Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
Hello everyone.

I have tried my best to remove this virus on my laptop, but no success yet.

Here are all of the things the virus does:

-Prevents access to websites like spybot, instead of letting me see the site, it simply says "Internet Explorer cannot display the webpage", and there is a button to click that says "Diagnose Connection Problem" (no connection problem of course)

-When I click links from a google search, they most of the time take me to the wrong webpage and I am forced to copy/paste the original link into the web bar.

-Programs like Combofix, Spybot, and HJT do not work and a box comes up after starting them saying "Combofix has stopped working".

-I tried running the programs in Safe Mode, but no luck there.

If anyone knows a fix please reply.

Thanks,

Sean
 

·
Registered
Joined
·
3 Posts
I renamed my Combofix to something else and I followed the instructions from a different post and here is the log I ended up with:

ComboFix 09-07-29.04 - Sean 07/31/2009 0:30.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2059 [GMT -7:00]
Running from: c:\users\Sean\Desktop\Music.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft\Uninstall.lnk
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
C:\resycled
c:\resycled\boot.com
c:\windows\10057vir9sza2.cpl
c:\windows\1059zpamb5t5bd.exe
c:\windows\1069thi5fz912.bin
c:\windows\1075859zj467.exe
c:\windows\11297vzr5s51c.cpl
c:\windows\1132z5ru977d.cpl
c:\windows\11388troz4559.cpl
c:\windows\1179zs5y695.dll
c:\windows\11991szambo95d9.cpl
c:\windows\120355zoj6819.bin
c:\windows\12324tr9j7b5z.bin
c:\windows\1279zroj295.ocx
c:\windows\12a7d5wnloader999z.bin
c:\windows\132985pz2a0.cpl
c:\windows\133505i9us7z8.exe
c:\windows\13552hackt9ol37z.ocx
c:\windows\1355zw59m5d8.exe
c:\windows\13562vizus1059.cpl
c:\windows\135759orm5c5z.ocx
c:\windows\13599virus6cz5.dll
c:\windows\13614spamzo5990.cpl
c:\windows\13956trojz59.cpl
c:\windows\1502zspy169.ocx
c:\windows\15107zpa9bot54.cpl
c:\windows\153255acz9ool441.ocx
c:\windows\154atz9ef1143.dll
c:\windows\15529viruszb2.exe
c:\windows\156thzef5495.dll
c:\windows\15ze9ir1395.dll
c:\windows\1639thizf1511.bin
c:\windows\165395pambot6z9.ocx
c:\windows\16640zack59ol120.cpl
c:\windows\1683h9zktool65.dll
c:\windows\16f4threz99552.ocx
c:\windows\173zspa5b9t258.exe
c:\windows\17511wor53e9z.exe
c:\windows\17552notza-viru9239.bin
c:\windows\179z5spy6e7.cpl
c:\windows\17z91s5y9a.dll
c:\windows\18084z9rus1325.cpl
c:\windows\184479iruze5.dll
c:\windows\190065py7z4.dll
c:\windows\19276spz5bot319.exe
c:\windows\19549z5cktool21b.bin
c:\windows\1955zworm6d2.exe
c:\windows\19699vir5s86z.cpl
c:\windows\19759vizus354.bin
c:\windows\197919pzm5ot65b.bin
c:\windows\19955azk9ool6f.cpl
c:\windows\19z45pyware19049.exe
c:\windows\19z45v5rusad.bin
c:\windows\19z719ot-a-virus2f5.dll
c:\windows\1a45thi9fz682.dll
c:\windows\1a5bbackdozr9355.dll
c:\windows\1a89zir31995.exe
c:\windows\1af1b5ckdzor795.bin
c:\windows\1c879ackdzor12675.dll
c:\windows\1ca7s5zrse2199.ocx
c:\windows\1d37ad9wzre952.cpl
c:\windows\1f87backzoor98025.ocx
c:\windows\1z259spy19f9.dll
c:\windows\1z665viru5692.dll
c:\windows\1z939not-a9virus4545.ocx
c:\windows\20390szy557.ocx
c:\windows\20926notza-vir5s69f.cpl
c:\windows\20e2zhreat31459.bin
c:\windows\20e3sz9ware26365.ocx
c:\windows\2101859zm4f1.exe
c:\windows\2159spz492.exe
c:\windows\215fthie9276z.ocx
c:\windows\21ac9pa5se141z.ocx
c:\windows\2203zspy69d5.dll
c:\windows\2210ztr595a2.bin
c:\windows\227asp5war9283z.cpl
c:\windows\2282zha9ktool155.ocx
c:\windows\24259spambot40z.dll
c:\windows\242z5p9rse852.cpl
c:\windows\24524zo9m512.cpl
c:\windows\24555spambotz949.cpl
c:\windows\24654vi9u5z45.exe
c:\windows\2490zsp575f9.cpl
c:\windows\24991n5tza-virus6b3.dll
c:\windows\249bvzr2565.cpl
c:\windows\24bbdownloa9e5z959.bin
c:\windows\25087worm19z5.bin
c:\windows\25295tro5zcd.ocx
c:\windows\253worm3z9.bin
c:\windows\2549not-a-9irus5zc.cpl
c:\windows\25544not-a-vir9s4z.bin
c:\windows\25824v5ru9zef.ocx
c:\windows\25e3downloaderz918.exe
c:\windows\25z44s9y14d.ocx
c:\windows\25z9spywa5e957.dll
c:\windows\26553nzt-a-vir9s455.cpl
c:\windows\26579troz549.dll
