Jump to content

Trojan.Win32.Agent.azsy


Recommended Posts

I was asked to clean a freinds computer of this Trojan and found that they had clicked on a Rogue Anti-virus Program and infected themself. It installed Personal Antivirus. the first thing that I did was to try to uninstall the Program but it would not uninstall. I was able to delete the Program for C:\Programs files and deleted the folder, I then tried to run malwarebytes and it would not run so I started looking at forums. I also tried several different malware removers but none would run. so I came across several of your posts. So I download the Combofix software and renamed it and it ran on the computer and here is the log. can you help me to finish cleaning this machine or is this machine clean.

ComboFix 09-11-05.05 - Dale Moses 11/06/2009 12:28.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.482 [GMT -6:00]

Running from: c:\documents and settings\Administrator\Desktop\ABCD.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Starware408

c:\documents and settings\All Users\Application Data\Starware408\buttons\1223_button_1b_def.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\1223_button_1b_over.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\1229_button_1b_def.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\1229_button_1b_over.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\Button_50.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\Button_60.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\Button_70.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\FindIt.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\FindItHot.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\findithotxp.png

c:\documents and settings\All Users\Application Data\Starware408\buttons\finditxp.png

c:\documents and settings\All Users\Application Data\Starware408\buttons\logo.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\logoxp.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\Weather.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\WeatherHot.bmp

c:\documents and settings\All Users\Application Data\Starware408\buttons\weatherhotxp.png

c:\documents and settings\All Users\Application Data\Starware408\buttons\weatherxp.png

c:\documents and settings\All Users\Application Data\Starware408\contexts\error.xml

c:\documents and settings\All Users\Application Data\Starware408\contexts\Related.xml

c:\documents and settings\All Users\Application Data\Starware408\contexts\Travel.xml

c:\documents and settings\All Users\Application Data\Starware408\images\clear.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\cloudy.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\foggy.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\frain.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\haze.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\mcloud.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\na.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\nclear.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\ncloudy.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\nfoggy.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\nmcloud.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\nna.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\noicon.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\npcloud.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\nrain.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\pcloud.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\rain.bmp

c:\documents and settings\All Users\Application Data\Starware408\images\walertXP.bmp

c:\documents and settings\All Users\Application Data\Starware408\SimpleUpdate\ProductMessagingConfig.xml

c:\documents and settings\All Users\Application Data\Starware408\SimpleUpdate\ProductMessagingConfig.xml.backup

c:\documents and settings\All Users\Application Data\Starware408\SimpleUpdate\SimpleUpdateConfig.xml

c:\documents and settings\All Users\Application Data\Starware408\SimpleUpdate\SimpleUpdateConfig.xml.backup

c:\documents and settings\All Users\Application Data\Starware408\SimpleUpdate\TimerManagerConfig.xml

c:\documents and settings\All Users\Application Data\Starware408\SimpleUpdate\TimerManagerConfig.xml.backup

c:\documents and settings\All Users\Application Data\Starware408\Tem10.tmp

c:\documents and settings\Dale Moses\Application Data\Starware408

c:\documents and settings\Dale Moses\Application Data\Starware408\Button_5\Button_5Options.xml

c:\documents and settings\Dale Moses\Application Data\Starware408\Button_5\Button_5Options.xml.backup

c:\documents and settings\Dale Moses\Application Data\Starware408\Button_6\Button_6Options.xml

c:\documents and settings\Dale Moses\Application Data\Starware408\Button_6\Button_6Options.xml.backup

c:\documents and settings\Dale Moses\Application Data\Starware408\Button_7\Button_7Options.xml

c:\documents and settings\Dale Moses\Application Data\Starware408\Button_7\Button_7Options.xml.backup

c:\documents and settings\Dale Moses\Application Data\Starware408\Video_Vault\Video_VaultOptions.xml

c:\documents and settings\Dale Moses\Application Data\Starware408\Video_Vault\Video_VaultOptions.xml.backup

c:\documents and settings\Dale Moses\Application Data\Starware408\Watch_Videos\Watch_VideosOptions.xml

c:\documents and settings\Dale Moses\Application Data\Starware408\Watch_Videos\Watch_VideosOptions.xml.backup

