Can't open MBAM,hijackthis...!help!

View previous topic View next topic Go down

Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 5:19 pm

I can't open Malwarebytes and hijackthis. Norton are not working.
I tried winbluesoft and it says i got about 700+ malwares. how to remove the winblue software?it keeps annoying me Crying help please.

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by Belahzur on Wed Jun 17, 2009 5:22 pm

Please download the Pocket Killbox from [You must be registered and logged in to see this link.]

  • Open the Killbox.
  • Under "Full path of file to delete", copy and paste in the following:

    C:\windows\system32\blocker.dll

  • Switch "Standard file kill" to "delete on reboot"
  • Press the Red X to delete the file.
  • It will ask if you want to make a backup of the file we deleted, select Yes to the prompt.
  • It will now delete the file, and popup with another prompt saying so, press Ok.
  • Close the Killbox.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 5:35 pm

it's still doesn't work )Crying
and now when i want to scan my C drive, norton said; C: unavailable
i can't defrag my hard disk drive T__T

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by Belahzur on Wed Jun 17, 2009 5:55 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 6:05 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by AMEER at 19:01:28.71 on Wed 06/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.461 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\AMEER\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MySpace\Toolbar\1.0.45.0\MSTBCoreContainer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AMEER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page =
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearch Bar =
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\3.0.0.135\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\3.0.0.135\coIEPlg.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] ~"c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AdobeBridge]
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [setup2.exe] c:\windows\system32\setup2.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ameer\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\regist~1.lnk - c:\program files\onone software\mask pro 4.1\
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
TCP: NameServer = 85.255.112.188,85.255.112.167
TCP: {1CE63E7A-A7D7-455D-A8C7-3AAB1B331EB1} = 85.255.112.188,85.255.112.167
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\norton 360\engine\3.0.0.135\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 6:05 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ameer\applic~1\mozilla\firefox\profiles\rhzml1jl.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\ameer\application data\mozilla\firefox\profiles\rhzml1jl.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\myspace\toolbar\1.0.45.0\components\MySpaceFFoxTB.dll
FF - plugin: c:\documents and settings\ameer\application data\mozilla\firefox\profiles\rhzml1jl.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-6-16 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-6-16 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-6-16 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090610.006\IDSXpx86.sys [2009-6-16 276344]
R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-6-16 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-13 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090617.003\NAVENG.SYS [2009-6-17 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090617.003\NAVEX15.SYS [2009-6-17 876144]
S2 EraserSvc10910;Symantec Eraser Service;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-6-12 115560]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-21 96856]
S3 wxpSvc;webcamXP Service;c:\program files\wlite\wservice.exe /startedbyscm:5053b757-40e35b3b-webcamsrv --> c:\program files\wlite\wService.exe [?]

=============== Created Last 30 ================

2009-06-17 18:23 --d----- C:\!KillBox
2009-06-17 17:59 --d----- c:\program files\AVG
2009-06-17 17:59 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-17 17:53 --d----- c:\program files\Trend Micro
2009-06-17 17:11 18,290 a------- c:\windows\system32\652495ambot63fz.ocx
2009-06-16 22:01 --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-06-16 19:28 92,120 a------- c:\windows\system32\Autorun.ini
2009-06-16 19:27 --d----- c:\windows\system32\autorun
2009-06-16 19:17 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 18:11 --d--r-- c:\program files\Norton Support
2009-06-16 18:00 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 18:00 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-16 18:00 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 18:00 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 18:00 --d----- c:\program files\Symantec
2009-06-16 17:59 --d----- c:\windows\system32\drivers\N360
2009-06-16 07:23 319 a------- c:\windows\game.ini
2009-06-16 07:07 --dsh--- c:\windows\ftpcache
2009-06-16 07:03 --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-06-16 06:55 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-16 06:55 --d----- c:\docume~1\ameer\applic~1\DAEMON Tools Lite
2009-06-14 21:59 17,659 a------- c:\windows\system32\5b9avir3z99.cpl
2009-06-13 19:05 9,664 a------- c:\windows\35aathizf9575.cpl
2009-06-12 22:39 --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-12 22:38 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-12 22:38 --d----- c:\program files\common files\Symantec Shared
2009-06-12 22:37 --d----- c:\program files\Norton 360
2009-06-12 22:37 --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-12 22:37 --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-12 22:10 --d----- c:\program files\NortonInstaller
2009-06-12 22:10 --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-12 21:55 --d----- c:\docume~1\ameer\applic~1\GetRightToGo
2009-06-11 23:15 10,313 a------- c:\windows\system32\2599downloa9er4z0.exe
2009-06-11 19:57 7,075 a------- c:\windows\system32\169z5parse1847.cpl
2009-06-10 00:04 7,841 a------- c:\windows\50zspyw9re1909.ocx
2009-06-08 21:52 --d----- c:\docume~1\alluse~1\applic~1\Digital Film Tools
2009-06-07 23:57 --d----- c:\windows\setup.pss
2009-06-07 12:28 3,180 a------- c:\windows\system32\5z29worm4135.cpl
2009-06-06 08:04 12,129 a------- c:\windows\56510hackzool3a9.cpl
2009-06-05 22:11 17,460 a------- c:\windows\system32\3c02spar952551z.bin
2009-06-05 03:18 13,941 a------- c:\windows\25956vzrus153.dll
2009-06-03 15:51 11,715 a------- c:\windows\73z89py5are262.ocx
2009-06-02 05:23 7,528 a------- c:\windows\55des9arze10845.bin
2009-06-02 03:38 16,472 a------- c:\windows\system32\705bspywzre2692.dll
2009-05-27 22:57 --d----- c:\docume~1\ameer\applic~1\Mask Pro 4.0
2009-05-27 18:12 --d----- c:\program files\SweetIM
2009-05-27 18:12 --d----- c:\docume~1\alluse~1\applic~1\SweetIM
2009-05-27 16:56 --d----- c:\docume~1\ameer\applic~1\onOne Software
2009-05-27 16:56 --d----- c:\docume~1\alluse~1\applic~1\onOne Software
2009-05-27 16:47 --d----- c:\program files\onOne Software
2009-05-26 20:10 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-05-26 20:10 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-05-26 20:10 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-05-26 20:10 75,264 a------- c:\windows\system32\unacev2.dll
2009-05-26 20:10 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-05-26 19:28 --d----- c:\docume~1\alluse~1\applic~1\webcamXP 5
2009-05-26 19:26 --d-h--- c:\windows\PIF
2009-05-25 10:58 8,194 a------- c:\windows\system32\69c2st5al13z1.dll
2009-05-24 23:41 12,167 a------- c:\windows\7429zownl5ader2883.dll
2009-05-23 22:35 13,068 a------- c:\windows\system32\77z0downl5ader9115.cpl
2009-05-23 21:13 17,410 a------- c:\windows\system32\z2944vi95s59c.ocx
2009-05-23 03:31 2,897 a------- c:\windows\29015spy40z.dll
2009-05-22 23:51 8,659 a------- c:\windows\system32\970z5pyware1929.ocx
2009-05-21 19:41 17,598 a------- c:\windows\system32\54909p5mbotz86.bin
2009-05-20 21:27 15,681 a------- c:\windows\8097zackto5l509.bin
2009-05-19 18:43 10,709 a------- c:\windows\65babackd9zr1955.bin

==================== Find3M ====================

2009-06-17 17:11 13,360 a------- c:\windows\618bth5zat15999.bin
2009-06-17 17:10 1,262,080 a------- c:\windows\system32\setup2.exe
2009-06-16 22:02 157,401 a------- c:\windows\hpoins27.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-17 20:30 4,059 a------- c:\windows\system32\25791not-a-v9rus65z.bin
2009-05-16 12:46 16,148 a------- c:\windows\57999hi5f2350z.exe
2009-05-14 16:49 4,227 a------- c:\windows\system32\20434not-a-5irzs293.bin
2009-05-14 08:38 4,640 a------- c:\windows\system32\29a5ste95939z.dll
2009-05-12 03:06 11,613 a------- c:\windows\system32\5694downloa5erz484.dll
2009-05-11 20:05 11,352 a------- c:\windows\z4e4spy9ar51124.bin
2009-05-11 15:44 4,689 a------- c:\windows\system32\77e2t5reat20z739.dll
2009-05-09 15:50 14,244 a------- c:\windows\97z0worm5be9.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-06 08:00 8,727 a------- c:\windows\system32\7540spy295z.bin
2009-05-02 22:48 10,488 a------- c:\windows\system32\95z4th5eat10259.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-05-01 09:21 12,800 a------- c:\windows\system32\17z959py5e3.exe
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-28 05:29 7,066 a------- c:\windows\system32\3556spywaz925365.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:04 3,051 a------- c:\windows\19z94t9oj3455.exe
2009-04-16 14:51 6,584 a------- c:\windows\30fdzparse5995.bin
2009-04-16 06:56 8,253 a------- c:\windows\system32\7ebf9py5are632z.dll
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 06:00 17,846 a------- c:\windows\system32\z9985vi5us52.dll
2009-04-12 00:02 6,859 a------- c:\windows\z89365roj29.dll
2009-04-10 14:38 14,618 a------- c:\windows\170359zrus4b7.bin
2009-04-07 11:48 14,287 a------- c:\windows\819down5oadzr699.dll
2009-04-06 21:03 3,944 a------- c:\windows\259zsparse9859.bin
2009-04-06 10:37 6,149 a------- c:\windows\3d5b9hief35z8.exe
2009-04-06 09:17 2,784 a------- c:\windows\system32\2857zvirus149.exe
2009-04-06 05:49 4,592 a------- c:\windows\6511vzr2339.dll
2009-04-01 23:52 9,805 a------- c:\windows\e665h9efz811.exe
2009-04-01 19:42 7,372 a------- c:\windows\59591troj55z.dll
2009-03-28 20:48 16,852 a------- c:\windows\system32\655z9ownloader1898.dll
2009-03-28 18:02 17,370 a------- c:\windows\system32\9c58stzal50.dll
2009-03-26 07:30 17,013 a------- c:\windows\system32\12z26sp575b9.exe
2009-03-26 06:52 3,638 a------- c:\windows\1919vzru5712.exe
2009-03-26 00:43 10,497 a------- c:\windows\system32\2z088not-a9v5rus4e1.exe
2009-03-25 03:08 18,083 a------- c:\windows\9ed4tzreat15677.exe
2009-03-24 01:38 11,715 a------- c:\windows\2918v9rz2035.exe
2009-03-23 23:41 9,485 a------- c:\windows\system32\6661not-9-virzs50b.exe
2009-03-20 20:42 129,712 a---h--- c:\windows\system32\mlfcache.dat
2009-03-20 17:53 4,570 a------- c:\windows\59f25ddwzre1917.exe

============= FINISH: 19:02:08.48 ===============

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by Belahzur on Wed Jun 17, 2009 6:16 pm

Not seeing the blocker file that usually comes with it.
Are you able to open msconfig, or the registry editor via the Run box?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 6:17 pm

i can open the msconfig

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by Belahzur on Wed Jun 17, 2009 6:24 pm

Good.
Go into the startup tab.