c:\windows\265z7sp92c7.dll
c:\windows\26779notz5-virus558.bin
c:\windows\268z09irus659.exe
c:\windows\26a3t5re9tz6630.dll
c:\windows\26zethrea922235.dll
c:\windows\27272hac9toolz5c5.ocx
c:\windows\272z4spy95d.bin
c:\windows\27432ha95toolz5b.dll
c:\windows\27z615a9ktool781.dll
c:\windows\28215tzoj9d5.ocx
c:\windows\28260hzckt5ol971.ocx
c:\windows\28499viru55d4z.ocx
c:\windows\285dszarse2693.ocx
c:\windows\28z99tro9523.cpl
c:\windows\29051hack9ozl730.cpl
c:\windows\29276virus35z.dll
c:\windows\29293zorm375.exe
c:\windows\292hackzool1775.cpl
c:\windows\29320spa5bot4d8z.exe
c:\windows\29526vzru9778.bin
c:\windows\2985395ambot5z3.exe
c:\windows\29938wozm5cc.dll
c:\windows\299zno9-a-virus35a.bin
c:\windows\29z50worm584.exe
c:\windows\29z95spy12b.bin
c:\windows\2a79bac95oorz821.dll
c:\windows\2b55bac9doo5z244.dll
c:\windows\2bb3s5ywarz958.ocx
c:\windows\2c19spar5z934.dll
c:\windows\2c62st59lz42.dll
c:\windows\2d995dzware2079.bin
c:\windows\2db0zhr9at310145.cpl
c:\windows\2dc4s9yw5rez668.dll
c:\windows\2z565w9rm16.exe
c:\windows\2ze9th5ef2541.bin
c:\windows\2zebv951689.cpl
c:\windows\30185vi9u5z74.exe
c:\windows\30355v9rus6z.exe
c:\windows\30472ziru596.ocx
c:\windows\30689w5zm124.cpl
c:\windows\31009t95j53z.dll
c:\windows\3148z9roj550.exe
c:\windows\3171zhack9ool1d05.bin
c:\windows\31879s597z.ocx
c:\windows\329dthz952569.dll
c:\windows\3490nzt59-virus6ab.dll
c:\windows\35161not-z-vi9us211.exe
c:\windows\35468spambztb9.exe
c:\windows\357not-a5viz9s643.dll
c:\windows\3581zhi9f214.cpl
c:\windows\35881virusz69.cpl
c:\windows\3590worm554z.ocx
c:\windows\35999vzrus3e4.bin
c:\windows\359csza9se2532.ocx
c:\windows\35z2bac9door1295.bin
c:\windows\38779d5ware3015z.dll
c:\windows\394sp5zare3135.bin
c:\windows\39565trz553d.dll
c:\windows\39934spy2z5.dll
c:\windows\39dethiez32055.ocx
c:\windows\3abczh5eat12539.dll
c:\windows\3b9v9z3569.cpl
c:\windows\3bb95teal27z3.cpl
c:\windows\3z77downloa5er923.bin
c:\windows\3zc3s5eal1749.cpl
c:\windows\41e9addwaze1345.dll
c:\windows\41z19py325.cpl
c:\windows\4333z59ma1.bin
c:\windows\4406s5azbot39c.dll
c:\windows\44d3zhre9t54481.ocx
c:\windows\4521not-a-viru97b7z.cpl
c:\windows\455zaddware1997.dll
c:\windows\4591stzal1502.exe
c:\windows\45e9vir278z.ocx
c:\windows\4736thze5t9479.dll
c:\windows\475cthzef26609.dll
c:\windows\4770zp5mbot9f0.cpl
c:\windows\4859s5ywarz645.ocx
c:\windows\48e9vi53031z.dll
c:\windows\49dzt9i5f2880.ocx
c:\windows\49z9addware24315.cpl
c:\windows\4b05ir93z.exe
c:\windows\4b07threatz0859.exe
c:\windows\4bfftzi9f2955.ocx
c:\windows\4cz65ddw9re2253.dll
c:\windows\4ee9spyware1z65.bin
c:\windows\4z4et9r5at12879.ocx
c:\windows\4z54s9eal490.bin
c:\windows\4z90t5oj9d1.bin
c:\windows\50755hackto9l5z0.cpl
c:\windows\5151a5d9arez633.dll
c:\windows\51679zroj439.cpl
c:\windows\51b7dow9load5r23z7.exe
c:\windows\51cz9ir29285.dll
c:\windows\51z8vi9802.bin
c:\windows\5203tzre5t99549.cpl
c:\windows\5230zwor973c.cpl
c:\windows\5269zhreat7852.dll
c:\windows\528zsp5ware983.ocx
c:\windows\52d5stea5109z.cpl
c:\windows\52de59eal52z.ocx
c:\windows\5336zteal1399.dll
c:\windows\536z5py919.bin
c:\windows\539esparse1z8.cpl
c:\windows\539z7spy7979.cpl
c:\windows\53e9spyware1445z.cpl
c:\windows\544viz9618.bin
c:\windows\5479szars93181.cpl
c:\windows\54963vizus14a.ocx
c:\windows\550notza-9irus61b.dll
c:\windows\550znot-a9virus61b.bin
c:\windows\55151spz559.bin
c:\windows\55299zo5315.cpl
c:\windows\55418not-9-vizus41.bin
c:\windows\555ft5zef696.exe
c:\windows\5560spy9z5e1607.dll
c:\windows\5564zhreat14719.bin
c:\windows\55b7bac9zoor358.exe
c:\windows\55e5a9dwzre1922.dll
c:\windows\55ste9l61z.bin
c:\windows\56924trojz63.dll
c:\windows\5731zac9door9865.cpl
c:\windows\57679pamboz8.dll
c:\windows\5832not-a-9zrus595.cpl
c:\windows\5892spy9arz2703.bin
c:\windows\5900vzr2724.exe
c:\windows\5933ba5k9ozr2327.exe
c:\windows\59484trzj109.ocx
c:\windows\595ebackdzor2052.ocx
c:\windows\596vzr959.cpl
c:\windows\59cdvir1z83.ocx
c:\windows\59f0zhief2271.bin
c:\windows\5a1z5par9e49.ocx
c:\windows\5a49bac5dooz1072.bin
c:\windows\5a70s5ealz2239.cpl
c:\windows\5ae0zi9798.bin
c:\windows\5azas9eal2844.exe
c:\windows\5c015ddwarez3349.ocx
c:\windows\5c79sparse161z.cpl
c:\windows\5c959zeal507.bin
