:\windows\3953thief550z.ocx
c:\windows\395dviz3036.bin
c:\windows\3994spywa5z3013.exe
c:\windows\39c2add9are5z51.bin
c:\windows\3a53vi91505z.dll
c:\windows\3b3dspzw5re579.exe
c:\windows\3c5fzackdo9r2252.cpl
c:\windows\3d0ct9iefz51.exe
c:\windows\3d9zspyware3145.ocx
c:\windows\3d9zth9eat5129.bin
c:\windows\3e05pa9se2555z.ocx
c:\windows\3z266tro5279.dll
c:\windows\40c359zkdoor2555.bin
c:\windows\430zhac9t5ol449.bin
c:\windows\4387virz5986.ocx
c:\windows\43929teal2z54.exe
c:\windows\44e9b5czdoor1847.cpl
c:\windows\4501sparze9658.exe
c:\windows\455ba9kdoorz213.ocx
c:\windows\45z9virus5e5.exe
c:\windows\4699spazbot4e5.cpl
c:\windows\479dspyzare5521.ocx
c:\windows\492595zktool17f.cpl
c:\windows\4935th9zf2396.bin
c:\windows\4943spyw5re2z06.bin
c:\windows\4993v5r3242z.cpl
c:\windows\499czackdo5r1814.exe
c:\windows\49f5z9ywar52223.bin
c:\windows\4c6fad5za9e213.exe
c:\windows\4c71st5alz3679.bin
c:\windows\4z68thief9558.dll
c:\windows\4z90s5arse2840.bin
c:\windows\4zd5t5ief359.dll
c:\windows\4zsteal579.ocx
c:\windows\5035t9reaz13546.cpl
c:\windows\509z8troj398.dll
c:\windows\50feback9oorz794.bin
c:\windows\5115zte9l3034.exe
c:\windows\5179stealz990.dll
c:\windows\5255bazkdoor22709.dll
c:\windows\52edow9loade52z35.exe
c:\windows\52z75worm6239.exe
c:\windows\53205pyz469.ocx
c:\windows\5376thi9z2598.ocx
c:\windows\5398spamzot6e7.ocx
c:\windows\539athrzat29483.ocx
c:\windows\54391hazktool6e9.exe
c:\windows\5479steal555z.dll
c:\windows\54bczparse17519.bin
c:\windows\5559zot-a-virus967.ocx
c:\windows\555dzack5oor1911.dll
c:\windows\5561t5izf1739.ocx
c:\windows\55649pyz54.dll
c:\windows\5581sz5m9ot7e5.exe
c:\windows\5583spywarez19.bin
c:\windows\5595stezl7289.cpl
c:\windows\559azir1015.cpl
c:\windows\559v9z270.dll
c:\windows\55z8spa9se1129.bin
c:\windows\5644not-a9virus32z5.cpl
c:\windows\5653bac9doorz760.cpl
c:\windows\56986viruz4e8.bin
c:\windows\569threatz4168.exe
c:\windows\56e6t5i9fz68.ocx
c:\windows\5783add59rez831.bin
c:\windows\5797threzt1651.exe
c:\windows\57f5steal92z7.cpl
c:\windows\57fazddware139.dll
c:\windows\58c9doznloa5er1149.ocx
c:\windows\59039spyz37.dll
c:\windows\5909z5dware999.dll
c:\windows\5917ha5ktzol9ea.cpl
c:\windows\59265wormz93.cpl
c:\windows\5933not-5-virus793z.cpl
c:\windows\595z99roj550.exe
c:\windows\599wzrm595.exe
c:\windows\59c7sparze2219.cpl
c:\windows\59e5thzef1297.ocx
c:\windows\59z96worm234.dll
c:\windows\5a9cbackdoo524z89.dll
c:\windows\5b49th9zf26365.bin
c:\windows\5da5sparse9z7.bin
c:\windows\5dcdt9ief65z.bin
c:\windows\5dde9dzware540.ocx
c:\windows\5e2dztea92309.exe
c:\windows\5ef9backdzo52036.dll
c:\windows\5f09b5ckdozr92.dll
c:\windows\5z59backdoor2437.dll
c:\windows\5z85thre5t957.cpl
c:\windows\5zb3spyware1191.dll
c:\windows\618bspar9ez9195.bin
c:\windows\6237d5wnl9ader28z2.exe
c:\windows\6257sp9m5zt8d.ocx
c:\windows\6302s5ea92z7.exe
c:\windows\630zh59ktool5dd.bin
c:\windows\633ds9e5l1077z.bin
c:\windows\6350woz97965.dll
c:\windows\6359thief172z.exe
c:\windows\6371ha9k5ool3z5.ocx
c:\windows\6459t5ief3z97.cpl
c:\windows\645bvi931z9.cpl
c:\windows\650f9azkdoor1724.ocx
c:\windows\6561sp9ware29z2.bin
c:\windows\65909pa5bot6dz.dll
c:\windows\659cspar9ez035.exe
c:\windows\67d2ad95arez301.dll
c:\windows\685fthrezt7699.bin
c:\windows\6903thrz5921649.bin
c:\windows\6967d5wnlozder1519.bin
c:\windows\69azthief558.dll
c:\windows\69zbvi51559.ocx
c:\windows\6a60stzal96675.dll
c:\windows\6b90downlozd9r2465.exe
c:\windows\6f37backdo5939z.ocx
c:\windows\6z6esteal99535.cpl
c:\windows\6z959pyware1936.exe
c:\windows\6ze5steal12549.ocx
c:\windows\7005zhrea93115.dll
c:\windows\7047zownlo5de9250.ocx
c:\windows\7058wormz99.dll
c:\windows\70a3spa5ze2944.bin
c:\windows\710dth5eat25z969.bin
c:\windows\7191backdoorz5465.ocx
c:\windows\71z9sparse5999.ocx
c:\windows\7228thrz9t5398.cpl
c:\windows\73265hi9f1147z.bin
c:\windows\7399hazktool975.dll
c:\windows\73dzsp9war51687.exe
c:\windows\74299rz5733.bin
c:\windows\7468vi9us1cz5.exe
c:\windows\75819ot-a-v5rzs31.ocx
c:\windows\75f5spzw9re99.dll
c:\windows\769czp9rse865.dll
c:\windows\76z9addwar930105.ocx
c:\windows\7745hre9tz2998.cpl
c:\windows\7790vizus225.dll
c:\windows\79bcbac9zoor1950.bin
c:\windows\79d5v5z1654.dll
c:\windows\79z0thief159.ocx
c:\windows\7a59stezl3093.cpl
c:\windows\7aa4b9zkdoor524.cpl
c:\windows\7c5ado9zloader290.bin
c:\windows\7f789ddw5ze2524.ocx
c:\windows\7z19addw5re1479.bin
c:\windows\7z82d9wnloader1359.ocx
c:\windows\8500spa9bot55z.cpl
c:\windows\8799virus5e6z.exe
c:\windows\900bzck5oo91344.ocx
c:\windows\9025sparse2z97.bin
c:\windows\90356vzrus23f.bin
c:\windows\9055zs5y465.bin
c:\windows\9129download5r2839z.cpl
c:\windows\914cthreaz26754.ocx
c:\windows\914d5ownloader1725z.exe
c:\windows\91502virus43z.bin
c:\windows\9169sz59bot116.ocx
c:\windows\91z92not-a-virus155.exe
c:\windows\94355spambot7d3z.exe
c:\windows\94725troz2d4.bin
c:\windows\9493zp548f.bin
c:\windows\9539downloader1z49.ocx
c:\windows\955z7worm298.bin
c:\windows\9587notza-vir9s1c4.ocx
c:\windows\95adtzreat5895.dll
c:\windows\95z3vi5us698.ocx
c:\windows\966z5wormf95.exe
c:\windows\9671virus3zb5.ocx
c:\windows\96aspyw5re257z.ocx
c:\windows\976azparse2457.cpl
c:\windows\9775tr5z44b.exe
c:\windows\97e5zddware2908.ocx
c:\windows\97f7steaz1856.exe
c:\windows\988z8s5ambot50a.dll
c:\windows\9b75zir879.dll
c:\windows\9czcspyware15745.ocx
c:\windows\a69zir2555.bin
c:\windows\a849ir221z5.ocx
c:\windows\cespar5e2039z.dll
c:\windows\d40steal195z.cpl
c:\windows\e45baczdoor9636.ocx
c:\windows\e71sparze17759.ocx
c:\windows\ee5threz925817.cpl
c:\windows\f35thie92z73.exe
c:\windows\ffet5ze9t18420.cpl
c:\windows\system32\10095notza-virus652.bin
c:\windows\system32\10669spamzot518.exe
c:\windows\system32\108049oz5a-virus96.exe
c:\windows\system32\1096down59zder35.ocx
c:\windows\system32\1096zir1425.dll
c:\windows\system32\10efbaczdoor159.ocx
c:\windows\system32\1133z9ot-a-5irus324.exe
c:\windows\system32\11999n5t-a-virusz26.bin
c:\windows\system32\12080not-9-vizus95.cpl
c:\windows\system32\1218ha5kzool194.ocx
c:\windows\system32\12246s5a9bzt2c0.cpl
c:\windows\system32\12332v9ru53z0.ocx
c:\windows\system32\123z3not-a-5irus69.dll
c:\windows\system32\12690hackto5l4z9.bin
c:\windows\system32\1276thr5zt39700.bin
c:\windows\system32\12899zr5j79e.ocx
c:\windows\system32\13195spambot4z.dll
c:\windows\system32\13358hackto9l23z.ocx
c:\windows\system32\1352hacztoolb29.exe
c:\windows\system32\13545w9zm540.dll
c:\windows\system32\13669worm5za.ocx
c:\windows\system32\140859pyzc6.ocx
c:\windows\system32\14z7thief25639.cpl
c:\windows\system32\15083sp5mbotz9e.ocx
c:\windows\system32\15344hackt5olzb9.bin
c:\windows\system32\15992hacztool77.exe
c:\windows\system32\15eazt5al679.bin
c:\windows\system32\15z01tro5197.bin
c:\windows\system32\15z52spambot39c.ocx
c:\windows\system32\16609pywaze8445.ocx
c:\windows\system32\167z9ddware5095.ocx
c:\windows\system32\16995hack5ooz209.dll
c:\windows\system32\17901w9zm3525.exe
c:\windows\system32\17996wo5m30z.dll
c:\windows\system32\18593troj5bz.dll
c:\windows\system32\18793tr5jz64.dll
c:\windows\system32\18915hackt5oz71e.exe
c:\windows\system32\19095not-a-virus759z.bin
c:\windows\system32\1912vzr5188.bin
c:\windows\system32\191349pz525.dll
c:\windows\system32\193z05pambot59e.exe
c:\windows\system32\19540zo5m635.cpl
c:\windows\system32\19565zeal287.dll
c:\windows\system32\19595spy65bz.exe
c:\windows\system32\195s9ezl593.dll
c:\windows\system32\19azsparse580.exe
c:\windows\system32\19d4addwz59418.cpl
c:\windows\system32\19zfstea5515.cpl
c:\windows\system32\1c789own5oadzr2632.ocx
c:\windows\system32\1cabvir1589z.bin
c:\windows\system32\1d3bdo9nloaderz0415.dll
c:\windows\system32\1e99sp5ware1z01.dll
c:\windows\system32\1z171t9oj3b65.ocx
c:\windows\system32\1z376tro59b6.ocx
c:\windows\system32\1z86thie52900.exe
c:\windows\system32\20295hief18z7.bin
c:\windows\system32\20559virus19z5.exe
c:\windows\system32\21090troj5z09.bin
c:\windows\system32\2121steal3995z.dll
c:\windows\system32\21245hacktz9l755.bin
c:\windows\system32\215z7ha5ktoo95d3.dll
c:\windows\system32\21923w5rmz3.bin
c:\windows\system32\21z96hacktool75d.ocx
c:\windows\system32\22075not5azv9rus554.dll
c:\windows\system32\220dthi9f55z8.exe
c:\windows\system32\22f9zp5rse9021.bin
c:\windows\system32\23875troz69c.bin
c:\windows\system32\2387zspa5bot50c9.ocx
c:\windows\system32\239z8v5rus49.cpl
c:\windows\system32\23b75i95z5.cpl
c:\windows\system32\23z929rojd5.dll
c:\windows\system32\24067sp5ze29.bin
c:\windows\system32\24698spy5z0.ocx
c:\windows\system32\246azpyware509.exe
c:\windows\system32\247z3wor9544.cpl
c:\windows\system32\24848s9ambo5445z.ocx
c:\windows\system32\2504zsp5mbot7929.bin
c:\windows\system32\25459spa9boz3ae.cpl
c:\windows\system32\25462zor92f5.cpl
c:\windows\system32\2554spyw5rz293.dll
c:\windows\system32\25590sp93z8.ocx
c:\windows\system32\25764spy539z.ocx
c:\windows\system32\2592zviru9566.cpl
c:\windows\system32\25f39ackdozr263.dll
c:\windows\system32\2689zh9cktool65f.bin
c:\windows\system32\27395vzru995.exe
c:\windows\system32\28049spam9otz85.cpl
c:\windows\system32\28351spam5o96z5.dll
c:\windows\system32\28759hacktoolz59.cpl
c:\windows\system32\29001n9tza-virus5f1.dll
c:\windows\system32\29427szy7075.cpl
c:\windows\system32\29523spy4d5z.dll
c:\windows\system32\2953hac9to5l41z.dll
c:\windows\system32\2959spzware1755.exe
c:\windows\system32\295eszeal9081.ocx
c:\windows\system32\297125zoj99b.exe
c:\windows\system32\297525py5zf9.exe
c:\windows\system32\2977virzs23d5.bin
c:\windows\system32\29859not-a9vizus131.exe
c:\windows\system32\29z22s5y798.dll
c:\windows\system32\2a3dt95eatz024.bin
c:\windows\system32\2cb6spyw95e1z65.bin
c:\windows\system32\2ec3tzre9t17135.dll
c:\windows\system32\2z019h5cktool4d2.exe
c:\windows\system32\2z925w5rm7a5.cpl
c:\windows\system32\2z95thief1505.exe
c:\windows\system32\2z9avir1954.dll
c:\windows\system32\302969acktozl567.bin
c:\windows\system32\30954notza-viru91505.bin
c:\windows\system32\30c4spy5arz9405.ocx
c:\windows\system32\3100zviru9745.cpl
c:\windows\system32\31540virzs1b9.bin
c:\windows\system32\31619zot5a-viruse9.bin
c:\windows\system32\316555zy792.ocx
c:\windows\system32\31cfthze52991.exe
c:\windows\system32\31z47not-a-v9rus255.dll
c:\windows\system32\32109vir5s5b2z.dll
c:\windows\system32\3220zspa59otf8.cpl
c:\windows\system32\322275roj98z.dll
c:\windows\system32\32247not-a-9ir5sz69.dll
c:\windows\system32\32255not-z-vi5us73f9.ocx
c:\windows\system32\325zsp96fa5.dll
c:\windows\system32\32757hacktzol3b59.dll
c:\windows\system32\3325hackto9l4z2.exe
c:\windows\system32\3327h9zktool1d5.ocx
c:\windows\system32\335ebackdooz948.bin
c:\windows\system32\3496spa9bot5zd.dll
c:\windows\system32\349aaddwar511z3.exe
c:\windows\system32\351a95zare2498.bin
c:\windows\system32\3556stzal9411.dll
c:\windows\system32\35e3bac9door59z.dll
c:\windows\system32\35zfste9l2269.dll
c:\windows\system32\3690do5zloader1755.exe
c:\windows\system32\3755d9wnloader2600z.bin
c:\windows\system32\37c79parse3z95.exe
c:\windows\system32\39399ackdoor2259z.cpl
c:\windows\system32\39481sp5z1.bin
c:\windows\system32\39524vzrus543.ocx
c:\windows\system32\39625zpambot548.cpl
c:\windows\system32\3965notza-v5rusfb.bin
c:\windows\system32\39f1zp5ware1904.bin
c:\windows\system32\3a095ddware1597z.bin
c:\windows\system32\3a85parsez9869.bin
c:\windows\system32\3b27addwzr52795.bin
c:\windows\system32\3b5zvir1970.ocx
c:\windows\system32\3bbcb5ckdoor3z259.exe
c:\windows\system32\3cfdth9ef5138z.ocx
c:\windows\system32\3dzav9r5913.cpl
c:\windows\system32\3f58downlo9der5z05.cpl
c:\windows\system32\3fb5sp9ware268z.bin
c:\windows\system32\4150z5rm6099.cpl
c:\windows\system32\4212sp9rs51364z.dll
c:\windows\system32\4235v9r5266z.exe
c:\windows\system32\42z69pyw5re1233.ocx
c:\windows\system32\4459not-azvi5us5ca.cpl
c:\windows\system32\4475thrz9t5258.exe
c:\windows\system32\45d8spyzar92572.cpl
c:\windows\system32\4697not-5-vi9zs5bb.bin
c:\windows\system32\4852not-z9virus77f.exe
c:\windows\system32\4899tzreat15654.exe
c:\windows\system32\490bbackdoor757z.cpl
c:\windows\system32\4923zr9j451.dll
c:\windows\system32\4934threa5192z6.exe
c:\windows\system32\4969thre5z28615.exe
c:\windows\system32\49aes5yware26z5.bin
c:\windows\system32\4bbfb9ckzoor855.cpl
c:\windows\system32\4c9z9parse3532.cpl
c:\windows\system32\4cb0zow9loader1755.cpl
c:\windows\system32\4d6fdown5oade9z531.ocx
c:\windows\system32\4ddbzpa59e367.ocx
c:\windows\system32\4ef3spa9se575z.ocx
c:\windows\system32\4f0ath5e915z8.cpl
c:\windows\system32\4z50addwar93149.cpl
c:\windows\system32\4z89w5rm297.exe
c:\windows\system32\4zc2a9dware2527.bin
c:\windows\system32\507espars9z804.cpl
c:\windows\system32\509espywzre9782.dll
c:\windows\system32\50e9threa52z883.cpl
c:\windows\system32\5164s9eal242z.cpl
c:\windows\system32\51686virzs4c9.bin
c:\windows\system32\516dt9izf1192.ocx
c:\windows\system32\5183downlza9er707.dll
c:\windows\system32\51902t9ojz86.bin
c:\windows\system32\51908viru97az.dll
c:\windows\system32\51adbzckdo9r1155.exe
c:\windows\system32\5239thzef2738.bin
c:\windows\system32\5297zirus3e8.dll
c:\windows\system32\5332hacktooz309.ocx
c:\windows\system32\53867zac9tool39f.cpl
c:\windows\system32\53d9addwaze2053.exe
c:\windows\system32\5447za95door3112.bin
c:\windows\system32\5453spaz5ot7f19.cpl
c:\windows\system32\54569ddwaz5775.dll
c:\windows\system32\5546spy3z95.ocx
c:\windows\system32\554nzt-a5vi9us26.cpl
c:\windows\system32\5569wzrm958.cpl
c:\windows\system32\5582viruz96.ocx
c:\windows\system32\55b9bac9d5zr1535.cpl
c:\windows\system32\55ba9zdwar51260.ocx
c:\windows\system32\55eaba9kdoor1z32.exe
c:\windows\system32\55z79hacktool4079.bin
c:\windows\system32\5601sparse38z9.bin
c:\windows\system32\5656downloa9zr32125.dll
c:\windows\system32\56596tr9jfz.cpl
c:\windows\system32\568bzhief985.bin
c:\windows\system32\569zbackdoor26985.exe
c:\windows\system32\57112vi9us5za.ocx
c:\windows\system32\57580v9rzs1bc.cpl
c:\windows\system32\5765ha9kt5zl145.cpl
c:\windows\system32\5769steaz14659.ocx
c:\windows\system32\584cazdwa9e1637.exe
c:\windows\system32\58645pazbot19b.dll
c:\windows\system32\5908virus76z.cpl
c:\windows\system32\5911spywzre2780.exe
c:\windows\system32\59326hackzool483.bin
c:\windows\system32\5950zroj475.exe
c:\windows\system32\5958trojza3.dll
c:\windows\system32\5971vir153z.bin
c:\windows\system32\59889v9ruz72e.cpl
c:\windows\system32\59913not-a-virusz42.cpl
c:\windows\system32\59bfthizf3092.exe
c:\windows\system32\59caspazse1507.exe
c:\windows\system32\59cbackd5zr1220.ocx
c:\windows\system32\59ef5zief207.bin
c:\windows\system32\5b1tzreat69879.cpl
c:\windows\system32\5b52threzt29558.cpl
c:\windows\system32\5bc4sparze2098.ocx
c:\windows\system32\5c5e9hzeat9593.cpl
c:\windows\system32\5cz2sparse15295.bin
c:\windows\system32\5f94backdozr3175.dll
c:\windows\system32\5fz5spars91922.dll
c:\windows\system32\5z47backdoo92331.cpl
c:\windows\system32\5z599spy99c.dll
c:\windows\system32\5z5troj29d.bin
c:\windows\system32\5z6b9tea5660.cpl
c:\windows\system32\5za8download9r1255.cpl
c:\windows\system32\600d5pa9ze1834.bin
c:\windows\system32\6162not-5-virusz95.exe
c:\windows\system32\61eczhre5t96343.cpl
c:\windows\system32\6329vi5zs529.bin
c:\windows\system32\6338downl9adez12945.ocx
c:\windows\system32\64zestea52893.ocx
c:\windows\system32\657c5ackdzor5529.exe
c:\windows\system32\65z9steal2732.exe
c:\windows\system32\662czpy9ar52900.exe
c:\windows\system32\66cctzief5091.dll
c:\windows\system32\6795not-a-9irus7z7.exe
c:\windows\system32\6815zt9al2356.ocx
c:\windows\system32\68b9addwarz5421.cpl
c:\windows\system32\69c6b5ckdoor19z9.exe
c:\windows\system32\69f8z5r2144.cpl
c:\windows\system32\6a0steaz957.exe
c:\windows\system32\6a28sp5rze18209.bin
c:\windows\system32\6ac5threat1z3939.cpl
c:\windows\system32\6ae9azdwa5e900.ocx
c:\windows\system32\6b5dz9ief747.dll
c:\windows\system32\6b645iz9479.dll
c:\windows\system32\6baspazs5449.ocx
c:\windows\system32\6bbacz95or1040.exe
c:\windows\system32\6c49thi5f1z67.exe
c:\windows\system32\6cb59teal1777z.dll
c:\windows\system32\6d60a9d5are1z.ocx
c:\windows\system32\6dbedzwnloader3597.cpl
c:\windows\system32\6e4stezl9185.cpl
c:\windows\system32\6fc7d5wnlozder1319.exe
c:\windows\system32\7095ozm7fa.exe
c:\windows\system32\7125backdoo93159z.cpl
c:\windows\system32\71629zi5f594.bin
c:\windows\system32\720zaddw9re21655.exe
c:\windows\system32\7251addwaze10179.bin
c:\windows\system32\72b8v9r2547z.ocx
c:\windows\system32\73a4dz9nloader1155.ocx
c:\windows\system32\73c2backd9or5740z.dll
c:\windows\system32\74z2vir20549.ocx
c:\windows\system32\75fdth9eat23z46.ocx
c:\windows\system32\76e5s5y9zre2312.exe
c:\windows\system32\7805addwarz1819.cpl
c:\windows\system32\78z9spa5se1007.exe
c:\windows\system32\795athizf270.bin
c:\windows\system32\7b2f5hief23z9.bin
c:\windows\system32\7d1addw9re5175z.ocx
c:\windows\system32\7d8zt5re9t1061.dll
c:\windows\system32\7e98downloa5erz795.ocx
c:\windows\system32\7eebdown5zader1790.bin
c:\windows\system32\7fd7zhrea519512.ocx
c:\windows\system32\7z94t5oj210.cpl
c:\windows\system32\7zdea5dware2697.exe
c:\windows\system32\8239zr5at24490.exe
c:\windows\system32\853059rus124z.cpl
c:\windows\system32\8935sp5mbzt9f9.ocx
c:\windows\system32\8999s5y3za.ocx
c:\windows\system32\89z39py5f.bin
c:\windows\system32\9052vz51552.cpl
c:\windows\system32\914195pamzot67.ocx
c:\windows\system32\9153zo5m9c8.ocx
c:\windows\system32\91zdsteal1564.bin
c:\windows\system32\92595zpy799.ocx
c:\windows\system32\9452troj757z.exe
c:\windows\system32\945fthzef3195.bin
c:\windows\system32\95058worm2zf.ocx
c:\windows\system32\95096spazb5t6f4.cpl
c:\windows\system32\9521tzief1143.bin
c:\windows\system32\953baddware107z.dll
c:\windows\system32\9555ztroj45c.cpl
c:\windows\system32\9557backdzor812.dll
c:\windows\system32\9569sparze557.cpl
c:\windows\system32\95702troj6z4.ocx
c:\windows\system32\9593spy6z3.exe
c:\windows\system32\95b2addza5e871.cpl
c:\windows\system32\95z3virus569.bin
c:\windows\system32\96a6virz285.ocx
c:\windows\system32\975downlzader1362.dll
c:\windows\system32\978285iruzee.ocx
c:\windows\system32\97z1t9oj2695.ocx
c:\windows\system32\984ftzreat303945.dll
c:\windows\system32\9938ha9kt5ol550z.exe
c:\windows\system32\9c45szarse2871.cpl
c:\windows\system32\9c52zir1473.ocx
c:\windows\system32\9d0fthief2592z.bin
c:\windows\system32\9eacszar5e2708.dll
c:\windows\system32\9f55thie5155z.exe
c:\windows\system32\9f83backdoor356z.dll
c:\windows\system32\ac9v5z2903.bin
c:\windows\system32\AutoRun.inf
c:\windows\system32\b6edowzload9r1156.ocx
c:\windows\system32\c0d9ddwar5z645.bin
c:\windows\system32\cdcb9ckdooz2459.exe
c:\windows\system32\d2cthiefz259.cpl
c:\windows\system32\d54thrzat315529.dll
c:\windows\system32\d85a9dwarz2021.ocx
c:\windows\system32\e29ste5l3z02.cpl
c:\windows\system32\e9fthr5at29z30.dll
c:\windows\system32\z09troj355.ocx
c:\windows\system32\z1323spy595.dll
c:\windows\system32\z1530tro9716.dll
c:\windows\system32\z1e75hre9t2556.ocx
c:\windows\system32\z2764s5y479.exe
c:\windows\system32\z2d2vir2596.exe
c:\windows\system32\z3596spy4c39.cpl
c:\windows\system32\z35aspa5se32059.exe
c:\windows\system32\z40spars59898.bin
c:\windows\system32\z447sp5mb9t37d.bin
c:\windows\system32\z503thief2259.exe
c:\windows\system32\z5520spy5999.dll
c:\windows\system32\z5699r5j7a0.dll
c:\windows\system32\z685tro5529.ocx
c:\windows\system32\z6c5spyware2496.cpl
c:\windows\system32\z7c6vi51933.dll
c:\windows\system32\z855vi91537.exe
c:\windows\system32\z95eaddware2861.cpl
c:\windows\system32\z964sparse1805.exe
c:\windows\system32\z969downloa5er2576.dll
c:\windows\system32\z992tr5j5d8.dll
c:\windows\system32\zadc5ackdoor17179.ocx
c:\windows\z01hacktool9c5.exe
c:\windows\z023s5yw9re1529.exe
c:\windows\z0479ddware2654.exe
c:\windows\z0527w59m529.ocx
c:\windows\z092dow5load9r503.bin
c:\windows\z0991virus253.bin
c:\windows\z1171not-9-vi5us578.exe
c:\windows\z1499ro54f4.bin
c:\windows\z155wo9m19e.bin
c:\windows\z1960hack5ool65f.bin
c:\windows\z286not-a5v9rus29d.exe
c:\windows\z45fs95al982.ocx
c:\windows\z479195rus607.exe
c:\windows\z5094tro5597.exe
c:\windows\z5927worm24f9.cpl
c:\windows\z6534spambot6a99.exe
c:\windows\z66535o9m75b.dll
c:\windows\z8359worm48f.exe
c:\windows\z85sparse1938.dll
c:\windows\z899dow5loader393.ocx
c:\windows\z8a6s9yware12635.bin
c:\windows\z92f5ddware537.ocx
c:\windows\z93a5pywa9e2491.dll
c:\windows\z944959rm390.dll
c:\windows\z9735hief3255.cpl
c:\windows\z9891w5rm783.cpl
c:\windows\z9e1sparse353.dll
c:\windows\zc52stea93090.cpl
c:\windows\zcc5vir1596.exe
c:\windows\zcf3s5yware1095.bin
c:\windows\zebdstea5966.exe
c:\windows\zf805pars9625.cpl

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-11-27 23:44 . 2009-11-27 23:44 9517 ----a-w- c:\windows\cf0s9arse5z.exe
2009-06-03 16:41 . 2009-06-03 16:41 -------- dc----w- C:\!KillBox
2009-06-03 15:56 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 15:56 . 2009-06-03 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 15:56 . 2009-06-03 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 15:56 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 00:38 . 2009-06-03 00:38 -------- d-----w- c:\program files\Trend Micro
2009-06-03 00:37 . 2009-06-03 15:52 -------- d-----w- c:\program files\VS Revo Group
2009-06-03 00:05 . 2009-06-03 00:05 16029 ----a-w- c:\windows\system32\154z9worm.bin
2009-06-03 00:05 . 2009-06-03 00:05 13573 ----a-w- c:\windows\258895ackzo9l9.exe
2009-06-03 00:05 . 2009-06-03 00:05 361472 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-06-03 00:05 . 2009-06-03 00:05 -------- d-----w- c:\program files\WinBlueSoft Software
2009-06-01 14:48 . 2009-06-01 16:19 -------- d-----w- c:\program files\Pokerbility
2009-05-28 13:35 . 2007-09-26 22:16 77864 ----a-w- c:\documents and settings\holdemmanager\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 13:15 . 2009-05-30 10:54 -------- d-----w- c:\program files\Pacific Hand Grabber
2009-05-25 19:32 . 2009-05-25 19:32 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\IsolatedStorage
2009-05-25 14:55 . 2009-05-25 14:56 -------- d-----w- c:\documents and settings\Richard\Application Data\LuckyAcePoker.com
2009-05-25 14:55 . 2009-05-25 15:44 -------- d-----w- c:\program files\LuckyAcePoker.com
2009-05-24 15:57 . 2009-05-24 16:02 -------- d-----w- c:\documents and settings\Richard\Application Data\Spotify
2009-05-24 15:57 . 2009-05-24 15:58 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Spotify
2009-05-24 15:57 . 2009-05-24 15:57 -------- d-----w- c:\program files\Spotify
2009-05-21 18:54 . 2009-06-03 16:28 -------- d-----w- c:\documents and settings\Richard\eee
2009-05-21 18:52 . 2009-05-21 18:52 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Xenocode
2009-05-21 18:34 . 2009-05-21 18:34 -------- d-----w- c:\program files\RVG Software
2009-05-06 19:15 . 2009-05-06 19:15 -------- d-----w- c:\documents and settings\Richard\LocalLow
2009-05-06 19:15 . 2009-05-06 19:15 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\TVU Networks
2009-05-06 19:15 . 2009-05-06 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-06 19:15 . 2009-05-04 14:07 2298680 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-06 19:15 . 2008-03-04 17:52 286720 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-05-06 19:15 . 2007-10-31 08:39 59904 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-05-06 19:15 . 2007-05-17 12:58 143360 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-05-06 19:15 . 2006-10-18 16:32 499712 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-05-06 19:15 . 2006-10-18 16:32 348160 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-05-06 19:15 . 2006-10-16 17:44 196608 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-05-06 19:15 . 2006-10-16 17:44 1028096 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-05-05 16:46 . 2009-05-28 13:11 -------- d-----w- c:\program files\Holdem Indicator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 17:15 . 2008-05-16 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-03 16:48 . 2007-12-27 00:00 -------- d-----w- c:\documents and settings\Richard\Application Data\Skype
2009-06-03 16:13 . 2009-03-20 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-03 00:14 . 2007-12-27 00:10 -------- d-----w- c:\documents and settings\Richard\Application Data\skypePM
2009-05-28 15:08 . 2009-03-14 17:11 -------- d-----w- c:\program files\Full Tilt Poker
2009-05-28 13:41 . 2009-05-28 13:41 -------- d-----w- c:\program files\PostgreSQL
2009-05-23 11:37 . 2008-10-25 16:02 -------- d-----w- c:\program files\PKR
2009-05-21 18:51 . 2008-01-03 22:46 -------- d-----w- c:\documents and settings\Richard\Application Data\uTorrent
2009-05-21 18:31 . 2009-02-11 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-19 03:03 . 2007-09-26 22:02 -------- d-----w- c:\program files\Google
2009-05-13 21:00 . 2007-09-26 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-02 21:11 . 2009-04-02 21:11 152576 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-26 13:04 . 2007-09-26 22:16 69712 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 04:19 . 2008-12-31 12:36 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2006-04-30 06:55 284160 ----a-w- c:\windows\system32\pdh.dll
2008-01-06 14:18 . 2008-01-06 14:18 88 --sh--r- c:\windows\system32\0457CD235C.sys
2008-01-06 14:18 . 2008-01-06 14:18 2828 --sh--w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Google Update"="c:\documents and settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-11 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 39408]
"tempo-setup2.exe"="c:\windows\system32\tempo-setup2.exe" [2009-06-03 361472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2007-08-23 53248]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" [2007-05-31 946176]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-31 2618944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-12-23 628000]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-12-23 58656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Richard\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 20:57 155648 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Program Files\\Mozilla Firefox\\DCPlusPlus\\DCPlusPlus.exe"=
"c:\\Documents and Settings\\Richard\\Desktop\\DCPlusPlus\\DCPlusPlus.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 19:48 10240]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [22/06/2007 19:45 106496]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/05/2007 03:22 54832]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [23/12/2008 03:27 144672]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [08/02/2007 21:11 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [13/09/2006 20:42 35264]
S2 gupdate1c9a98e61418e8a;Google Update Service (gupdate1c9a98e61418e8a);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:02 133104]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19/09/2008 03:03 65536]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 13:54 83208]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-20 19:01]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 19:02]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4192598389-280739146-3985229196-1008.job
- c:\documents and settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-11 18:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RocketDock - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with PDF Converter 5.2 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Open with PDF Professional 5.2 - c:\program files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{21B7BDB5-CA60-42F8-8280-EBE019738116} - c:\program files\FreshDevices\FreshDownload\fd.exe
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d6isdfuh.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Richard\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 18:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1536)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1592)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
Completion time: 2009-06-03 18:18
ComboFix-quarantined-files.txt 2009-06-03 17:17

Pre-Run: 5,664,899,072 bytes free
Post-Run: 5,887,651,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

981 --- E O F --- 2009-05-13 21:00

#10
AdvancedSetup
Posted 04 June 2009 - 01:09 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines
KILLALL::

AtJob::

File::
c:\windows\cf0s9arse5z.exe
c:\windows\system32\tempo-setup2.exe
:\windows\system32\154z9worm.bin
c:\windows\258895ackzo9l9.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:
Posted Image
  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#11
AdvancedSetup
Posted 05 June 2009 - 01:56 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Please post an update on this.

Thanks.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#12
AdvancedSetup
Posted 07 June 2009 - 09:45 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us