Turn off the run value: setup2.exe

Press okay, and reboot when asked.
See if you can get programs working now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 6:37 pm

nope
MBAM n Hijackthis still doesn't work
my norton 360 detected an infostealer and it can't be remove
ughhhh! Evil or enraged Evil or enraged Evil or enraged

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by Belahzur on Wed Jun 17, 2009 6:41 pm


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Norton)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 7:15 pm

ComboFix 09-06-16.05 - AMEER 06/17/2009 19:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.966.1033.18.1012.662 [GMT 1:00]
Running from: c:\documents and settings\AMEER\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcserv.sys
c:\windows\system32\drivers\MSIVXkberxlltewmybiuwekqxmoiqaqkwfvdj.sys
c:\windows\10495w9r5699z.cpl
c:\windows\1059spyware1z5.bin
c:\windows\1085s9eal628z.cpl
c:\windows\1095z9roj203.ocx
c:\windows\109ez5ief1165.bin
c:\windows\11239pyware542z.cpl
c:\windows\116z6t5oj28d9.exe
c:\windows\11f65h9zf1536.cpl
c:\windows\12195not-5-virus17z.exe
c:\windows\13de5iz195.dll
c:\windows\14960spz651.bin
c:\windows\1515z9py517.cpl
c:\windows\151905pamzot425.cpl
c:\windows\152db5ckdoor908z.bin
c:\windows\1559zpam5ot137.bin
c:\windows\155z0troj2359.ocx
c:\windows\15659zor9291.dll
c:\windows\15791zo9m50.dll
c:\windows\15999irus54z.dll
c:\windows\15b6threatz50219.cpl
c:\windows\15d5thie92011z.bin
c:\windows\15z25troj9cf.cpl
c:\windows\1689vi51844z.cpl
c:\windows\16939not-a-vzrus135.exe
c:\windows\16a6zhreat5392.ocx
c:\windows\170359zrus4b7.bin
c:\windows\1722059y2az.ocx
c:\windows\17260hzcktool4935.ocx
c:\windows\1750zvirus4539.cpl
c:\windows\17961not-a-virzs5505.dll
c:\windows\18114n5t-9-virus6fz.exe
c:\windows\1873ste9l5z0.dll
c:\windows\18923zacktoo9295.cpl
c:\windows\1895zt5oj640.cpl
c:\windows\18993not-a-viruszd95.ocx
c:\windows\191195orm90z.ocx
c:\windows\1919vzru5712.exe
c:\windows\192dbac5dozr2549.bin
c:\windows\192z1tr5927c.cpl
c:\windows\192zthreat26557.cpl
c:\windows\193fth5zf109.bin
c:\windows\19435szambot3c1.ocx
c:\windows\19524troz34d.cpl
c:\windows\19543not5z-virus351.cpl
c:\windows\19613not-5-virzs3c1.ocx
c:\windows\19690worm1dz5.dll
c:\windows\19882not-a5vzr9s1bc.bin
c:\windows\19955wzrm2339.cpl
c:\windows\1995zddware1859.cpl
c:\windows\19z94t9oj3455.exe
c:\windows\1a16dzwnloa5e92029.ocx
c:\windows\1ac5threa9z95115.ocx
c:\windows\1c5a9owzloade52934.ocx
c:\windows\1d265iz16759.exe
c:\windows\1d3s9arsz5959.dll
c:\windows\1d7dthre9529z12.cpl
c:\windows\1z185tro96295.exe
c:\windows\1z5459irus2c8.cpl
c:\windows\1z74thi9f1345.dll
c:\windows\1z863hacktool5059.dll
c:\windows\1zb8thief96585.ocx
c:\windows\20080w5rz1d9.dll
c:\windows\20d89teal8z5.ocx
c:\windows\21535t5oz9ac.dll
c:\windows\2160dowzloa5er19679.ocx
c:\windows\22093zot-a-vi5us2f8.dll
c:\windows\2225thze95881.cpl
c:\windows\22956worm38z.dll
c:\windows\23111nzt-a-5ir9s476.ocx
c:\windows\232925ozm336.ocx
c:\windows\235csteal1z309.dll
c:\windows\236139azktool75.dll
c:\windows\23855zrm911.exe
c:\windows\2466zvi5use59.exe
c:\windows\25059troj608z.bin
c:\windows\25491zot-a-viru5795.cpl
c:\windows\25581spz296.cpl
c:\windows\255z9tr9j31b.bin
c:\windows\2579not-a-virusz52.exe
c:\windows\25956vzrus153.dll
c:\windows\2596zvirus451.bin
c:\windows\259zsparse9859.bin
c:\windows\25aadd9are71z.ocx
c:\windows\25c9azd9are1045.ocx
c:\windows\25z5a9dware891.cpl
c:\windows\2632z5acktool729.exe
c:\windows\26463no9-a-virus15z.ocx
c:\windows\265z5hacktoo967d.ocx
c:\windows\26997wz5m2.cpl
c:\windows\27199zi5us5c.dll
c:\windows\2734zspy50c9.exe
c:\windows\27d15pywa9e13z6.dll
c:\windows\28270z5rm390.ocx
c:\windows\2883495zma8.bin
c:\windows\29015spy40z.dll
c:\windows\29103sp53zd.bin
c:\windows\2918v9rz2035.exe
c:\windows\2956vir221z.dll
c:\windows\29579sz9d.bin
c:\windows\295859pambzt302.exe
c:\windows\29695hackzool158.dll
c:\windows\29955hacktool3z2.bin
c:\windows\2b95sparze412.bin
c:\windows\2db8t59eat865z.exe
c:\windows\2eaa9azkdo5r2302.exe
c:\windows\2z505sp91a7.ocx
c:\windows\2z59vir2899.bin
c:\windows\30495virus1z3.cpl
c:\windows\309705pambot6ez.exe
c:\windows\30d5zddwar59997.dll
c:\windows\30fdzparse5995.bin
c:\windows\311zvi52971.cpl
c:\windows\31324hack9ozl563.dll
c:\windows\31396zr5j37.dll
c:\windows\315335zru97af.cpl
c:\windows\3154viz2029.bin
c:\windows\31926sp5mboz104.bin
c:\windows\31927zir9s5e.exe
c:\windows\31a39hreat53z5.dll
c:\windows\3214zir5s901.dll
c:\windows\323z5s9y4af.cpl
c:\windows\325estez52559.bin
c:\windows\32z85not-9-virus5df.exe
c:\windows\330fspa5se17z89.cpl
c:\windows\336s9eaz2529.bin
c:\windows\3379thrzat103485.bin
c:\windows\3399spzrse1593.exe
c:\windows\3495troj3dez.cpl
c:\windows\3501adzware29555.bin
c:\windows\3513thzef2599.ocx
c:\windows\35300zpa9bot21c.dll
c:\windows\3569zot-a-virusc5.ocx
c:\windows\35aathizf9575.cpl
c:\windows\35dbzir9617.dll
c:\windows\3776a9dwa5ez955.exe
c:\windows\37z2steal3959.ocx
c:\windows\39357hzckt5ol7c1.ocx
c:\windows\39ba9hr5zt26906.exe
c:\windows\39czvir3545.dll
c:\windows\3c29dzwnloader5117.cpl
c:\windows\3c5z9teal2769.bin
c:\windows\3d5b9hief35z8.exe
c:\windows\3fzct5r9at2795.bin
c:\windows\3z28bac9door2465.dll
c:\windows\3z6009ackt5ol665.ocx
c:\windows\3z6065roj59e.dll
c:\windows\3z62ste9l13205.dll
c:\windows\41ste9l85z.exe
c:\windows\426ezir20915.ocx
c:\windows\4295spambot1zd.bin
c:\windows\4342thi5f90z8.cpl
c:\windows\439asp5ware1252z.exe
c:\windows\451559t-a-viruz3e8.ocx
c:\windows\4548spaz9o5e5.bin
c:\windows\4564viru9474z.dll
c:\windows\457zworm9.exe
c:\windows\45z2spa9se2157.cpl
c:\windows\45z5vir6939.dll
c:\windows\4745tzoj945.cpl
c:\windows\4926s5ambot5az.ocx
c:\windows\4995s5arze1852.cpl
c:\windows\49dcvirz2375.ocx
c:\windows\49z2wo59208.dll
c:\windows\4a5czir1999.bin
c:\windows\4a6fba59zoor1225.bin
c:\windows\4bd5st9al1100z.cpl
c:\windows\4c50zir969.cpl
c:\windows\4c80stz5l5049.bin
c:\windows\4d87zpy5are9211.cpl
c:\windows\4db5zackdoor7239.dll
c:\windows\4e58szarse9479.exe
c:\windows\4e73ad59are90z.dll
c:\windows\4e8dbac5doo96z3.cpl
c:\windows\4e92zi9555.exe
c:\windows\4edzth95f68.ocx
c:\windows\4z39vir5464.cpl
c:\windows\503a5ackd9or2023z.exe
c:\windows\50zspyw9re1909.ocx
c:\windows\5189hacktooz587.ocx
c:\windows\51z4th5ea995.bin
c:\windows\5257tro962z.exe
c:\windows\52d3stea515z49.cpl
c:\windows\536czhief9315.exe
c:\windows\538zir595e9.exe
c:\windows\539bszywa9e475.cpl
c:\windows\53a9pywaze741.bin
c:\windows\53d1za5kdoor979.exe
c:\windows\541bt9iez1115.ocx
c:\windows\5422thze5t9509.bin
c:\windows\543zs9arse527.exe
c:\windows\5478spazb59299.cpl
c:\windows\5499s5arze1011.cpl
c:\windows\54e8vz9918.bin
c:\windows\54f9download5r239z.cpl
c:\windows\5503zroj295.cpl
c:\windows\5555st9al1z5.exe
c:\windows\55des9arze10845.bin
c:\windows\55zcth9ef986.cpl
c:\windows\5607trzj595.dll
c:\windows\5628b9ckdzor953.exe
c:\windows\56353zack9ool4d2.dll
c:\windows\56510hackzool3a9.cpl
c:\windows\5675spyz9c.exe
c:\windows\57349spambot92z.exe
c:\windows\57383ha9ktozl326.ocx
c:\windows\57599not-a-viruz735.cpl
c:\windows\5775s9zal856.ocx
c:\windows\57999hi5f2350z.exe
c:\windows\57e5sparze1996.ocx
c:\windows\57e9b5ckdooz1981.bin
c:\windows\58569not-a-viruz454.bin
c:\windows\5863sp5mb9t3dz.ocx
c:\windows\5897not-a-virus78z.dll
c:\windows\589z5ief2597.exe
c:\windows\58z21spy91.cpl
c:\windows\5912zhackto9l142.cpl
c:\windows\595259cktooz692.bin
c:\windows\59591troj55z.dll
c:\windows\5975zp9mbot1f4.exe
c:\windows\597z6virus6b09.cpl
c:\windows\59f25ddwzre1917.exe
c:\windows\59feaddware3038z.dll
c:\windows\5a6zspywar9165.cpl
c:\windows\5a9addware30z9.exe
c:\windows\5bd9viz3987.ocx
c:\windows\5c35t9ief2755z.cpl
c:\windows\5d20doznload5r907.cpl
c:\windows\5d26dow9load5r2213z.ocx
c:\windows\5d29t9rzat3129.exe
c:\windows\5d71downzoader2559.ocx
c:\windows\5ea9v953127z.ocx
c:\windows\5eabad9ware111z.dll
c:\windows\5fc1ad9warz15385.ocx
c:\windows\5z145hack9ool1d0.bin
c:\windows\5z712spambot19f.bin
c:\windows\603d5ackzoor999.bin
c:\windows\60bb5irz349.ocx
c:\windows\6159vi9z150.bin
c:\windows\618bth5zat15999.bin
c:\windows\62d7down9oade540z.cpl
c:\windows\64ec9own5oaderz02.dll
c:\windows\6511vzr2339.dll
c:\windows\654w5rmzc99.ocx
c:\windows\6555not-a-virus99z5.ocx
c:\windows\6557zackdo9r2255.dll
c:\windows\6598tzr9at10650.bin
c:\windows\6599zir1862.ocx
c:\windows\65babackd9zr1955.bin
c:\windows\65z9hacktoo9555.exe
c:\windows\65zbbac9door896.dll
c:\windows\6759zorm483.exe
c:\windows\6782vi59s5z1.exe
c:\windows\6798vir5s36z.cpl
c:\windows\681edo5nlzader395.bin
c:\windows\6821hacztoo945f.bin
c:\windows\6826zac5door30509.exe
c:\windows\68c8backdz9r1582.bin
c:\windows\693cvir35z.ocx
c:\windows\6992doznloader25395.bin
c:\windows\69c9addwarz2105.ocx
c:\windows\69zvi5us65c.exe
c:\windows\6a7f9pywaze13645.dll
c:\windows\6b15sp9rse2z56.bin
c:\windows\6z57spa9se835.dll
c:\windows\6z69a5dware2773.exe
c:\windows\6z85backdoo9392.ocx
c:\windows\6z91vir2570.dll
c:\windows\6z9spyware1559.cpl
c:\windows\7004notza-vir9s5a5.bin
c:\windows\7025w9zm779.exe
c:\windows\70b0t5iez5909.exe
c:\windows\715ezddw9re1166.ocx
c:\windows\732zt9re5t9951.cpl
c:\windows\735z5ir18839.exe
c:\windows\73z89py5are262.ocx
c:\windows\7429zownl5ader2883.dll
c:\windows\746d5wnload9r27z9.exe
c:\windows\7553th9eat1509z.ocx
c:\windows\7596zpy255.ocx
c:\windows\764athz5f779.bin
c:\windows\7659szyware2155.ocx
c:\windows\78bc9tealz574.exe
c:\windows\792ezpywar51401.exe
c:\windows\799av5z522.exe
c:\windows\79c5spyw5rz1647.cpl
c:\windows\7a4backdo951z80.bin
c:\windows\7a68backzoo52249.exe
c:\windows\7b9dthzef95305.bin
c:\windows\7ba1zddwa9e5834.ocx
c:\windows\7e895tezl700.cpl
c:\windows\7z11vir1995.bin
c:\windows\7z39r5j180.cpl
c:\windows\7z82thr5a929155.exe
c:\windows\8097zackto5l509.bin
c:\windows\819down5oadzr699.dll
c:\windows\8498wo9m2z55.ocx
c:\windows\8565spaz9ot79f.exe
c:\windows\8589zi9us500.exe
c:\windows\8822worm594z.cpl
c:\windows\8905spy697z.cpl
c:\windows\8z13s5ambot79c9.cpl
c:\windows\8z8dow9loader562.dll
c:\windows\90047ha5ztool390.dll
c:\windows\90517spambot665z.exe
c:\windows\9086zorm745.exe
c:\windows\90e4backdooz3512.dll
c:\windows\910dbackd5zr288.ocx
c:\windows\91145spy585z.exe
c:\windows\92527spy3fz.cpl
c:\windows\925z05roj5f9.cpl
c:\windows\92b2th5eaz14926.cpl
c:\windows\92zbackdoo52375.dll
c:\windows\93562worm7z5.ocx
c:\windows\939aspzwa5e2755.cpl
c:\windows\9411t5ief2z50.dll
c:\windows\9491ha9ktooz3435.ocx
c:\windows\952az5r2840.ocx
c:\windows\9535wzr5693.ocx
c:\windows\956795irus2bdz.ocx
c:\windows\95695worm7ze.cpl
c:\windows\95z73worm5a9.dll
c:\windows\9675zworm2fc.dll
c:\windows\9757zw5rm6d6.cpl
c:\windows\97z0worm5be9.dll
c:\windows\9833downloaderz7905.ocx
c:\windows\998wo9mz8a5.ocx
c:\windows\9aebackdo5r21z4.dll
c:\windows\9b22do5nlozder2466.ocx
c:\windows\9e81spyzare1566.bin
c:\windows\9ed4tzreat15677.exe
c:\windows\9f5adz9a5e2634.exe
c:\windows\9fze5hief66.ocx
c:\windows\9z389roj69c5.exe
c:\windows\9z596troj65c.ocx
c:\windows\a06bz5kdoo9780.ocx
c:\windows\a19v5rz3.dll
c:\windows\d36adzware2695.bin
c:\windows\e665h9efz811.exe
c:\windows\fd95dzware819.cpl
c:\windows\fzthre9t29335.dll
c:\windows\system32\10552s9z35d.cpl
c:\windows\system32\10556tr9jz56.ocx
c:\windows\system32\1076vi5396z.cpl
c:\windows\system32\10z89worm459.dll
c:\windows\system32\10z965orm6.bin
c:\windows\system32\11169not-azv5rus129.cpl
c:\windows\system32\11191trojz53.bin
c:\windows\system32\115z9vir5s243.bin
c:\windows\system32\119baczdo9r2425.cpl
c:\windows\system32\12259sp9mbztdc.bin
c:\windows\system32\12408zpy579.dll
c:\windows\system32\125029ormzb5.cpl
c:\windows\system32\1278zv9rus3d35.bin
c:\windows\system32\12793n5t-a-9zrus438.bin
c:\windows\system32\1299vi53z23.ocx
c:\windows\system32\129zbackdoor15979.dll
c:\windows\system32\12z23sp95c5.ocx
c:\windows\system32\12z26sp575b9.exe
c:\windows\system32\131z6tro9594.dll
c:\windows\system32\13909hzck5ool94e.ocx
c:\windows\system32\141799ir5sz94.cpl
c:\windows\system32\1454559y6az.ocx
c:\windows\system32\14632not-z5virus349.cpl
c:\windows\system32\1465ztroj509.cpl
c:\windows\system32\14692virusz529.cpl
c:\windows\system32\14770zot5a9virus478.exe
c:\windows\system32\14899hazk5ool45c.cpl
c:\windows\system32\1554zackdoor9206.dll
c:\windows\system32\15566hzckt9ol18d.ocx
c:\windows\system32\15605wzr9215.dll
c:\windows\system32\15739spz28a.cpl
c:\windows\system32\15905wo9m45bz.dll
c:\windows\system32\1593zvirus2d1.exe
c:\windows\system32\15971wor5z22.dll
c:\windows\system32\1599zacktoo5de.ocx
c:\windows\system32\15z91spy2aa.exe
c:\windows\system32\15zevi9259.cpl
c:\windows\system32\16126z9ru563c.dll
c:\windows\system32\autorun.ini
c:\windows\system32\drivers\gxvxcserv.sys
c:\windows\system32\drivers\MSIVXkberxlltewmybiuwekqxmoiqaqkwfvdj.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXkyvlboejluxleqhbosyeplsbgpfyxsgk.dll
c:\windows\system32\MSIVXmpmyroqudruxxwwxiqhwhhwipbmpfmee.dll
c:\windows\system32\setup2.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z357a9dware1878.dll
c:\windows\z497virus2935.dll
c:\windows\z4e4spy9ar51124.bin
c:\windows\z5068troj29d.exe
c:\windows\z509threat29923.ocx
c:\windows\z529tr9j57d.ocx
c:\windows\z5658not-a9virusab.bin
c:\windows\z5919spam9ot606.dll
c:\windows\z594hac5tool42.dll
c:\windows\z696addwa9e1511.exe
c:\windows\z7359virus70a5.dll
c:\windows\z825spy697.ocx
c:\windows\z89365roj29.dll
c:\windows\z9318s5y423.ocx
c:\windows\z9475hreat26779.bin
c:\windows\z995rm4e9.dll
c:\windows\zd54threat165495.dll
c:\windows\zd91sparse553.exe

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 7:20 pm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_MSIVXserv.sys
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-12-26 15:42 . 2009-12-26 15:42 10117 ----a-w- c:\windows\system32\51z19virus259.dll
2009-12-23 05:29 . 2009-12-23 05:29 16521 ----a-w- c:\windows\system32\55adt9ief134z.bin
2009-12-19 09:02 . 2009-12-19 09:02 14943 ----a-w- c:\windows\system32\299845pambot68bz.exe
2009-12-17 11:44 . 2009-12-17 11:44 15586 ----a-w- c:\windows\system32\5z869own5oader337.exe
2009-12-10 18:22 . 2009-12-10 18:22 10053 ----a-w- c:\windows\system32\19301viruz165.bin
2009-12-04 16:51 . 2009-12-04 16:51 6202 ----a-w- c:\windows\system32\5eccv9rz397.bin
2009-11-17 01:36 . 2009-11-17 01:36 9272 ----a-w- c:\windows\system32\57adsp9rse532z.dll
2009-11-16 22:24 . 2009-11-16 22:24 5406 ----a-w- c:\windows\system32\19961v5rus2dz.exe
2009-11-16 10:38 . 2009-11-16 10:38 3821 ----a-w- c:\windows\system32\19509s9y66z.bin
2009-10-20 12:16 . 2009-10-20 12:16 16063 ----a-w- c:\windows\system32\7zafvir9015.dll
2009-10-20 00:43 . 2009-10-20 00:43 3325 ----a-w- c:\windows\system32\9b18steal38z5.dll
2009-10-18 06:06 . 2009-10-18 06:06 17875 ----a-w- c:\windows\system32\z75919irus3225.exe
2009-10-13 23:24 . 2009-10-13 23:24 16561 ----a-w- c:\windows\system32\47f7threaz20959.exe
2009-10-04 19:31 . 2009-10-04 19:31 5667 ----a-w- c:\windows\system32\6006haz9tool155.bin
2009-10-04 17:17 . 2009-10-04 17:17 4839 ----a-w- c:\windows\system32\2124sz5rs9429.exe
2009-09-27 20:37 . 2009-09-27 20:37 5573 ----a-w- c:\windows\system32\6935viruz99.bin
2009-09-22 18:42 . 2009-09-22 18:42 11552 ----a-w- c:\windows\system32\91692spyz55.bin
2009-09-17 12:58 . 2009-09-17 12:58 7447 ----a-w- c:\windows\system32\4e5bazkdoor2193.bin
2009-09-14 15:14 . 2009-09-14 15:14 16046 ----a-w- c:\windows\system32\91524spy77z.bin
2009-09-11 10:12 . 2009-09-11 10:12 16182 ----a-w- c:\windows\system32\z35775iru9b4.dll
2009-09-08 04:15 . 2009-09-08 04:15 8566 ----a-w- c:\windows\system32\19354trojz59.bin
2009-09-06 17:05 . 2009-09-06 17:05 11181 ----a-w- c:\windows\system32\46a5dzwn9oader574.dll
2009-09-04 02:14 . 2009-09-04 02:14 13193 ----a-w- c:\windows\system32\847z59m45c.exe
2009-09-01 15:55 . 2009-09-01 15:55 18028 ----a-w- c:\windows\system32\6b5edownl9ader893z.bin
2009-08-25 07:03 . 2009-08-25 07:03 9419 ----a-w- c:\windows\system32\9a49azkdoor2915.bin
2009-08-22 17:17 . 2009-08-22 17:17 2935 ----a-w- c:\windows\system32\5961threat15z98.dll
2009-08-21 21:47 . 2009-08-21 21:47 7928 ----a-w- c:\windows\system32\2964spywar9z578.dll
2009-08-21 12:56 . 2009-08-21 12:56 12503 ----a-w- c:\windows\system32\51949ddzare3035.exe
2009-08-19 15:36 . 2009-08-19 15:36 4067 ----a-w- c:\windows\system32\296z6h9cktool652.bin
2009-08-18 15:56 . 2009-08-18 15:56 5051 ----a-w- c:\windows\system32\9f9zddwar92530.bin
2009-08-11 02:09 . 2009-08-11 02:09 17428 ----a-w- c:\windows\system32\548cspywzre8899.bin
2009-08-10 11:58 . 2009-08-10 11:58 11972 ----a-w- c:\windows\system32\21994hackt5ol5cz.exe
2009-08-09 21:29 . 2009-08-09 21:29 13612 ----a-w- c:\windows\system32\922985ot-a-viruz413.dll
2009-08-09 14:52 . 2009-08-09 14:52 12367 ----a-w- c:\windows\system32\6442bazkd9o51264.exe
2009-08-01 20:13 . 2009-08-01 20:13 6946 ----a-w- c:\windows\system32\44eespazse1259.dll
2009-07-27 23:12 . 2009-07-27 23:12 6955 ----a-w- c:\windows\system32\1z659spambotf95.bin
2009-07-25 04:24 . 2009-07-25 04:24 7009 ----a-w- c:\windows\system32\35758zpy982.bin
2009-07-23 04:01 . 2009-07-23 04:01 12317 ----a-w- c:\windows\system32\5598sparsz5099.bin
2009-07-22 21:01 . 2009-07-22 21:01 9040 ----a-w- c:\windows\system32\98z80virus2645.dll
2009-07-20 23:49 . 2009-07-20 23:49 15677 ----a-w- c:\windows\system32\5159add9are268z.bin
2009-07-18 07:36 . 2009-07-18 07:36 8002 ----a-w- c:\windows\system32\17855szambot941.exe
2009-07-13 06:18 . 2009-07-13 06:18 15325 ----a-w- c:\windows\system32\29544spa5b9t1eez.dll
2009-07-03 22:03 . 2009-07-03 22:03 11612 ----a-w- c:\windows\system32\6561zackto9l4fc.exe
2009-06-24 13:15 . 2009-06-24 13:15 14891 ----a-w- c:\windows\system32\22b9thzef1658.exe
2009-06-23 19:49 . 2009-06-23 19:49 5308 ----a-w- c:\windows\system32\2921s9zmbot4635.exe
2009-06-22 21:46 . 2009-06-22 21:46 16020 ----a-w- c:\windows\system32\4592z9oj1b5.exe
2009-06-19 11:52 . 2009-06-19 11:52 4217 ----a-w- c:\windows\system32\6591thizf5975.exe
2009-06-17 19:06 . 2009-06-16 16:59 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-17 17:23 . 2009-06-17 17:23 -------- d-----w- C:\!KillBox
2009-06-17 16:59 . 2009-06-17 16:59 -------- d-----w- c:\program files\AVG
2009-06-17 16:59 . 2009-06-17 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-17 16:53 . 2009-06-17 16:53 -------- d-----w- c:\program files\Trend Micro
2009-06-17 16:11 . 2009-06-17 16:11 8945 ----a-w- c:\windows\system32\45czsp9rse2934.bin
2009-06-17 15:47 . 2009-06-16 16:59 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVENG.SYS
2009-06-17 15:47 . 2009-06-16 16:59 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVEX15.SYS
2009-06-17 15:47 . 2009-06-16 16:59 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVEX32A.DLL
2009-06-17 15:47 . 2009-06-16 16:59 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVENG32.DLL
2009-06-17 15:47 . 2009-06-16 16:59 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\EECTRL.SYS
2009-06-17 15:47 . 2009-06-16 16:59 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\ERASER.SYS
2009-06-17 15:47 . 2009-06-16 16:59 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\ECMSVR32.DLL
2009-06-17 15:47 . 2009-06-16 16:59 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\CCERASER.DLL
2009-06-16 21:01 . 2009-06-16 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-06-16 18:27 . 2009-06-16 18:28 -------- d-----w- c:\windows\system32\autorun
2009-06-16 18:17 . 2009-06-16 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 17:11 . 2009-06-16 17:11 -------- d-----r- c:\program files\Norton Support
2009-06-16 17:10 . 2009-06-16 17:10 -------- d-----w- c:\documents and settings\AMEER\Local Settings\Application Data\Symantec
2009-06-16 17:10 . 2009-06-16 16:59 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-16 17:10 . 2009-06-16 16:59 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-16 17:10 . 2009-06-16 16:59 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-16 17:10 . 2009-06-16 16:59 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-16 17:10 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-16 17:00 . 2009-06-16 16:59 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-16 17:00 . 2009-06-16 17:00 -------- d-----w- c:\program files\Symantec
2009-06-16 17:00 . 2009-06-16 17:00 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-16 17:00 . 2009-06-16 17:00 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 16:59 . 2009-06-16 16:59 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-06-16 16:59 . 2009-06-16 16:59 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-06-16 16:59 . 2009-06-16 16:59 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-06-16 16:59 . 2009-06-16 16:59 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-16 16:59 . 2009-06-16 16:59 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-16 16:59 . 2009-06-16 16:59 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-06-16 16:59 . 2009-06-16 16:59 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-16 16:59 . 2009-06-16 16:59 -------- d-----w- c:\windows\system32\drivers\N360
2009-06-12 21:38 . 2009-06-16 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-12 21:37 . 2009-06-16 16:59 -------- d-----w- c:\program files\Norton 360
2009-06-12 21:37 . 2009-06-16 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-12 21:37 . 2009-06-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-12 21:10 . 2009-06-16 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-12 21:10 . 2009-06-16 16:58 -------- d-----w- c:\program files\NortonInstaller
2009-06-12 20:55 . 2009-06-12 21:36 -------- d-----w- c:\documents and settings\AMEER\Application Data\GetRightToGo
2009-06-11 22:15 . 2009-06-11 22:15 10313 ----a-w- c:\windows\system32\2599downloa9er4z0.exe
2009-06-10 23:01 . 2009-06-10 23:01 2173616 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.45.0.exe
2009-06-10 14:50 . 2009-06-10 14:50 152576 ----a-w- c:\documents and settings\AMEER\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 20:52 . 2009-06-08 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Digital Film Tools
2009-06-07 22:55 . 2009-06-07 22:55 -------- d-----w- c:\documents and settings\AMEER\Local Settings\Application Data\Help
2009-06-05 21:11 . 2009-06-05 21:11 17460 ----a-w- c:\windows\system32\3c02spar952551z.bin
2009-06-03 17:34 . 2009-04-05 22:00 38208 ----a-w- c:\documents and settings\AMEER\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-02 02:38 . 2009-06-02 02:38 16472 ----a-w- c:\windows\system32\705bspywzre2692.dll
2009-05-27 21:57 . 2009-05-27 21:58 -------- d-----w- c:\documents and settings\AMEER\Application Data\Mask Pro 4.0
2009-05-27 17:12 . 2009-05-27 21:23 -------- d-----w- c:\program files\SweetIM
2009-05-27 17:12 . 2009-05-27 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2009-05-27 15:56 . 2009-05-27 15:56 -------- d-----w- c:\documents and settings\AMEER\Application Data\onOne Software
2009-05-27 15:56 . 2009-05-27 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2009-05-27 15:47 . 2009-05-27 15:56 -------- d-----w- c:\program files\onOne Software
2009-05-26 19:10 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-05-26 19:10 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-05-26 19:10 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-05-26 19:10 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-05-26 19:10 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-05-26 18:28 . 2009-06-16 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP 5
2009-05-26 18:26 . 2009-05-26 18:26 -------- d--h--w- c:\windows\PIF
2009-05-25 09:58 . 2009-05-25 09:58 8194 ----a-w- c:\windows\system32\69c2st5al13z1.dll
2009-05-23 09:04 . 2009-05-23 09:04 316416 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\fmodex.dll
2009-05-23 09:04 . 2009-05-23 09:04 60416 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\OpenAL32.dll
2009-05-23 09:04 . 2009-05-23 09:04 1468264 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\d3dx9_33.dll
2009-05-23 09:04 . 2009-05-23 09:04 1038104 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\d3dx9_31.dll
2009-05-23 09:04 . 2009-05-23 09:04 4055040 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\AceOfAces.exe
2009-05-21 18:41 . 2009-05-21 18:41 17598 ----a-w- c:\windows\system32\54909p5mbotz86.bin

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 7:21 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 16:30 . 2009-02-08 09:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 16:11 . 2009-06-17 16:11 9538 ----a-w- c:\windows\system32\2101backd9o5z978.dll
2009-06-17 16:03 . 2009-04-02 15:04 -------- d-----w- c:\documents and settings\AMEER\Application Data\HPAppData
2009-06-17 15:23 . 2009-01-19 22:23 -------- d-----w- c:\program files\Games
2009-06-16 21:02 . 2009-03-27 07:28 157401 ----a-w- c:\windows\hpoins27.dat
2009-06-16 20:59 . 2009-01-21 09:33 -------- d-----w- c:\program files\BitComet
2009-06-16 17:00 . 2009-06-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-16 17:00 . 2009-06-16 17:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 17:00 . 2009-06-16 17:00 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 16:59 . 2009-06-12 21:38 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-16 16:59 . 2009-06-16 16:59 -------- d-----w- c:\program files\Windows Sidebar
2009-06-16 06:23 . 2008-07-08 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 06:07 . 2009-06-16 05:55 -------- d-----w- c:\documents and settings\AMEER\Application Data\DAEMON Tools Lite
2009-06-16 06:03 . 2009-06-16 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-16 05:55 . 2009-06-16 05:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-15 20:00 . 2008-07-08 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 19:56 . 2008-07-08 18:02 -------- d-----w- c:\program files\Microsoft Works
2009-06-12 20:48 . 2009-01-22 16:34 -------- d-----w- c:\documents and settings\AMEER\Application Data\LimeWire
2009-06-10 14:51 . 2009-01-22 12:30 -------- d-----w- c:\program files\Java
2009-05-31 15:40 . 2009-02-21 11:03 -------- d-----w- c:\program files\GameHouse
2009-05-27 16:15 . 2009-01-19 04:47 583312 ----a-w- c:\documents and settings\AMEER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 10:33 . 2009-01-22 12:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 19:30 . 2009-05-17 19:30 4059 ----a-w- c:\windows\system32\25791not-a-v9rus65z.bin
2009-05-14 15:49 . 2009-05-14 15:49 4227 ----a-w- c:\windows\system32\20434not-a-5irzs293.bin
2009-05-14 07:38 . 2009-05-14 07:38 4640 ----a-w- c:\windows\system32\29a5ste95939z.dll
2009-05-12 02:06 . 2009-05-12 02:06 11613 ----a-w- c:\windows\system32\5694downloa5erz484.dll
2009-05-11 14:44 . 2009-05-11 14:44 4689 ----a-w- c:\windows\system32\77e2t5reat20z739.dll
2009-05-07 15:32 . 2008-04-15 03:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 07:00 . 2009-05-06 07:00 8727 ----a-w- c:\windows\system32\7540spy295z.bin
2009-05-04 16:27 . 2009-05-04 16:27 -------- d-----w- c:\documents and settings\AMEER\Application Data\ThemesCreator
2009-05-02 21:48 . 2009-05-02 21:48 10488 ----a-w- c:\windows\system32\95z4th5eat10259.dll
2009-05-02 16:23 . 2009-05-02 16:23 -------- d-----w- c:\program files\Sony Ericsson
2009-05-02 16:00 . 2009-04-03 19:42 -------- d-----w- c:\program files\MySpace
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 08:21 . 2009-05-01 08:21 12800 ----a-w- c:\windows\system32\17z959py5e3.exe
2009-04-30 20:14 . 2009-04-30 20:14 1893936 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.5.exe
2009-04-29 04:56 . 2008-04-15 03:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-04-15 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 04:29 . 2009-04-28 04:29 7066 ----a-w- c:\windows\system32\3556spywaz925365.dll
2009-04-17 12:26 . 2008-04-15 03:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 05:56 . 2009-04-16 05:56 8253 ----a-w- c:\windows\system32\7ebf9py5are632z.dll
2009-04-15 14:51 . 2008-04-15 03:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 05:00 . 2009-04-14 05:00 17846 ----a-w- c:\windows\system32\z9985vi5us52.dll
2009-04-13 21:17 . 2009-04-13 21:17 937128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 13:29 . 2009-04-08 13:29 1202 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-04-07 11:33 . 2009-04-07 11:33 1892856 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.0.exe
2009-04-06 08:17 . 2009-04-06 08:17 2784 ----a-w- c:\windows\system32\2857zvirus149.exe
2009-04-01 15:04 . 2009-04-01 15:04 152576 ----a-w- c:\documents and settings\AMEER\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 19:48 . 2009-03-28 19:48 16852 ----a-w- c:\windows\system32\655z9ownloader1898.dll
2009-03-28 17:02 . 2009-03-28 17:02 17370 ----a-w- c:\windows\system32\9c58stzal50.dll
2009-03-25 23:43 . 2009-03-25 23:43 10497 ----a-w- c:\windows\system32\2z088not-a9v5rus4e1.exe
2009-03-23 22:41 . 2009-03-23 22:41 9485 ----a-w- c:\windows\system32\6661not-9-virzs50b.exe
2009-03-20 19:42 . 2009-01-22 10:47 129712 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Athan"="c:\program files\Athan\Athan.exe" [2009-01-18 1081344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\AMEER\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3444008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Games\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Games\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18823:TCP"= 18823:TCP:BitComet 18823 TCP
"18823:UDP"= 18823:UDP:BitComet 18823 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26456:TCP"= 26456:TCP:BitComet 26456 TCP
"26456:UDP"= 26456:UDP:BitComet 26456 UDP

