WiredWX Hobby Weather ToolsLog in

 


Can't open MBAM,hijackthis...!help!

2 posters

descriptionCan't open MBAM,hijackthis...!help! EmptyCan't open MBAM,hijackthis...!help!

more_horiz
I can't open Malwarebytes and hijackthis. Norton are not working.
I tried winbluesoft and it says i got about 700+ malwares. how to remove the winblue software?it keeps annoying me ): help please.

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
Please download the Pocket Killbox from HERE

  • Open the Killbox.
  • Under "Full path of file to delete", copy and paste in the following:

    C:\windows\system32\blocker.dll

  • Switch "Standard file kill" to "delete on reboot"
  • Press the Red X to delete the file.
  • It will ask if you want to make a backup of the file we deleted, select Yes to the prompt.
  • It will now delete the file, and popup with another prompt saying so, press Ok.
  • Close the Killbox.

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
it's still doesn't work )):
and now when i want to scan my C drive, norton said; C: unavailable
i can't defrag my hard disk drive T__T

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
DDS (Ver_09-05-14.01) - NTFSx86
Run by AMEER at 19:01:28.71 on Wed 06/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.461 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\AMEER\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MySpace\Toolbar\1.0.45.0\MSTBCoreContainer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AMEER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.rd.yahoo.com/customize/ycomp/defaults/su/*http://my.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\3.0.0.135\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\3.0.0.135\coIEPlg.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] ~"c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AdobeBridge]
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [setup2.exe] c:\windows\system32\setup2.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ameer\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\regist~1.lnk - c:\program files\onone software\mask pro 4.1\
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.188,85.255.112.167
TCP: {1CE63E7A-A7D7-455D-A8C7-3AAB1B331EB1} = 85.255.112.188,85.255.112.167
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\norton 360\engine\3.0.0.135\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ameer\applic~1\mozilla\firefox\profiles\rhzml1jl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\ameer\application data\mozilla\firefox\profiles\rhzml1jl.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\myspace\toolbar\1.0.45.0\components\MySpaceFFoxTB.dll
FF - plugin: c:\documents and settings\ameer\application data\mozilla\firefox\profiles\rhzml1jl.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-6-16 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-6-16 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-6-16 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090610.006\IDSXpx86.sys [2009-6-16 276344]
R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-6-16 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-13 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090617.003\NAVENG.SYS [2009-6-17 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090617.003\NAVEX15.SYS [2009-6-17 876144]
S2 EraserSvc10910;Symantec Eraser Service;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-6-12 115560]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-21 96856]
S3 wxpSvc;webcamXP Service;c:\program files\wlite\wservice.exe /startedbyscm:5053b757-40e35b3b-webcamsrv --> c:\program files\wlite\wService.exe [?]

=============== Created Last 30 ================

2009-06-17 18:23 --d----- C:\!KillBox
2009-06-17 17:59 --d----- c:\program files\AVG
2009-06-17 17:59 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-17 17:53 --d----- c:\program files\Trend Micro
2009-06-17 17:11 18,290 a------- c:\windows\system32\652495ambot63fz.ocx
2009-06-16 22:01 --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-06-16 19:28 92,120 a------- c:\windows\system32\Autorun.ini
2009-06-16 19:27 --d----- c:\windows\system32\autorun
2009-06-16 19:17 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 18:11 --d--r-- c:\program files\Norton Support
2009-06-16 18:00 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 18:00 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-16 18:00 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 18:00 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 18:00 --d----- c:\program files\Symantec
2009-06-16 17:59 --d----- c:\windows\system32\drivers\N360
2009-06-16 07:23 319 a------- c:\windows\game.ini
2009-06-16 07:07 --dsh--- c:\windows\ftpcache
2009-06-16 07:03 --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-06-16 06:55 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-16 06:55 --d----- c:\docume~1\ameer\applic~1\DAEMON Tools Lite
2009-06-14 21:59 17,659 a------- c:\windows\system32\5b9avir3z99.cpl
2009-06-13 19:05 9,664 a------- c:\windows\35aathizf9575.cpl
2009-06-12 22:39 --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-12 22:38 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-12 22:38 --d----- c:\program files\common files\Symantec Shared
2009-06-12 22:37 --d----- c:\program files\Norton 360
2009-06-12 22:37 --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-12 22:37 --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-12 22:10 --d----- c:\program files\NortonInstaller
2009-06-12 22:10 --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-12 21:55 --d----- c:\docume~1\ameer\applic~1\GetRightToGo
2009-06-11 23:15 10,313 a------- c:\windows\system32\2599downloa9er4z0.exe
2009-06-11 19:57 7,075 a------- c:\windows\system32\169z5parse1847.cpl
2009-06-10 00:04 7,841 a------- c:\windows\50zspyw9re1909.ocx
2009-06-08 21:52 --d----- c:\docume~1\alluse~1\applic~1\Digital Film Tools
2009-06-07 23:57 --d----- c:\windows\setup.pss
2009-06-07 12:28 3,180 a------- c:\windows\system32\5z29worm4135.cpl
2009-06-06 08:04 12,129 a------- c:\windows\56510hackzool3a9.cpl
2009-06-05 22:11 17,460 a------- c:\windows\system32\3c02spar952551z.bin
2009-06-05 03:18 13,941 a------- c:\windows\25956vzrus153.dll
2009-06-03 15:51 11,715 a------- c:\windows\73z89py5are262.ocx
2009-06-02 05:23 7,528 a------- c:\windows\55des9arze10845.bin
2009-06-02 03:38 16,472 a------- c:\windows\system32\705bspywzre2692.dll
2009-05-27 22:57 --d----- c:\docume~1\ameer\applic~1\Mask Pro 4.0
2009-05-27 18:12 --d----- c:\program files\SweetIM
2009-05-27 18:12 --d----- c:\docume~1\alluse~1\applic~1\SweetIM
2009-05-27 16:56 --d----- c:\docume~1\ameer\applic~1\onOne Software
2009-05-27 16:56 --d----- c:\docume~1\alluse~1\applic~1\onOne Software
2009-05-27 16:47 --d----- c:\program files\onOne Software
2009-05-26 20:10 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-05-26 20:10 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-05-26 20:10 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-05-26 20:10 75,264 a------- c:\windows\system32\unacev2.dll
2009-05-26 20:10 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-05-26 19:28 --d----- c:\docume~1\alluse~1\applic~1\webcamXP 5
2009-05-26 19:26 --d-h--- c:\windows\PIF
2009-05-25 10:58 8,194 a------- c:\windows\system32\69c2st5al13z1.dll
2009-05-24 23:41 12,167 a------- c:\windows\7429zownl5ader2883.dll
2009-05-23 22:35 13,068 a------- c:\windows\system32\77z0downl5ader9115.cpl
2009-05-23 21:13 17,410 a------- c:\windows\system32\z2944vi95s59c.ocx
2009-05-23 03:31 2,897 a------- c:\windows\29015spy40z.dll
2009-05-22 23:51 8,659 a------- c:\windows\system32\970z5pyware1929.ocx
2009-05-21 19:41 17,598 a------- c:\windows\system32\54909p5mbotz86.bin
2009-05-20 21:27 15,681 a------- c:\windows\8097zackto5l509.bin
2009-05-19 18:43 10,709 a------- c:\windows\65babackd9zr1955.bin