c:\program files\Starware408

c:\program files\Starware408\bin\Starware408.dll

c:\program files\Starware408\icons\star_16.ico

c:\recycler\S-1-5-21-1079113596-3371296759-2528311962-500

c:\recycler\S-1-5-21-1275210071-261478967-839522115-500

c:\recycler\S-1-5-21-179531828-2853224448-3628542644-500

c:\recycler\S-1-5-21-2192409820-2289054400-1157314694-500

c:\recycler\S-1-5-21-2724382250-2464719362-122087494-500

c:\recycler\S-1-5-21-3101147382-3012010417-1302004682-500

c:\windows\10116tzo539f.ocx

c:\windows\1059steal19z5.ocx

c:\windows\117ct9iez2155.cpl

c:\windows\12030v59uz24c.dll

c:\windows\12439tr5j71z.bin

c:\windows\1252zpambo935f.exe

c:\windows\12560worm1z95.dll

c:\windows\12689hackto5lza1.cpl

c:\windows\1290spa9boz51.exe

c:\windows\13179zp5mbot53e.cpl

c:\windows\13599pambotaaz.exe

c:\windows\13854hzckto9l7d8.ocx

c:\windows\13961hackt5ol9fez.exe

c:\windows\13z05spa5b9t774.bin

c:\windows\13z29spambot7f59.dll

c:\windows\146z95py1ec.ocx

c:\windows\148zviru59f4.cpl

c:\windows\14zbspars95765.ocx

c:\windows\150ead9ware1158z.bin

c:\windows\1514thzef7099.ocx

c:\windows\15296hacktzol661.dll

c:\windows\1539virz972.cpl

c:\windows\1561back9oor20z.bin

c:\windows\15846noz9a-viru57b8.bin

c:\windows\1590zpyw9re1095.cpl

c:\windows\15951worm35z9.cpl

c:\windows\1596395cktoolze9.exe

c:\windows\15z8ad9ware567.cpl

c:\windows\15z9sp9rse606.dll

c:\windows\162999ot-z-virus652.bin

c:\windows\16550not-a-virusz229.bin

c:\windows\16664spa9botza5.bin

c:\windows\1715nzt-a-v9rus49c.bin

c:\windows\17945spz675.dll

c:\windows\1795szeal525.ocx

c:\windows\1796zir8759.cpl

c:\windows\17z37spy965.exe

c:\windows\184529zrm259.bin

c:\windows\186349azk5ool225.bin

c:\windows\1869v5z1029.exe

c:\windows\188035pa9bot75z.exe

c:\windows\18866tz592b1.cpl

c:\windows\191319roj2a5z.exe

c:\windows\19206not-a-virzs543.bin

c:\windows\193759rojz5.cpl

c:\windows\1945not-a-virus4z4.bin

c:\windows\19599zorm295.bin

c:\windows\19699virus585z.cpl

c:\windows\19952troz7c2.exe

c:\windows\19955worm7a1z.cpl

c:\windows\19b1ad5ware2z4.ocx

c:\windows\19bcspz5se2670.cpl

c:\windows\19cf5ir30z5.ocx

c:\windows\19d9dowzl5ader2059.exe

c:\windows\1a07add5are9542z.dll

c:\windows\1a2zdo9nl5ader530.exe

c:\windows\1b28spywzr52592.bin

c:\windows\1b97b9ckdzor850.exe

c:\windows\1cecz9dware1534.bin

c:\windows\1cz8vi59339.cpl

c:\windows\1d9thi5f2109z.bin

c:\windows\1f5dsteal99z8.bin

c:\windows\1f8esza5s92628.dll

c:\windows\1z596troj5d15.dll

c:\windows\1z625spambot998.ocx

c:\windows\1z708s9y6875.dll

c:\windows\20daad5waze2931.dll

c:\windows\210489z5us477.bin

c:\windows\21049z5rm3a5.ocx

c:\windows\2158bzck9oor2118.cpl

c:\windows\2168059cktooz5ed.exe

c:\windows\217039ormaz5.ocx

c:\windows\21892zirus2e5.ocx

c:\windows\226995roz679.cpl

c:\windows\23457not-a-viruz295.cpl

c:\windows\24198hackt5olz98.bin

c:\windows\24292zpy1005.exe

c:\windows\24318not5a-vir9s1e3z.exe

c:\windows\250z7hac9tool205.exe

c:\windows\2551z9irusde.bin

c:\windows\2554zwo9m59f.exe

c:\windows\256015pazbot599.ocx

c:\windows\25768spy7zf9.ocx

c:\windows\25964wzr5344.ocx

c:\windows\2619ackdoo510z8.bin

c:\windows\265tzo945a.dll

c:\windows\26983nz59a-virus48f.exe

c:\windows\26bcst9alz52.bin

c:\windows\26z76h9ckt5ol18.dll

c:\windows\27122zot-a-9irus151.cpl

c:\windows\271485ot-a-vizus53b9.exe

c:\windows\271d5pywaze28129.ocx

c:\windows\272z6spy79c5.bin

c:\windows\2793zo5nloader3246.dll

c:\windows\28095h9cktzol3ed5.dll

c:\windows\282abackdoo51z709.bin

c:\windows\282ddownlo59zr2923.exe

c:\windows\28363hackto5z691.exe

c:\windows\28623s9azb5t5af.ocx

c:\windows\290255or926dz.exe

c:\windows\29250szy18e9.exe

c:\windows\292b9ownloade5z62.ocx

c:\windows\29590ha5kzool44.cpl

c:\windows\299509roz227.bin

c:\windows\29961hackt5ol391z.ocx

c:\windows\29982spy45z.bin

c:\windows\29bt5iez2280.dll

c:\windows\29z285ot-a-vir9s39f.dll

c:\windows\29z9spy557.dll

c:\windows\2ae1azdwar530779.bin

c:\windows\2az5s9arse1963.ocx

c:\windows\2d5a9hi5f297z.dll

c:\windows\2d6cstzal5469.exe

c:\windows\2e895iz3013.ocx

c:\windows\2e97t95eaz15376.exe

c:\windows\2fezad5ware909.ocx

c:\windows\2z02thief91825.ocx

c:\windows\2z7sp9r5e309.exe

c:\windows\2z93st5al1369.bin

c:\windows\2zf7addware9505.ocx

c:\windows\308935acztoo97b3.cpl

c:\windows\3108s5zmbot397.bin

c:\windows\31109troz585.bin

c:\windows\315859ief2242z.dll

c:\windows\31925virus2bz.exe

c:\windows\319z75acktool700.dll

c:\windows\321809acztoo5481.cpl

c:\windows\32222n9z-a-5irus6e4.bin

c:\windows\3224baczdoor9250.cpl

c:\windows\32399spz585.cpl

c:\windows\32554not-a9virus1z9.cpl

c:\windows\32683hacktzo925a.ocx

c:\windows\3285threat97979z.dll

c:\windows\336zd5wnloader95.exe

c:\windows\3372sp9wzr52508.ocx

c:\windows\3388t5ief90z9.cpl

c:\windows\33b5spa9sz2624.exe

c:\windows\3494zhie5359.exe

c:\windows\34a1tzre5t24095.bin

c:\windows\34z7stea52902.bin

c:\windows\3529zpy2e.cpl

c:\windows\356az9r1507.ocx

c:\windows\35709zacktool29a.bin

c:\windows\3589sparsz1905.cpl

c:\windows\35fethrzat5985.dll

c:\windows\3759backdoor91z3.ocx

c:\windows\37b5thizf1954.ocx

c:\windows\382d5d9waze2830.ocx

c:\windows\3916addwarz1251.bin

c:\windows\3953back9oo5z006.exe

c:\windows\3954zpyware5562.ocx

c:\windows\3959bazkd5or3230.cpl

c:\windows\395zspy4349.exe

c:\windows\39a1thief4z5.exe

c:\windows\39az5hief2260.exe

c:\windows\3becvzr9651.exe

c:\windows\3d2daddwa5ez2029.exe

c:\windows\3e9dszyw5re2490.cpl

c:\windows\3f54a9dwaze64.exe

c:\windows\3z49a5dware180.cpl

c:\windows\3z505hief27599.bin

c:\windows\3z59steal2997.bin

c:\windows\414fdoz9loa5er2397.dll

c:\windows\4156w9rm45ez.bin

c:\windows\419cs95wzre1595.bin

c:\windows\420not5a-vi9uz50f.cpl

c:\windows\43e2v9r558z.dll

c:\windows\4459threzt117.bin

c:\windows\446zv5r26529.dll

c:\windows\450hacktooz297.bin

c:\windows\451zthief15949.exe

c:\windows\4536downloader9047z.ocx

c:\windows\4568vir40z9.dll

c:\windows\459virz9685.ocx

c:\windows\4655spywaze1009.bin

c:\windows\471zaddwa5e790.bin

c:\windows\48acspa5sez159.cpl

c:\windows\48fdz592251.ocx

c:\windows\48z45acktool3d9.exe

c:\windows\491spyware5563z.dll

c:\windows\4935ha5kzool1ca.bin

c:\windows\4935zir1355.exe

c:\windows\4955h95ktool581z.exe

c:\windows\495zvir2654.ocx

c:\windows\4978spamzot1995.exe

c:\windows\498fbaczd95r1534.exe

c:\windows\49b8downloa9e5z095.bin

c:\windows\4e379aczdoor5855.bin

c:\windows\4e87threa52z8309.ocx

c:\windows\4ebzth59f1119.ocx

c:\windows\4ez55ackdoor1779.exe

c:\windows\4f99v5r39z.ocx

c:\windows\5095thzeat11632.ocx

c:\windows\50965hreat7950z.cpl

c:\windows\509a9zr3236.bin

c:\windows\50cbdowzl9ader275.bin

c:\windows\510caddwzr59087.bin

c:\windows\5142spz189.ocx

c:\windows\51559orm7z3.dll

c:\windows\516z9troj1ad.cpl

c:\windows\51925hreat26504z.cpl

c:\windows\52379virus1z9.exe

c:\windows\52591hacztool680.exe

c:\windows\52b5spazse1948.dll

c:\windows\52zdsp5rs9348.cpl

c:\windows\52zfa9dwa5e3089.ocx

c:\windows\5355spz39a.dll

c:\windows\538fbackdoor95z.bin

c:\windows\53941szambot31b.exe

c:\windows\53a6adzwar919425.cpl

c:\windows\54594not-a-virusz.exe

c:\windows\5499thzeat8793.dll

c:\windows\55110ha9ktooz2ba.cpl

c:\windows\5547worz9a9.dll

c:\windows\5551spy7zc9.exe

c:\windows\5590wor94zc.bin

c:\windows\55bzthi9f15145.ocx

c:\windows\55c5szyware2209.cpl

c:\windows\55d2z9reat4599.cpl

c:\windows\55ea9tzal2319.ocx

c:\windows\55z9threa921871.ocx

c:\windows\563139acztool4f6.cpl

c:\windows\56594nzt-a-virus49d.exe

c:\windows\568zhief729.exe

c:\windows\56970hacztool78b.dll

c:\windows\5752ba5kdo9rz630.ocx

c:\windows\578caddwarz759.dll

c:\windows\5791spz3f8.ocx

c:\windows\57d4zir1977.exe

c:\windows\5808z9cktool11c.ocx

c:\windows\58196not-z-virus5ab.bin

c:\windows\58z57worm95.exe

c:\windows\58z68virus908.ocx

c:\windows\58zvir999.bin

c:\windows\5945vir3189z.cpl

c:\windows\59cbspy9are57z0.exe

c:\windows\59zb59reat9964.cpl

c:\windows\5b16stea9z025.exe

c:\windows\5cdbspy95rez068.exe

c:\windows\5ceba9kdooz2007.ocx

c:\windows\5d44dow5l9ader2124z.cpl

c:\windows\5e0cdowzloader25999.ocx

c:\windows\5e6zthrea924121.exe

c:\windows\5ez7thief3195.exe

c:\windows\5fa85parse6z9.ocx

c:\windows\5z398hackto9l91.bin

c:\windows\5z799s9y494.ocx

c:\windows\5z84t5ief26529.cpl

c:\windows\5z88sparse1759.cpl

c:\windows\5z95vir2022.cpl

c:\windows\5zbbthre5t24179.bin

c:\windows\5zc59pyware2959.cpl

c:\windows\5zcspywa9e1969.ocx

c:\windows\5zf9vir1848.ocx

c:\windows\6073ad5ware3294z.exe

c:\windows\60e5spywa5e201z9.ocx

c:\windows\61195aczto9l3c3.dll

c:\windows\6134zp9mbot5e5.dll

c:\windows\6355szarse598.ocx

c:\windows\63a19ownloadz52494.cpl

c:\windows\641cdownloa9e53092z.bin

c:\windows\6519s9eaz447.ocx

c:\windows\6569thie52577z.bin

c:\windows\658caddzare14939.dll

c:\windows\6590zownloade5927.exe

c:\windows\6689adzware2585.bin

c:\windows\66e1bzc9door3095.cpl

c:\windows\68eca9dware55z.ocx

c:\windows\6935tzreat50520.ocx

c:\windows\6a549pywzre2671.ocx

c:\windows\6d2ct9ie5z790.exe

c:\windows\6e34do9nloa5er12z6.cpl

c:\windows\6e679zyware5724.cpl

c:\windows\6ea49ddwa5e1z92.ocx

c:\windows\6z9a5pyware1257.dll

c:\windows\6zdf59dware1116.bin

c:\windows\70985orm54z.cpl

c:\windows\7130vzr59498.dll

c:\windows\72zed9w5loader66.ocx

c:\windows\7361dowzloader9585.bin

c:\windows\73899acktoolz95.ocx

c:\windows\73c79te5z664.ocx

c:\windows\7459bac9zoor2138.ocx

c:\windows\749edownzo5der196.ocx

c:\windows\7516do9nlzader2605.ocx

c:\windows\7587hacktozl19a.exe

c:\windows\769ezte9l435.ocx

c:\windows\776t9reat1z574.ocx

c:\windows\77z5v9r3041.dll

c:\windows\77zspywa5e9079.bin

c:\windows\788aad5zare6339.bin

c:\windows\78aaspyw5ze3907.ocx

c:\windows\799thr9at28z56.cpl

c:\windows\79bb9pyware1z375.ocx

c:\windows\79z4hacktoo579c.bin

c:\windows\7ccbback9o5r1z95.exe

c:\windows\7cd5bac9dooz197.cpl

c:\windows\7d78stealz0915.exe

c:\windows\7e56thief114z9.bin

c:\windows\7f5c5ackzoor1795.bin

c:\windows\7z28vi91525.exe

c:\windows\7z74downl5ader1791.exe

c:\windows\81z9sp9457.exe

c:\windows\82795dwzre2051.ocx

c:\windows\8595not-a-zi9us4fa.ocx

c:\windows\896a5zware642.cpl

c:\windows\8d8ad5warz1973.ocx

c:\windows\8z20t5oj28f9.exe

c:\windows\9019pywaze2955.dll

c:\windows\91e2spaz5e825.bin

c:\windows\91z01worm3a5.ocx

c:\windows\9248hacktozl495.exe

c:\windows\92520not-5-zirus1cf.bin

c:\windows\9359spam9oz1d7.bin

c:\windows\93c5sparse1z69.cpl

c:\windows\93ffadd5are3z45.ocx

c:\windows\9457szy7d9.cpl

c:\windows\94818hackz5ol7de.exe

c:\windows\95379virus449z.exe

c:\windows\9545virz05.dll

c:\windows\95978zroj192.dll

c:\windows\95z5troj20b.dll

c:\windows\964caddwarz151.cpl

c:\windows\96d55hreat3z54.bin

c:\windows\96z69tro563c.bin

c:\windows\9764trzj15a.dll

c:\windows\97f9iz5032.exe

c:\windows\9844zow5loader2042.exe

c:\windows\98681viruz315.bin

c:\windows\9981w9r5675z.cpl

c:\windows\99969sp53z4.exe

c:\windows\9b52threat20z45.exe

c:\windows\9c25az5ware718.cpl

c:\windows\9d7sp5ware2913z.cpl

c:\windows\9z2a5ownloader1051.exe

c:\windows\9z60not-a-v5ru974e.ocx

c:\windows\a2fazdw9re2562.exe

c:\windows\bc1backdzor3925.dll

c:\windows\ccczow5loade9367.exe

c:\windows\cz5vir1957.bin

c:\windows\d85t9i5f32z1.bin

c:\windows\e87spars51z929.ocx

c:\windows\kb913800.exe

c:\windows\setup.exe

c:\windows\system32\10z55ha9ktool1ce.bin

c:\windows\system32\113415zoj79.dll

c:\windows\system32\11399szy5f2.cpl

c:\windows\system32\114419zoj52a.ocx

c:\windows\system32\11467s9am5oz693.bin

c:\windows\system32\11493sz5mbo9220.cpl

c:\windows\system32\1157noz-a9virus322.exe

c:\windows\system32\11945spamzot3cb.cpl

c:\windows\system32\120f59zware2613.exe

c:\windows\system32\12179spaz5ot4b89.exe

c:\windows\system32\12284spz75e9.dll

c:\windows\system32\124479pyzf5.exe

c:\windows\system32\1288downlz5der591.dll

c:\windows\system32\13330spam9ot5z.dll

c:\windows\system32\13559hacktooz57e.dll

c:\windows\system32\13951vzr5s582.exe

c:\windows\system32\1398backd5zr3068.exe

c:\windows\system32\13d85hiefz902.cpl

c:\windows\system32\14129spambo51zb9.cpl

c:\windows\system32\14595zr19559.dll

c:\windows\system32\14668wzrm5b39.bin

c:\windows\system32\14911trz955a.cpl

c:\windows\system32\14f0a5dw9re23z4.ocx

c:\windows\system32\14z56t9o5793.exe

c:\windows\system32\15029sp5105z.dll

c:\windows\system32\1542zac9tool46b.bin

c:\windows\system32\15607hack9zol336.cpl

c:\windows\system32\15894not-azvi9us35d.bin

c:\windows\system32\1599zddw5re922.bin

c:\windows\system32\15b8bz59door1158.exe

c:\windows\system32\15beaddza9e30905.ocx

c:\windows\system32\15zvi59921.exe

c:\windows\system32\161689rzj550.bin

c:\windows\system32\16169sp9mbot5b9z.bin

c:\windows\system32\16431zroj9b5.dll

c:\windows\system32\165975ot-a9zirus18f.bin

c:\windows\system32\165f9p5rsz749.exe

c:\windows\system32\167845zy989.ocx

c:\windows\system32\1697ztea9259.dll

c:\windows\system32\171425zo92d.bin

c:\windows\system32\17386not-a-9i5usz7f.exe

c:\windows\system32\17555virzs759.cpl

c:\windows\system32\1762zte9l28375.bin

c:\windows\system32\1850nzt-a-vi5us559.cpl

c:\windows\system32\1859viruz540.dll

c:\windows\system32\18695trzj3f59.ocx

c:\windows\system32\18783n9t5azvirus47.cpl

c:\windows\system32\18852spambzt5199.dll

c:\windows\system32\190z5hac5tool7a0.bin

c:\windows\system32\193905acktoolz1a.exe

c:\windows\system32\195019acktzo5611.exe

c:\windows\system32\197d5ownlozder987.ocx

c:\windows\system32\19811nz5-a-virus774.dll

c:\windows\system32\19859zroj683.cpl

c:\windows\system32\19884hac5tozl975.ocx

c:\windows\system32\19910hacztool75c.ocx

c:\windows\system32\19ae9pyware1765z.dll

c:\windows\system32\19z92not-5-virus184.dll

c:\windows\system32\1c84baczdo5r1970.cpl

c:\windows\system32\1d18baczd5or17479.dll

c:\windows\system32\1d5959eal2z52.ocx

c:\windows\system32\1d95szeal605.ocx

c:\windows\system32\1e32do9nlozder857.ocx

c:\windows\system32\1e65zpyware2907.dll

c:\windows\system32\1e9z59ckdoor75.ocx

c:\windows\system32\1f68s5zrse9675.bin

c:\windows\system32\1f95backdoo9503z.ocx

c:\windows\system32\1z00thie95430.cpl

c:\windows\system32\1z305not-a-virus699.cpl

c:\windows\system32\1z43s5arse9905.exe

c:\windows\system32\1z681virus5c69.cpl

c:\windows\system32\1z702spam95t236.ocx

c:\windows\system32\1z948virus15a.dll

c:\windows\system32\1z99virus105.ocx

c:\windows\system32\205d9ddware480z.bin

c:\windows\system32\20893not-a-virusz53.cpl

c:\windows\system32\20934hac5tool2ze.dll

c:\windows\system32\2119zi95s490.cpl

c:\windows\system32\21393not-a5vizus768.ocx

c:\windows\system32\21409t95z79f.cpl

c:\windows\system32\21445ha9ktool76z.cpl

c:\windows\system32\21536spamboz495.exe

c:\windows\system32\215zt95eat13915.cpl

c:\windows\system32\218b9ddw5re43z.bin

c:\windows\system32\219etzre5t3194.cpl

c:\windows\system32\22355trzj292.exe

c:\windows\system32\22959ot-a-vir5sa5z.dll

c:\windows\system32\229z5spy3ee.cpl

c:\windows\system32\23255zorm689.ocx

c:\windows\system32\2326tr9j1e5z.dll

c:\windows\system32\23316z5ambot90a.bin

c:\windows\system32\23353woz955e.dll

c:\windows\system32\23424s5y9zc.bin

c:\windows\system32\23890zr59279.cpl

c:\windows\system32\239165irusz8a.bin

c:\windows\system32\244z8troj495.exe

c:\windows\system32\24558v9ruz457.cpl

c:\windows\system32\24852vz9us566.dll

c:\windows\system32\24931zpy65d.exe

c:\windows\system32\24952virus5z0.bin

c:\windows\system32\25141wor92z9.bin

c:\windows\system32\2515addwa9e258z.dll

c:\windows\system32\252a9teal99z.ocx

c:\windows\system32\254asparse1z369.exe

c:\windows\system32\254z5v9rus188.ocx

c:\windows\system32\2555zspy695.dll

c:\windows\system32\25f3vzr1695.ocx

c:\windows\system32\26025zot-a-virus699.ocx

c:\windows\system32\26157no5-z-v9rus35b.exe

c:\windows\system32\26189not-a-vir5szf4.bin

c:\windows\system32\263c5azkdoor799.ocx

c:\windows\system32\267z0t5oj729.exe

c:\windows\system32\26968no9-a-vzr5s56a.dll

c:\windows\system32\27335wor938ez.ocx

c:\windows\system32\273z5spy9ce.exe

c:\windows\system32\27853z5cktool39.dll

c:\windows\system32\278905roz49e.exe

c:\windows\system32\27z415p91be.bin

c:\windows\system32\281z99py525.cpl

c:\windows\system32\2825sp9rsez5.bin

c:\windows\system32\2907backdooz2589.ocx

c:\windows\system32\29080tro95bz.cpl

c:\windows\system32\29206hzckt5ol6449.bin

c:\windows\system32\2925spambot65z.exe

c:\windows\system32\294195acktool135z.dll

c:\windows\system32\29475zp976b.bin

c:\windows\system32\29535spam9oz512.exe

c:\windows\system32\29595zor9659.bin

c:\windows\system32\295z39roj59d.dll

c:\windows\system32\29609spambotzbe5.ocx

c:\windows\system32\29770noz-a-5irus6e4.ocx

c:\windows\system32\29864w5r9zdf.cpl

c:\windows\system32\29866hacktoo55az.exe

c:\windows\system32\2988ztro9665.ocx

c:\windows\system32\298s9yzf55.dll

c:\windows\system32\29z2vir30475.dll

c:\windows\system32\29z9thief1599.ocx

c:\windows\system32\2be9d5wnloaz9r2059.bin

c:\windows\system32\2c1addwa5z1729.cpl

c:\windows\system32\2d89v9r172z5.ocx

c:\windows\system32\2z1995py7c6.dll

c:\windows\system32\2z548wor59c0.cpl

c:\windows\system32\2z865worm596.ocx

c:\windows\system32\2zcb5ddware3931.cpl

c:\windows\system32\30529spz2a9.cpl

c:\windows\system32\30th9ef1z195.exe

c:\windows\system32\3149zs5y7ba.bin

c:\windows\system32\317z9not5a-virus59.ocx

c:\windows\system32\32508h9cktzo5208.ocx

c:\windows\system32\32avi5279z.dll

c:\windows\system32\3358sz9al856.exe

c:\windows\system32\341ab9ck5oor1898z.ocx

c:\windows\system32\34619pyware2358z.cpl

c:\windows\system32\346z5py41f9.ocx

c:\windows\system32\348fdownloz9er9055.ocx

c:\windows\system32\3529z5eal360.exe

c:\windows\system32\3535vir15z79.dll

c:\windows\system32\3596vi9258z.exe

c:\windows\system32\3599tzo976f.exe

c:\windows\system32\359zspa5se899.dll

c:\windows\system32\35davir2z95.exe

c:\windows\system32\36e1t9zef158.bin

c:\windows\system32\3850down9ozder924.ocx

c:\windows\system32\38a8addwa5e89z.ocx

c:\windows\system32\392adow59oadez2576.ocx

c:\windows\system32\39399sp5d9z.ocx

c:\windows\system32\3957zhief1565.exe

c:\windows\system32\39825hreat220z69.cpl

c:\windows\system32\39f7ba9kdozr3550.bin

c:\windows\system32\3a13bacz5o9r1007.cpl

c:\windows\system32\3ad2z5ckdoor2290.exe

c:\windows\system32\3az6spywar5917.dll

c:\windows\system32\3c2ed5wnl9azer2393.cpl

c:\windows\system32\3c97stezl9562.dll

c:\windows\system32\3d49szywa9e2715.ocx

c:\windows\system32\3d93dzwnload9r7635.cpl

c:\windows\system32\3de5downzo9der1453.exe

c:\windows\system32\3eb3back95zr2595.cpl

c:\windows\system32\3ez95ir729.ocx

c:\windows\system32\3z705hief2839.dll

c:\windows\system32\43f5zackdo5r2938.cpl

c:\windows\system32\4405bac5dzor1199.ocx

c:\windows\system32\44c6spy5zre23579.dll

c:\windows\system32\44feaddwzre59.dll

c:\windows\system32\4569zow5loader9073.cpl

c:\windows\system32\45765o9z38e.exe

c:\windows\system32\4577do9nloader18z1.exe

c:\windows\system32\45b4b9ckdoor198z.exe

c:\windows\system32\45b9virz751.dll

c:\windows\system32\493csze5l1188.exe

c:\windows\system32\496s5ambot37z.ocx

c:\windows\system32\49e7bazkdo5r1026.bin

c:\windows\system32\4a4zthreat19175.cpl

c:\windows\system32\4d2f5ir29z9.dll

c:\windows\system32\4e1bs9zware5180.dll

c:\windows\system32\4e53threat1z7975.dll

c:\windows\system32\4ffdzddw5re1699.ocx

c:\windows\system32\4z659tea5399.cpl

c:\windows\system32\4z92threa97835.bin

c:\windows\system32\4zea9ir1254.bin

c:\windows\system32\5037zorm490.cpl

c:\windows\system32\50434z9y6b1.exe

c:\windows\system32\504z3spam9otd0.dll

c:\windows\system32\5099spy6ez9.cpl

c:\windows\system32\5155addware19z8.bin

c:\windows\system32\5159spy5z9.bin

c:\windows\system32\517f9hief680z.exe

c:\windows\system32\51949worm6z4.cpl

c:\windows\system32\51d9threat1854z.exe

c:\windows\system32\5209dowzlo5der1867.bin

c:\windows\system32\52czd9ware371.bin

c:\windows\system32\53307not-a-virus689z.cpl

c:\windows\system32\5364z954e3.ocx

c:\windows\system32\5386ba59dozr1816.exe

c:\windows\system32\53f9zteal1570.exe

c:\windows\system32\541spywarez7359.cpl

c:\windows\system32\5425spa9zot84.exe

c:\windows\system32\54496trojzd8.cpl

c:\windows\system32\548es9eal1z84.cpl

c:\windows\system32\54c2dow59oaderz169.ocx

c:\windows\system32\54z6down9oader2646.dll

c:\windows\system32\5500w5zm791.ocx

c:\windows\system32\55b59ddware2951z.bin

c:\windows\system32\5605sparse79z.ocx

c:\windows\system32\5612ztroj6c9.ocx

c:\windows\system32\567a9owzloader3033.exe

c:\windows\system32\56z7threat259175.dll

c:\windows\system32\57259ir86z.ocx

c:\windows\system32\577zbac5door9243.ocx

c:\windows\system32\5783hzckt9ol4e5.exe

c:\windows\system32\5798worm20z5.ocx

c:\windows\system32\579sp9mzot7a9.dll

c:\windows\system32\5833not-a-zirus398.cpl

c:\windows\system32\5877worm659z.bin

c:\windows\system32\589dsteal5100z.dll

c:\windows\system32\58b5dzwnloader5699.cpl

c:\windows\system32\5903vzr637.exe

c:\windows\system32\5906z5ckdo9r1196.cpl

c:\windows\system32\5940noz-a-vi9u5585.ocx

c:\windows\system32\596cs9zal795.bin

c:\windows\system32\596dvi529z9.ocx

c:\windows\system32\59956troj4zb.ocx

c:\windows\system32\5995threa523z08.cpl

c:\windows\system32\599not-a9viruz5e7.ocx

c:\windows\system32\59b15teal152z.dll

c:\windows\system32\59e6thzef532.ocx

c:\windows\system32\59faspyw5ze1794.ocx

c:\windows\system32\5adaviz9506.exe

c:\windows\system32\5b409zwnloader394.exe

c:\windows\system32\5b9caddw9ze450.dll

c:\windows\system32\5c0zvir219.dll

c:\windows\system32\5c65spzrse3039.bin

c:\windows\system32\5f75spyware1793z.dll

c:\windows\system32\5fdfspa9se358z.bin

c:\windows\system32\5z49virus5209.ocx

c:\windows\system32\5z931virus375.ocx

c:\windows\system32\6038zownl5ader1289.cpl

c:\windows\system32\61b0thzeat8359.ocx

c:\windows\system32\61bcaddwaze459.bin

c:\windows\system32\61z9h95ktoola6.exe

c:\windows\system32\626cste5lz94.dll

c:\windows\system32\6339not-a-zi59s7fe.cpl

c:\windows\system32\63c1szywa951988.ocx

c:\windows\system32\6539stezl3905.dll

c:\windows\system32\654cvi928z6.ocx

c:\windows\system32\655zbackdo9r223.ocx

c:\windows\system32\656zbac9door72.cpl

c:\windows\system32\65b75hrea914000z.ocx

c:\windows\system32\65e995zal1239.dll

c:\windows\system32\65f3back9ozr2715.ocx

c:\windows\system32\665viruz9b.bin

c:\windows\system32\6669thizf594.ocx

c:\windows\system32\66a2zownl95der636.dll

c:\windows\system32\6723bzck5oor94.ocx

c:\windows\system32\674bz5ea9219.dll

c:\windows\system32\6795threat19890z.exe

c:\windows\system32\6799addwaze7435.dll

c:\windows\system32\690thief1z95.exe

c:\windows\system32\6937spzr5e2506.bin

c:\windows\system32\6944zir563.exe

c:\windows\system32\6987zro9546.cpl

c:\windows\system32\69ddo9nloadzr16365.bin

c:\windows\system32\6e13zh5ea919006.bin

c:\windows\system32\6f4zpars51719.exe

c:\windows\system32\6ff8doznloade9251.ocx

c:\windows\system32\6z04thief2195.ocx

c:\windows\system32\6z1fd9wn5oader2765.bin

c:\windows\system32\7171zackdoor2945.exe

c:\windows\system32\7195spy340z.cpl

c:\windows\system32\71dcdo9nlza5er77.ocx

c:\windows\system32\720fdoz9loa5er2750.ocx

c:\windows\system32\720zbackd5or1595.cpl

c:\windows\system32\740259oj68z.cpl

c:\windows\system32\74459zckdoor151.cpl

c:\windows\system32\744eadd5arz793.ocx

c:\windows\system32\74z9spy9are2785.cpl

c:\windows\system32\7533hack9o5l19z.exe

c:\windows\system32\753ha9ktool2z7.cpl

c:\windows\system32\754aback9ozr3239.dll

c:\windows\system32\75929owzloader467.ocx

c:\windows\system32\7597stzal1604.ocx

c:\windows\system32\76b5th9ef2z23.dll

c:\windows\system32\790ddownlo5der1904z.bin

c:\windows\system32\7947not-a-z5rus32.bin

c:\windows\system32\7954sp5rse901z.bin

c:\windows\system32\7958z95ef1355.dll

c:\windows\system32\7a97vzr1551.ocx

c:\windows\system32\7adazdw5r9254.ocx

c:\windows\system32\7c1e59izf2551.dll

c:\windows\system32\7cebdownloadzr54599.exe

c:\windows\system32\7d19th9ea5z604.exe

c:\windows\system32\7ee3zd9war51671.cpl

c:\windows\system32\7f59zddwa5e3101.exe

c:\windows\system32\7fa8zteal7955.cpl

c:\windows\system32\7fz9spywar925685.ocx

c:\windows\system32\7fzback5oor1914.dll

c:\windows\system32\7z2a5dware9644.cpl

c:\windows\system32\815ba9zdoor559.dll

c:\windows\system32\87319or5z81.bin

c:\windows\system32\8884not-5zvirus39a.cpl

c:\windows\system32\8952vi5us69z.cpl

c:\windows\system32\9221dow5loadzr3263.dll

c:\windows\system32\92260sp54fz.dll

c:\windows\system32\92353woz547f.ocx

c:\windows\system32\92379noz-a5virus7e3.cpl

c:\windows\system32\9288downloader4z35.bin

c:\windows\system32\92bfsp5warez592.cpl

c:\windows\system32\935fadzware1815.dll

c:\windows\system32\936steal9z75.ocx

c:\windows\system32\939bacz5oor490.dll

c:\windows\system32\952z4spy4c5.bin

c:\windows\system32\9547zh5cktool4ac.dll

c:\windows\system32\95543spy4z5.dll

c:\windows\system32\9557szy524.dll

c:\windows\system32\955vir12z0.ocx

c:\windows\system32\95618szy55.exe

c:\windows\system32\9598viru93dz.ocx

c:\windows\system32\95998worm7ez.cpl

c:\windows\system32\95athiez3135.ocx

c:\windows\system32\9601notz5-virus979.dll

c:\windows\system32\9644vi95s3z5.cpl

c:\windows\system32\968vizus3425.dll

c:\windows\system32\96downloader2251z.dll

c:\windows\system32\995zthreat523.cpl

c:\windows\system32\995ztroj48b.ocx

c:\windows\system32\9a0a5dware3209z.ocx

c:\windows\system32\9b6back5ozr2693.bin

c:\windows\system32\9b99backd5or25z5.ocx

c:\windows\system32\9c1dvir285z.bin

c:\windows\system32\9d45szyware5670.cpl

c:\windows\system32\9e7s5arse292z.dll

c:\windows\system32\9eaethreaz4505.dll

c:\windows\system32\9z25p9ware1253.cpl

c:\windows\system32\9z49spy7785.cpl

c:\windows\system32\9z62spyware1955.dll

c:\windows\system32\aoz17.tmp.exe

c:\windows\system32\czft5r9at4997.cpl

c:\windows\system32\d3d0499.dll

c:\windows\system32\drivers\ndisrd.sys

c:\windows\system32\drivers\UACiqparrtjxb.sys

c:\windows\system32\ed9downloa5er2z96.bin

c:\windows\system32\fe99hrzat4525.dll

c:\windows\system32\msxmlm.dll

c:\windows\system32\ndisapi.dll

c:\windows\system32\NetFilter.exe

c:\windows\system32\UAChnpcphbrnk.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACmpvogoeuwp.dat

c:\windows\system32\UACmuyqvdyutx.dll

c:\windows\system32\UACqtomudppex.dll

c:\windows\system32\z0307hackto9l7485.bin

c:\windows\system32\z9dba9dw5re1707.dll

c:\windows\z05545pamb9t598.exe

c:\windows\z1718hackto5ld9.dll

c:\windows\z1789troj355.cpl

c:\windows\z208troj5395.ocx

c:\windows\z3521v5rus922.exe

c:\windows\z4299spy29d5.exe

c:\windows\z459thief5773.exe

c:\windows\z4981worm455.ocx

c:\windows\z5263tr9573a.bin

c:\windows\z535th9eat53769.cpl

c:\windows\z579parse1502.exe

c:\windows\z6247spy3945.bin

c:\windows\z6412vir9s2f5.cpl

c:\windows\z6954tro97015.ocx

c:\windows\z710backdoor26595.dll

c:\windows\z784hacktoo96955.exe

c:\windows\z80925roj69e.exe

c:\windows\z85virus95.exe

c:\windows\z8aedownloa59r2203.exe

c:\windows\z93es9ars5255.bin

c:\windows\z949tr5j55.dll

c:\windows\z984stea51915.bin

c:\windows\z9970w9rm5d0.exe

c:\windows\z9bbackd5or575.dll

c:\windows\ze71backdoor1569.cpl

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_NDISRD

-------\Service_NDISRD

((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))

.

2009-11-05 16:33 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-05 16:33 . 2009-11-05 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-05 16:33 . 2009-11-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-05 16:33 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-04 22:32 . 2009-11-04 22:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert

2009-11-04 22:24 . 2009-11-04 23:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-11-04 21:44 . 2009-11-04 21:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2009-11-04 21:44 . 2009-11-04 21:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skinux

2009-11-04 21:44 . 2009-11-04 21:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2009-10-12 18:25 . 2009-10-12 18:25 6021 ----a-w- c:\windows\system32\z5717hacktool195.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-25 17:48 . 2006-07-25 23:01 67528 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-07-17 23:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-15 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]

"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-29 29744]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-15 286720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"combofix"="c:\abcd\CF9491.exe" [2009-11-06 388608]

"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [12/19/2006 11:30 AM 58016]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 11:28 AM 30080]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 11:28 AM 226304]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/16/2007 11:11 PM 29744]

S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [7/24/2006 1:39 PM 17251]

S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [7/24/2006 1:39 PM 7520]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51

*NewlyCreated* - MBR

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

.

.

------- Supplementary Scan -------

.

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: trymedia.com

.

- - - - ORPHANS REMOVED - - - -

BHO-{cb5a26c3-d9b3-4ab0-9efc-443595518284} - c:\program files\Starware408\bin\Starware408.dll

Toolbar-{6e4cc754-caa4-4576-9af1-68323d5760d4} - c:\program files\Starware408\bin\Starware408.dll

HKLM-Run-PersonalAV - c:\program files\PersonalAV\PAV.exe

HKLM-Run-<NO NAME> - (no file)

Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-06 12:49

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)

c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(936)

c:\windows\system32\EntApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\Network Associates\VirusScan\Mcshield.exe

c:\program files\Network Associates\VirusScan\VsTskMgr.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe

c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Apoint\Apntex.exe

c:\program files\DISC\DiscStreamHub.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-11-06 12:51 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-06 18:49

Pre-Run: 134,242,820,096 bytes free

Post-Run: 134,620,393,472 bytes free

- - End Of File - - 7B35764C3DB94A6861394277113F4B55

Link to post
Share on other sites

  • Staff

Hi,

Navigate to and delete the following leftover:

c:\windows\system32\z5717hacktool195.dll

Then, please uninstall the Ask Toolbar since this one is not recommended.

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.