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [6/16/2009 5:59 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [6/16/2009 5:59 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [6/16/2009 5:59 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys [6/16/2009 6:10 PM 276344]
R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [6/16/2009 5:59 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/13/2009 1:11 AM 101936]
S2 EraserSvc10910;Symantec Eraser Service;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [6/12/2009 10:38 PM 115560]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [5/21/2008 9:11 AM 96856]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV --> c:\program files\wLite\wService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-16 c:\windows\Tasks\WebReg HP Deskjet F2200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 20:40]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-AdobeBridge - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-17 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2800)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\AMEER\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-17 20:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-17 19:12

Pre-Run: 38,726,746,112 bytes free
Post-Run: 38,636,965,888 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

752 --- E O F --- 2009-06-15 20:00

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by Belahzur on Wed Jun 17, 2009 7:30 pm

What a mess,

Before we can clean the rest, we need to uninstall a few things.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 7:44 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Acer Crystal Eye webcam
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
Athan Basic 3.5
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
BitComet 1.09
Bonjour
CCleaner (remove only)
Choice Guard
Connect
Counter-Strike 1.6
FaceOnBody Pro v 2.4
Feeding Frenzy
GEAR driver installer for x86 and x64
GIF Construction Set Professional
HijackThis 2.0.2
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Huawei modem
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iTunes
Java(TM) 6 Update 14
JMicron JMB38X Flash Media Controller
kuler
Launch Manager
LimeWire 5.0.11
Mask Pro 4.1
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MySpace Toolbar
Norton 360
ObjectDock
PDF Settings CS4
Photoshop Camera Raw
PhotoTools 1.0 Professional Edition
PhotoTune 2
Picasa 3
QuickTime
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
Shop for HP Supplies
Sony Ericsson Themes Creator 4.01
Suite Shared Configuration CS4
SweetIM for Messenger 2.7
Synaptics Pointing Device Driver
Universal Extractor 1.6
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Windows XP (KB961503)
VideoLAN VLC media player 0.8.4a
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Xpose Plugin v 1.0
Yahoo! Messenger
Yahoo! Toolbar

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by Belahzur on Wed Jun 17, 2009 8:08 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitComet 1.09
    LimeWire 5.0.11

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\51z19virus259.dll
c:\windows\system32\55adt9ief134z.bin
c:\windows\system32\299845pambot68bz.exe
c:\windows\system32\5z869own5oader337.exe
c:\windows\system32\19301viruz165.bin
c:\windows\system32\5eccv9rz397.bin
c:\windows\system32\57adsp9rse532z.dll
c:\windows\system32\19961v5rus2dz.exe
c:\windows\system32\19509s9y66z.bin
c:\windows\system32\7zafvir9015.dll
c:\windows\system32\9b18steal38z5.dll
c:\windows\system32\z75919irus3225.exe
c:\windows\system32\47f7threaz20959.exe
c:\windows\system32\6006haz9tool155.bin
c:\windows\system32\2124sz5rs9429.exe
c:\windows\system32\6935viruz99.bin
c:\windows\system32\91692spyz55.bin
c:\windows\system32\4e5bazkdoor2193.bin
c:\windows\system32\91524spy77z.bin
c:\windows\system32\z35775iru9b4.dll
c:\windows\system32\19354trojz59.bin
c:\windows\system32\46a5dzwn9oader574.dll
c:\windows\system32\847z59m45c.exe
c:\windows\system32\6b5edownl9ader893z.bin
c:\windows\system32\9a49azkdoor2915.bin
c:\windows\system32\5961threat15z98.dll
c:\windows\system32\2964spywar9z578.dll
c:\windows\system32\51949ddzare3035.exe
c:\windows\system32\296z6h9cktool652.bin
c:\windows\system32\9f9zddwar92530.bin
c:\windows\system32\548cspywzre8899.bin
c:\windows\system32\21994hackt5ol5cz.exe
c:\windows\system32\922985ot-a-viruz413.dll
c:\windows\system32\6442bazkd9o51264.exe
c:\windows\system32\44eespazse1259.dll
c:\windows\system32\1z659spambotf95.bin
c:\windows\system32\35758zpy982.bin
c:\windows\system32\5598sparsz5099.bin
c:\windows\system32\98z80virus2645.dll
c:\windows\system32\5159add9are268z.bin
c:\windows\system32\17855szambot941.exe
c:\windows\system32\29544spa5b9t1eez.dll
c:\windows\system32\6561zackto9l4fc.exe
c:\windows\system32\22b9thzef1658.exe
c:\windows\system32\2921s9zmbot4635.exe
c:\windows\system32\4592z9oj1b5.exe
c:\windows\system32\6591thizf5975.exe
c:\windows\system32\45czsp9rse2934.bin
c:\windows\system32\2599downloa9er4z0.exe
c:\windows\system32\3c02spar952551z.bin
c:\windows\system32\705bspywzre2692.dll
c:\windows\system32\25791not-a-v9rus65z.bin
c:\windows\system32\20434not-a-5irzs293.bin
c:\windows\system32\29a5ste95939z.dll
c:\windows\system32\5694downloa5erz484.dll
c:\windows\system32\77e2t5reat20z739.dll
c:\windows\system32\7540spy295z.bin
c:\windows\system32\17z959py5e3.exe
c:\windows\system32\3556spywaz925365.dll
c:\windows\system32\7ebf9py5are632z.dll
c:\windows\system32\z9985vi5us52.dll
c:\windows\system32\2857zvirus149.exe
c:\windows\system32\655z9ownloader1898.dll
c:\windows\system32\9c58stzal50.dll
c:\windows\system32\2z088not-a9v5rus4e1.exe
c:\windows\system32\6661not-9-virzs50b.exe

Folder::
C:\!KillBox

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 9:50 pm

ComboFix 09-06-16.05 - AMEER 06/17/2009 22:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.559 [GMT 1:00]
Running from: c:\documents and settings\AMEER\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\AMEER\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\17855szambot941.exe"
"c:\windows\system32\17z959py5e3.exe"
"c:\windows\system32\19301viruz165.bin"
"c:\windows\system32\19354trojz59.bin"
"c:\windows\system32\19509s9y66z.bin"
"c:\windows\system32\19961v5rus2dz.exe"
"c:\windows\system32\1z659spambotf95.bin"
"c:\windows\system32\20434not-a-5irzs293.bin"
"c:\windows\system32\2124sz5rs9429.exe"
"c:\windows\system32\21994hackt5ol5cz.exe"
"c:\windows\system32\22b9thzef1658.exe"
"c:\windows\system32\25791not-a-v9rus65z.bin"
"c:\windows\system32\2599downloa9er4z0.exe"
"c:\windows\system32\2857zvirus149.exe"
"c:\windows\system32\2921s9zmbot4635.exe"
"c:\windows\system32\29544spa5b9t1eez.dll"
"c:\windows\system32\2964spywar9z578.dll"
"c:\windows\system32\296z6h9cktool652.bin"
"c:\windows\system32\299845pambot68bz.exe"
"c:\windows\system32\29a5ste95939z.dll"
"c:\windows\system32\2z088not-a9v5rus4e1.exe"
"c:\windows\system32\3556spywaz925365.dll"
"c:\windows\system32\35758zpy982.bin"
"c:\windows\system32\3c02spar952551z.bin"
"c:\windows\system32\44eespazse1259.dll"
"c:\windows\system32\4592z9oj1b5.exe"
"c:\windows\system32\45czsp9rse2934.bin"
"c:\windows\system32\46a5dzwn9oader574.dll"
"c:\windows\system32\47f7threaz20959.exe"
"c:\windows\system32\4e5bazkdoor2193.bin"
"c:\windows\system32\5159add9are268z.bin"
"c:\windows\system32\51949ddzare3035.exe"
"c:\windows\system32\51z19virus259.dll"
"c:\windows\system32\548cspywzre8899.bin"
"c:\windows\system32\5598sparsz5099.bin"
"c:\windows\system32\55adt9ief134z.bin"
"c:\windows\system32\5694downloa5erz484.dll"
"c:\windows\system32\57adsp9rse532z.dll"
"c:\windows\system32\5961threat15z98.dll"
"c:\windows\system32\5eccv9rz397.bin"
"c:\windows\system32\5z869own5oader337.exe"
"c:\windows\system32\6006haz9tool155.bin"
"c:\windows\system32\6442bazkd9o51264.exe"
"c:\windows\system32\655z9ownloader1898.dll"
"c:\windows\system32\6561zackto9l4fc.exe"
"c:\windows\system32\6591thizf5975.exe"
"c:\windows\system32\6661not-9-virzs50b.exe"
"c:\windows\system32\6935viruz99.bin"
"c:\windows\system32\6b5edownl9ader893z.bin"
"c:\windows\system32\705bspywzre2692.dll"
"c:\windows\system32\7540spy295z.bin"
"c:\windows\system32\77e2t5reat20z739.dll"
"c:\windows\system32\7ebf9py5are632z.dll"
"c:\windows\system32\7zafvir9015.dll"
"c:\windows\system32\847z59m45c.exe"
"c:\windows\system32\91524spy77z.bin"
"c:\windows\system32\91692spyz55.bin"
"c:\windows\system32\922985ot-a-viruz413.dll"
"c:\windows\system32\98z80virus2645.dll"
"c:\windows\system32\9a49azkdoor2915.bin"
"c:\windows\system32\9b18steal38z5.dll"
"c:\windows\system32\9c58stzal50.dll"
"c:\windows\system32\9f9zddwar92530.bin"
"c:\windows\system32\z35775iru9b4.dll"
"c:\windows\system32\z75919irus3225.exe"
"c:\windows\system32\z9985vi5us52.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
c:\!killbox\Logs\kb.log
c:\windows\system32\1625z5r919.bin
c:\windows\system32\16563no9-a-viru5z6d.bin
c:\windows\system32\16743not-a-vzru57ff9.exe
c:\windows\system32\16907n5t-a-viruz47d.bin
c:\windows\system32\169edoznloader1655.exe
c:\windows\system32\169z5parse1847.cpl
c:\windows\system32\16c8viz25719.cpl
c:\windows\system32\16z82s9y574.bin
c:\windows\system32\1725zac9d5or263.exe
c:\windows\system32\17855szambot941.exe
c:\windows\system32\17z959py5e3.exe
c:\windows\system32\1845stz9l2533.dll
c:\windows\system32\185609acktooz5c9.dll
c:\windows\system32\1858z5irus593.ocx
c:\windows\system32\18690not-a5zirus939.dll
c:\windows\system32\18z565ir9s22d.bin
c:\windows\system32\19301viruz165.bin
c:\windows\system32\19354trojz59.bin
c:\windows\system32\19359hackzool9dd.dll
c:\windows\system32\19509s9y66z.bin
c:\windows\system32\1952znot-a-virus6bd5.ocx
c:\windows\system32\1953addware94z9.exe
c:\windows\system32\19833tzoj195.dll
c:\windows\system32\19885spy2z8.ocx
c:\windows\system32\19925zwnloader2412.cpl
c:\windows\system32\19954z9oj27e.cpl
c:\windows\system32\1995threaz12045.ocx
c:\windows\system32\19961v5rus2dz.exe
c:\windows\system32\19z685ormf8.cpl
c:\windows\system32\19z69spambot3a5.cpl
c:\windows\system32\1ba9th5ef3170z.bin
c:\windows\system32\1fd2bzckdoor2965.cpl
c:\windows\system32\1z099virus5c5.cpl
c:\windows\system32\1z20tro559b.exe
c:\windows\system32\1z3405pambot954.ocx
c:\windows\system32\1z659spambotf95.bin
c:\windows\system32\1z93worm255.dll
c:\windows\system32\1ze4backdo5r9537.ocx
c:\windows\system32\20434not-a-5irzs293.bin
c:\windows\system32\20594spz290.ocx
c:\windows\system32\2101backd9o5z978.dll
c:\windows\system32\210915pyzcc.cpl
c:\windows\system32\2124sz5rs9429.exe
c:\windows\system32\2172a5d9are11z7.ocx
c:\windows\system32\21945not5z-virus6a6.exe
c:\windows\system32\219945ac9toolz43.dll
c:\windows\system32\21994hackt5ol5cz.exe
c:\windows\system32\21995z5rm5f9.dll
c:\windows\system32\22059zpy312.cpl
c:\windows\system32\228095p9zac.ocx
c:\windows\system32\2290zwor541b9.exe
c:\windows\system32\22925zorm10f.ocx
c:\windows\system32\22b9thzef1658.exe
c:\windows\system32\22c9spywa5z3117.ocx
c:\windows\system32\23555vir9s53z.exe
c:\windows\system32\2373s5azbot199.bin
c:\windows\system32\2389adzware5714.exe
c:\windows\system32\24480zroj2059.exe
c:\windows\system32\24979h9c5tool25z.bin
c:\windows\system32\25303n9tza-vir5s18e.cpl
c:\windows\system32\2549backdooz1944.ocx
c:\windows\system32\256f9ackdoor2z72.cpl
c:\windows\system32\256z3spa9bot57e.ocx
c:\windows\system32\25791not-a-v9rus65z.bin
c:\windows\system32\2599downloa9er4z0.exe
c:\windows\system32\264cbzc5door519.bin
c:\windows\system32\26512hazkt9ol3a05.bin
c:\windows\system32\2696azdw5re9722.exe
c:\windows\system32\27299no5-azvirus3f5.bin
c:\windows\system32\2797znot-a9vir5s4a4.exe
c:\windows\system32\27z72virus395.bin
c:\windows\system32\2815z9acktool2c6.cpl
c:\windows\system32\28490z95us120.cpl
c:\windows\system32\2857zvirus149.exe
c:\windows\system32\28912spambot35z.cpl
c:\windows\system32\28992wzrm77e5.exe
c:\windows\system32\29130h9cktzol4f05.dll
c:\windows\system32\2921s9zmbot4635.exe
c:\windows\system32\292cthzef581.exe
c:\windows\system32\29330not-a5virus598z.dll
c:\windows\system32\294945zrm52a.exe
c:\windows\system32\29544spa5b9t1eez.dll
c:\windows\system32\296115pambot6z8.bin
c:\windows\system32\2964spywar9z578.dll
c:\windows\system32\296z6h9cktool652.bin
c:\windows\system32\2984zvir9s5d4.exe
c:\windows\system32\299845pambot68bz.exe
c:\windows\system32\29a5ste95939z.dll
c:\windows\system32\2a54threzt3295.ocx
c:\windows\system32\2bbdz9r1805.cpl
c:\windows\system32\2f94spyw5ze1809.cpl
c:\windows\system32\2fzcaddware5193.bin
c:\windows\system32\2z088not-a9v5rus4e1.exe
c:\windows\system32\2z54spyw5r91261.ocx
c:\windows\system32\2z69threa596697.bin
c:\windows\system32\2zc6spyware11695.bin
c:\windows\system32\30497noz-a-5irus44a.exe
c:\windows\system32\309695pambot6cbz.cpl
c:\windows\system32\31297szy395.exe
c:\windows\system32\31z37worm59d.bin
c:\windows\system32\31z5wo9m3065.dll
c:\windows\system32\32257troj229z.exe
c:\windows\system32\329aba5kd9oz1276.ocx
c:\windows\system32\32c2b5zkdo9r2785.cpl
c:\windows\system32\32fzst5al9502.cpl
c:\windows\system32\35110zo9m60b.ocx
c:\windows\system32\35429spam9ot41z.cpl
c:\windows\system32\3556spywaz925365.dll
c:\windows\system32\35758zpy982.bin
c:\windows\system32\35d3st9a5420z.ocx
c:\windows\system32\3755zack9oor1039.cpl
c:\windows\system32\38b69ir1755z.exe
c:\windows\system32\38c8download9r159z.cpl
c:\windows\system32\395fszarse699.ocx
c:\windows\system32\3975add5arz954.ocx
c:\windows\system32\3975vir5z4.exe
c:\windows\system32\3c02spar952551z.bin
c:\windows\system32\3c1zste95635.bin
c:\windows\system32\3c89download9r3z53.dll
c:\windows\system32\3ce6vzr29205.ocx
c:\windows\system32\3e9zthief4095.ocx
c:\windows\system32\3z633sp9mbot563.ocx
c:\windows\system32\3z699s5am9ot147.bin
c:\windows\system32\3z729s9ambot35d.ocx
c:\windows\system32\3z8ddownloader9541.cpl
c:\windows\system32\4304hazktool59b.exe
c:\windows\system32\4323hzc59ool465.exe
c:\windows\system32\4403h5zktoo93cd.cpl
c:\windows\system32\4409n5t9a-virus149z.dll
c:\windows\system32\4493backd5or13z0.cpl
c:\windows\system32\44eespazse1259.dll
c:\windows\system32\44zdthie53149.cpl
c:\windows\system32\4544spyw9ze2519.ocx
c:\windows\system32\4592z9oj1b5.exe
c:\windows\system32\45czsp9rse2934.bin
c:\windows\system32\463cspazse1589.ocx
c:\windows\system32\4650sze5l2819.ocx
c:\windows\system32\46795zt-a-virus392.dll
c:\windows\system32\46a5dzwn9oader574.dll
c:\windows\system32\46b6st9al51z5.ocx
c:\windows\system32\47979irz540e.cpl
c:\windows\system32\47f7threaz20959.exe
c:\windows\system32\4958spy5are1163z.cpl
c:\windows\system32\49b9threa52z320.bin
c:\windows\system32\49ca9dzwar52415.dll
c:\windows\system32\4c55zhief2379.exe
c:\windows\system32\4e1fa5d9are1937z.ocx
c:\windows\system32\4e5bazkdoor2193.bin
c:\windows\system32\4f9cvi5857z.dll
c:\windows\system32\4fa9zhreat25990.exe
c:\windows\system32\50582spamboz396.bin
c:\windows\system32\50768spamzot5e9.cpl
c:\windows\system32\508989rojzc.bin
c:\windows\system32\512b5oznloader14929.exe
c:\windows\system32\5159add9are268z.bin
c:\windows\system32\518bspzrse695.bin
c:\windows\system32\51949ddzare3035.exe
c:\windows\system32\51a9addw5re1100z.ocx
c:\windows\system32\51z19virus259.dll
c:\windows\system32\52207spa9bot32fz.cpl
c:\windows\system32\52519virus742z.cpl
c:\windows\system32\525zspar9e1396.exe
c:\windows\system32\53542not-a-virusz98.exe
c:\windows\system32\5359thiez2556.dll
c:\windows\system32\53b0threat39z52.ocx
c:\windows\system32\53z4vir2799.cpl
c:\windows\system32\5427sza9se5155.ocx
c:\windows\system32\5438zorm296.cpl
c:\windows\system32\5450steaz69.ocx
c:\windows\system32\548cspywzre8899.bin
c:\windows\system32\54909p5mbotz86.bin
c:\windows\system32\549z3troj200.ocx
c:\windows\system32\558troj4z9.cpl
c:\windows\system32\5590thief1915z.dll
c:\windows\system32\5598sparsz5099.bin
c:\windows\system32\55adt9ief134z.bin
c:\windows\system32\55c9thie91z.ocx
c:\windows\system32\5694downloa5erz484.dll
c:\windows\system32\5798vzrus2ad.cpl
c:\windows\system32\57adsp9rse532z.dll
c:\windows\system32\57dcad5w9rez60.ocx
c:\windows\system32\5825spywarz193.bin
c:\windows\system32\589aviz31509.exe
c:\windows\system32\58z5ad9w5re2904.exe
c:\windows\system32\58zet95ef939.dll
c:\windows\system32\590faddwa5ez597.ocx
c:\windows\system32\5921zackdoor9199.exe
c:\windows\system32\5933dowzloa95r951.ocx
c:\windows\system32\595ztroj9965.exe
c:\windows\system32\5961threat15z98.dll
c:\windows\system32\59755zpambot5d2.bin
c:\windows\system32\5985zroj56c.dll
c:\windows\system32\5998spyez.dll
c:\windows\system32\59b9addwarz3018.bin
c:\windows\system32\59zs9y369.bin
c:\windows\system32\59zsteal9495.exe
c:\windows\system32\59ztr9j356.exe
c:\windows\system32\5a55threat2399z.ocx
c:\windows\system32\5a93v5r25z5.dll
c:\windows\system32\5az9vir785.dll
c:\windows\system32\5b36spzware292.ocx
c:\windows\system32\5b8ado59loazer2298.bin
c:\windows\system32\5b9avir3z99.cpl
c:\windows\system32\5bz7spars5199.ocx
c:\windows\system32\5de2ba5kdoor1z29.cpl
c:\windows\system32\5eccv9rz397.bin
c:\windows\system32\5f64do9nloader922z.cpl
c:\windows\system32\5f7c5hrezt29928.cpl
c:\windows\system32\5z15spam59t7c.exe
c:\windows\system32\5z15sparse9324.exe
c:\windows\system32\5z29worm4135.cpl

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 9:50 pm

c:\windows\system32\5z345worm975.dll
c:\windows\system32\5z64sp5ware1759.exe
c:\windows\system32\5z869own5oader337.exe
c:\windows\system32\5z95h9eat9863.exe
c:\windows\system32\6006haz9tool155.bin
c:\windows\system32\6143sp5mb9t6z2.cpl
c:\windows\system32\6208zo9-5-virus505.dll
c:\windows\system32\635195zm51d.ocx
c:\windows\system32\6442bazkd9o51264.exe
c:\windows\system32\652495ambot63fz.ocx
c:\windows\system32\655z9ownloader1898.dll
c:\windows\system32\6561zackto9l4fc.exe
c:\windows\system32\6591thizf5975.exe
c:\windows\system32\65929hiefz051.bin
c:\windows\system32\6661not-9-virzs50b.exe
c:\windows\system32\66d5ad9ware3z2.cpl
c:\windows\system32\672espywzre5789.exe
c:\windows\system32\6927stealz535.cpl
c:\windows\system32\6935viruz99.bin
c:\windows\system32\696c5zyware1969.bin
c:\windows\system32\6984zo9m2315.cpl
c:\windows\system32\69c2st5al13z1.dll
c:\windows\system32\6b1th9ef5z75.bin
c:\windows\system32\6b5edownl9ader893z.bin
c:\windows\system32\6d5sparsz24539.ocx
c:\windows\system32\6d80addwa5e9934z.dll
c:\windows\system32\6d985ir970z.ocx
c:\windows\system32\6e79s5ealz969.ocx
c:\windows\system32\6ezespy5are2999.dll
c:\windows\system32\6fe1tzi9f375.cpl
c:\windows\system32\7059th5zat32166.exe
c:\windows\system32\705bspywzre2692.dll
c:\windows\system32\7089spy5zre136.bin
c:\windows\system32\70e2szarse9450.dll
c:\windows\system32\70e39ownlo5derz86.dll
c:\windows\system32\7195spar5e82z.exe
c:\windows\system32\7388zor5609.dll
c:\windows\system32\74b7bzc9do5r2079.dll
c:\windows\system32\74cebz59door2529.ocx
c:\windows\system32\7500sz9226.ocx
c:\windows\system32\7539tz9j77b5.dll
c:\windows\system32\7540spy295z.bin
c:\windows\system32\757ddz9nload5r331.dll
c:\windows\system32\758059dware1z90.ocx
c:\windows\system32\76915pywarez956.dll
c:\windows\system32\76b5s95rse1776z.ocx
c:\windows\system32\77e2t5reat20z739.dll
c:\windows\system32\77es5yza9e1953.ocx
c:\windows\system32\77z0downl5ader9115.cpl
c:\windows\system32\7884dowzlo9de51948.dll
c:\windows\system32\7890bac5dozr575.dll
c:\windows\system32\7ac89ackdooz5555.cpl
c:\windows\system32\7ad9t9reat2503z.dll
c:\windows\system32\7c9295eal2193z.dll
c:\windows\system32\7e85ba9k5ozr1538.bin
c:\windows\system32\7ebf9py5are632z.dll
c:\windows\system32\7fzbthreat311965.exe
c:\windows\system32\7zafvir9015.dll
c:\windows\system32\7zfedownloa5e92866.bin
c:\windows\system32\847z59m45c.exe
c:\windows\system32\90z5steal1529.cpl
c:\windows\system32\91065notza-vir5s4c4.dll
c:\windows\system32\91524spy77z.bin
c:\windows\system32\91692spyz55.bin
c:\windows\system32\9188zpa5bot487.exe
c:\windows\system32\922985ot-a-viruz413.dll
c:\windows\system32\9364hackzool3995.bin
c:\windows\system32\944zvir3595.ocx
c:\windows\system32\94ef5hzeat11909.cpl
c:\windows\system32\95332worm5az.ocx
c:\windows\system32\95z4th5eat10259.dll
c:\windows\system32\96115s5z651.ocx
c:\windows\system32\9646sp95boz1d8.cpl
c:\windows\system32\96595zirus725.cpl
c:\windows\system32\96755woz5563.cpl
c:\windows\system32\970z5pyware1929.ocx
c:\windows\system32\97c9add5are2z77.ocx
c:\windows\system32\9850s9zb2.dll
c:\windows\system32\98e2sparsz35.bin
c:\windows\system32\98f9vi5218z.ocx
c:\windows\system32\98z80virus2645.dll
c:\windows\system32\9995vzrus752.ocx
c:\windows\system32\99z5t5ief2958.cpl
c:\windows\system32\9a49azkdoor2915.bin
c:\windows\system32\9b18steal38z5.dll
c:\windows\system32\9c58stzal50.dll
c:\windows\system32\9d295pyware3019z.ocx
c:\windows\system32\9f64bazkdoo51222.cpl
c:\windows\system32\9f9zddwar92530.bin
c:\windows\system32\9z127not-a-virus3895.cpl
c:\windows\system32\bbeba9kdozr953.bin
c:\windows\system32\e6f9pars51218z.ocx
c:\windows\system32\fz6b9ckdoor1015.exe
c:\windows\system32\z0785viru91c55.ocx
c:\windows\system32\z09045orm699.ocx
c:\windows\system32\z129hac5to9l225.exe
c:\windows\system32\z129worm5be.bin
c:\windows\system32\z1639ack5ool701.ocx
c:\windows\system32\z193worm5c0.exe
c:\windows\system32\z2944vi95s59c.ocx
c:\windows\system32\z35775iru9b4.dll
c:\windows\system32\z379spambo56d.bin
c:\windows\system32\z500spy3b9.bin
c:\windows\system32\z59t5reat10017.dll
c:\windows\system32\z5athreat6791.ocx
c:\windows\system32\z5c0a5dwar92846.ocx
c:\windows\system32\z5caadd59re462.cpl
c:\windows\system32\z61595rm4b7.ocx
c:\windows\system32\z75919irus3225.exe
c:\windows\system32\z7949t5oj435.dll
c:\windows\system32\z815threat95159.ocx
c:\windows\system32\z8552wo5m659.bin
c:\windows\system32\z85bdo9nloader2890.cpl
c:\windows\system32\z963wor96d5.cpl
c:\windows\system32\z9659vir5sba.ocx
c:\windows\system32\z994threat21915.cpl
c:\windows\system32\z9985vi5us52.dll
c:\windows\system32\zb345hr9at29387.cpl
c:\windows\system32\zb96vi52285.dll
c:\windows\system32\zc229pyw5re623.bin
c:\windows\system32\zf4add9are2505.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-17 21:28 . 2009-06-16 16:59 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-17 16:59 . 2009-06-17 16:59 -------- d-----w- c:\program files\AVG
2009-06-17 16:59 . 2009-06-17 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-17 16:53 . 2009-06-17 16:53 -------- d-----w- c:\program files\Trend Micro
2009-06-17 15:47 . 2009-06-16 16:59 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVENG.SYS
2009-06-17 15:47 . 2009-06-16 16:59 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVEX15.SYS
2009-06-17 15:47 . 2009-06-16 16:59 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVEX32A.DLL
2009-06-17 15:47 . 2009-06-16 16:59 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVENG32.DLL
2009-06-17 15:47 . 2009-06-16 16:59 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\EECTRL.SYS
2009-06-17 15:47 . 2009-06-16 16:59 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\ERASER.SYS
2009-06-17 15:47 . 2009-06-16 16:59 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\ECMSVR32.DLL
2009-06-17 15:47 . 2009-06-16 16:59 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\CCERASER.DLL
2009-06-16 21:01 . 2009-06-16 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-06-16 18:27 . 2009-06-16 18:28 -------- d-----w- c:\windows\system32\autorun
2009-06-16 18:17 . 2009-06-16 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 17:11 . 2009-06-16 17:11 -------- d-----r- c:\program files\Norton Support
2009-06-16 17:10 . 2009-06-16 17:10 -------- d-----w- c:\documents and settings\AMEER\Local Settings\Application Data\Symantec
2009-06-16 17:10 . 2009-06-16 16:59 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-16 17:10 . 2009-06-16 16:59 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-16 17:10 . 2009-06-16 16:59 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-16 17:10 . 2009-06-16 16:59 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-16 17:10 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-16 17:00 . 2009-06-16 16:59 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-16 17:00 . 2009-06-16 17:00 -------- d-----w- c:\program files\Symantec
2009-06-16 17:00 . 2009-06-16 17:00 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-16 17:00 . 2009-06-16 17:00 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 16:59 . 2009-06-16 16:59 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-06-16 16:59 . 2009-06-16 16:59 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-06-16 16:59 . 2009-06-16 16:59 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-06-16 16:59 . 2009-06-16 16:59 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-16 16:59 . 2009-06-16 16:59 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-16 16:59 . 2009-06-16 16:59 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-06-16 16:59 . 2009-06-16 16:59 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-16 16:59 . 2009-06-16 16:59 -------- d-----w- c:\windows\system32\drivers\N360
2009-06-12 21:38 . 2009-06-16 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-12 21:37 . 2009-06-16 16:59 -------- d-----w- c:\program files\Norton 360
2009-06-12 21:37 . 2009-06-16 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-12 21:37 . 2009-06-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-12 21:10 . 2009-06-16 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-12 21:10 . 2009-06-16 16:58 -------- d-----w- c:\program files\NortonInstaller
2009-06-12 20:55 . 2009-06-12 21:36 -------- d-----w- c:\documents and settings\AMEER\Application Data\GetRightToGo
2009-06-10 23:01 . 2009-06-10 23:01 2173616 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.45.0.exe
2009-06-10 14:50 . 2009-06-10 14:50 152576 ----a-w- c:\documents and settings\AMEER\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 20:52 . 2009-06-08 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Digital Film Tools
2009-06-07 22:55 . 2009-06-07 22:55 -------- d-----w- c:\documents and settings\AMEER\Local Settings\Application Data\Help
2009-06-03 17:34 . 2009-04-05 22:00 38208 ----a-w- c:\documents and settings\AMEER\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-05-27 21:57 . 2009-05-27 21:58 -------- d-----w- c:\documents and settings\AMEER\Application Data\Mask Pro 4.0
2009-05-27 15:56 . 2009-05-27 15:56 -------- d-----w- c:\documents and settings\AMEER\Application Data\onOne Software
2009-05-27 15:56 . 2009-05-27 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2009-05-27 15:47 . 2009-05-27 15:56 -------- d-----w- c:\program files\onOne Software
2009-05-26 19:10 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-05-26 19:10 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-05-26 19:10 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-05-26 19:10 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-05-26 19:10 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-05-26 18:28 . 2009-06-16 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP 5
2009-05-26 18:26 . 2009-05-26 18:26 -------- d--h--w- c:\windows\PIF
2009-05-23 09:04 . 2009-05-23 09:04 316416 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\fmodex.dll
2009-05-23 09:04 . 2009-05-23 09:04 60416 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\OpenAL32.dll
2009-05-23 09:04 . 2009-05-23 09:04 1468264 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\d3dx9_33.dll
2009-05-23 09:04 . 2009-05-23 09:04 1038104 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\d3dx9_31.dll
2009-05-23 09:04 . 2009-05-23 09:04 4055040 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\AceOfAces.exe

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 9:51 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 21:22 . 2009-01-21 09:33 -------- d-----w- c:\program files\BitComet
2009-06-17 19:55 . 2009-04-02 15:04 -------- d-----w- c:\documents and settings\AMEER\Application Data\HPAppData
2009-06-17 16:30 . 2009-02-08 09:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 15:23 . 2009-01-19 22:23 -------- d-----w- c:\program files\Games
2009-06-16 21:02 . 2009-03-27 07:28 157401 ----a-w- c:\windows\hpoins27.dat
2009-06-16 17:00 . 2009-06-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-16 17:00 . 2009-06-16 17:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 17:00 . 2009-06-16 17:00 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 16:59 . 2009-06-12 21:38 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-16 16:59 . 2009-06-16 16:59 -------- d-----w- c:\program files\Windows Sidebar
2009-06-16 06:23 . 2008-07-08 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 06:07 . 2009-06-16 05:55 -------- d-----w- c:\documents and settings\AMEER\Application Data\DAEMON Tools Lite
2009-06-16 06:03 . 2009-06-16 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-16 05:55 . 2009-06-16 05:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-15 20:00 . 2008-07-08 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 19:56 . 2008-07-08 18:02 -------- d-----w- c:\program files\Microsoft Works
2009-06-12 20:48 . 2009-01-22 16:34 -------- d-----w- c:\documents and settings\AMEER\Application Data\LimeWire
2009-06-10 14:51 . 2009-01-22 12:30 -------- d-----w- c:\program files\Java
2009-05-31 15:40 . 2009-02-21 11:03 -------- d-----w- c:\program files\GameHouse
2009-05-27 16:15 . 2009-01-19 04:47 583312 ----a-w- c:\documents and settings\AMEER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 10:33 . 2009-01-22 12:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:32 . 2008-04-15 03:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 16:27 . 2009-05-04 16:27 -------- d-----w- c:\documents and settings\AMEER\Application Data\ThemesCreator
2009-05-02 16:23 . 2009-05-02 16:23 -------- d-----w- c:\program files\Sony Ericsson
2009-05-02 16:00 . 2009-04-03 19:42 -------- d-----w- c:\program files\MySpace
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-30 20:14 . 2009-04-30 20:14 1893936 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.5.exe
2009-04-29 04:56 . 2008-04-15 03:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-04-15 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2008-04-15 03:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-15 03:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 21:17 . 2009-04-13 21:17 937128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 13:29 . 2009-04-08 13:29 1202 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-04-07 11:33 . 2009-04-07 11:33 1892856 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.0.exe
2009-04-01 15:04 . 2009-04-01 15:04 152576 ----a-w- c:\documents and settings\AMEER\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-20 19:42 . 2009-01-22 10:47 129712 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-17 21:29 . 2009-06-17 21:29 16384 c:\windows\Temp\Perflib_Perfdata_3dc.dat
+ 2009-06-17 21:28 . 2009-06-17 21:28 16384 c:\windows\Temp\Perflib_Perfdata_334.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Athan"="c:\program files\Athan\Athan.exe" [2009-01-18 1081344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\AMEER\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3444008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Games\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Games\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18823:TCP"= 18823:TCP:BitComet 18823 TCP
"18823:UDP"= 18823:UDP:BitComet 18823 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26456:TCP"= 26456:TCP:BitComet 26456 TCP
"26456:UDP"= 26456:UDP:BitComet 26456 UDP

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [6/16/2009 5:59 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [6/16/2009 5:59 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [6/16/2009 5:59 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys [6/16/2009 6:10 PM 276344]
R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [6/16/2009 5:59 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/13/2009 1:11 AM 101936]
S2 EraserSvc10910;Symantec Eraser Service;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [6/12/2009 10:38 PM 115560]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [5/21/2008 9:11 AM 96856]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV --> c:\program files\wLite\wService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-16 c:\windows\Tasks\WebReg HP Deskjet F2200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-17 22:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
Completion time: 2009-06-17 22:43
ComboFix-quarantined-files.txt 2009-06-17 21:43
ComboFix2.txt 2009-06-17 19:13

Pre-Run: 38,674,518,016 bytes free
Post-Run: 38,654,468,096 bytes free

633 --- E O F --- 2009-06-15 20:00

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by Belahzur on Wed Jun 17, 2009 10:54 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't open MBAM,hijackthis...!help!

Post by kakipc on Wed Jun 17, 2009 10:58 pm

better and faster(:
thanks mann Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You!

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum