Please, Please Help Me! I tried to install Malwarebytes...

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:02 am

To get rid of WiniBlueSoft, but a runtime error keeps popping up as I try to install or run. I am on XP Home Edition. I can't open task manager either. I'd like not to have to reinstall windows.

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 1:15 pm

Hello.
Delete this file in bold:
C:\Windows\system32\blocker.dll

Let me know if you can run exe files now.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Please, Please Help Me! I tried to install Malwarebytes... DXwU4

Please, Please Help Me! I tried to install Malwarebytes... DXwU4

Please, Please Help Me! I tried to install Malwarebytes... VvYDg

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 3:37 pm

Hi,
I couldn't delete the file (C:\Windows\system32\blocker.dll) normally, but I installed killbox and tried from there. That wouldn't delete the file either unless I checked "delete on reboot" (don't know why). So, I rebooted and ran SmitFraudFix and cleaned the registry. The notepad rapport looked like this:

SmitFraudFix v2.418

Scan done at 11:09:53.20, Wed 06/03/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\autorun.inf Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CFDF6C9-54B8-4444-9DB6-9EA8B846A84C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CFDF6C9-54B8-4444-9DB6-9EA8B846A84C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4CFDF6C9-54B8-4444-9DB6-9EA8B846A84C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4CFDF6C9-54B8-4444-9DB6-9EA8B846A84C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

After that it let me run Malwarebytes. I ran a full scan and the log looks like this:

Malwarebytes' Anti-Malware 1.37
Database version: 2223
Windows 5.1.2600 Service Pack 3

6/3/2009 11:35:38 AM
mbam-log-2009-06-03 (11-35-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150917
Time elapsed: 16 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Owner\Start Menu\Programs\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\WinBlueSoft Software (Rogue.WinBlue) -> Quarantined and deleted successfully.
c:\program files\winbluesoft software\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.

Files Infected:
c:\!KillBox\blocker.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\!KillBox\blocker.dll( 1) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\!KillBox\blocker.dll( 2) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Desktop\Media_Player_11_Plugin_2.3.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\application data\Mozilla\Firefox\Profiles\farkdf6c.default\Cache\077A6C49d01 (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\playalldvd\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5f6fefc6-97d5-44c2-af64-30aaa07fcc7e}\RP147\A0023687.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\playalldvd\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\winbluesoft software\winbluesoft\data.bin (Rogue.WinBlue) -> Quarantined and deleted successfully.
c:\program files\winbluesoft software\winbluesoft\WinBlueSoft.exe (Rogue.WinBlue) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\RECYCLER\S-5-0-22-100001120-100019817-100014814-4174.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tempo-setup2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

I'll re-post again after I reboot.

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 3:41 pm

Oh, well done.
Didn you see Killbox instructions for someone else? we very rarely use that beause we have other tools that are widely used, but at least we still have some tools that aren't targetted.

How is the machine running now?

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:04 pm

Yeah, I saw it recommended to someone else because I tried a lot of different programs and Winblusoft was blocking almost everything, but it worked! Smile...

Everything seems to be running fine and there's no sign of the virus. Thanks for the help.
I'm betting one of the initial mandatory actions is to get rid of the blocker.dll file. That seems to be what's blocking all programs that can delete the virus.

Thank you.

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:05 pm

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:28 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 13:26:45.53 on Wed 06/03/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.312 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program

files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program

files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg8\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program

files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program

files\askbardis\bar\bin\askBar.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common

files\ahead\lib\NMBgMonitor.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [tempo-setup2.exe] c:\windows\system32\tempo-setup2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: NoDispBackgroundPage = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: blocker.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\farkdf6c.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner\application data\move

networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys

[2009-2-25 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-25

108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-2-25 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-3-21 8192]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-25 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-25 298776]
S2 gupdate1c997a9ce12b68e;Google Update Service (gupdate1c997a9ce12b68e);c:\program

files\google\update\GoogleUpdate.exe [2009-2-25 133104]

=============== Created Last 30 ================

2009-06-03 11:57 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-06-03 11:05 --d----- C:\!KillBox
2009-06-03 02:07 --d----- c:\program files\SmitFraudFixPro
2009-06-03 00:53 --d----- c:\program files\Trend Micro
2009-06-03 00:13 40,160 a-------

c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 00:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-03 00:13 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 00:13 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-02 23:12 16,795 a------- c:\windows\54931tzoj71c.cpl
2009-06-01 02:05 6,776 a------- c:\windows\system32\11955zorm265.exe
2009-05-31 02:09 --d----- c:\program files\Windows Media Connect 2
2009-05-31 02:08 --d----- C:\dc501ccfd977a9bb8c1abb9df3
2009-05-31 02:08 --d----- c:\windows\system32\LogFiles
2009-05-30 10:42 --d----- c:\windows\system32\scripting
2009-05-30 10:42 --d----- c:\windows\l2schemas
2009-05-30 10:42 --d----- c:\windows\system32\en
2009-05-30 10:42 --d----- c:\windows\system32\bits
2009-05-30 10:39 --d----- c:\windows\ServicePackFiles
2009-05-30 10:37 --d----- c:\windows\network diagnostic
2009-05-30 10:33 --d----- c:\windows\EHome
2009-05-28 13:13 8,270 a------- c:\windows\system32\3z2175p9698.exe
2009-05-26 10:34 3,056 a------- c:\windows\system32\2531back9oo51418z.exe
2009-05-26 10:05 17,705 a------- c:\windows\10z99vi9us35c.bin
2009-05-26 01:40 6,636 a------- c:\windows\system32\30034haczto59190.cpl
2009-05-25 01:16 15,054 a------- c:\windows\system32\zdcdownloade92557.cpl
2009-05-24 18:06 4,642 a------- c:\windows\system32\19368hackt5zl2e4.ocx
2009-05-24 13:20 4,056 a------- c:\windows\system32\25173nz9-a-virus203.exe
2009-05-23 23:53 2,693 a------- c:\windows\system32\3930zpy9c5.exe
2009-05-21 22:04 16,234 a------- c:\windows\system32\2zb3backd5o9865.dll
2009-05-19 07:59 7,842 a------- c:\windows\28636zp59bot7ce.bin
2009-05-18 00:50 15,254 a------- c:\windows\system32\2033895cktzol50.bin
2009-05-17 08:59 14,358 a------- c:\windows\system32\77czad9war51524.bin
2009-05-10 04:56 10,503 a------- c:\windows\system32\4548backdozr2395.exe
2009-05-10 02:27 10,463 a------- c:\windows\d43zo5nloader2907.exe
2009-05-10 01:38 14,566 a------- c:\windows\system32\14z265roj90.ocx
2009-05-08 08:23 17,780 a------- c:\windows\5fb3t9ie58z4.bin
2009-05-08 02:03 29,696 a------- c:\windows\system32\Addon2VB.dll
2009-05-08 02:03 65,536 a------- c:\windows\system32\Project2.ocx
2009-05-08 00:07 1,760 a------- c:\windows\system32\objsafe.tlb
2009-05-08 00:07 82,960 a------- c:\windows\system32\Picclp32.ocx
2009-05-08 00:07 70,088 a------- c:\windows\system32\Project2-1.ocx
2009-05-08 00:07 1,453 a------- c:\windows\system32\Project2.INF
2009-05-08 00:07 --d----- c:\program files\eGames
2009-05-06 18:11 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-05-06 18:05 --d----- C:\UT2004
2009-05-04 18:54 --d----- c:\program files\GPL MPEG Decoder
2009-05-04 14:39 10,602 a------- c:\windows\1a98bzck59or890.ocx

==================== Find3M ====================

2009-06-03 11:09 3,224 a------- c:\windows\system32\tmp.reg
2009-06-02 23:12 13,405 a------- c:\windows\1115sp59se3z56.dll
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-30 10:44 76,487 a-------

c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-12 08:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-12 08:30 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 08:30 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-04 09:59 7,351 a------- c:\windows\system32\19354hac5to9z28e.exe
2009-05-02 11:37 18,082 a------- c:\windows\system32\413adownloade959z8.bin
2009-04-24 10:58 3,454 a------- c:\windows\4175nzt9a-virus659.dll
2009-04-24 04:30 11,148 a------- c:\windows\system32\45dspzw9re1281.dll
2009-04-22 19:49 3,417 a------- c:\windows\196z0vir9s355.exe
2009-04-22 12:10 13,463 a------- c:\windows\system32\303zdown9oade52325.exe
2009-04-21 12:39 15,159 a------- c:\windows\25456zot-9-virus735.bin
2009-04-21 02:29 11,926 a------- c:\windows\system32\z765bac9door2580.bin
2009-04-16 23:03 4,823 a------- c:\windows\913sp5mbot38z.exe
2009-04-15 16:32 3,627 a------- c:\windows\6z89steal3524.dll
2009-04-15 15:27 157,280 a------- c:\windows\hphins26.dat
2009-04-13 18:01 5,416 a------- c:\windows\1916stza5201.bin
2009-04-13 05:47 7,591 a------- c:\windows\system32\245z8spamb9t556.exe
2009-04-07 17:03 6,189 a------- c:\windows\system32\z9859tro9213.dll
2009-04-06 23:45 13,976 a------- c:\windows\system32\za5b59yware705.dll
2009-04-06 09:26 5,508 a------- c:\windows\system32\z4915ddwar9257.dll
2009-04-04 14:03 11,802 a------- c:\windows\44z2vi9505.exe
2009-04-04 04:47 7,215 a------- c:\windows\932zt5oj182.exe
2009-04-04 03:21 6,171 a------- c:\windows\9bc5backzoor473.dll
2009-03-27 16:01 16,765 a------- c:\windows\system32\244ad9wnloadzr1995.exe
2009-03-27 02:58 1,203,922 a------- c:\windows\apppatch\SET1FFA.tmp
2009-03-24 23:25 15,014 a------- c:\windows\system32\546downloa59r274z.exe
2009-03-21 10:18 986,112 -------- c:\windows\system32\_004328_.tmp.dll
2009-03-20 09:52 17,340 a------- c:\windows\system32\z61779acktool59c.dll
2009-03-16 21:54 18,160 a------- c:\windows\system32\747vi51912z.bin
2009-03-14 21:48 8,632 a------- c:\windows\system32\38665ackdoor28z9.bin
2009-03-14 18:06 16,000 a------- c:\windows\z951spambot3b7.exe
2009-03-07 21:19 14,256 a------- c:\windows\system32\40215hreatz4098.exe
2009-03-06 10:44 283,648 -------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\SET2061.tmp

============= FINISH: 13:26:51.76 ===============

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:34 pm

Hello.
The log shows there is still a lot of infection files left.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV. (AVG8)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:16 pm

ComboFix 09-06-01.03 - Owner 06/03/2009 14:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.334 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10051n5t-a-virz965f.cpl
c:\windows\101zs9ambot39f5.exe
c:\windows\10365v5zu969b.exe
c:\windows\10439zot-a-vi5us3dc.bin
c:\windows\10486sp5mb9z769.ocx
c:\windows\1063b9ckdoor541z.ocx
c:\windows\10649troz5c9.bin
c:\windows\10981nzt-a-viru53aa9.dll
c:\windows\10bdzir52579.bin
c:\windows\10z98worm1635.dll
c:\windows\10z99vi9us35c.bin
c:\windows\1115sp59se3z56.dll
c:\windows\1115spy9aze115.ocx
c:\windows\11995pywaze354.bin
c:\windows\11z5not-a-vi5us3f79.ocx
c:\windows\12508tro59zc.exe
c:\windows\12558hac9toolz32.exe
c:\windows\13212n5t-9-vizus206.ocx
c:\windows\13245ackdoorz2329.exe
c:\windows\134z35ot-a-virus9ba.ocx
c:\windows\13575hack9oo528az.cpl
c:\windows\13891n59za-virus458.ocx
c:\windows\1419viruz598.ocx
c:\windows\144995zy660.dll
c:\windows\14898t9oj5z8.exe
c:\windows\149evzr505.bin
c:\windows\14e5spywzre9152.bin
c:\windows\14z99troj5d0.cpl
c:\windows\15035sza5bot4b9.cpl
c:\windows\15101vi9usze.cpl
c:\windows\1556down9oader14z9.exe
c:\windows\15698zpam5ota59.ocx
c:\windows\157939a5ztool7d2.bin
c:\windows\158555otza-v9rus24f.bin
c:\windows\159159azk5ool3be.dll
c:\windows\15z53sp9mbot6f3.cpl
c:\windows\16360not5a9viruz1ab.bin
c:\windows\16514troj996z.ocx
c:\windows\16828tr594z8.exe
c:\windows\17295spa9bzt4dc.bin
c:\windows\17353z5oj792.bin
c:\windows\1835tzoj90a.dll
c:\windows\18856troz2c9.cpl
c:\windows\18e2zownloader11975.bin
c:\windows\190zthre954938.ocx
c:\windows\1916stza5201.bin
c:\windows\192295zcktool6a0.ocx
c:\windows\19324spamzot510.dll
c:\windows\193faddw9rz4105.exe
c:\windows\1956vir1z3.ocx
c:\windows\19591spam9ot1z0.cpl
c:\windows\19619wor93z85.ocx
c:\windows\196z0vir9s355.exe
c:\windows\19762not-a5virusz10.cpl
c:\windows\197ddownloa5er56z.cpl
c:\windows\19e5threat13050z.bin
c:\windows\1a98bzck59or890.ocx
c:\windows\1c62zt9al285.bin
c:\windows\1ce5bz9kdoor751.bin
c:\windows\1f85dowzloade52629.ocx
c:\windows\1z095v5rus4c39.cpl
c:\windows\1z097vir9s35b.bin
c:\windows\1z14ba5kd9or1011.exe
c:\windows\1z539v9rus2a7.bin
c:\windows\1z979troj58d.ocx
c:\windows\200dthz59994.dll
c:\windows\20659spy3a4z.dll
c:\windows\20696zorm69a5.exe
c:\windows\2079s9arze3855.ocx
c:\windows\20819spazb5t4ba.dll
c:\windows\2099virzs55f9.dll
c:\windows\215455zoj9d0.ocx
c:\windows\2156szeal908.ocx
c:\windows\21z17s5y92d.dll
c:\windows\22z40vi5us796.cpl
c:\windows\23280wo9z57a.cpl
c:\windows\235etzief919.cpl
c:\windows\23999not-5-vi9usz55.dll
c:\windows\23d5s9ea53z07.cpl
c:\windows\23z57ha9ktool5be.bin
c:\windows\24059not-a-vzrus5d.dll
c:\windows\24177z9t-a-vi5us729.cpl
c:\windows\24699wzrm65e9.exe
c:\windows\24855hzckto9l615.ocx
c:\windows\248z895oj218.dll
c:\windows\24966s5ambo92z6.ocx
c:\windows\25033sp9mbotb2z.cpl
c:\windows\252279o5-a-vzrus420.ocx
c:\windows\25456zot-9-virus735.bin
c:\windows\25470hzcktool6d9.dll
c:\windows\2552v9ruz7535.exe
c:\windows\25559spyz3d5.exe
c:\windows\255699roj5b2z.bin
c:\windows\25600z5rm7039.bin
c:\windows\2568zhac5too95a2.exe
c:\windows\25927zorm90.cpl
c:\windows\259455oz-a-viru9573.bin
c:\windows\2673wo9mz5.bin
c:\windows\2685zt9oj2e75.ocx
c:\windows\26zbaddwar51893.bin
c:\windows\27a5thizf9575.dll
c:\windows\28009z9ambot5f.dll
c:\windows\281z2hackt95l151.dll
c:\windows\282adzwar98415.bin
c:\windows\2854zwormfd9.cpl
c:\windows\28636zp59bot7ce.bin
c:\windows\29105hac9zool457.ocx
c:\windows\29155spambzt12a.ocx
c:\windows\293395izf3055.exe
c:\windows\29508s9am5oz251.exe
c:\windows\29509vi5zs4dc.exe
c:\windows\29516hacktoolz0.ocx
c:\windows\295709rojz15.cpl
c:\windows\2984sz9rse151.bin
c:\windows\29b99pars5z424.bin
c:\windows\2a16threaz90522.cpl
c:\windows\2b0zba9kdoo51475.exe
c:\windows\2c2fbackd9zr1578.cpl
c:\windows\2z509w5rm5fa.exe
c:\windows\2z761w5rm97b.exe
c:\windows\2z929virus5565.cpl
c:\windows\3015szy5are2999.exe
c:\windows\3055szarse589.bin
c:\windows\30928tro5z45.dll
c:\windows\30995parze2195.bin
c:\windows\30ezspars52019.bin
c:\windows\30z89sp959d5.exe
c:\windows\311zspyware19065.exe
c:\windows\31757s9ambzt5ef.cpl
c:\windows\3182ste9z2315.ocx
c:\windows\318z7virus395.exe
c:\windows\31z02viru539.exe
c:\windows\3210zackt9ol56.cpl
c:\windows\32z75spa9bot2f1.cpl
c:\windows\3339s5eal1674z.exe
c:\windows\33409ack5oor425z.dll
c:\windows\33a9spyw5re2072z.bin
c:\windows\3415zack5oor1959.ocx
c:\windows\3494zac5door3065.cpl
c:\windows\3519bazkdoor2229.dll
c:\windows\3573hackto956ez.dll
c:\windows\359dthzeat21219.cpl
c:\windows\36759ormza0.ocx
c:\windows\37cdt5iez2987.bin
c:\windows\3819hack5ool57dz.ocx
c:\windows\3894spa95ez469.ocx
c:\windows\39175zpambot595.dll
c:\windows\3925thief1z76.bin
c:\windows\39756hzcktoo53ef.exe
c:\windows\39f5vir304z.bin
c:\windows\3d63thzef9515.exe
c:\windows\3f5bsparze549.dll
c:\windows\3z159hief652.exe
c:\windows\3z58ste9l554.exe
c:\windows\3ze2s5yw9re553.cpl
c:\windows\4019downlzade51649.cpl
c:\windows\404bb5ckdo9r2z57.ocx
c:\windows\4147ste9lz555.ocx
c:\windows\4175nzt9a-virus659.dll
c:\windows\4413tr9z4085.dll
c:\windows\446do5nloaderz49.bin
c:\windows\44z2vi9505.exe
c:\windows\4559zhief15699.bin
c:\windows\4595vir577z.cpl
c:\windows\4596thiefz981.ocx
c:\windows\45c4ad9ware30z6.exe
c:\windows\484download5r3059z.cpl
c:\windows\4914troj19z5.cpl
c:\windows\499e5teal134z.bin
c:\windows\4a4zbackd9or2546.exe
c:\windows\4a51vi9954z.bin
c:\windows\4c535parse286z9.bin
c:\windows\4f2z5dd9are2572.dll
c:\windows\4ffespz9se12715.exe
c:\windows\4z08s5yw9re1189.cpl
c:\windows\4z8cspyw5re9688.ocx
c:\windows\4zdfvir1495.cpl
c:\windows\500asp59zre3018.cpl
c:\windows\5059v5rus6z7.bin
c:\windows\505a5hzeat23179.bin
c:\windows\5119ztr9j127.cpl
c:\windows\51530n9t-a-viruz94.bin
c:\windows\51553hac9tzol653.dll
c:\windows\515dvir217z9.exe
c:\windows\51c95parse2189z.cpl
c:\windows\51cfste9z2560.cpl
c:\windows\51z5rm159.exe
c:\windows\525zsp979.cpl
c:\windows\52a79ddzare2732.cpl
c:\windows\53794not-a-virusz849.dll
c:\windows\539edownloa5ez3244.cpl
c:\windows\539esparsz2653.ocx
c:\windows\53atzreat25952.bin
c:\windows\53ddown5zader1449.bin
c:\windows\5471v9rusz54.cpl
c:\windows\54931tzoj71c.cpl
c:\windows\5520ba9kzoor423.exe
c:\windows\55211h9cztool3d4.ocx
c:\windows\5589troj599z.ocx
c:\windows\5599thief30z9.ocx
c:\windows\55c8dow9loadez248.cpl
c:\windows\55zes5eal5729.bin
c:\windows\56945z9rm6f3.bin
c:\windows\56a3sparze98825.cpl
c:\windows\56d9baczdoor2190.dll
c:\windows\57359troj53z.ocx
c:\windows\5794noz-9-virus4fa.bin
c:\windows\57e0st5az596.exe
c:\windows\585095eaz2315.cpl
c:\windows\592ft5reat43z6.exe
c:\windows\5959ad9ware1765z.exe
c:\windows\5960zddware313.bin
c:\windows\59854wormz59.bin
c:\windows\59b8threat3z444.cpl
c:\windows\5c10spyza9e2451.dll
c:\windows\5c85dow9loa5er49z.dll
c:\windows\5d0759r674z.ocx
c:\windows\5da2zownloa9er1698.exe
c:\windows\5df1szeal259.ocx
c:\windows\5e55spaz9e2306.exe
c:\windows\5eb5add9arz2469.ocx
c:\windows\5fb3t9ie58z4.bin
c:\windows\5z035wo9m553.bin
c:\windows\5z2f5ir9015.exe
c:\windows\5z39threat2758.exe
c:\windows\5z7cba5k9oor1230.cpl
c:\windows\5z9tr59b1.ocx
c:\windows\6139backdoo581z.exe
c:\windows\6154bacz9oor3037.dll
c:\windows\61f45o9nloadzr2950.ocx
c:\windows\6450downloazer599.cpl
c:\windows\6519vir6z7.ocx
c:\windows\65e5thie91334z.bin
c:\windows\66b9dow5loaderz5.ocx
c:\windows\6726downl9aderz005.cpl
c:\windows\6762azdwar92594.dll
c:\windows\6764azdware5914.ocx
c:\windows\67895hzef1509.bin
c:\windows\67c5addwzr92615.bin
c:\windows\67d495z374.bin
c:\windows\68b25ddwaze2249.bin
c:\windows\693bszars926775.exe
c:\windows\6954n95-a-virusz93.cpl
c:\windows\69b1ad9w5rez925.bin
c:\windows\69d2addzare559.dll
c:\windows\6c5dthrea93051z.dll
c:\windows\6cz7thie93235.ocx
c:\windows\6dczba5kdoor9433.bin
c:\windows\6dda5ac9door61z.bin
c:\windows\6f61thrzat25699.cpl
c:\windows\6z45backdoor192.dll
c:\windows\6z45wo95524.cpl
c:\windows\6z89steal3524.dll
c:\windows\713backzoor5962.dll
c:\windows\715ddow9loader2352z.ocx
c:\windows\7229spazse503.bin
c:\windows\7296no5-azvirus346.bin
c:\windows\731z5pyware1819.ocx
c:\windows\73e5spyzare2979.ocx
c:\windows\7409troj6z95.exe
c:\windows\7501zir9719.dll
c:\windows\754b9owzloader1095.ocx
c:\windows\75935ackdooz1804.exe
c:\windows\75b75ir9723z.exe
c:\windows\75z9hackt5ol790.dll
c:\windows\771addwa593227z.ocx
c:\windows\7915thie9325z.cpl
c:\windows\79z65hief1192.bin
c:\windows\79zd5ownloade9729.dll
c:\windows\7a1d5ownloade98z1.cpl
c:\windows\7a36backdzo9652.ocx
c:\windows\7b94zteal2252.bin
c:\windows\7cbzspars51409.dll
c:\windows\7cdfzh9ef1955.ocx
c:\windows\7d98threat157z.cpl
c:\windows\7f9cthzea5196.bin
c:\windows\7fc85ir9665z.dll
c:\windows\7z6ha9ktool3f45.ocx
c:\windows\8208hackt9ozc5.cpl
c:\windows\834backdozr1958.dll
c:\windows\837zspy9e95.bin
c:\windows\84z9wor51b19.bin
c:\windows\864zvi9us451.ocx
c:\windows\87355pz2199.ocx
c:\windows\89299pz5585.bin
c:\windows\8932zir5s277.dll
c:\windows\8e6s9yware1525z.cpl
c:\windows\8z39ddware2305.exe
c:\windows\9051zspy65.exe
c:\windows\90d9backdzor547.bin
c:\windows\913sp5mbot38z.exe
c:\windows\9195w9rm7z5.exe
c:\windows\921fzh5ef2638.ocx
c:\windows\92365irus613z.dll
c:\windows\92415troj55z.dll
c:\windows\9250threat2055z.bin
c:\windows\92545acktool5cz9.bin
c:\windows\9274zviru5161.exe
c:\windows\92faaddwzre5247.bin
c:\windows\932zt5oj182.exe
c:\windows\935thief97z.cpl
c:\windows\9409wor5zd0.ocx
c:\windows\9433v5rusz9f.exe
c:\windows\94z55not-a-virus388.ocx
c:\windows\957not5a-9irzs1c1.dll
c:\windows\95det5zef930.cpl
c:\windows\95ezthreat28876.cpl
c:\windows\95z5addware5439.exe
c:\windows\9605pyware2596z.exe
c:\windows\9659woz57bb.bin
c:\windows\97165no5-z-virus703.bin
c:\windows\9753sparse156z.bin
c:\windows\9754spz349.exe
c:\windows\9783spywa5e2z50.dll
c:\windows\9794wo95z52.dll
c:\windows\9822downl5ader688z.ocx
c:\windows\9859ste5l1z38.dll
c:\windows\98a5threat1z257.ocx
c:\windows\9926h5ckt9ol4f6z.dll
c:\windows\995cdzwnloader2092.bin
c:\windows\99865zoj794.exe
c:\windows\99z15wo5m520.cpl
c:\windows\9a4zthreat35617.dll
c:\windows\9b5czdoor2577.bin
c:\windows\9bc5backzoor473.dll
c:\windows\9cz0stea52196.ocx
c:\windows\9d2avir5309z.dll
c:\windows\9d4v5r14z0.dll
c:\windows\a25stezl1192.ocx
c:\windows\a5s5ywa9e1318z.exe
c:\windows\b54spyw5rez795.cpl
c:\windows\c2ct9zef1395.cpl
c:\windows\d43zo5nloader2907.exe
c:\windows\d4spyzare17695.exe
c:\windows\da9vi5409z.dll
c:\windows\e29downzo9der22645.ocx
c:\windows\e81sp9rze2541.exe
c:\windows\ea7th5eat12z369.bin
c:\windows\f6sp5zse698.bin
c:\windows\fz5down9oader3063.exe

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:19 pm

c:\windows\system32\_004283_.tmp.dll
c:\windows\system32\_004284_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004286_.tmp.dll
c:\windows\system32\_004293_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004295_.tmp.dll
c:\windows\system32\_004296_.tmp.dll
c:\windows\system32\_004298_.tmp.dll
c:\windows\system32\_004299_.tmp.dll
c:\windows\system32\_004302_.tmp.dll
c:\windows\system32\_004303_.tmp.dll
c:\windows\system32\_004305_.tmp.dll
c:\windows\system32\_004306_.tmp.dll
c:\windows\system32\_004307_.tmp.dll
c:\windows\system32\_004309_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004317_.tmp.dll
c:\windows\system32\_004318_.tmp.dll
c:\windows\system32\_004320_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004327_.tmp.dll
c:\windows\system32\_004328_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004332_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\_004335_.tmp.dll
c:\windows\system32\_004336_.tmp.dll
c:\windows\system32\_004341_.tmp.dll
c:\windows\system32\_004343_.tmp.dll
c:\windows\system32\_004344_.tmp.dll
c:\windows\system32\10563h5ckt9olz26.dll
c:\windows\system32\10942zp59d4.dll
c:\windows\system32\10950not-a-9izus23.exe
c:\windows\system32\10973tzoj95.cpl
c:\windows\system32\11313vi59s6d7z.ocx
c:\windows\system32\113349ot-5-virus6fz.ocx
c:\windows\system32\11579spy49dz.ocx
c:\windows\system32\11955zorm265.exe
c:\windows\system32\11999n9t-a-vizus3d5.cpl
c:\windows\system32\11bzstea52998.dll
c:\windows\system32\11z479pambot2755.exe
c:\windows\system32\12065p9rse16z2.ocx
c:\windows\system32\12z59virus5e4.dll
c:\windows\system32\133405zambot3cf9.dll
c:\windows\system32\13520wormz959.bin
c:\windows\system32\13899spaz95t6e9.bin
c:\windows\system32\13909hacztoo5275.bin
c:\windows\system32\14347hack9ooz4b5.cpl
c:\windows\system32\1443dow5loaze91916.dll
c:\windows\system32\1457n59-a-zirus253.exe
c:\windows\system32\149029pambot5zf.ocx
c:\windows\system32\14925zpy9ff.ocx
c:\windows\system32\14z265roj90.ocx
c:\windows\system32\154409ot-z-virus10e5.cpl
c:\windows\system32\15513troj295z.cpl
c:\windows\system32\1555zvi9us571.cpl
c:\windows\system32\15815spzm5ot6619.ocx
c:\windows\system32\15841wor5509z.dll
c:\windows\system32\158z5ambot922.dll
c:\windows\system32\15994zot-a9virusb7.bin
c:\windows\system32\15z55troj596.exe
c:\windows\system32\15z79hacktool98f.cpl
c:\windows\system32\166375iruz789.bin
c:\windows\system32\170709pamb5t30z.ocx
c:\windows\system32\1741zwo9m504.cpl
c:\windows\system32\17835hiz91840.bin
c:\windows\system32\17849spaz5ot4949.dll
c:\windows\system32\17999ziru5d8.dll
c:\windows\system32\17z85hacktool359.exe
c:\windows\system32\18249vi9us15z.dll
c:\windows\system32\18429vzrus4509.cpl
c:\windows\system32\184z2wor93c55.cpl
c:\windows\system32\1925backdo5r122z.dll
c:\windows\system32\1930zot-a-5ir9s7a6.ocx
c:\windows\system32\19354hac5to9z28e.exe
c:\windows\system32\19368hackt5zl2e4.ocx
c:\windows\system32\19401w5rmz69.bin
c:\windows\system32\1957zhacktool367.bin
c:\windows\system32\19598tzoj50.bin
c:\windows\system32\1979zvi5us4d3.cpl
c:\windows\system32\19cf95eaz1247.bin
c:\windows\system32\1fb9az5ware2968.cpl
c:\windows\system32\1z22spar9e3508.ocx
c:\windows\system32\1z517w9rm683.cpl
c:\windows\system32\1z533spy9e.cpl
c:\windows\system32\1z999s5y908.ocx
c:\windows\system32\20075ot-a-zirus269.dll
c:\windows\system32\2020not-azvir5s219.bin
c:\windows\system32\20330t9oj753z.cpl
c:\windows\system32\2033895cktzol50.bin
c:\windows\system32\20476w9rm58z.exe
c:\windows\system32\209fsp9rsz1515.ocx
c:\windows\system32\21139zpamb5t49c9.exe
c:\windows\system32\21156hacktozl905.bin
c:\windows\system32\2131zwo9545.bin
c:\windows\system32\21z90troj7f5.dll
c:\windows\system32\22095hzc9tool91.cpl
c:\windows\system32\22282w95m62z.ocx
c:\windows\system32\22992vi5us50z.dll
c:\windows\system32\22czback9oor5015.dll
c:\windows\system32\23457no9-a-vzr5s3de.dll
c:\windows\system32\234879ot-a5virusze6.dll
c:\windows\system32\2364backdzor2965.dll
c:\windows\system32\23754w9rm12z.bin
c:\windows\system32\2385addz95e1814.cpl
c:\windows\system32\23873sp5zbot5bd9.bin
c:\windows\system32\23967tro564dz.ocx
c:\windows\system32\244ad9wnloadzr1995.exe
c:\windows\system32\245z8spamb9t556.exe
c:\windows\system32\245zpy5a39.exe
c:\windows\system32\24a59irz0445.dll
c:\windows\system32\25173nz9-a-virus203.exe
c:\windows\system32\2531back9oo51418z.exe
c:\windows\system32\253z7w9rm650.exe
c:\windows\system32\25779r5j28z.exe
c:\windows\system32\25976hacktool328z.exe
c:\windows\system32\25a9virz26.exe
c:\windows\system32\25z63spambot595.exe
c:\windows\system32\26609szy195.exe
c:\windows\system32\26796worm5zc5.cpl
c:\windows\system32\26993spyz5.ocx
c:\windows\system32\27259ha9ktzol175.dll
c:\windows\system32\27795szy75f.exe
c:\windows\system32\277d9wnlozder8025.cpl
c:\windows\system32\2798ztr5918e.dll
c:\windows\system32\28260z9ambot3005.cpl
c:\windows\system32\282ebac5do9r2760z.dll
c:\windows\system32\2859spy33fz.cpl
c:\windows\system32\29091not-z-virus3995.cpl
c:\windows\system32\290za5dware9155.dll
c:\windows\system32\29370hazktool7175.dll
c:\windows\system32\294539zy555.dll
c:\windows\system32\295not9azvirus3dc.cpl
c:\windows\system32\2971ztroj556.ocx
c:\windows\system32\2992s5y59z.ocx
c:\windows\system32\299f5ir371z.cpl
c:\windows\system32\29cbsp5rsez45.ocx
c:\windows\system32\29e5zhief1530.ocx
c:\windows\system32\2abz95ckdoor2041.cpl
c:\windows\system32\2b2es95zare2024.ocx
c:\windows\system32\2z335spy993.ocx
c:\windows\system32\2zb3backd5o9865.dll
c:\windows\system32\30034haczto59190.cpl
c:\windows\system32\300z85or95c2.cpl
c:\windows\system32\303539roz5d2.bin
c:\windows\system32\303zdown9oade52325.exe
c:\windows\system32\3058stea92z67.cpl
c:\windows\system32\3095sparse28z4.ocx
c:\windows\system32\309z35p9e5.dll
c:\windows\system32\30bdadd95rez729.exe
c:\windows\system32\31238wo5m69z.cpl
c:\windows\system32\3157zt5oj9c.dll
c:\windows\system32\31749zacktoo57a4.cpl
c:\windows\system32\3175thizf891.exe
c:\windows\system32\317spamb9t350z.exe
c:\windows\system32\31b9sp5rse199z.cpl
c:\windows\system32\32312spam5oz19b.bin
c:\windows\system32\32ees9eal254z.ocx
c:\windows\system32\3569hacztool9e3.dll
c:\windows\system32\35a6spy5zr92194.exe
c:\windows\system32\38665ackdoor28z9.bin
c:\windows\system32\389cth5ezt158309.exe
c:\windows\system32\39112virus50z.cpl
c:\windows\system32\3930zpy9c5.exe
c:\windows\system32\3995adzware3079.cpl
c:\windows\system32\39z6v9r5984.ocx
c:\windows\system32\3a3c9ackdzo51920.dll
c:\windows\system32\3b59backdoorz4895.cpl
c:\windows\system32\3b92sparz9635.bin
c:\windows\system32\3c44thi9f3507z.cpl
c:\windows\system32\3d9abackdoo5559z.ocx
c:\windows\system32\3dd65ow9zoader367.exe
c:\windows\system32\3z2175p9698.exe
c:\windows\system32\3z55s9eal5367.bin
c:\windows\system32\3z57vir9s677.ocx
c:\windows\system32\3z9879orm585.bin
c:\windows\system32\40215hreatz4098.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\4071spy9are546z.dll
c:\windows\system32\40755pa9sez59.cpl
c:\windows\system32\40c9zhief30495.dll
c:\windows\system32\413adownloade959z8.bin
c:\windows\system32\4197s5arse287z.exe
c:\windows\system32\421dvir92z5.dll
c:\windows\system32\44eesp59arz1255.exe
c:\windows\system32\451asze9l2009.dll
c:\windows\system32\4548backdozr2395.exe
c:\windows\system32\45dspzw9re1281.dll
c:\windows\system32\45ethiefz8059.bin
c:\windows\system32\466caddwa952z63.dll
c:\windows\system32\4839virz52a3.cpl
c:\windows\system32\483dthiez9655.exe
c:\windows\system32\4856down9ozder2129.cpl
c:\windows\system32\48b3th9e5306z.cpl
c:\windows\system32\4993baczdoor5185.exe
c:\windows\system32\49debzckdoo5393.exe
c:\windows\system32\49z7t5ief635.exe
c:\windows\system32\4a56z59rse680.dll
c:\windows\system32\4a5s9arze1555.dll
c:\windows\system32\4ad5z9reat38005.cpl
c:\windows\system32\4b5tzief359.cpl
c:\windows\system32\4e10spa5se912z.exe
c:\windows\system32\4ez1vir2495.ocx
c:\windows\system32\4fezthi591219.ocx
c:\windows\system32\4z82v5rus9e3.dll
c:\windows\system32\4z91spy954.cpl

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:20 pm

c:\windows\system32\50308s9yzed.ocx
c:\windows\system32\506fspa9ze825.bin
c:\windows\system32\51113vi9us52z.dll
c:\windows\system32\5119steal9z75.exe
c:\windows\system32\51584hackzool79.dll
c:\windows\system32\52090spazbot394.cpl
c:\windows\system32\521abzckdoor2493.exe
c:\windows\system32\5275adzw9re1995.bin
c:\windows\system32\5393szarse176.exe
c:\windows\system32\54509wzrm1e2.exe
c:\windows\system32\546downloa59r274z.exe
c:\windows\system32\5489wozm5a9.exe
c:\windows\system32\54999dzware2504.dll
c:\windows\system32\550adownlozder1799.cpl
c:\windows\system32\552zs9arse47.dll
c:\windows\system32\553thz9at12657.cpl
c:\windows\system32\5555zr975.cpl
c:\windows\system32\555zsp9726.bin
c:\windows\system32\559szywa5e9407.dll
c:\windows\system32\559zthief1520.exe
c:\windows\system32\55f2dow5load9rz33.ocx
c:\windows\system32\5651wo5mz9b.dll
c:\windows\system32\566z9troj99e.dll
c:\windows\system32\56ze5ddware2019.bin
c:\windows\system32\572d5hre9t266z.bin
c:\windows\system32\57z10worm498.ocx
c:\windows\system32\5830v9rus35z.exe
c:\windows\system32\58not-a-vizus4799.bin
c:\windows\system32\59293hacztool57f.ocx
c:\windows\system32\5945zhief2122.dll
c:\windows\system32\59499pyware58z.exe
c:\windows\system32\5950stezl22675.cpl
c:\windows\system32\5957downlzader503.bin
c:\windows\system32\595roj2za.ocx
c:\windows\system32\59z8threat21995.dll
c:\windows\system32\5a4fthie51290z.dll
c:\windows\system32\5a935ir110z.cpl
c:\windows\system32\5a93do5nzoader1975.bin
c:\windows\system32\5a99sparze409.bin
c:\windows\system32\5a9aspar5e2757z.ocx
c:\windows\system32\5b2da9dwaz5577.cpl
c:\windows\system32\5b79vzr2308.ocx
c:\windows\system32\5bz9threa514254.dll
c:\windows\system32\5c09sp9rse414z.exe
c:\windows\system32\5c7abaczdo5r18399.exe
c:\windows\system32\5d8fthzeat59266.cpl
c:\windows\system32\5e5b9ddwaze2326.cpl
c:\windows\system32\5eddzteal1690.dll
c:\windows\system32\5f19spa9se289z.exe
c:\windows\system32\5f8viz3190.ocx
c:\windows\system32\5z079teal30.dll
c:\windows\system32\5z25steal9539.cpl
c:\windows\system32\5z8159py58d.ocx
c:\windows\system32\5z819teal2732.cpl
c:\windows\system32\6091hackto5z383.dll
c:\windows\system32\623no5-a-vir9sz7b.ocx
c:\windows\system32\6258th5ef943z.cpl
c:\windows\system32\6395trojz38.bin
c:\windows\system32\639virz755.ocx
c:\windows\system32\639zv59us477.cpl
c:\windows\system32\64zthre9t31851.dll
c:\windows\system32\6501threa911z31.ocx
c:\windows\system32\654zs5ea93145.exe
c:\windows\system32\6569backzoor951.bin
c:\windows\system32\65edownloadzr30759.cpl
c:\windows\system32\65f9vzr2596.bin
c:\windows\system32\668fb9ckzoor2475.bin
c:\windows\system32\67z6downloa9er805.dll
c:\windows\system32\6945trojz61.cpl
c:\windows\system32\6994az9wa5e1745.bin
c:\windows\system32\699cthr5at2359z.bin
c:\windows\system32\69c59pywarz1850.ocx
c:\windows\system32\69e5pyware1059z.cpl
c:\windows\system32\6af8s5azse9419.cpl
c:\windows\system32\6befdow9loader2875z.bin
c:\windows\system32\6d0at5izf10249.exe
c:\windows\system32\6e3zt59eat22862.exe
c:\windows\system32\6ee3threz59079.ocx
c:\windows\system32\6z8fb5ckdoor29319.exe
c:\windows\system32\6ze6ste5l2191.dll
c:\windows\system32\7159szarse51.exe
c:\windows\system32\71a9a5dwarz1554.cpl
c:\windows\system32\7385vir9s4z9.exe
c:\windows\system32\747vi51912z.bin
c:\windows\system32\74fev5r193z.ocx
c:\windows\system32\7594spa9sz999.exe
c:\windows\system32\76e59ddwzre25075.bin
c:\windows\system32\76z4vir9095.dll
c:\windows\system32\7759s5y9arz1433.exe
c:\windows\system32\77czad9war51524.bin
c:\windows\system32\7855bazkdo9r51.bin
c:\windows\system32\794b5zckdoor653.bin
c:\windows\system32\7995backdzor3091.dll
c:\windows\system32\79c8thief15z0.ocx
c:\windows\system32\7a635hreat32948z.ocx
c:\windows\system32\7b4bdownl95der20z.bin
c:\windows\system32\7bbc5hief9z6.dll
c:\windows\system32\7c95addwarz1455.bin
c:\windows\system32\7ca5bzck9oor2671.exe
c:\windows\system32\7e10addwzr53579.bin
c:\windows\system32\7e2e5ddwarez879.exe
c:\windows\system32\7f37threa5193z6.bin
c:\windows\system32\827bzc5do9r1317.dll
c:\windows\system32\843woz529a.bin
c:\windows\system32\85189pz7b0.cpl
c:\windows\system32\858downloadz91725.bin
c:\windows\system32\8825not-azvirus629.bin
c:\windows\system32\8955wzrm2ba.bin
c:\windows\system32\9004vir9s5z0.exe
c:\windows\system32\91025tzo563e.bin
c:\windows\system32\9191spy5z5.dll
c:\windows\system32\9259threzt15067.exe
c:\windows\system32\927dszeal1457.ocx
c:\windows\system32\9293wo9mzf05.ocx
c:\windows\system32\939485ackzool645.cpl
c:\windows\system32\951z6tr5j610.bin
c:\windows\system32\9524hacktoo5791z.bin
c:\windows\system32\95257vizus379.ocx
c:\windows\system32\9587sparse2z6.bin
c:\windows\system32\95c7zddware3182.cpl
c:\windows\system32\9615tzoj159.cpl
c:\windows\system32\9626zirus1765.dll
c:\windows\system32\969zpy34a5.dll
c:\windows\system32\9720spars51z90.cpl
c:\windows\system32\98178virusz825.dll
c:\windows\system32\98255zrm4db.cpl
c:\windows\system32\986spy1z5.cpl
c:\windows\system32\9902ha5ktooz25c.bin
c:\windows\system32\99296z5rm14d.bin
c:\windows\system32\9z33addware534.cpl
c:\windows\system32\a2bt5z9at12566.dll
c:\windows\system32\a5zt5ief1795.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\b1csz9r5e1514.cpl
c:\windows\system32\b45addwarez928.exe
c:\windows\system32\c14vi5z759.cpl
c:\windows\system32\dumphive.exe
c:\windows\system32\f88t9re5t783z.bin
c:\windows\system32\fb6adz9are6395.bin
c:\windows\system32\fc5a5dw9re4z6.cpl
c:\windows\system32\ffdz5yware2970.dll
c:\windows\system32\fz9addwa9e2563.bin
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\z012sp9wa5e3092.bin
c:\windows\system32\z059vir3080.cpl
c:\windows\system32\z15185py589.ocx
c:\windows\system32\z1940spamb5t175.cpl
c:\windows\system32\z2c7addware28459.dll
c:\windows\system32\z459spambot3045.ocx
c:\windows\system32\z4915ddwar9257.dll
c:\windows\system32\z50405roj1309.cpl
c:\windows\system32\z546threat12539.exe
c:\windows\system32\z5590troj719.cpl
c:\windows\system32\z5898w5rm3e69.exe
c:\windows\system32\z599sparse49.cpl
c:\windows\system32\z5vir5sc49.exe
c:\windows\system32\z61779acktool59c.dll
c:\windows\system32\z765bac9door2580.bin
c:\windows\system32\z7ea9ackd5or2531.cpl
c:\windows\system32\z8879hacktool365.bin
c:\windows\system32\z94downlo5der2061.exe
c:\windows\system32\z9735worm33c.exe
c:\windows\system32\z9859tro9213.dll
c:\windows\system32\z999hi5f935.ocx
c:\windows\system32\z9f5d5wnloader1617.bin
c:\windows\system32\za5b59yware705.dll
c:\windows\system32\zasp5r9e1281.dll
c:\windows\system32\zc19steal9045.dll
c:\windows\system32\zd3fsteal975.ocx
c:\windows\system32\zda3a95ware708.exe
c:\windows\system32\zdcdownloade92557.cpl
c:\windows\system32\zfc2down59ader2351.bin
c:\windows\z0302h5cktool5a9.exe
c:\windows\z0511t5oja99.dll
c:\windows\z17csp95se911.bin
c:\windows\z1885w9r54ae.bin
c:\windows\z1dcst5al9108.dll
c:\windows\z465back9oor2875.bin
c:\windows\z4910tr9j55f.ocx
c:\windows\z5ebac9door3510.dll
c:\windows\z5f2sparse9005.cpl
c:\windows\z7526troj3a9.dll
c:\windows\z8098sp9452.bin
c:\windows\z895n5t-a-virus49c.cpl
c:\windows\z9135worm2f7.ocx
c:\windows\z9137s5ambo9215.cpl
c:\windows\z950sp5rse983.cpl
c:\windows\z951spambot3b7.exe
c:\windows\z956steal1985.cpl
c:\windows\za695ir631.cpl
c:\windows\zb09downloader3503.dll
c:\windows\zcb9thie917205.ocx
c:\windows\zdffthie9305.ocx
c:\windows\ze39addw5re2852.cpl
c:\windows\zf12s5eal1969.ocx
c:\windows\zfe9vi5589.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 15:57 . 2009-06-03 15:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-03 15:17 . 2009-06-03 15:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-03 15:05 . 2009-06-03 15:35 -------- d-----w- C:\!KillBox
2009-06-03 06:07 . 2009-06-03 06:13 -------- d-----w- c:\program files\SmitFraudFixPro
2009-06-03 05:27 . 2009-06-03 05:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-03 04:53 . 2009-06-03 04:53 -------- d-----w- c:\program files\Trend Micro
2009-06-03 04:13 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 04:13 . 2009-06-03 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 04:13 . 2009-06-03 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 04:13 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 06:11 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-31 06:09 . 2009-05-31 06:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-31 06:08 . 2009-05-31 06:09 -------- d-----w- C:\dc501ccfd977a9bb8c1abb9df3
2009-05-31 06:08 . 2009-05-31 06:09 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-31 06:08 . 2009-05-31 06:08 -------- d-----w- c:\windows\system32\LogFiles
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\scripting
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\l2schemas
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\en
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\bits
2009-05-30 14:39 . 2009-05-30 14:43 -------- d-----w- c:\windows\ServicePackFiles
2009-05-30 14:33 . 2009-05-30 14:33 -------- d-----w- c:\windows\EHome
2009-05-29 01:20 . 2009-05-29 01:20 127877 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-05-29 01:20 . 2009-05-29 01:20 1685856 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-19 12:20 . 2009-05-12 12:30 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 12:20 . 2009-05-12 12:30 3288344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 12:20 . 2009-05-12 12:30 424472 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 12:20 . 2009-05-12 12:30 486168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 12:20 . 2009-05-12 12:30 354584 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 12:20 . 2009-05-12 12:30 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 12:20 . 2009-05-12 12:30 177432 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 12:19 . 2009-05-12 12:29 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 12:19 . 2009-05-12 12:29 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-13 06:00 . 2009-05-13 06:09 965344 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-05-08 06:03 . 1999-06-09 14:40 29696 ----a-w- c:\windows\system32\Addon2VB.dll
2009-05-08 04:07 . 2009-06-03 04:05 -------- d-----w- c:\program files\eGames
2009-05-06 22:11 . 2009-05-06 22:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-06 22:05 . 2009-05-06 22:10 -------- d-----w- C:\UT2004
2009-05-04 22:54 . 2009-05-04 22:54 -------- d-----w- c:\program files\GPL MPEG Decoder

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:20 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 18:09 . 2009-02-25 20:04 -------- d-----w- c:\program files\DNA
2009-06-03 18:09 . 2009-02-25 20:04 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-06-03 04:03 . 2009-04-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-03 03:17 . 2009-03-02 19:11 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-06-02 22:10 . 2009-02-26 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-02 21:06 . 2009-03-02 23:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-31 08:35 . 2009-02-25 18:44 13496 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 14:44 . 2009-02-25 18:21 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-29 01:20 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-15 04:02 . 2009-02-26 00:32 -------- d-----w- c:\program files\Google
2009-05-12 12:30 . 2009-02-26 00:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-12 12:30 . 2009-02-26 00:35 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 12:30 . 2009-02-26 00:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-12 12:30 . 2009-02-26 00:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-11 21:58 . 2009-04-21 17:13 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-05-06 22:00 . 2009-04-14 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-28 01:41 . 2009-04-28 01:41 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-04-28 01:39 . 2009-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-28 01:38 . 2009-04-28 01:36 -------- d-----w- c:\program files\AIM6
2009-04-28 01:38 . 2009-04-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-04-28 01:37 . 2009-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-04-28 01:37 . 2009-04-28 01:37 -------- d-----w- c:\program files\Common Files\AOL
2009-04-15 19:27 . 2009-04-14 04:24 157280 ----a-w- c:\windows\hphins26.dat
2009-04-15 19:27 . 2009-04-15 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-04-15 17:31 . 2009-04-15 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-14 19:02 . 2009-04-14 19:02 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-04-14 04:59 . 2009-04-14 04:59 -------- d-----w- c:\program files\Common Files\LightScribe
2009-04-14 04:56 . 2009-04-14 04:56 -------- d-----w- c:\program files\Nero
2009-04-14 04:56 . 2009-04-14 04:56 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-14 04:27 . 2009-04-14 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-14 04:26 . 2009-04-14 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-14 04:26 . 2009-04-14 04:25 -------- d-----w- c:\program files\HP
2009-04-14 04:25 . 2009-04-14 04:25 -------- d-----w- c:\program files\Common Files\HP
2009-04-11 20:54 . 2009-04-11 20:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-11 20:53 . 2009-04-11 20:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-03-22 04:57 . 2009-03-22 05:08 331776 ----a-w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2009-03-21 22:45 . 2009-03-21 22:45 0 ----a-w- c:\windows\ativpsrm.bin
2009-03-21 15:25 . 2009-03-21 15:25 62304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-19 17:59 . 2009-03-19 17:59 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-06 14:44 . 2006-02-28 12:00 283648 ------w- c:\windows\system32\pdh.dll
2009-03-06 14:22 . 2009-04-15 04:40 284160 ------w- c:\windows\system32\SET2061.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-25 321344]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-12 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Torrent Files\\Complete\\BitTorrent.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/25/2009 8:35 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/25/2009 8:35 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/25/2009 2:34 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [3/21/2009 1:56 PM 8192]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/25/2009 8:35 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/25/2009 8:35 PM 298776]
S2 gupdate1c997a9ce12b68e;Google Update Service (gupdate1c997a9ce12b68e);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 8:33 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 05:03]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 00:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-tempo-setup2.exe - c:\windows\system32\tempo-setup2.exe
HKLM-Run-NWEReboot - (no file)
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\farkdf6c.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 14:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3312)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\ALCFDRTM.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-06-03 14:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 18:12

Pre-Run: 136,656,646,144 bytes free
Post-Run: 137,460,752,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

990 --- E O F --- 2009-05-31 07:01

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:26 pm

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitTorrent is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

BitTorrent DNA

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\SET2061.tmp

Folder::
C:\!KillBox
c:\program files\SmitFraudFixPro
c:\program files\DNA
c:\documents and settings\Owner\Application Data\DNA
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Owner\Application Data\BitTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Documents and Settings\\Owner\\Desktop\\Torrent Files\\Complete\\BitTorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Please, Please Help Me! I tried to install Malwarebytes... Sfxdaw

Please, Please Help Me! I tried to install Malwarebytes... Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Part 13rd June 2009, 6:54 pm

ComboFix 09-06-01.03 - Owner 06/03/2009 14:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.330 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\SET2061.tmp"
.
/wow section - STAGE 24
The process cannot access the file because it is being used by another process.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
c:\!killbox\Logs\kb.log
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Owner\Application Data\BitTorrent
c:\documents and settings\Owner\Application Data\BitTorrent\[DIVX - AVI] - [Zack And Miri Make A Porn - 2008] - [FULL DVDRip] - [ENG] - [By LondonVirus].torrent
c:\documents and settings\Owner\Application Data\BitTorrent\[Eclipse] Fullmetal Alchemist Brotherhood - 02 (XviD) [3D3D8911].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\[Eclipse] Fullmetal Alchemist Brotherhood - 03 (XviD) [93B77D64].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\[Eclipse] Fullmetal Alchemist Brotherhood - 04 (XviD) [BD914690].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\[SHS-re-enc]_Fullmetal_Alchemist_2_-_Brotherhood_-_01_[704x400_XviD_MP3][37697399].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\8 Minute Workout.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\amped torrent.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\An American Tail Double Feature.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Azrael.02.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Babysitters XXX [DVDRip][www.zonatorrent.com].torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Balicki.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Batman.683.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Batman.BftC.03.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\BftC.Arkham.Asylum.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big Love - Season 1.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big Love - Season 2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\big love s03e02.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\big love S03E03.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E01.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E04.HDTV.XviD-0TV.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E05.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E06.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E08.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E10.HDTV.XviD-0TV.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\BigLoveS03E07.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\BigLoveS03E09.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\blackest night.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Blair Witch Project 2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Book.Of.Shadows.Blair.Witch.2.SWESUB.DVDRip.XviD-Xzibit.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Bride Wars[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Caligula.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Carmen Electra's Aerobic Striptease Vol. 1 - Aerobic Striptease.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Carmen Electra's Aerobic Striptease Vol. 2 - Fit To Strip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Daemon_Tools_Pro_V4.10.0215.1.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Daemon_Tools_Pro_V4.10.0215.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\DAEMON_Tools_Pro_v4.10.0215_32bit_INTERNAL-PARADOX- WITH CRACK.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Demonlover.2002.DVDRip.XviD-AEN.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\destricted.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Detective 853 (2009) (The Scangstas-DCP).cbr.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\dht.dat
c:\documents and settings\Owner\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\DirectX 10 for Windows XP.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Disciples II Gold Edition + extras.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Donkey Punch KLAXXON.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Drag Me to Hell 2009 -DEViSE-NoRAR.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Drag Me To Hell DVD.SCREENER XviD [2009].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Dragon Quest VIII Official Strategy Guide (Bradygames).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Driver Detective 6 2 5 Keygen.zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Driver Detective 6.2.5.0 - KeyGen_exe.zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Driver Genius Pro.7z.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Ember.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\ENZO.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Extreme Movie[2008]AC-3(5.1)ENG[UKB-RG Xvid]-keltz.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Fallout.3-RELOADED.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\fc6.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Final Crisis.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\FMA Brotherhood EP 2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\FMA Brotherhood ep 3.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\FMA Brotherhood ep 4.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Freddy's Nightmares.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Ghostbusters.Collection.iNTERNAL.DVDRip.XVID-vRs.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Gotham.Gazette.01.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\How To Give A World Class Blowjob.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\I.Love.You.Man.CAM.AVI.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\ISO Applications Software[] (SCENE-BASE.NET).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\JM_30DAY_SHRED.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Justice League of America 32 (2009) (Avalon-SCC-DCP).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\KUNG-FU PANDA-2008-[DVDRIP][ENG]-KIDZCORNER&J.T.R.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Lakeview Terrace[2008]DVDrip[AC-3(5.1)ENG][a UKB-RG Xvid by]- keltz.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Last.House.On.The.Left.UNRATED.PROPER+EXTRAS.DVDrip.XviD-FBR.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Layout.Briana.Banks.XXX.[DVDRIP][WwW.LoKoTorrents.CoM].torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Miss March (2009).avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Miss March.2009.DVDRIP.XviD.Bender.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Miss March[2009]DvDRIP[Eng]-bilbo.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\My Best Friends Girl R5 LINE XviD-COALiTiON.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion - DLCMehrunesRazor [official].zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion - DLCOrrery [official].zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion - DLCThievesDen [official].zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion - DLCVileLair [official].zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion_Addons.rar.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Office Space [1999] DVD-Rip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\P2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\PAUL BLART MALL COP [2009] DVD Rip Xvid (MultiSubs) [StB].torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Paul Blart Mall Cop DVD.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\PC » SILENT HILL HOMECOMING Full Game directplay by globe@.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\PSX 4 PC.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Quantum Of Solace.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\resume.dat
c:\documents and settings\Owner\Application Data\BitTorrent\resume.dat.1.bad
c:\documents and settings\Owner\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\Return.To.Oz[1985]DvDrip.DivX[Eng]MP3-hellure.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\rss.dat
c:\documents and settings\Owner\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\settings.dat
c:\documents and settings\Owner\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\Seven.Pounds.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Sex Drive[2008].UNRATED.LIMITED.DVDRIP.XVID.[Eng]-DUQA.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Slumdog Millionaire.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Still Waiting unrated.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Suicide Girls Ay 2 sets.rar.1.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Suicide Girls Ay 2 sets.rar.2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Suicide Girls Ay 2 sets.rar.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman 677 (2008) (Minutemen-Incrediblehunk).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman 679 (2008) (Minutemen-The Duke Boys).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman 680 (2008) (Minutemen-Zonylie).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman Batman.1.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman Batman.2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman Batman.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\superman DCP.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Tae Bo - Focus Abs & Glutes.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Tae.Bo.Cardio.2004.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\the-fighters-stronghold.rar.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Curious Case of Benjamin Button.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Elder Scrolls IV - Oblivion Official Plugins.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The House Bunny 2008 DVDRip Xvid AC3-FLAWL3SS.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\THE LAST HOUSE ON THE LEFT T-MAN.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Monster Squad.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Real Ghostbusters.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Rocketeer.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The.House.Bunny.NTSC.DVDR.RoSubbed-BOW.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Timecrimes.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Twilight.2008.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Underworld Rise Of The Lycans ((2009)) DVDrip(divx)BigbrO.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Unreal Tournament 2004.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Virtual Sex With Monique Alexander.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\WATCHMEN #1-12 plus Extras from Absolute Edition.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\watchmen full 1 to 12 . Pdf version.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Yes.Man.DVDRip.XviD-DASH.torrent
c:\documents and settings\Owner\Application Data\DNA
c:\documents and settings\Owner\Application Data\DNA\dht.dat
c:\documents and settings\Owner\Application Data\DNA\dht.dat.old
c:\documents and settings\Owner\Application Data\DNA\dna.lng
c:\documents and settings\Owner\Application Data\DNA\resume.dat
c:\documents and settings\Owner\Application Data\DNA\resume.dat.old
c:\documents and settings\Owner\Application Data\DNA\rss.dat
c:\documents and settings\Owner\Application Data\DNA\rss.dat.old
c:\documents and settings\Owner\Application Data\DNA\settings.dat
c:\documents and settings\Owner\Application Data\DNA\settings.dat.old
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\SmitFraudFixPro
c:\program files\SmitFraudFixPro\A_VPSchedule.txt
c:\windows\system32\SET2061.tmp

Part 23rd June 2009, 6:54 pm

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 15:57 . 2009-06-03 15:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-03 15:17 . 2009-06-03 15:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-03 05:27 . 2009-06-03 05:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-03 04:53 . 2009-06-03 04:53 -------- d-----w- c:\program files\Trend Micro
2009-06-03 04:13 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 04:13 . 2009-06-03 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 04:13 . 2009-06-03 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 04:13 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 06:11 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-31 06:09 . 2009-05-31 06:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-31 06:08 . 2009-05-31 06:09 -------- d-----w- C:\dc501ccfd977a9bb8c1abb9df3
2009-05-31 06:08 . 2009-05-31 06:09 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-31 06:08 . 2009-05-31 06:08 -------- d-----w- c:\windows\system32\LogFiles
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\scripting
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\l2schemas
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\en
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\bits
2009-05-30 14:39 . 2009-05-30 14:43 -------- d-----w- c:\windows\ServicePackFiles
2009-05-30 14:33 . 2009-05-30 14:33 -------- d-----w- c:\windows\EHome
2009-05-29 01:20 . 2009-05-29 01:20 127877 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-05-29 01:20 . 2009-05-29 01:20 1685856 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-19 12:20 . 2009-05-12 12:30 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 12:20 . 2009-05-12 12:30 3288344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 12:20 . 2009-05-12 12:30 424472 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 12:20 . 2009-05-12 12:30 486168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 12:20 . 2009-05-12 12:30 354584 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 12:20 . 2009-05-12 12:30 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 12:20 . 2009-05-12 12:30 177432 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 12:19 . 2009-05-12 12:29 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 12:19 . 2009-05-12 12:29 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-13 06:00 . 2009-05-13 06:09 965344 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-05-08 06:03 . 1999-06-09 14:40 29696 ----a-w- c:\windows\system32\Addon2VB.dll
2009-05-08 04:07 . 2009-06-03 04:05 -------- d-----w- c:\program files\eGames
2009-05-06 22:11 . 2009-05-06 22:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-06 22:05 . 2009-05-06 22:10 -------- d-----w- C:\UT2004
2009-05-04 22:54 . 2009-05-04 22:54 -------- d-----w- c:\program files\GPL MPEG Decoder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 22:10 . 2009-02-26 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-02 21:06 . 2009-03-02 23:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-31 08:35 . 2009-02-25 18:44 13496 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 14:44 . 2009-02-25 18:21 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-29 01:20 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-15 04:02 . 2009-02-26 00:32 -------- d-----w- c:\program files\Google
2009-05-12 12:30 . 2009-02-26 00:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-12 12:30 . 2009-02-26 00:35 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 12:30 . 2009-02-26 00:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-12 12:30 . 2009-02-26 00:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-11 21:58 . 2009-04-21 17:13 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-05-06 22:00 . 2009-04-14 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-28 01:41 . 2009-04-28 01:41 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-04-28 01:39 . 2009-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-28 01:38 . 2009-04-28 01:36 -------- d-----w- c:\program files\AIM6
2009-04-28 01:38 . 2009-04-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-04-28 01:37 . 2009-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-04-28 01:37 . 2009-04-28 01:37 -------- d-----w- c:\program files\Common Files\AOL
2009-04-15 19:27 . 2009-04-14 04:24 157280 ----a-w- c:\windows\hphins26.dat
2009-04-15 19:27 . 2009-04-15 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-04-15 17:31 . 2009-04-15 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-14 19:02 . 2009-04-14 19:02 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-04-14 04:59 . 2009-04-14 04:59 -------- d-----w- c:\program files\Common Files\LightScribe
2009-04-14 04:56 . 2009-04-14 04:56 -------- d-----w- c:\program files\Nero
2009-04-14 04:56 . 2009-04-14 04:56 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-14 04:27 . 2009-04-14 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-14 04:26 . 2009-04-14 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-14 04:26 . 2009-04-14 04:25 -------- d-----w- c:\program files\HP
2009-04-14 04:25 . 2009-04-14 04:25 -------- d-----w- c:\program files\Common Files\HP
2009-04-11 20:54 . 2009-04-11 20:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-11 20:53 . 2009-04-11 20:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-03-22 04:57 . 2009-03-22 05:08 331776 ----a-w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2009-03-21 22:45 . 2009-03-21 22:45 0 ----a-w- c:\windows\ativpsrm.bin
2009-03-21 15:25 . 2009-03-21 15:25 62304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-19 17:59 . 2009-03-19 17:59 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-06 14:44 . 2006-02-28 12:00 283648 ------w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_18.10.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-03 18:46 . 2009-06-03 18:46 16384 c:\windows\temp\Perflib_Perfdata_52c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-12 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/25/2009 8:35 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/25/2009 8:35 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/25/2009 2:34 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [3/21/2009 1:56 PM 8192]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/25/2009 8:35 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/25/2009 8:35 PM 298776]
S2 gupdate1c997a9ce12b68e;Google Update Service (gupdate1c997a9ce12b68e);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 8:33 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 05:03]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 00:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe

Part 33rd June 2009, 6:55 pm

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\farkdf6c.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 14:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1168)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\ALCFDRTM.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-06-03 14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 18:50
ComboFix2.txt 2009-06-03 18:12

Pre-Run: 140,705,071,104 bytes free
Post-Run: 140,690,550,784 bytes free

371 --- E O F --- 2009-05-31 07:01

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:59 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Please, Please Help Me! I tried to install Malwarebytes... CF_Cleanup

Please, Please Help Me! I tried to install Malwarebytes... CF_Cleanup

This will also reset your restore points.

How is the machine running now?

Re: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 7:10 pm

It's running great actually. Thank you so much. Hooray!

Please, Please Help Me! I tried to install Malwarebytes...

descriptionPlease, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:02 am

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 1:15 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 3:37 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 3:41 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:04 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:05 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:28 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 5:34 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:16 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:19 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:20 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:20 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:26 pm

descriptionPart 13rd June 2009, 6:54 pm

descriptionPart 23rd June 2009, 6:54 pm

descriptionPart 33rd June 2009, 6:55 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 6:59 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...3rd June 2009, 7:10 pm

descriptionRe: Please, Please Help Me! I tried to install Malwarebytes...