c:\windows\5d5zthie9411.ocx
c:\windows\5e01d9znloader2803.bin
c:\windows\5e55vzr971.dll
c:\windows\5f1z9hreat19171.bin
c:\windows\5z0csteal995.ocx
c:\windows\5z235troj942.ocx
c:\windows\5z241hackt9ol35.ocx
c:\windows\5z61spywar91342.exe
c:\windows\5za9backdoor503.dll
c:\windows\5ze0addware985.dll
c:\windows\6098zp9555.ocx
c:\windows\635s5y59z.cpl
c:\windows\6540not-z-9irus46f5.bin
c:\windows\6562vir29z0.bin
c:\windows\6565not-a-vizus73c9.dll
c:\windows\65cezh9eat28855.ocx
c:\windows\662fv5r159z.exe
c:\windows\679dszars928865.dll
c:\windows\68529iru5173z.cpl
c:\windows\6854s9az5ot98.cpl
c:\windows\694zt5oj253.cpl
c:\windows\6956azdware391.cpl
c:\windows\6b90zownloader2599.cpl
c:\windows\6d1spyzare9245.cpl
c:\windows\6f5ebackdzo91607.cpl
c:\windows\6fz99p5rse3087.cpl
c:\windows\6z7e9hi5f53.ocx
c:\windows\6zd0spywar98885.cpl
c:\windows\7155not-a-viru93d3z.exe
c:\windows\715zaddwa5e2991.ocx
c:\windows\725eb9ckdoor7z9.exe
c:\windows\73f5pyz9re85.dll
c:\windows\740avir9z53.cpl
c:\windows\75z95py475.cpl
c:\windows\769zdownl5ader154.ocx
c:\windows\7891thz9f19645.ocx
c:\windows\7898addwzre1957.dll
c:\windows\790fba9kdooz30775.cpl
c:\windows\791fspywaze9965.ocx
c:\windows\79a8spzrse1695.exe
c:\windows\79azt9ief3035.exe
c:\windows\7d6th5ea92068z.cpl
c:\windows\7e57bac5do9z1502.ocx
c:\windows\7zc65ir9236.cpl
c:\windows\8823spz965.cpl
c:\windows\8d99p5ware87z.dll
c:\windows\90258tro5z86.dll
c:\windows\909espy5are191z.dll
c:\windows\909z5ckdoor971.cpl
c:\windows\94495spzmbot151.cpl
c:\windows\945thiez5993.bin
c:\windows\94737sp5mzot607.bin
c:\windows\9478szam5ot1f0.ocx
c:\windows\9549irus62z.ocx
c:\windows\9563tzief1995.exe
c:\windows\9571s5ambzt95d.dll
c:\windows\9595not-a-9irus5z8.dll
c:\windows\95z50virus669.dll
c:\windows\96503tzoj6a6.bin
c:\windows\97958spyz0.ocx
c:\windows\98421hac5tool4z2.bin
c:\windows\9852wozm2f5.cpl
c:\windows\9888vi527z8.cpl
c:\windows\98czthie52794.bin
c:\windows\99513spz55e.ocx
c:\windows\9955troj702z.exe
c:\windows\99azddwar51683.ocx
c:\windows\9c30ba5kdoor2750z.bin
c:\windows\9c39s5arze1193.dll
c:\windows\9d55zr940.cpl
c:\windows\9f1thizf19675.cpl
c:\windows\9faddw5ze2221.bin
c:\windows\9z949h5cktool473.ocx
c:\windows\b15spyware7z9.cpl
c:\windows\c9es9eaz1544.exe
c:\windows\ccd5ackd9or269z.cpl
c:\windows\cfzhie531299.bin
c:\windows\e59szyware2099.ocx
c:\windows\e6cb5ckd9or147z.cpl
c:\windows\e99spar5e32z2.bin
c:\windows\f2c9ownl5zder1688.dll
c:\windows\setup.exe
c:\windows\system32\1084zv59us52e.bin
c:\windows\system32\112z1s59mbot398.bin
c:\windows\system32\11469ziru954f.bin
c:\windows\system32\1159zackdoor2461.cpl
c:\windows\system32\116089ot-azv5rus593.ocx
c:\windows\system32\11857noz-a-virusa9.bin
c:\windows\system32\12438v5rzs29.exe
c:\windows\system32\1256895cktozl555.ocx
c:\windows\system32\129z8vir5s2cd.ocx
c:\windows\system32\13409viru5zba.dll
c:\windows\system32\139sp9zare543.ocx
c:\windows\system32\13zado5nloa9er92.exe
c:\windows\system32\14325s9z55.exe
c:\windows\system32\146205oz957.exe
c:\windows\system32\14654zro57569.cpl
c:\windows\system32\14772n5t-a-vzrus9d.dll
c:\windows\system32\14970hackt5olz9.bin
c:\windows\system32\14d2thie5z2339.bin
c:\windows\system32\15267notza-virus9d7.ocx
c:\windows\system32\1535do9nloader2z98.exe
c:\windows\system32\1545viz999.bin
c:\windows\system32\15499t5oj7z9.exe
c:\windows\system32\1565downlo9dzr53.bin
c:\windows\system32\1583z9irus503.dll
c:\windows\system32\159z5s5y782.bin
c:\windows\system32\15zdsparse931.exe
c:\windows\system32\16600virus259z.ocx
c:\windows\system32\16917not-a-virzs58a.cpl
c:\windows\system32\1694vi5usz66.cpl
c:\windows\system32\16963no5za-virus31.ocx
c:\windows\system32\17219tr95260z.exe
c:\windows\system32\17549tro965z5.dll
c:\windows\system32\17572t9oj5z4.ocx
c:\windows\system32\17789zoj65e.bin
c:\windows\system32\1799spy55z.cpl
c:\windows\system32\191885acktzol791.exe
c:\windows\system32\19214s5ambzt56a.dll
c:\windows\system32\192z7virus580.ocx
c:\windows\system32\19309hack5oolz9f.ocx
c:\windows\system32\19522virus4zb9.ocx
c:\windows\system32\19554spy1zd.bin
c:\windows\system32\195dvz92022.ocx
c:\windows\system32\195fthrzat29047.cpl
c:\windows\system32\195z6hac5tool97.exe
c:\windows\system32\19890spamboz759.ocx
c:\windows\system32\199665otza-virus78d.dll
c:\windows\system32\1be6addware395z.dll
c:\windows\system32\1z073hackto9l3f5.dll
c:\windows\system32\1z075not-a-viru911e.dll
c:\windows\system32\1z39not-a-virus645.dll
c:\windows\system32\1z5349pambot491.bin
c:\windows\system32\1z6av9r65.dll
c:\windows\system32\2052zsp9mbot655.ocx
c:\windows\system32\2060s9e5l119z.ocx
c:\windows\system32\20776not-a-vi9zs536.bin
c:\windows\system32\2085thr9zt29953.cpl
c:\windows\system32\209739zy55c.ocx
c:\windows\system32\20z6vi9us2e15.bin
c:\windows\system32\2103ztroj55a9.dll
c:\windows\system32\2146z9ack5ool766.exe
c:\windows\system32\21fz9i5985.cpl
c:\windows\system32\22395zambot79a.dll
c:\windows\system32\22397t5zj5b2.cpl
c:\windows\system32\2295zhackto5la0.dll
c:\windows\system32\2338zwo5m5979.bin
c:\windows\system32\235075or94cez.cpl
c:\windows\system32\23904not-a5virus99z.exe
c:\windows\system32\2404w5rmz19.ocx
c:\windows\system32\243645zck9ool249.cpl
c:\windows\system32\24961worz5f5.bin
c:\windows\system32\24997spz2535.exe
c:\windows\system32\24eespar9e5880z.dll
c:\windows\system32\24fevirz7795.cpl
c:\windows\system32\250zbackdoo93195.cpl
c:\windows\system32\251spambot65z9.bin
c:\windows\system32\25430zpy149.cpl
c:\windows\system32\254bspy9aze750.exe
c:\windows\system32\255189zrm7ab5.bin
c:\windows\system32\2564zr9j551.cpl
c:\windows\system32\256bbaczdoor9784.exe
c:\windows\system32\256z5w5rm39d.ocx
c:\windows\system32\25859sza9bot3dd.ocx
c:\windows\system32\259b5tealz9.bin
c:\windows\system32\26288s9amzot4f25.bin
c:\windows\system32\26495viru57za.dll
c:\windows\system32\26805hzcktool593.ocx
c:\windows\system32\2706zorm19e5.bin
c:\windows\system32\27309no9-azvirus165.exe
c:\windows\system32\27793vizu5141.dll
c:\windows\system32\2859ste5l5z8.cpl
c:\windows\system32\2891ha5ktz9la5.bin
c:\windows\system32\289th9ef555z.cpl
c:\windows\system32\29289n9t-5-virzs455.ocx
c:\windows\system32\29487n9t-azvi5us555.ocx
c:\windows\system32\295835ormzda.dll
c:\windows\system32\2961spywarz365.cpl
c:\windows\system32\2969095rmzfd.ocx
c:\windows\system32\29757troj95z.ocx
c:\windows\system32\29762zpambot54f.ocx
c:\windows\system32\29z33not9a-vir5s1cf.ocx
c:\windows\system32\2a9ebackdoz51519.dll
c:\windows\system32\2azfth5eat39386.dll
c:\windows\system32\2c4zv95692.ocx
c:\windows\system32\2e2ct9reat9593z.cpl
c:\windows\system32\2f5fbackd95rz401.dll
c:\windows\system32\2z01thie95374.ocx
c:\windows\system32\2z1b9te5l2399.exe
c:\windows\system32\2z3009irus1705.dll
c:\windows\system32\2z55thie92154.ocx
c:\windows\system32\3038not-z-viru5990.dll
c:\windows\system32\3159vi5zs8f9.bin
c:\windows\system32\32962not-a-virz57ec.exe
c:\windows\system32\3358s5923z.cpl
c:\windows\system32\33bas95rze841.dll
c:\windows\system32\3469sparsz2548.cpl
c:\windows\system32\35989spy50z9.dll
c:\windows\system32\35z4spy9b3.dll
c:\windows\system32\36zfsp9ware5028.bin
c:\windows\system32\3776not-z5virus709.cpl
c:\windows\system32\385fz9r1492.dll
c:\windows\system32\399aviz595.dll
c:\windows\system32\39c0thie5z12.dll
c:\windows\system32\39z5spars5928.cpl
c:\windows\system32\3d94backzoor1352.cpl
c:\windows\system32\3e95azdwar5930.cpl
c:\windows\system32\3z670not-a59irus513.ocx
c:\windows\system32\4215vir19z65.bin
c:\windows\system32\42e6zir96645.cpl
c:\windows\system32\42f99hrezt6597.bin
c:\windows\system32\4334spambz59b.bin
c:\windows\system32\44f5steal29z0.bin
c:\windows\system32\4571spzr9e2525.exe
c:\windows\system32\45edzteal20159.ocx
c:\windows\system32\45efth59at2z739.cpl
c:\windows\system32\4629zownl9ader5420.dll
c:\windows\system32\468ab9ckdoor5732z.ocx
c:\windows\system32\498z9irus15f.exe
c:\windows\system32\4a7ezdd5are1449.ocx
c:\windows\system32\4b2695arse1731z.bin
c:\windows\system32\4b69steal92z5.exe
c:\windows\system32\4bz4thre9t292275.cpl
c:\windows\system32\4d54zown9oader521.cpl
c:\windows\system32\4de59zrse464.dll
c:\windows\system32\4e5dthi9f28z05.exe
c:\windows\system32\4ff95d9zare544.exe
c:\windows\system32\4z749hief2405.bin
c:\windows\system32\502z9worm340.bin
c:\windows\system32\5071hacktoz915e.bin
c:\windows\system32\5073d9wnloa5erz823.exe
c:\windows\system32\5101zhief9311.dll
c:\windows\system32\51604spambot97z.ocx
c:\windows\system32\517z69irus47d.cpl
c:\windows\system32\528bthiez190.ocx
c:\windows\system32\5374h9cktozl3e9.cpl
c:\windows\system32\53855spz1b29.exe
c:\windows\system32\53949not-a-vi9uzbf.dll
c:\windows\system32\5431sp5mboz50c9.exe
c:\windows\system32\54f6ste5z9671.exe
c:\windows\system32\555virz69.exe
c:\windows\system32\5567spam9ot5f6z.ocx
c:\windows\system32\55819py1z4.ocx
c:\windows\system32\5590steaz553.exe
c:\windows\system32\559bz9ar5e3265.ocx
c:\windows\system32\55b7thie9212z.cpl
c:\windows\system32\55f0downzoader798.cpl
c:\windows\system32\56149hief271z.bin
c:\windows\system32\5695spy79z.bin
c:\windows\system32\56a5stea9110z.bin
c:\windows\system32\56zbt5ief595.cpl
c:\windows\system32\571d9h5eat2z570.ocx
c:\windows\system32\573d9wnloader187z.bin
c:\windows\system32\5794zhacktool69f.dll
c:\windows\system32\57e9szars53006.dll
c:\windows\system32\583z4sp9428.ocx
c:\windows\system32\5859spambz5695.exe
c:\windows\system32\58839tzoj682.cpl
c:\windows\system32\5897trzj95e.ocx
c:\windows\system32\5907w5rz96b.dll
c:\windows\system32\5969tzief219.dll
c:\windows\system32\5a2cdowzloader2209.exe
c:\windows\system32\5a9759reat18z83.cpl
c:\windows\system32\5a9fbac5door2z95.cpl
c:\windows\system32\5b9czddware722.bin
c:\windows\system32\5be8t5i9z2943.cpl
c:\windows\system32\5c9sparsz588.cpl
c:\windows\system32\5ca09pars52818z.ocx
c:\windows\system32\5ca2ad5warez960.dll
c:\windows\system32\5d69a9dwaze1015.cpl
c:\windows\system32\5dcbzownlo9der5190.ocx
c:\windows\system32\5dz2sparse9655.ocx
c:\windows\system32\5f425teal9770z.dll
c:\windows\system32\5z2cvir92295.bin
c:\windows\system32\5z51spy5539.cpl
c:\windows\system32\5z743spambo9498.dll
c:\windows\system32\5z8csparse2953.bin
c:\windows\system32\5z92vir1551.exe
c:\windows\system32\5zb1s9arse155.exe
c:\windows\system32\5ze9vir13.dll
c:\windows\system32\5zespyware239.cpl
c:\windows\system32\5zfbs59ware96.cpl
c:\windows\system32\6119sp5wa9e1462z.exe
c:\windows\system32\61539ownloader1z96.bin
c:\windows\system32\61c5zddware3963.exe
c:\windows\system32\627as9zrse595.ocx
c:\windows\system32\6295tr9zb8.bin
c:\windows\system32\65aaz9ar5e2905.exe
c:\windows\system32\66a29t5az1743.ocx
c:\windows\system32\66zcthreat521789.dll
c:\windows\system32\6759troj28z9.exe
c:\windows\system32\680zh9ckt5ol784.ocx
c:\windows\system32\691vir1z655.cpl
c:\windows\system32\6995spzmbot759.ocx
c:\windows\system32\69fe5te9l59z.cpl
c:\windows\system32\6a7e5i9208z.bin
c:\windows\system32\6b5dth9zat25055.cpl
c:\windows\system32\6b72zpyware2295.ocx
c:\windows\system32\6da9steaz2725.ocx
c:\windows\system32\6e2zs9ea52845.cpl
c:\windows\system32\6z41dow5loader948.bin
c:\windows\system32\7139ad9wa5z2191.cpl
c:\windows\system32\71z2not-a-vi9us765.dll
c:\windows\system32\71z8spa9se1455.cpl
c:\windows\system32\7201vir952z7.ocx
c:\windows\system32\72f1zddware9605.exe
c:\windows\system32\7327not9a-v5rus21dz.cpl
c:\windows\system32\7425thief9706z.exe
c:\windows\system32\7493zot-a-5irus934.dll
c:\windows\system32\7497downzoad5r625.bin
c:\windows\system32\756zworm2639.ocx
c:\windows\system32\7574virus27z9.ocx
c:\windows\system32\7578downloader269z.bin
c:\windows\system32\75825owzloader1499.ocx
c:\windows\system32\75f5steal2z689.cpl
c:\windows\system32\7649threat59935z.ocx
c:\windows\system32\788ft5iez492.exe
c:\windows\system32\7954hzcktool294.ocx
c:\windows\system32\79659pambzt79e.cpl
c:\windows\system32\7c09t5izf9081.exe
c:\windows\system32\7c91vzr950.dll
c:\windows\system32\7czb9ackdo5r2166.ocx
c:\windows\system32\7e5zbackd9or2512.bin
c:\windows\system32\7ed0t9iez2952.exe
c:\windows\system32\7z75s5y798.bin
c:\windows\system32\7z95threat21533.bin
c:\windows\system32\7z97a5dwar91405.cpl
c:\windows\system32\7zcaadd95re91.dll
c:\windows\system32\8z56spy2d49.bin
c:\windows\system32\8z59py2bc.exe
c:\windows\system32\9045hacztool16e.bin
c:\windows\system32\90475pyzf5.ocx
c:\windows\system32\907z9irus5e95.ocx
c:\windows\system32\907zspy5c1.exe
c:\windows\system32\9088z5py5f0.ocx
c:\windows\system32\913cthief4z5.bin
c:\windows\system32\91zbdownloader3065.exe
c:\windows\system32\92z755acktool473.exe
c:\windows\system32\94325zp5mbote9.dll
c:\windows\system32\94662spamzo570b.exe
c:\windows\system32\9539dowzloader2993.dll
c:\windows\system32\9543hazkt95lc7.cpl
c:\windows\system32\959475irusz29.cpl
c:\windows\system32\95z06hacktool749.cpl
c:\windows\system32\96faddwar9196z5.exe
c:\windows\system32\9791zpambot6e45.dll
c:\windows\system32\9914worm6zf5.ocx
c:\windows\system32\9947woz9559.bin
c:\windows\system32\a65thz5at261029.ocx
c:\windows\system32\acovcnt.exe
c:\windows\system32\ad29te5l239z.ocx
c:\windows\system32\afthz95t592.dll
c:\windows\system32\b35sparze1519.cpl
c:\windows\system32\d6sp9rsez3385.cpl
c:\windows\system32\d8b5ddzare309.bin
c:\windows\system32\drivers\ESQULnqlyxtitidpuwjbeikiicvhtytrxrrrc.sys
c:\windows\system32\e51addwa9e557z.cpl
c:\windows\System32\ESQULhpmydsgsxbersrfstumsxfvcprxpvbet.dll
c:\windows\system32\ESQULivqlnqbqvceuhpkiyxlrwimwckanwoxv.dll
c:\windows\system32\ESQULzcounter
c:\windows\system32\f9eadd9a5e16z.dll
c:\windows\system32\ffbdzwnloa5er9689.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\system32\z0773worm5a9.exe
c:\windows\system32\z0despy5are6599.dll
c:\windows\system32\z1455t95j4c2.cpl
c:\windows\system32\z191v5rus497.exe
c:\windows\system32\z1975troj325.cpl
c:\windows\system32\z199threat52007.cpl
c:\windows\system32\z29cvir2495.cpl
c:\windows\system32\z472spa95e548.cpl
c:\windows\system32\z472thi591349.bin
c:\windows\system32\z5639tro514c.cpl
c:\windows\system32\z5873s9y4b6.dll
c:\windows\system32\z5ceth9e5t9249.dll
c:\windows\system32\z6b15pywa9e1021.exe
c:\windows\system32\z9096virus6ca5.exe
c:\windows\system32\z915troj51f.exe
c:\windows\system32\z9245spy99f.dll
c:\windows\system32\za39addware3053.dll
c:\windows\system32\zbb8threat12295.bin
c:\windows\system32\zc389pa5se1539.bin
c:\windows\system32\zdbdsp5ware392.bin
c:\windows\z0780worm395.cpl
c:\windows\z1184worm79d5.exe
c:\windows\z120sp9mbot605.bin
c:\windows\z3593spy5475.bin
c:\windows\z44819ot-a-v5rus720.dll
c:\windows\z479thief1579.exe
c:\windows\z539i51771.bin
c:\windows\z59bspyware8079.exe
c:\windows\z5e9vir2414.dll
c:\windows\z65199orm459.ocx
c:\windows\z6fethre5t7964.cpl
c:\windows\z7294w5rm119.exe
c:\windows\z7aathief5391.dll
c:\windows\z90329pambot55e.bin
c:\windows\z906spars52215.bin
c:\windows\z90bvi525.ocx
c:\windows\z993vir2557.dll
c:\windows\z99b9pyw5re34.dll
c:\windows\za669ir5751.dll
c:\windows\zaacspywa9e1755.dll
c:\windows\zb95spy5are17.ocx
c:\windows\zbcda9dware32035.cpl
c:\windows\zce9thief1539.exe
c:\windows\zd25th95at7001.exe
c:\windows\zd8asp9rse2503.dll
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-30 04:18 . 2009-07-30 04:18 -------- d-----w- c:\users\Sean\AppData\Roaming\Lavasoft
2009-07-30 04:17 . 2009-07-30 04:17 -------- d-----w- c:\program files\Lavasoft
2009-07-30 04:05 . 2009-07-30 04:05 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-30 04:05 . 2009-07-30 04:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 02:26 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 02:26 . 2009-07-28 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 02:26 . 2009-07-28 02:26 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-28 02:26 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 03:10 . 2009-02-12 09:35 38208 ----a-w- c:\users\Sean\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-27 03:10 . 2009-07-27 03:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-27 03:09 . 2009-07-27 19:01 -------- d-----w- c:\progra~2\NOS
2009-07-27 03:09 . 2009-07-27 19:01 -------- d-----w- c:\program files\NOS
2009-07-25 07:19 . 2009-07-25 07:19 6001 ----a-w- c:\windows\system32\2z295virus2.bin
2009-07-25 07:19 . 2009-07-25 07:19 5250 ----a-w- c:\windows\system32\28359nz9-a5virus7.bin
2009-07-25 07:04 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-25 07:04 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-25 07:01 . 2009-07-30 23:48 -------- d-----w- c:\program files\Steam
2009-07-25 07:01 . 2009-07-25 07:32 -------- d-----w- c:\program files\Common Files\Steam
2009-07-14 23:23 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 23:23 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 23:23 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 23:23 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-06 22:50 . 2009-07-06 22:50 -------- d-----w- c:\program files\Ventrilo
2009-07-06 22:49 . 2009-07-06 22:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 07:41 . 2008-07-11 14:38 110552 ----a-w- c:\progra~2\nvModes.dat
2009-07-31 07:39 . 2008-04-14 03:50 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-28 22:06 . 2008-07-20 22:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-27 19:35 . 2008-07-21 17:02 -------- d-----w- c:\users\Sean\AppData\Roaming\LimeWire
2009-07-27 03:12 . 2008-07-20 22:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-15 10:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 02:50 . 2009-01-03 00:03 -------- d-----w- c:\program files\PokerStars.NET
2009-07-07 01:36 . 2009-01-16 15:03 680 ----a-w- c:\users\Sean\AppData\Local\d3d9caps.dat
2009-07-01 07:39 . 2009-07-01 07:39 4271 ----a-w- c:\windows\system32\111965pamz9t8.exe
2009-06-09 22:23 . 2008-12-25 03:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-07 05:49 . 2009-06-07 05:49 272384 ----a-w- c:\users\Sean\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
2009-06-07 05:49 . 2009-06-07 05:49 192512 ----a-w- c:\users\Sean\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2009-06-07 05:49 . 2009-06-07 05:49 258048 ----a-w- c:\users\Sean\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2009-06-07 05:49 . 2009-06-07 05:49 -------- d-----w- c:\users\Sean\AppData\Roaming\Acreon
2009-06-05 18:42 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 03:36 . 2008-08-05 19:52 -------- d-----w- c:\users\Sean\AppData\Roaming\Ventrilo
2009-05-15 00:55 . 2009-05-15 00:55 245408 ----a-w- c:\windows\system32\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2009-07-25 1217784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 32560]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-07-11 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-07-11 47672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3A689A1C-CD5B-454E-83EF-53FA4F6D9435}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B9BF84AC-BD67-4841-9325-45D7DA5E3C79}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0B12C702-826A-4A5F-BD4A-7A3A8F2EE4F6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9385CDCF-ECB0-4FC0-A6A7-73A8DBBA0EC3}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{0DC1EAA6-9535-45C6-9195-05CCD99D7D00}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{EB0F6EF9-EA7F-4E44-B837-2BE7182EE8A1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{03A3CBAB-8B4E-4913-A73A-09A2FF2C1E98}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{CC152F34-3D51-4809-BC37-C8F05E8B1D13}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{8A99228E-DF44-4E1D-B26F-A600ED1DD50A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E7328382-BAFA-47F1-9B0B-F94280C34D6C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EBDED9C8-142C-4C58-BE6D-D7BE8B32151C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{96F7644A-48E4-4644-B462-525D2B1707F9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0C84CF57-1BCC-422D-97F1-F7241A0A386D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{CE6FCBD4-AAAF-4785-A87D-E4CF6F3203EF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1B0B4449-CCA1-4AFE-9581-01B760CBC75F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{4255FAF3-559D-49DF-8DCA-1F0CC942532F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2D605262-598E-4A3A-BE2A-E0950A9294E1}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{1522CF39-A655-49B4-9064-A6EE8D534DD6}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever.exe
"UDP Query User{90F6FC01-71F7-4135-901A-0D506DC59043}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever.exe
"TCP Query User{E99CBF50-8E05-42D7-A1F0-49EA06D6620B}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{6DEF6EDA-0FF8-4C38-B7EC-9048B22BBFAC}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{E948CB95-3AB4-4498-A258-76A0C4136563}c:\\users\\sean\\downloads\\wow-3.0.1.8874-ptr-us-installer-downloader.exe"= UDP:c:\users\sean\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe:wow-3.0.1.8874-ptr-us-installer-downloader.exe
"UDP Query User{67BEAE24-4D9F-49C1-9D3A-03A15D44C6C4}c:\\users\\sean\\downloads\\wow-3.0.1.8874-ptr-us-installer-downloader.exe"= TCP:c:\users\sean\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe:wow-3.0.1.8874-ptr-us-installer-downloader.exe
"TCP Query User{DBCDDA9C-6FAF-4324-A4FA-F138E1BF991E}c:\\users\\public\\games\\world of warcraft\\wow-3.0.1.8874-ptr-us-installer-downloader.exe"= UDP:c:\users\public\games\world of warcraft\wow-3.0.1.8874-ptr-us-installer-downloader.exe:Blizzard Downloader
"UDP Query User{DD0FA39D-F14F-4973-B813-D14B75914CF4}c:\\users\\public\\games\\world of warcraft\\wow-3.0.1.8874-ptr-us-installer-downloader.exe"= TCP:c:\users\public\games\world of warcraft\wow-3.0.1.8874-ptr-us-installer-downloader.exe:Blizzard Downloader
"TCP Query User{C8DB9DBC-BA4F-437C-A2C8-BC3E6BB85F91}c:\\users\\public\\games\\world of warcraft public test\\launcher.exe"= UDP:c:\users\public\games\world of warcraft public test\launcher.exe:Blizzard Launcher
"UDP Query User{61D5BFAC-2C53-4B4F-8FD2-4B249CCF48DC}c:\\users\\public\\games\\world of warcraft public test\\launcher.exe"= TCP:c:\users\public\games\world of warcraft public test\launcher.exe:Blizzard Launcher
"{48798D2C-7BA1-4222-A595-516771E39FDE}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D06B11B4-DDF8-48FF-86FF-F7A4C12DF8C3}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D5B52120-A779-4D83-8BF1-20CFFC36BFD7}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:Blizzard Downloader
"{1B68C19B-C421-4533-99E8-9EA49E928F5B}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:Blizzard Downloader
"{AB29BE0D-0AD9-4308-AFD9-AB1CCE3555AF}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:Blizzard Downloader
"{9A20B48C-3B9A-4B80-968D-35749A124343}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{ED29D16F-DD73-4939-98E2-F8C31880E5F0}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{04D8FF3D-40C7-4E39-BA9A-CA91BAF7DA0F}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{A14A4212-1615-4844-B4E7-A8CA031147F6}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe:Blizzard Downloader
"{DAA469AA-1B27-4FC0-A951-03FCB9B64AB9}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe:Blizzard Downloader
"{5ECC2FAD-B315-4B19-94C0-BD81161F055D}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe:Blizzard Downloader
"{B072C0D3-F37C-450D-B856-9B7D0889A961}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{CF41D9DF-6E29-4089-B90F-A5A97E4B714A}c:\\program files\\steam\\steamapps\\ifogdog\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\ifogdog\counter-strike source\hl2.exe:hl2.exe
"UDP Query User{2C7A9AB1-163D-4AE8-9419-BFBF269FDE0C}c:\\program files\\steam\\steamapps\\ifogdog\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\ifogdog\counter-strike source\hl2.exe:hl2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [7/11/2008 8:08 AM 15416]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [1/20/2008 7:23 PM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [1/20/2008 7:23 PM 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/26/2009 8:48 PM 24652]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [7/11/2008 7:56 AM 29736]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [7/11/2008 7:51 AM 54784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6/8/2008 4:22 PM 43040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C97751B1-BF63-4867-87FB-49B72502DBCD}]
c:\program files\Microsoft Office\Office10\OfficeXPFirstRun.vbs
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 00:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(1720)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\conime.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
c:\windows\System32\ACEngSvr.exe
.
**************************************************************************
.
Completion time: 2009-07-31 0:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 07:44

Pre-Run: 63,109,152,768 bytes free
Post-Run: 63,295,549,440 bytes free

893 --- E O F --- 2009-07-25 07:05

===============

Moderators Message

The others threads have been deleted, stick with one opened thread only, as per forum rules.
http://www.techsupportforum.com/rules.php
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top