==================== Find3M ====================

2009-06-17 17:11 13,360 a------- c:\windows\618bth5zat15999.bin
2009-06-17 17:10 1,262,080 a------- c:\windows\system32\setup2.exe
2009-06-16 22:02 157,401 a------- c:\windows\hpoins27.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-17 20:30 4,059 a------- c:\windows\system32\25791not-a-v9rus65z.bin
2009-05-16 12:46 16,148 a------- c:\windows\57999hi5f2350z.exe
2009-05-14 16:49 4,227 a------- c:\windows\system32\20434not-a-5irzs293.bin
2009-05-14 08:38 4,640 a------- c:\windows\system32\29a5ste95939z.dll
2009-05-12 03:06 11,613 a------- c:\windows\system32\5694downloa5erz484.dll
2009-05-11 20:05 11,352 a------- c:\windows\z4e4spy9ar51124.bin
2009-05-11 15:44 4,689 a------- c:\windows\system32\77e2t5reat20z739.dll
2009-05-09 15:50 14,244 a------- c:\windows\97z0worm5be9.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-06 08:00 8,727 a------- c:\windows\system32\7540spy295z.bin
2009-05-02 22:48 10,488 a------- c:\windows\system32\95z4th5eat10259.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-05-01 09:21 12,800 a------- c:\windows\system32\17z959py5e3.exe
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-28 05:29 7,066 a------- c:\windows\system32\3556spywaz925365.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:04 3,051 a------- c:\windows\19z94t9oj3455.exe
2009-04-16 14:51 6,584 a------- c:\windows\30fdzparse5995.bin
2009-04-16 06:56 8,253 a------- c:\windows\system32\7ebf9py5are632z.dll
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 06:00 17,846 a------- c:\windows\system32\z9985vi5us52.dll
2009-04-12 00:02 6,859 a------- c:\windows\z89365roj29.dll
2009-04-10 14:38 14,618 a------- c:\windows\170359zrus4b7.bin
2009-04-07 11:48 14,287 a------- c:\windows\819down5oadzr699.dll
2009-04-06 21:03 3,944 a------- c:\windows\259zsparse9859.bin
2009-04-06 10:37 6,149 a------- c:\windows\3d5b9hief35z8.exe
2009-04-06 09:17 2,784 a------- c:\windows\system32\2857zvirus149.exe
2009-04-06 05:49 4,592 a------- c:\windows\6511vzr2339.dll
2009-04-01 23:52 9,805 a------- c:\windows\e665h9efz811.exe
2009-04-01 19:42 7,372 a------- c:\windows\59591troj55z.dll
2009-03-28 20:48 16,852 a------- c:\windows\system32\655z9ownloader1898.dll
2009-03-28 18:02 17,370 a------- c:\windows\system32\9c58stzal50.dll
2009-03-26 07:30 17,013 a------- c:\windows\system32\12z26sp575b9.exe
2009-03-26 06:52 3,638 a------- c:\windows\1919vzru5712.exe
2009-03-26 00:43 10,497 a------- c:\windows\system32\2z088not-a9v5rus4e1.exe
2009-03-25 03:08 18,083 a------- c:\windows\9ed4tzreat15677.exe
2009-03-24 01:38 11,715 a------- c:\windows\2918v9rz2035.exe
2009-03-23 23:41 9,485 a------- c:\windows\system32\6661not-9-virzs50b.exe
2009-03-20 20:42 129,712 a---h--- c:\windows\system32\mlfcache.dat
2009-03-20 17:53 4,570 a------- c:\windows\59f25ddwzre1917.exe

============= FINISH: 19:02:08.48 ===============

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
Not seeing the blocker file that usually comes with it.
Are you able to open msconfig, or the registry editor via the Run box?

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
i can open the msconfig

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
Good.
Go into the startup tab.

Turn off the run value: setup2.exe

Press okay, and reboot when asked.
See if you can get programs working now.

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
nope
MBAM n Hijackthis still doesn't work
my norton 360 detected an infostealer and it can't be remove
ughhhh! Evil or enraged Evil or enraged Evil or enraged

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Can't open MBAM,hijackthis...!help! CF_download_FF

    Can't open MBAM,hijackthis...!help! CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV. (Norton)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Can't open MBAM,hijackthis...!help! Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Can't open MBAM,hijackthis...!help! Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
ComboFix 09-06-16.05 - AMEER 06/17/2009 19:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.966.1033.18.1012.662 [GMT 1:00]
Running from: c:\documents and settings\AMEER\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcserv.sys
c:\windows\system32\drivers\MSIVXkberxlltewmybiuwekqxmoiqaqkwfvdj.sys
c:\windows\10495w9r5699z.cpl
c:\windows\1059spyware1z5.bin
c:\windows\1085s9eal628z.cpl
c:\windows\1095z9roj203.ocx
c:\windows\109ez5ief1165.bin
c:\windows\11239pyware542z.cpl
c:\windows\116z6t5oj28d9.exe
c:\windows\11f65h9zf1536.cpl
c:\windows\12195not-5-virus17z.exe
c:\windows\13de5iz195.dll
c:\windows\14960spz651.bin
c:\windows\1515z9py517.cpl
c:\windows\151905pamzot425.cpl
c:\windows\152db5ckdoor908z.bin
c:\windows\1559zpam5ot137.bin
c:\windows\155z0troj2359.ocx
c:\windows\15659zor9291.dll
c:\windows\15791zo9m50.dll
c:\windows\15999irus54z.dll
c:\windows\15b6threatz50219.cpl
c:\windows\15d5thie92011z.bin
c:\windows\15z25troj9cf.cpl
c:\windows\1689vi51844z.cpl
c:\windows\16939not-a-vzrus135.exe
c:\windows\16a6zhreat5392.ocx
c:\windows\170359zrus4b7.bin
c:\windows\1722059y2az.ocx
c:\windows\17260hzcktool4935.ocx
c:\windows\1750zvirus4539.cpl
c:\windows\17961not-a-virzs5505.dll
c:\windows\18114n5t-9-virus6fz.exe
c:\windows\1873ste9l5z0.dll
c:\windows\18923zacktoo9295.cpl
c:\windows\1895zt5oj640.cpl
c:\windows\18993not-a-viruszd95.ocx
c:\windows\191195orm90z.ocx
c:\windows\1919vzru5712.exe
c:\windows\192dbac5dozr2549.bin
c:\windows\192z1tr5927c.cpl
c:\windows\192zthreat26557.cpl
c:\windows\193fth5zf109.bin
c:\windows\19435szambot3c1.ocx
c:\windows\19524troz34d.cpl
c:\windows\19543not5z-virus351.cpl
c:\windows\19613not-5-virzs3c1.ocx
c:\windows\19690worm1dz5.dll
c:\windows\19882not-a5vzr9s1bc.bin
c:\windows\19955wzrm2339.cpl
c:\windows\1995zddware1859.cpl
c:\windows\19z94t9oj3455.exe
c:\windows\1a16dzwnloa5e92029.ocx
c:\windows\1ac5threa9z95115.ocx
c:\windows\1c5a9owzloade52934.ocx
c:\windows\1d265iz16759.exe
c:\windows\1d3s9arsz5959.dll
c:\windows\1d7dthre9529z12.cpl
c:\windows\1z185tro96295.exe
c:\windows\1z5459irus2c8.cpl
c:\windows\1z74thi9f1345.dll
c:\windows\1z863hacktool5059.dll
c:\windows\1zb8thief96585.ocx
c:\windows\20080w5rz1d9.dll
c:\windows\20d89teal8z5.ocx
c:\windows\21535t5oz9ac.dll
c:\windows\2160dowzloa5er19679.ocx
c:\windows\22093zot-a-vi5us2f8.dll
c:\windows\2225thze95881.cpl
c:\windows\22956worm38z.dll
c:\windows\23111nzt-a-5ir9s476.ocx
c:\windows\232925ozm336.ocx
c:\windows\235csteal1z309.dll
c:\windows\236139azktool75.dll
c:\windows\23855zrm911.exe
c:\windows\2466zvi5use59.exe
c:\windows\25059troj608z.bin
c:\windows\25491zot-a-viru5795.cpl
c:\windows\25581spz296.cpl
c:\windows\255z9tr9j31b.bin
c:\windows\2579not-a-virusz52.exe
c:\windows\25956vzrus153.dll
c:\windows\2596zvirus451.bin
c:\windows\259zsparse9859.bin
c:\windows\25aadd9are71z.ocx
c:\windows\25c9azd9are1045.ocx
c:\windows\25z5a9dware891.cpl
c:\windows\2632z5acktool729.exe
c:\windows\26463no9-a-virus15z.ocx
c:\windows\265z5hacktoo967d.ocx
c:\windows\26997wz5m2.cpl
c:\windows\27199zi5us5c.dll
c:\windows\2734zspy50c9.exe
c:\windows\27d15pywa9e13z6.dll
c:\windows\28270z5rm390.ocx
c:\windows\2883495zma8.bin
c:\windows\29015spy40z.dll
c:\windows\29103sp53zd.bin
c:\windows\2918v9rz2035.exe
c:\windows\2956vir221z.dll
c:\windows\29579sz9d.bin
c:\windows\295859pambzt302.exe
c:\windows\29695hackzool158.dll
c:\windows\29955hacktool3z2.bin
c:\windows\2b95sparze412.bin
c:\windows\2db8t59eat865z.exe
c:\windows\2eaa9azkdo5r2302.exe
c:\windows\2z505sp91a7.ocx
c:\windows\2z59vir2899.bin
c:\windows\30495virus1z3.cpl
c:\windows\309705pambot6ez.exe
c:\windows\30d5zddwar59997.dll
c:\windows\30fdzparse5995.bin
c:\windows\311zvi52971.cpl
c:\windows\31324hack9ozl563.dll
c:\windows\31396zr5j37.dll
c:\windows\315335zru97af.cpl
c:\windows\3154viz2029.bin
c:\windows\31926sp5mboz104.bin
c:\windows\31927zir9s5e.exe
c:\windows\31a39hreat53z5.dll
c:\windows\3214zir5s901.dll
c:\windows\323z5s9y4af.cpl
c:\windows\325estez52559.bin
c:\windows\32z85not-9-virus5df.exe
c:\windows\330fspa5se17z89.cpl
c:\windows\336s9eaz2529.bin
c:\windows\3379thrzat103485.bin
c:\windows\3399spzrse1593.exe
c:\windows\3495troj3dez.cpl
c:\windows\3501adzware29555.bin
c:\windows\3513thzef2599.ocx
c:\windows\35300zpa9bot21c.dll
c:\windows\3569zot-a-virusc5.ocx
c:\windows\35aathizf9575.cpl
c:\windows\35dbzir9617.dll
c:\windows\3776a9dwa5ez955.exe
c:\windows\37z2steal3959.ocx
c:\windows\39357hzckt5ol7c1.ocx
c:\windows\39ba9hr5zt26906.exe
c:\windows\39czvir3545.dll
c:\windows\3c29dzwnloader5117.cpl
c:\windows\3c5z9teal2769.bin
c:\windows\3d5b9hief35z8.exe
c:\windows\3fzct5r9at2795.bin
c:\windows\3z28bac9door2465.dll
c:\windows\3z6009ackt5ol665.ocx
c:\windows\3z6065roj59e.dll
c:\windows\3z62ste9l13205.dll
c:\windows\41ste9l85z.exe
c:\windows\426ezir20915.ocx
c:\windows\4295spambot1zd.bin
c:\windows\4342thi5f90z8.cpl
c:\windows\439asp5ware1252z.exe
c:\windows\451559t-a-viruz3e8.ocx
c:\windows\4548spaz9o5e5.bin
c:\windows\4564viru9474z.dll
c:\windows\457zworm9.exe
c:\windows\45z2spa9se2157.cpl
c:\windows\45z5vir6939.dll
c:\windows\4745tzoj945.cpl
c:\windows\4926s5ambot5az.ocx
c:\windows\4995s5arze1852.cpl
c:\windows\49dcvirz2375.ocx
c:\windows\49z2wo59208.dll
c:\windows\4a5czir1999.bin
c:\windows\4a6fba59zoor1225.bin
c:\windows\4bd5st9al1100z.cpl
c:\windows\4c50zir969.cpl
c:\windows\4c80stz5l5049.bin
c:\windows\4d87zpy5are9211.cpl
c:\windows\4db5zackdoor7239.dll
c:\windows\4e58szarse9479.exe
c:\windows\4e73ad59are90z.dll
c:\windows\4e8dbac5doo96z3.cpl
c:\windows\4e92zi9555.exe
c:\windows\4edzth95f68.ocx
c:\windows\4z39vir5464.cpl
c:\windows\503a5ackd9or2023z.exe
c:\windows\50zspyw9re1909.ocx
c:\windows\5189hacktooz587.ocx
c:\windows\51z4th5ea995.bin
c:\windows\5257tro962z.exe
c:\windows\52d3stea515z49.cpl
c:\windows\536czhief9315.exe
c:\windows\538zir595e9.exe
c:\windows\539bszywa9e475.cpl
c:\windows\53a9pywaze741.bin
c:\windows\53d1za5kdoor979.exe
c:\windows\541bt9iez1115.ocx
c:\windows\5422thze5t9509.bin
c:\windows\543zs9arse527.exe
c:\windows\5478spazb59299.cpl
c:\windows\5499s5arze1011.cpl
c:\windows\54e8vz9918.bin
c:\windows\54f9download5r239z.cpl
c:\windows\5503zroj295.cpl
c:\windows\5555st9al1z5.exe
c:\windows\55des9arze10845.bin
c:\windows\55zcth9ef986.cpl
c:\windows\5607trzj595.dll
c:\windows\5628b9ckdzor953.exe
c:\windows\56353zack9ool4d2.dll
c:\windows\56510hackzool3a9.cpl
c:\windows\5675spyz9c.exe
c:\windows\57349spambot92z.exe
c:\windows\57383ha9ktozl326.ocx
c:\windows\57599not-a-viruz735.cpl
c:\windows\5775s9zal856.ocx
c:\windows\57999hi5f2350z.exe
c:\windows\57e5sparze1996.ocx
c:\windows\57e9b5ckdooz1981.bin
c:\windows\58569not-a-viruz454.bin
c:\windows\5863sp5mb9t3dz.ocx
c:\windows\5897not-a-virus78z.dll
c:\windows\589z5ief2597.exe
c:\windows\58z21spy91.cpl
c:\windows\5912zhackto9l142.cpl
c:\windows\595259cktooz692.bin
c:\windows\59591troj55z.dll
c:\windows\5975zp9mbot1f4.exe
c:\windows\597z6virus6b09.cpl
c:\windows\59f25ddwzre1917.exe
c:\windows\59feaddware3038z.dll
c:\windows\5a6zspywar9165.cpl
c:\windows\5a9addware30z9.exe
c:\windows\5bd9viz3987.ocx
c:\windows\5c35t9ief2755z.cpl
c:\windows\5d20doznload5r907.cpl
c:\windows\5d26dow9load5r2213z.ocx
c:\windows\5d29t9rzat3129.exe
c:\windows\5d71downzoader2559.ocx
c:\windows\5ea9v953127z.ocx
c:\windows\5eabad9ware111z.dll
c:\windows\5fc1ad9warz15385.ocx
c:\windows\5z145hack9ool1d0.bin
c:\windows\5z712spambot19f.bin
c:\windows\603d5ackzoor999.bin
c:\windows\60bb5irz349.ocx
c:\windows\6159vi9z150.bin
c:\windows\618bth5zat15999.bin
c:\windows\62d7down9oade540z.cpl
c:\windows\64ec9own5oaderz02.dll
c:\windows\6511vzr2339.dll
c:\windows\654w5rmzc99.ocx
c:\windows\6555not-a-virus99z5.ocx
c:\windows\6557zackdo9r2255.dll
c:\windows\6598tzr9at10650.bin
c:\windows\6599zir1862.ocx
c:\windows\65babackd9zr1955.bin
c:\windows\65z9hacktoo9555.exe
c:\windows\65zbbac9door896.dll
c:\windows\6759zorm483.exe
c:\windows\6782vi59s5z1.exe
c:\windows\6798vir5s36z.cpl
c:\windows\681edo5nlzader395.bin
c:\windows\6821hacztoo945f.bin
c:\windows\6826zac5door30509.exe
c:\windows\68c8backdz9r1582.bin
c:\windows\693cvir35z.ocx
c:\windows\6992doznloader25395.bin
c:\windows\69c9addwarz2105.ocx
c:\windows\69zvi5us65c.exe
c:\windows\6a7f9pywaze13645.dll
c:\windows\6b15sp9rse2z56.bin
c:\windows\6z57spa9se835.dll
c:\windows\6z69a5dware2773.exe
c:\windows\6z85backdoo9392.ocx
c:\windows\6z91vir2570.dll
c:\windows\6z9spyware1559.cpl
c:\windows\7004notza-vir9s5a5.bin
c:\windows\7025w9zm779.exe
c:\windows\70b0t5iez5909.exe
c:\windows\715ezddw9re1166.ocx
c:\windows\732zt9re5t9951.cpl
c:\windows\735z5ir18839.exe
c:\windows\73z89py5are262.ocx
c:\windows\7429zownl5ader2883.dll
c:\windows\746d5wnload9r27z9.exe
c:\windows\7553th9eat1509z.ocx
c:\windows\7596zpy255.ocx
c:\windows\764athz5f779.bin
c:\windows\7659szyware2155.ocx
c:\windows\78bc9tealz574.exe
c:\windows\792ezpywar51401.exe
c:\windows\799av5z522.exe
c:\windows\79c5spyw5rz1647.cpl
c:\windows\7a4backdo951z80.bin
c:\windows\7a68backzoo52249.exe
c:\windows\7b9dthzef95305.bin
c:\windows\7ba1zddwa9e5834.ocx
c:\windows\7e895tezl700.cpl
c:\windows\7z11vir1995.bin
c:\windows\7z39r5j180.cpl
c:\windows\7z82thr5a929155.exe
c:\windows\8097zackto5l509.bin
c:\windows\819down5oadzr699.dll
c:\windows\8498wo9m2z55.ocx
c:\windows\8565spaz9ot79f.exe
c:\windows\8589zi9us500.exe
c:\windows\8822worm594z.cpl
c:\windows\8905spy697z.cpl
c:\windows\8z13s5ambot79c9.cpl
c:\windows\8z8dow9loader562.dll
c:\windows\90047ha5ztool390.dll
c:\windows\90517spambot665z.exe
c:\windows\9086zorm745.exe
c:\windows\90e4backdooz3512.dll
c:\windows\910dbackd5zr288.ocx
c:\windows\91145spy585z.exe
c:\windows\92527spy3fz.cpl
c:\windows\925z05roj5f9.cpl
c:\windows\92b2th5eaz14926.cpl
c:\windows\92zbackdoo52375.dll
c:\windows\93562worm7z5.ocx
c:\windows\939aspzwa5e2755.cpl
c:\windows\9411t5ief2z50.dll
c:\windows\9491ha9ktooz3435.ocx
c:\windows\952az5r2840.ocx
c:\windows\9535wzr5693.ocx
c:\windows\956795irus2bdz.ocx
c:\windows\95695worm7ze.cpl
c:\windows\95z73worm5a9.dll
c:\windows\9675zworm2fc.dll
c:\windows\9757zw5rm6d6.cpl
c:\windows\97z0worm5be9.dll
c:\windows\9833downloaderz7905.ocx
c:\windows\998wo9mz8a5.ocx
c:\windows\9aebackdo5r21z4.dll
c:\windows\9b22do5nlozder2466.ocx
c:\windows\9e81spyzare1566.bin
c:\windows\9ed4tzreat15677.exe
c:\windows\9f5adz9a5e2634.exe
c:\windows\9fze5hief66.ocx
c:\windows\9z389roj69c5.exe
c:\windows\9z596troj65c.ocx
c:\windows\a06bz5kdoo9780.ocx
c:\windows\a19v5rz3.dll
c:\windows\d36adzware2695.bin
c:\windows\e665h9efz811.exe
c:\windows\fd95dzware819.cpl
c:\windows\fzthre9t29335.dll
c:\windows\system32\10552s9z35d.cpl
c:\windows\system32\10556tr9jz56.ocx
c:\windows\system32\1076vi5396z.cpl
c:\windows\system32\10z89worm459.dll
c:\windows\system32\10z965orm6.bin
c:\windows\system32\11169not-azv5rus129.cpl
c:\windows\system32\11191trojz53.bin
c:\windows\system32\115z9vir5s243.bin
c:\windows\system32\119baczdo9r2425.cpl
c:\windows\system32\12259sp9mbztdc.bin
c:\windows\system32\12408zpy579.dll
c:\windows\system32\125029ormzb5.cpl
c:\windows\system32\1278zv9rus3d35.bin
c:\windows\system32\12793n5t-a-9zrus438.bin
c:\windows\system32\1299vi53z23.ocx
c:\windows\system32\129zbackdoor15979.dll
c:\windows\system32\12z23sp95c5.ocx
c:\windows\system32\12z26sp575b9.exe
c:\windows\system32\131z6tro9594.dll
c:\windows\system32\13909hzck5ool94e.ocx
c:\windows\system32\141799ir5sz94.cpl
c:\windows\system32\1454559y6az.ocx
c:\windows\system32\14632not-z5virus349.cpl
c:\windows\system32\1465ztroj509.cpl
c:\windows\system32\14692virusz529.cpl
c:\windows\system32\14770zot5a9virus478.exe
c:\windows\system32\14899hazk5ool45c.cpl
c:\windows\system32\1554zackdoor9206.dll
c:\windows\system32\15566hzckt9ol18d.ocx
c:\windows\system32\15605wzr9215.dll
c:\windows\system32\15739spz28a.cpl
c:\windows\system32\15905wo9m45bz.dll
c:\windows\system32\1593zvirus2d1.exe
c:\windows\system32\15971wor5z22.dll
c:\windows\system32\1599zacktoo5de.ocx
c:\windows\system32\15z91spy2aa.exe
c:\windows\system32\15zevi9259.cpl
c:\windows\system32\16126z9ru563c.dll
c:\windows\system32\autorun.ini
c:\windows\system32\drivers\gxvxcserv.sys
c:\windows\system32\drivers\MSIVXkberxlltewmybiuwekqxmoiqaqkwfvdj.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXkyvlboejluxleqhbosyeplsbgpfyxsgk.dll
c:\windows\system32\MSIVXmpmyroqudruxxwwxiqhwhhwipbmpfmee.dll
c:\windows\system32\setup2.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z357a9dware1878.dll
c:\windows\z497virus2935.dll
c:\windows\z4e4spy9ar51124.bin
c:\windows\z5068troj29d.exe
c:\windows\z509threat29923.ocx
c:\windows\z529tr9j57d.ocx
c:\windows\z5658not-a9virusab.bin
c:\windows\z5919spam9ot606.dll
c:\windows\z594hac5tool42.dll
c:\windows\z696addwa9e1511.exe
c:\windows\z7359virus70a5.dll
c:\windows\z825spy697.ocx
c:\windows\z89365roj29.dll
c:\windows\z9318s5y423.ocx
c:\windows\z9475hreat26779.bin
c:\windows\z995rm4e9.dll
c:\windows\zd54threat165495.dll
c:\windows\zd91sparse553.exe

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_MSIVXserv.sys
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-12-26 15:42 . 2009-12-26 15:42 10117 ----a-w- c:\windows\system32\51z19virus259.dll
2009-12-23 05:29 . 2009-12-23 05:29 16521 ----a-w- c:\windows\system32\55adt9ief134z.bin
2009-12-19 09:02 . 2009-12-19 09:02 14943 ----a-w- c:\windows\system32\299845pambot68bz.exe
2009-12-17 11:44 . 2009-12-17 11:44 15586 ----a-w- c:\windows\system32\5z869own5oader337.exe
2009-12-10 18:22 . 2009-12-10 18:22 10053 ----a-w- c:\windows\system32\19301viruz165.bin
2009-12-04 16:51 . 2009-12-04 16:51 6202 ----a-w- c:\windows\system32\5eccv9rz397.bin
2009-11-17 01:36 . 2009-11-17 01:36 9272 ----a-w- c:\windows\system32\57adsp9rse532z.dll
2009-11-16 22:24 . 2009-11-16 22:24 5406 ----a-w- c:\windows\system32\19961v5rus2dz.exe
2009-11-16 10:38 . 2009-11-16 10:38 3821 ----a-w- c:\windows\system32\19509s9y66z.bin
2009-10-20 12:16 . 2009-10-20 12:16 16063 ----a-w- c:\windows\system32\7zafvir9015.dll
2009-10-20 00:43 . 2009-10-20 00:43 3325 ----a-w- c:\windows\system32\9b18steal38z5.dll
2009-10-18 06:06 . 2009-10-18 06:06 17875 ----a-w- c:\windows\system32\z75919irus3225.exe
2009-10-13 23:24 . 2009-10-13 23:24 16561 ----a-w- c:\windows\system32\47f7threaz20959.exe
2009-10-04 19:31 . 2009-10-04 19:31 5667 ----a-w- c:\windows\system32\6006haz9tool155.bin
2009-10-04 17:17 . 2009-10-04 17:17 4839 ----a-w- c:\windows\system32\2124sz5rs9429.exe
2009-09-27 20:37 . 2009-09-27 20:37 5573 ----a-w- c:\windows\system32\6935viruz99.bin
2009-09-22 18:42 . 2009-09-22 18:42 11552 ----a-w- c:\windows\system32\91692spyz55.bin
2009-09-17 12:58 . 2009-09-17 12:58 7447 ----a-w- c:\windows\system32\4e5bazkdoor2193.bin
2009-09-14 15:14 . 2009-09-14 15:14 16046 ----a-w- c:\windows\system32\91524spy77z.bin
2009-09-11 10:12 . 2009-09-11 10:12 16182 ----a-w- c:\windows\system32\z35775iru9b4.dll
2009-09-08 04:15 . 2009-09-08 04:15 8566 ----a-w- c:\windows\system32\19354trojz59.bin
2009-09-06 17:05 . 2009-09-06 17:05 11181 ----a-w- c:\windows\system32\46a5dzwn9oader574.dll
2009-09-04 02:14 . 2009-09-04 02:14 13193 ----a-w- c:\windows\system32\847z59m45c.exe
2009-09-01 15:55 . 2009-09-01 15:55 18028 ----a-w- c:\windows\system32\6b5edownl9ader893z.bin
2009-08-25 07:03 . 2009-08-25 07:03 9419 ----a-w- c:\windows\system32\9a49azkdoor2915.bin
2009-08-22 17:17 . 2009-08-22 17:17 2935 ----a-w- c:\windows\system32\5961threat15z98.dll
2009-08-21 21:47 . 2009-08-21 21:47 7928 ----a-w- c:\windows\system32\2964spywar9z578.dll
2009-08-21 12:56 . 2009-08-21 12:56 12503 ----a-w- c:\windows\system32\51949ddzare3035.exe
2009-08-19 15:36 . 2009-08-19 15:36 4067 ----a-w- c:\windows\system32\296z6h9cktool652.bin
2009-08-18 15:56 . 2009-08-18 15:56 5051 ----a-w- c:\windows\system32\9f9zddwar92530.bin
2009-08-11 02:09 . 2009-08-11 02:09 17428 ----a-w- c:\windows\system32\548cspywzre8899.bin
2009-08-10 11:58 . 2009-08-10 11:58 11972 ----a-w- c:\windows\system32\21994hackt5ol5cz.exe
2009-08-09 21:29 . 2009-08-09 21:29 13612 ----a-w- c:\windows\system32\922985ot-a-viruz413.dll
2009-08-09 14:52 . 2009-08-09 14:52 12367 ----a-w- c:\windows\system32\6442bazkd9o51264.exe
2009-08-01 20:13 . 2009-08-01 20:13 6946 ----a-w- c:\windows\system32\44eespazse1259.dll
2009-07-27 23:12 . 2009-07-27 23:12 6955 ----a-w- c:\windows\system32\1z659spambotf95.bin
2009-07-25 04:24 . 2009-07-25 04:24 7009 ----a-w- c:\windows\system32\35758zpy982.bin
2009-07-23 04:01 . 2009-07-23 04:01 12317 ----a-w- c:\windows\system32\5598sparsz5099.bin
2009-07-22 21:01 . 2009-07-22 21:01 9040 ----a-w- c:\windows\system32\98z80virus2645.dll
2009-07-20 23:49 . 2009-07-20 23:49 15677 ----a-w- c:\windows\system32\5159add9are268z.bin
2009-07-18 07:36 . 2009-07-18 07:36 8002 ----a-w- c:\windows\system32\17855szambot941.exe
2009-07-13 06:18 . 2009-07-13 06:18 15325 ----a-w- c:\windows\system32\29544spa5b9t1eez.dll
2009-07-03 22:03 . 2009-07-03 22:03 11612 ----a-w- c:\windows\system32\6561zackto9l4fc.exe
2009-06-24 13:15 . 2009-06-24 13:15 14891 ----a-w- c:\windows\system32\22b9thzef1658.exe
2009-06-23 19:49 . 2009-06-23 19:49 5308 ----a-w- c:\windows\system32\2921s9zmbot4635.exe
2009-06-22 21:46 . 2009-06-22 21:46 16020 ----a-w- c:\windows\system32\4592z9oj1b5.exe
2009-06-19 11:52 . 2009-06-19 11:52 4217 ----a-w- c:\windows\system32\6591thizf5975.exe
2009-06-17 19:06 . 2009-06-16 16:59 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-17 17:23 . 2009-06-17 17:23 -------- d-----w- C:\!KillBox
2009-06-17 16:59 . 2009-06-17 16:59 -------- d-----w- c:\program files\AVG
2009-06-17 16:59 . 2009-06-17 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-17 16:53 . 2009-06-17 16:53 -------- d-----w- c:\program files\Trend Micro
2009-06-17 16:11 . 2009-06-17 16:11 8945 ----a-w- c:\windows\system32\45czsp9rse2934.bin
2009-06-17 15:47 . 2009-06-16 16:59 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVENG.SYS
2009-06-17 15:47 . 2009-06-16 16:59 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVEX15.SYS
2009-06-17 15:47 . 2009-06-16 16:59 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVEX32A.DLL
2009-06-17 15:47 . 2009-06-16 16:59 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\NAVENG32.DLL
2009-06-17 15:47 . 2009-06-16 16:59 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\EECTRL.SYS
2009-06-17 15:47 . 2009-06-16 16:59 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\ERASER.SYS
2009-06-17 15:47 . 2009-06-16 16:59 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\ECMSVR32.DLL
2009-06-17 15:47 . 2009-06-16 16:59 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\CCERASER.DLL
2009-06-16 21:01 . 2009-06-16 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-06-16 18:27 . 2009-06-16 18:28 -------- d-----w- c:\windows\system32\autorun
2009-06-16 18:17 . 2009-06-16 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 17:11 . 2009-06-16 17:11 -------- d-----r- c:\program files\Norton Support
2009-06-16 17:10 . 2009-06-16 17:10 -------- d-----w- c:\documents and settings\AMEER\Local Settings\Application Data\Symantec
2009-06-16 17:10 . 2009-06-16 16:59 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-16 17:10 . 2009-06-16 16:59 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-16 17:10 . 2009-06-16 16:59 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-16 17:10 . 2009-06-16 16:59 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-16 17:10 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-16 17:00 . 2009-06-16 16:59 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-16 17:00 . 2009-06-16 17:00 -------- d-----w- c:\program files\Symantec
2009-06-16 17:00 . 2009-06-16 17:00 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-16 17:00 . 2009-06-16 17:00 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-16 16:59 . 2009-06-16 16:59 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-06-16 16:59 . 2009-06-16 16:59 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-06-16 16:59 . 2009-06-16 16:59 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-06-16 16:59 . 2009-06-16 16:59 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-16 16:59 . 2009-06-16 16:59 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-16 16:59 . 2009-06-16 16:59 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-06-16 16:59 . 2009-06-16 16:59 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-16 16:59 . 2009-06-16 16:59 -------- d-----w- c:\windows\system32\drivers\N360
2009-06-12 21:38 . 2009-06-16 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-12 21:37 . 2009-06-16 16:59 -------- d-----w- c:\program files\Norton 360
2009-06-12 21:37 . 2009-06-16 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-12 21:37 . 2009-06-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-12 21:10 . 2009-06-16 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-12 21:10 . 2009-06-16 16:58 -------- d-----w- c:\program files\NortonInstaller
2009-06-12 20:55 . 2009-06-12 21:36 -------- d-----w- c:\documents and settings\AMEER\Application Data\GetRightToGo
2009-06-11 22:15 . 2009-06-11 22:15 10313 ----a-w- c:\windows\system32\2599downloa9er4z0.exe
2009-06-10 23:01 . 2009-06-10 23:01 2173616 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.45.0.exe
2009-06-10 14:50 . 2009-06-10 14:50 152576 ----a-w- c:\documents and settings\AMEER\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 20:52 . 2009-06-08 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Digital Film Tools
2009-06-07 22:55 . 2009-06-07 22:55 -------- d-----w- c:\documents and settings\AMEER\Local Settings\Application Data\Help
2009-06-05 21:11 . 2009-06-05 21:11 17460 ----a-w- c:\windows\system32\3c02spar952551z.bin
2009-06-03 17:34 . 2009-04-05 22:00 38208 ----a-w- c:\documents and settings\AMEER\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-02 02:38 . 2009-06-02 02:38 16472 ----a-w- c:\windows\system32\705bspywzre2692.dll
2009-05-27 21:57 . 2009-05-27 21:58 -------- d-----w- c:\documents and settings\AMEER\Application Data\Mask Pro 4.0
2009-05-27 17:12 . 2009-05-27 21:23 -------- d-----w- c:\program files\SweetIM
2009-05-27 17:12 . 2009-05-27 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2009-05-27 15:56 . 2009-05-27 15:56 -------- d-----w- c:\documents and settings\AMEER\Application Data\onOne Software
2009-05-27 15:56 . 2009-05-27 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2009-05-27 15:47 . 2009-05-27 15:56 -------- d-----w- c:\program files\onOne Software
2009-05-26 19:10 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-05-26 19:10 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-05-26 19:10 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-05-26 19:10 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-05-26 19:10 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-05-26 18:28 . 2009-06-16 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP 5
2009-05-26 18:26 . 2009-05-26 18:26 -------- d--h--w- c:\windows\PIF
2009-05-25 09:58 . 2009-05-25 09:58 8194 ----a-w- c:\windows\system32\69c2st5al13z1.dll
2009-05-23 09:04 . 2009-05-23 09:04 316416 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\fmodex.dll
2009-05-23 09:04 . 2009-05-23 09:04 60416 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\OpenAL32.dll
2009-05-23 09:04 . 2009-05-23 09:04 1468264 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\d3dx9_33.dll
2009-05-23 09:04 . 2009-05-23 09:04 1038104 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\d3dx9_31.dll
2009-05-23 09:04 . 2009-05-23 09:04 4055040 ----a-w- c:\documents and settings\AMEER\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\7500\install\AceOfAces.exe
2009-05-21 18:41 . 2009-05-21 18:41 17598 ----a-w- c:\windows\system32\54909p5mbotz86.bin

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 16:30 . 2009-02-08 09:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 16:11 . 2009-06-17 16:11 9538 ----a-w- c:\windows\system32\2101backd9o5z978.dll
2009-06-17 16:03 . 2009-04-02 15:04 -------- d-----w- c:\documents and settings\AMEER\Application Data\HPAppData
2009-06-17 15:23 . 2009-01-19 22:23 -------- d-----w- c:\program files\Games
2009-06-16 21:02 . 2009-03-27 07:28 157401 ----a-w- c:\windows\hpoins27.dat
2009-06-16 20:59 . 2009-01-21 09:33 -------- d-----w- c:\program files\BitComet
2009-06-16 17:00 . 2009-06-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-16 17:00 . 2009-06-16 17:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 17:00 . 2009-06-16 17:00 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 16:59 . 2009-06-12 21:38 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-16 16:59 . 2009-06-16 16:59 -------- d-----w- c:\program files\Windows Sidebar
2009-06-16 06:23 . 2008-07-08 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 06:07 . 2009-06-16 05:55 -------- d-----w- c:\documents and settings\AMEER\Application Data\DAEMON Tools Lite
2009-06-16 06:03 . 2009-06-16 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-16 05:55 . 2009-06-16 05:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-15 20:00 . 2008-07-08 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 19:56 . 2008-07-08 18:02 -------- d-----w- c:\program files\Microsoft Works
2009-06-12 20:48 . 2009-01-22 16:34 -------- d-----w- c:\documents and settings\AMEER\Application Data\LimeWire
2009-06-10 14:51 . 2009-01-22 12:30 -------- d-----w- c:\program files\Java
2009-05-31 15:40 . 2009-02-21 11:03 -------- d-----w- c:\program files\GameHouse
2009-05-27 16:15 . 2009-01-19 04:47 583312 ----a-w- c:\documents and settings\AMEER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 10:33 . 2009-01-22 12:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 19:30 . 2009-05-17 19:30 4059 ----a-w- c:\windows\system32\25791not-a-v9rus65z.bin
2009-05-14 15:49 . 2009-05-14 15:49 4227 ----a-w- c:\windows\system32\20434not-a-5irzs293.bin
2009-05-14 07:38 . 2009-05-14 07:38 4640 ----a-w- c:\windows\system32\29a5ste95939z.dll
2009-05-12 02:06 . 2009-05-12 02:06 11613 ----a-w- c:\windows\system32\5694downloa5erz484.dll
2009-05-11 14:44 . 2009-05-11 14:44 4689 ----a-w- c:\windows\system32\77e2t5reat20z739.dll
2009-05-07 15:32 . 2008-04-15 03:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 07:00 . 2009-05-06 07:00 8727 ----a-w- c:\windows\system32\7540spy295z.bin
2009-05-04 16:27 . 2009-05-04 16:27 -------- d-----w- c:\documents and settings\AMEER\Application Data\ThemesCreator
2009-05-02 21:48 . 2009-05-02 21:48 10488 ----a-w- c:\windows\system32\95z4th5eat10259.dll
2009-05-02 16:23 . 2009-05-02 16:23 -------- d-----w- c:\program files\Sony Ericsson
2009-05-02 16:00 . 2009-04-03 19:42 -------- d-----w- c:\program files\MySpace
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 08:21 . 2009-05-01 08:21 12800 ----a-w- c:\windows\system32\17z959py5e3.exe
2009-04-30 20:14 . 2009-04-30 20:14 1893936 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.5.exe
2009-04-29 04:56 . 2008-04-15 03:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-04-15 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 04:29 . 2009-04-28 04:29 7066 ----a-w- c:\windows\system32\3556spywaz925365.dll
2009-04-17 12:26 . 2008-04-15 03:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 05:56 . 2009-04-16 05:56 8253 ----a-w- c:\windows\system32\7ebf9py5are632z.dll
2009-04-15 14:51 . 2008-04-15 03:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 05:00 . 2009-04-14 05:00 17846 ----a-w- c:\windows\system32\z9985vi5us52.dll
2009-04-13 21:17 . 2009-04-13 21:17 937128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 13:29 . 2009-04-08 13:29 1202 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-04-07 11:33 . 2009-04-07 11:33 1892856 ----a-w- c:\documents and settings\AMEER\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.0.exe
2009-04-06 08:17 . 2009-04-06 08:17 2784 ----a-w- c:\windows\system32\2857zvirus149.exe
2009-04-01 15:04 . 2009-04-01 15:04 152576 ----a-w- c:\documents and settings\AMEER\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 19:48 . 2009-03-28 19:48 16852 ----a-w- c:\windows\system32\655z9ownloader1898.dll
2009-03-28 17:02 . 2009-03-28 17:02 17370 ----a-w- c:\windows\system32\9c58stzal50.dll
2009-03-25 23:43 . 2009-03-25 23:43 10497 ----a-w- c:\windows\system32\2z088not-a9v5rus4e1.exe
2009-03-23 22:41 . 2009-03-23 22:41 9485 ----a-w- c:\windows\system32\6661not-9-virzs50b.exe
2009-03-20 19:42 . 2009-01-22 10:47 129712 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Athan"="c:\program files\Athan\Athan.exe" [2009-01-18 1081344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\AMEER\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3444008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Games\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Games\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18823:TCP"= 18823:TCP:BitComet 18823 TCP
"18823:UDP"= 18823:UDP:BitComet 18823 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26456:TCP"= 26456:TCP:BitComet 26456 TCP
"26456:UDP"= 26456:UDP:BitComet 26456 UDP

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [6/16/2009 5:59 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [6/16/2009 5:59 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [6/16/2009 5:59 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys [6/16/2009 6:10 PM 276344]
R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [6/16/2009 5:59 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/13/2009 1:11 AM 101936]
S2 EraserSvc10910;Symantec Eraser Service;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [6/12/2009 10:38 PM 115560]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [5/21/2008 9:11 AM 96856]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV --> c:\program files\wLite\wService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-16 c:\windows\Tasks\WebReg HP Deskjet F2200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 20:40]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-AdobeBridge - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.rd.yahoo.com/customize/ycomp/defaults/su/*http://my.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2800)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\AMEER\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-17 20:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-17 19:12

Pre-Run: 38,726,746,112 bytes free
Post-Run: 38,636,965,888 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

752 --- E O F --- 2009-06-15 20:00

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
What a mess,

Before we can clean the rest, we need to uninstall a few things.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

descriptionCan't open MBAM,hijackthis...!help! EmptyRe: Can't open MBAM,hijackthis...!help!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum