Win blue soft infected my desktop please help

Win blue soft has infected my computer and i have deleted the blocker.dll

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

im sorry i forgot to mention that i had downloaded it but the installer just asks for the location to save and then stops there is no user agreement.

Last edited by ozi173 on 6th June 2009, 4:28 pm; edited 1 time in total

I have also downloaded MGlogs and have gotten a zip.

Okay, upload the mglogs.zip to rapidshare for me please.

Here is the link
http://rapidshare.com/files/241534072/MGlogs.zip.html

Hello.
Go to your C drive and open the MGTools folder. Inside there's is "Analyze.exe", which is actually Hijck This.exe, so we are going to use that.
Please download the current version of HijackThis from [LIST]

Before doing any malware removal, a few things need to be thrown out.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Here is the List

1 Moon Above version 4.3
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player
BitComet 1.12
Canon PowerShot S45 WIA Driver
Chameleon Mega Camera Driver
CleanMyPC Popup Blocker
C-Media WDM Audio Driver
CourseMate Desktop
Dell AIO Printer A920
DivX Web Player
DVD Shrink 3.2
DVDZip Pro 3.1
EI_KBR
Empires Demo MP
EZ Connect g SMC2802W 2.4 GHz 54 Mbps WLAN Utility
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HSP56 MR Drivers
Java(TM) 6 Update 10
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MapleStory
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
NVIDIA Drivers
OpenOffice.org Installer 1.0
Planet Quest version 4.0
RealPlayer
RelevantKnowledge
RON Too1 Globaladsolution
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Seekapp 1.0 build 139
System Requirements Lab
TD_Common_M
TD_Delivery_M
TD_StateMgr_M
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
VideoLAN VLC media player 0.8.1
VUE Test Delivery Suite (5.08.1010.14)
WinBlueSoft
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
WinRAR archiver

Hello.
Any reason you are still using SP1 when we are now at SP3? and not running any AV either?

I see that you are running BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitComet is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

BitComet 1.12
Java(TM) 6 Update 10
RelevantKnowledge
Seekapp 1.0 build 139
WinBlueSoft

Next,

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {2B966E9D-A4A7-4789-83B5-B13F36F4A41D} - C:\WINDOWS\System32\atmli.dll
  O3 - Toolbar: (no name) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - (no file)
  O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
  O4 - HKUS\S-1-5-19\..\Run: [yurewegalu] Rundll32.exe "C:\WINDOWS\System32\tilepilo.dll",s (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [yurewegalu] Rundll32.exe "C:\WINDOWS\System32\tilepilo.dll",s (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-18\..\Run: [tempo-setup2.exe] C:\WINDOWS\System32\tempo-setup2.exe (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [tempo-setup2.exe] C:\WINDOWS\System32\tempo-setup2.exe (User 'Default user')
  O4 - Global Startup: office.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{924624C7-A6FC-4A1A-88EB-A30D2E65FAD8}: NameServer = 85.255.112.132,85.255.112.188
  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188
  O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Next,

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• If Combofix asks, DO NOT install the recovery console.
  
• Accept the End-User License Agreement.
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Here is part of the list

c:\documents and settings\Zara\Application Data\FunWebProducts
c:\documents and settings\Zara\Application Data\FunWebProducts\Data\Zara\avatar.dat
c:\documents and settings\Zara\Application Data\FunWebProducts\Data\Zara\outfit.dat
c:\documents and settings\Zara\Application Data\FunWebProducts\Data\Zara\register.dat
c:\documents and settings\Zara\Application Data\FunWebProducts\Data\Zara\zbucks.dat
c:\windows\10009s5z39e.dll
c:\windows\10948spambo5dfz.exe
c:\windows\11135worz4945.cpl
c:\windows\116virz1495.ocx
c:\windows\1193spywa5e14z9.bin
c:\windows\119z9ir546.dll
c:\windows\11beth59az22993.bin
c:\windows\121695pzc69.cpl
c:\windows\1224not-5-vzrus794.ocx
c:\windows\12392spazbot995.ocx
c:\windows\12775ownloadzr906.cpl
c:\windows\12967not-a-5irus46bz.exe
c:\windows\13085zpy599.bin
c:\windows\13232notza-virus49b5.exe
c:\windows\13852sp9mbzt4ca5.ocx
c:\windows\14095sza9bot615.ocx
c:\windows\1442v9z5202.ocx
c:\windows\151889p5566z.bin
c:\windows\15290szambot343.bin
c:\windows\153zsteal16595.bin
c:\windows\15468szy975.exe
c:\windows\1557troz4915.bin
c:\windows\155zspyware899.exe
c:\windows\1575spywar924z.exe
c:\windows\158z4troj149.dll
c:\windows\15964vzrus1795.exe
c:\windows\15970not-a-virzs554.ocx
c:\windows\159cspywa9ez95.bin
c:\windows\16495tro979z.dll
c:\windows\16c7baczdoor18759.bin
c:\windows\16z55vir5s9a9.cpl
c:\windows\174zs9yw5re1448.ocx
c:\windows\18270spamboz5659.ocx
c:\windows\18aa9zware3158.dll
c:\windows\193395pz249.bin
c:\windows\19359not-a-virzs25c.ocx
c:\windows\19392not-a-9z5uscb.ocx
c:\windows\19460no5-a-vzr9s4d1.dll
c:\windows\1955zhacktool4ba.exe
c:\windows\19929orm7z5.ocx
c:\windows\19z52worme59.dll
c:\windows\19z92tr5j7fd.bin
c:\windows\1a59z5r3104.exe
c:\windows\1af7threaz115549.ocx
c:\windows\1c94dow5l9aderz494.cpl
c:\windows\1cdb5par9ez02.ocx
c:\windows\1d2zt5reat1990.cpl
c:\windows\1de5vir924z.exe
c:\windows\1eadsp9waze2571.dll
c:\windows\1f6spywar5925z.ocx
c:\windows\1z19steal185.bin
c:\windows\1z60th5ea924808.bin
c:\windows\1z997s5y669.bin
c:\windows\1z99sparse2517.ocx
c:\windows\1zb3threa914525.ocx
c:\windows\1ze9sp5rse1054.bin
c:\windows\20096hacztoo57289.exe
c:\windows\2023zha9k5ool6bc.dll
c:\windows\20763v5r9s6z.bin
c:\windows\20929not-5-virus4zb.dll
c:\windows\21049parsez245.ocx
c:\windows\212z9w5rmb0.exe
c:\windows\21619s5y53cz.exe
c:\windows\2196tro5z99.bin
c:\windows\21997not-a-v95us66cz.cpl
c:\windows\22074no59a-virus5z1.ocx
c:\windows\22459hacz59ol5fe.cpl
c:\windows\2320t5o9559z.ocx
c:\windows\2329pywaze3524.exe
c:\windows\23669wz5m681.ocx
c:\windows\236eadd5zre259.dll
c:\windows\23z13spa5bot49f9.ocx
c:\windows\24070h5cztool2f9.cpl
c:\windows\24805py9aze.dll
c:\windows\24z3395oj2f4.dll
c:\windows\24z53hack9ool2fe.dll
c:\windows\25267zorm5c59.cpl
c:\windows\25448not-a9vizus143.bin
c:\windows\25503viruz925.dll
c:\windows\258029ormaz.cpl
c:\windows\25959hazktool779.bin
c:\windows\25cc9ddwzre18125.bin
c:\windows\26239azktool59f5.dll
c:\windows\26928s5y94z.bin
c:\windows\269caddzare1540.exe
c:\windows\2711zt5oj1bf9.dll
c:\windows\271535zrm5f9.dll
c:\windows\2752zhreat29756.dll
c:\windows\27904worm79z5.dll
c:\windows\27d9downloadez256.ocx
c:\windows\27ecthief2z559.bin
c:\windows\28452not-a-v9zus2f0.ocx
c:\windows\28515troz939.cpl
c:\windows\28898haz5t9ol593.dll
c:\windows\29139s9538z.bin
c:\windows\291bzckdoor1503.bin
c:\windows\29649not-z-5irus3b1.bin
c:\windows\296z7worm45d.cpl
c:\windows\2992vzru977a5.cpl
c:\windows\29z67n5t-a-virus60d.bin
c:\windows\2a39zhreat31589.cpl
c:\windows\2a99vzr5434.bin
c:\windows\2afd9pazs52036.cpl
c:\windows\2b59back9oor310z.exe
c:\windows\2bdzh59at30275.cpl
c:\windows\2c9ebackzo5r34.ocx
c:\windows\2ca5bzckdoor24999.cpl
c:\windows\2ccbdo5nzoad9r2531.cpl
c:\windows\2d6fdownlz5der9714.dll
c:\windows\2dd359reat15073z.exe
c:\windows\2e59addwzre2155.ocx
c:\windows\2e97backdz5r2431.dll
c:\windows\2z397spy195.ocx
c:\windows\2z542wor9369.bin
c:\windows\2z852not-9-vir5s4cb.ocx
c:\windows\2z9189ot-a-5irus100.exe
c:\windows\2z995spambo5573.exe
c:\windows\3016not-a-5irusz39.bin
c:\windows\304859zoj6e1.dll
c:\windows\309bsza5s971.exe
c:\windows\31979tr5jzc8.bin
c:\windows\31994wzrm555.ocx
c:\windows\33c2za5kdoor1394.bin
c:\windows\33fdst5zl1469.cpl
c:\windows\34a5spa5s9919z.exe
c:\windows\35cdthz9at17964.exe
c:\windows\3651sp9rse524z.dll
c:\windows\3715th9zf712.bin
c:\windows\3756hzck59ol208.exe
c:\windows\3797addwa5e2z02.dll
c:\windows\37dsp5rse9989z.cpl
c:\windows\38dsp59sz874.dll
c:\windows\398eszy5are860.bin
c:\windows\39fb5hr9at2537z.bin
c:\windows\39z89s5ambot1aa.cpl
c:\windows\3a98zo9n5oader996.exe
c:\windows\3a98zpars51270.dll

c:\windows\3aazbackdo592360.cpl
c:\windows\3ae55pyw9rz1897.exe
c:\windows\3af1backdzo5906.cpl
c:\windows\3b96s9yzare1395.cpl
c:\windows\3c54vir9727z.cpl
c:\windows\3cccstea51z29.bin
c:\windows\3ef5steaz9209.bin
c:\windows\3faz5i92290.ocx
c:\windows\3z4849acktool577.ocx
c:\windows\3z602spy9915.bin
c:\windows\3zb2add5are2279.ocx
c:\windows\415659rus5b8z.dll
c:\windows\41za9p5ware932.bin
c:\windows\4259dow5loader355z.dll
c:\windows\4266notza5virus196.cpl
c:\windows\434dt5reat19z419.exe
c:\windows\4359sparse2997z.dll
c:\windows\4394wormz58.exe
c:\windows\4396ad5warz49.exe
c:\windows\4457steal99z.cpl
c:\windows\449d5wnlzader3216.ocx
c:\windows\4515not-a-vi5us69z.exe
c:\windows\45cfdownload9r1053z.exe
c:\windows\473zspa9bot3145.exe
c:\windows\480dt9rezt325335.dll
c:\windows\48a6baczd5or9032.bin
c:\windows\48sp9rze29865.bin
c:\windows\4901thief571z.exe
c:\windows\4932s5ywaze9726.ocx
c:\windows\49455ownloadzr1148.cpl
c:\windows\49zath5ef2408.ocx
c:\windows\4a5zvir58499.dll
c:\windows\4a79virz57.bin
c:\windows\4bc5spyzare6789.bin
c:\windows\4c405d9ware22z8.dll
c:\windows\4dz9spar5e374.exe
c:\windows\4ee5do95loader21z.ocx
c:\windows\4z20spars5569.ocx
c:\windows\5009steal2986z.bin
c:\windows\5194bzckd5or59.cpl
c:\windows\52170zorm39b.bin
c:\windows\5344spzware2592.exe
c:\windows\534troj5fz9.dll
c:\windows\5379viruz559.ocx
c:\windows\53dbz9yware2100.exe
c:\windows\5451spyw5re30z39.bin
c:\windows\545vi9236z.cpl
c:\windows\5490tzoj5855.ocx
c:\windows\54e5o9nlzader3137.cpl
c:\windows\54z9hackto5l195.ocx
c:\windows\5515vir3z29.exe
c:\windows\55249wormz97.cpl
c:\windows\55585spy39z.exe
c:\windows\555a9parsz2251.ocx
c:\windows\5595n5t9a-vizus408.ocx
c:\windows\559baddwaze9979.dll
c:\windows\55c6addzare1597.ocx
c:\windows\55cdownload5r209z.ocx
c:\windows\55z3addwar993.bin
c:\windows\5632t5re9t4030z.ocx
c:\windows\568badd9arez545.ocx
c:\windows\575vir5s5d9z.bin
c:\windows\57c25zeal9159.dll
c:\windows\58d9backdz9r2825.exe
c:\windows\5901spamb5tzfd.dll
c:\windows\590d5te9lz504.bin
c:\windows\595bzckdoor2258.bin
c:\windows\5969virz2975.bin
c:\windows\598caddwaz92586.exe
c:\windows\59dzvir5539.exe
c:\windows\59z7backdoor5055.cpl
c:\windows\5a27add9ar5z910.bin
c:\windows\5b59downloader23z8.ocx
c:\windows\5b8ezhief3980.cpl
c:\windows\5bd5az9ware834.ocx
c:\windows\5bfbdownl9zder1599.exe
c:\windows\5c1abaczdoo51719.ocx
c:\windows\5cb6do9zload5r1177.exe
c:\windows\5cf99ackdoorz059.ocx
c:\windows\5d259ddware5z8.dll
c:\windows\5d5ab9czdoor2926.ocx
c:\windows\5d8c5aczdoor1491.cpl
c:\windows\5d97ste953164z.cpl
c:\windows\5dbeszarse25995.dll
c:\windows\5ddfthzef9750.ocx
c:\windows\5e68dow5lozder26829.bin
c:\windows\5ec9spywarez308.dll
c:\windows\5f31sp9rse25z4.dll
c:\windows\5z5cvir29505.dll
c:\windows\5z61vi9us3c5.dll
c:\windows\6059zir2529.cpl
c:\windows\6079hac5tool3z9.exe
c:\windows\60955pywzre2000.dll
c:\windows\60fdstza526769.exe
c:\windows\614z9pyc85.bin
c:\windows\6156backd9oz1655.cpl
c:\windows\616sparze5992.cpl
c:\windows\6172thr5z926316.bin
c:\windows\6235vi5395z.bin
c:\windows\6259viz1879.bin
c:\windows\637cbzc5door4749.cpl
c:\windows\63995iz95.dll
c:\windows\647fsze5l19699.exe
c:\windows\6578haczto5l190.ocx
c:\windows\6599zackdoor1894.cpl
c:\windows\659dthzef101.ocx
c:\windows\65fc9pazse774.dll
c:\windows\667fzhi9f1059.exe
c:\windows\66czthie914325.cpl
c:\windows\66z5no9-a-vi5us1f7.dll
c:\windows\69055aczdoor2347.dll
c:\windows\69215pamboz2ab9.cpl
c:\windows\6b955ackdozr1156.ocx
c:\windows\6d9bspywzre25325.dll
c:\windows\6e1059izf1928.exe
c:\windows\6eaedowzl5ade9427.dll
c:\windows\6ebbsp5ware1491z.bin
c:\windows\6eefad5w9re3z34.ocx
c:\windows\6zf5a5dware2669.cpl
c:\windows\70275p9mboz91.bin
c:\windows\7033z5ckdoor2996.exe
c:\windows\707zt9ief2659.exe
c:\windows\7259zir3228.bin
c:\windows\7291spyware25z2.bin
c:\windows\72f6s9arse2454z.dll
c:\windows\7350viz9161.bin
c:\windows\735spywarz1509.cpl
c:\windows\7374tz595c.ocx
c:\windows\7375threat53069z.dll
c:\windows\73baspa5se15z9.cpl
c:\windows\74ebba5kdozr954.ocx
c:\windows\7523viz19855.bin
Here is another part

c:\windows\7528z5eal19.exe
c:\windows\759b9ackdzor5143.dll
c:\windows\759cthrzat2075.dll
c:\windows\75bzsteal2339.exe
c:\windows\76a9addw5re1z49.ocx
c:\windows\7820w5rm9z3.bin
c:\windows\7886down9oad5r1z98.exe
c:\windows\7953zteal2930.ocx
c:\windows\7956vir5z589.exe

Here is the third part

c:\windows\7987thie5728z.bin
c:\windows\7991zhief2534.bin
c:\windows\7998viru53z.exe
c:\windows\79zfb5ckdoor9154.ocx
c:\windows\7a80ba9kdo5r2z12.dll
c:\windows\7b19zackdoo51171.cpl
c:\windows\7b4st9al2505z.ocx
c:\windows\7bbathz9at13085.cpl
c:\windows\7c35b9zkdoor2611.dll
c:\windows\7f89viz95.ocx
c:\windows\7fbfthr9at11z53.ocx
c:\windows\7z7cd5wnloa9er1627.cpl
c:\windows\7z9dthie5831.dll
c:\windows\7zc3thief5869.ocx
c:\windows\8139tzo5299.dll
c:\windows\8351hackz9ol45f.exe
c:\windows\85bth9ez3262.bin
c:\windows\8819vi5u9751z.bin
c:\windows\8962h5cktoolzf9.ocx
c:\windows\8b5zhi5f1699.exe
c:\windows\901notza-vi9us350.bin
c:\windows\90283wo5z332.ocx
c:\windows\90760spamzo57f.cpl
c:\windows\90z01spy56.dll
c:\windows\9147zpy3a5.dll
c:\windows\9322zsp5d8.ocx
c:\windows\94576virus2z.ocx
c:\windows\94953t5oz1e5.dll
c:\windows\9506troz4595.bin
c:\windows\9524troj9z2.dll
c:\windows\95451hacktool7dz.bin
c:\windows\959espywaze10655.dll
c:\windows\95bdownloadzr2650.ocx
c:\windows\9605viz5985.ocx
c:\windows\9634v5r2z31.ocx
c:\windows\9758virzs5e.dll
c:\windows\9850w9r5bfz.exe
c:\windows\99f5threatz935.cpl
c:\windows\9b845parsez634.exe
c:\windows\9f82sparz51055.cpl
c:\windows\9f9ed5wzloader1242.bin
c:\windows\9z952worm408.ocx
c:\windows\9zc65hreat1665.exe
c:\windows\9ze65ir2181.cpl
c:\windows\a61adzw9re2594.dll
c:\windows\c38thrzat5495.cpl
c:\windows\dez5ddware9879.ocx
c:\windows\eb9spy5are495z.cpl
c:\windows\system32\_baabntmvrb.dll
c:\windows\system32\100725i9usz20.cpl
c:\windows\system32\10525virus289z.cpl
c:\windows\system32\10z945py655.bin
c:\windows\system32\11118t9o519z.ocx
c:\windows\system32\11191hackto9l556z.ocx
c:\windows\system32\11336worm955z.bin
c:\windows\system32\11850w5rmz9b.exe
c:\windows\system32\11955hief5z.ocx
c:\windows\system32\1196bac5doorz909.dll
c:\windows\system32\11s5y791z.dll
c:\windows\system32\12225viruz18a9.exe
c:\windows\system32\12359a5kzoor2265.ocx
c:\windows\system32\125zvi9usbf.exe
c:\windows\system32\1295backd5zr1050.dll
c:\windows\system32\129zspar5e1130.bin
c:\windows\system32\12z56not-a-v9rusb4.exe
c:\windows\system32\134025zy5fd9.bin
c:\windows\system32\1379down5oad9rz038.ocx
c:\windows\system32\13z9spa5bo9d8.ocx
c:\windows\system32\14046wz9m6895.ocx
c:\windows\system32\141519zy476.cpl
c:\windows\system32\14251vizus9c7.cpl
c:\windows\system32\1492z5iru94be.bin
c:\windows\system32\14956noz-5-vir9s526.cpl
c:\windows\system32\149z8wormcb5.dll
c:\windows\system32\14z359orm30a.dll
c:\windows\system32\14z75s9y6bf.dll
c:\windows\system32\14z915a9ktool7a2.cpl
c:\windows\system32\14zespa5se17409.exe
c:\windows\system32\15203ha9ztoo520a.exe
c:\windows\system32\152z9sp5498.dll
c:\windows\system32\153389irzs454.exe
c:\windows\system32\154z9spy950.bin
c:\windows\system32\15669t5al3z89.cpl
c:\windows\system32\156805zt-a-9irus5da.dll
c:\windows\system32\15893vzrus14f.bin
c:\windows\system32\159fthizf1128.dll
c:\windows\system32\159zpyware2295.exe
c:\windows\system32\15c0downlo5de9z73.cpl
c:\windows\system32\16275viz9s351.bin
c:\windows\system32\16c59tezl311.ocx
c:\windows\system32\17599s5z9e2.exe
c:\windows\system32\18135za9ktool5075.exe
c:\windows\system32\18394spa5boz93d.cpl
c:\windows\system32\1854t9iez5950.cpl
c:\windows\system32\18872vzrus5d89.ocx
c:\windows\system32\18a3t9izf2357.cpl
c:\windows\system32\194zspars5785.cpl
c:\windows\system32\19599spzmbot55f.bin
c:\windows\system32\19685wormza2.dll
c:\windows\system32\1971zwor915b.dll
c:\windows\system32\1988zp9ware459.ocx
c:\windows\system32\1990zt5oj5a79.cpl
c:\windows\system32\19996szy6175.dll
c:\windows\system32\19eadown9oa5zr2493.ocx
c:\windows\system32\19z88w5rm285.cpl
c:\windows\system32\1a39threat191z5.exe
c:\windows\system32\1bzds9ar5e921.exe
c:\windows\system32\1c82downl5ader9z4.cpl
c:\windows\system32\1c9a9ackdzor1515.dll
c:\windows\system32\1c9e9ir5906z.ocx
c:\windows\system32\1czdadd5are990.bin
c:\windows\system32\1da159ezl1857.ocx
c:\windows\system32\1z0fthie93595.exe
c:\windows\system32\1z312troj6985.dll
c:\windows\system32\20217spz9bot665.dll
c:\windows\system32\20294ha5ktool384z.cpl
c:\windows\system32\205859pambot6az.bin
c:\windows\system32\20595troj9z.bin
c:\windows\system32\20803spamb5z349.bin
c:\windows\system32\209zd5wnloader9929.ocx
c:\windows\system32\21453zor97a6.ocx
c:\windows\system32\21519ir629z.bin
c:\windows\system32\21657szamb9t9d.exe
c:\windows\system32\21704wormz59.dll
c:\windows\system32\21977t5ojzbe.bin
c:\windows\system32\21easpyw5z9570.exe
c:\windows\system32\21z80not-a-vi9us1c5.cpl
c:\windows\system32\22093trzj185.bin
c:\windows\system32\2277downlozder26579.cpl
c:\windows\system32\23294zacktool75f9.dll
c:\windows\system32\233e59wnloader176z.dll
c:\windows\system32\235czhief9175.bin
c:\windows\system32\23957vir9s34z.cpl
c:\windows\system32\24025w9rm751z.cpl
c:\windows\system32\2413sp9wa5ez035.dll
c:\windows\system32\245zot-9-virusb9.ocx
c:\windows\system32\24840sp9mzot253.ocx
c:\windows\system32\2488zspa9bot2c45.dll
c:\windows\system32\24985spamb5t749z.exe
c:\windows\system32\24z95vir5s49b.exe
c:\windows\system32\2525zvirus7975.cpl
c:\windows\system32\25359sp5mbot4z69.exe

here is the fourth part

c:\windows\system32\255ezteal92.ocx
c:\windows\system32\2570s59alz56.ocx
c:\windows\system32\257z2s9y146.bin
c:\windows\system32\25816viru9z55.exe
c:\windows\system32\25890wor55bz.cpl
c:\windows\system32\258z7w9rm662.exe
c:\windows\system32\25973tro9787z.dll
c:\windows\system32\25ceaddwz9e158.cpl
c:\windows\system32\25zworm5bb9.ocx
c:\windows\system32\264z5spy2bd9.bin
c:\windows\system32\264z5worm915.bin
c:\windows\system32\2656thz9f8.exe
c:\windows\system32\265z49ormb7.exe
c:\windows\system32\26609wozm395.bin
c:\windows\system32\26679sza5bota9.cpl
c:\windows\system32\26z5ha9ktool4b2.dll
c:\windows\system32\27304spzmbo9152.dll
c:\windows\system32\27917z9ambot20e5.ocx
c:\windows\system32\2792zteal3975.exe
c:\windows\system32\28658sp931z.dll
c:\windows\system32\28979viru5159z.cpl
c:\windows\system32\28999no5-azvirus237.ocx
c:\windows\system32\28zbs95al2361.ocx
c:\windows\system32\28zcdo5nloa9er2559.exe
c:\windows\system32\2915spyware553z.cpl
c:\windows\system32\29530hzckto5l1f99.exe
c:\windows\system32\2973z9ir5s14c.dll
c:\windows\system32\2979zpy5are2554.bin
c:\windows\system32\2990spy5ar961z.ocx
c:\windows\system32\29946wo5z4ab.cpl
c:\windows\system32\29edsparse392z5.exe
c:\windows\system32\2a7zaddw59e2696.cpl
c:\windows\system32\2b3baddza952028.dll
c:\windows\system32\2b9dspyw5re877z.cpl
c:\windows\system32\2b9zthief10905.ocx
c:\windows\system32\2bzb9i5587.dll
c:\windows\system32\2db359arse18z0.cpl
c:\windows\system32\2e14s9ealz0955.ocx
c:\windows\system32\2e23zpa95e1252.dll
c:\windows\system32\2e4addzare935.cpl
c:\windows\system32\2eddbackdo9rz2595.dll
c:\windows\system32\2ez8backdo592984.ocx
c:\windows\system32\2z034troj97c5.ocx
c:\windows\system32\2z647v9ru5593.ocx
c:\windows\system32\2zb3down5oad9r90.exe
c:\windows\system32\2ze3down5oader2819.exe
c:\windows\system32\303955ot-a-virus4z39.ocx
c:\windows\system32\30919worz25a.cpl
c:\windows\system32\30b2dzwnloader10995.bin
c:\windows\system32\30z259pam5ot68.ocx
c:\windows\system32\31715noz-a-viru56379.ocx
c:\windows\system32\3171wz95505.dll
c:\windows\system32\317369ozm35f.exe
c:\windows\system32\317549ot-azvirus12e5.dll
c:\windows\system32\31819ot-a-vi5us506z.ocx
c:\windows\system32\31c5thief39z5.dll
c:\windows\system32\31f1thzef3519.dll
c:\windows\system32\31z09wo5ma1.bin
c:\windows\system32\327zaddw5re9366.dll
c:\windows\system32\3354not-z-v5rus594.exe
c:\windows\system32\338bste9l20z45.exe
c:\windows\system32\33b4backdo59305z.bin
c:\windows\system32\341zw9r533b.cpl
c:\windows\system32\350zhack9oo51eb.dll
c:\windows\system32\355fzddwa9e440.ocx
c:\windows\system32\3599zir13315.dll
c:\windows\system32\35e9steaz5586.cpl
c:\windows\system32\35e9sz9rse1260.exe
c:\windows\system32\363dth5zat9597.ocx
c:\windows\system32\379addza5e1484.cpl
c:\windows\system32\39335parse147z.ocx
c:\windows\system32\39495spz785.cpl
c:\windows\system32\3952ztroj645.cpl
c:\windows\system32\3a5bv9rz465.exe
c:\windows\system32\3b99azd5are2142.bin
c:\windows\system32\3d95downloader959z.dll
c:\windows\system32\3f0cth5ezt99161.ocx
c:\windows\system32\3z013wo9m564.cpl
c:\windows\system32\3z0d9hreat53491.cpl
c:\windows\system32\3z617not-a-viru9635.cpl
c:\windows\system32\3z724ha5kt9ol70.exe
c:\windows\system32\3z96w5rm3d0.cpl
c:\windows\system32\401adownlzader1959.cpl
c:\windows\system32\4097vi924z5.exe
c:\windows\system32\40a75iz9026.bin
c:\windows\system32\4295troj1z1.ocx
c:\windows\system32\42a5threa93251z5.bin
c:\windows\system32\4393thief521z.exe
c:\windows\system32\43zf9ackdoor825.dll
c:\windows\system32\4409vzrus457.exe
c:\windows\system32\44a5zpyware31669.exe
c:\windows\system32\452szy9dc5.ocx
c:\windows\system32\4559add9are2z66.bin
c:\windows\system32\4595wo9m7z8.exe
c:\windows\system32\4599spzmbot79b.dll
c:\windows\system32\45b5sp9rse195z.dll
c:\windows\system32\45dfzpar9e665.cpl
c:\windows\system32\4654v9r3052z.exe
c:\windows\system32\46925h9eat10z49.exe
c:\windows\system32\472fad5warz1296.dll
c:\windows\system32\47z7down5oader1957.cpl
c:\windows\system32\4895szam5ot717.ocx
c:\windows\system32\4915spa9bot3bz.exe
c:\windows\system32\4950spy31z.exe
c:\windows\system32\49c0add5zre6.dll
c:\windows\system32\49e2spyware5534z.exe
c:\windows\system32\4b9cth9efz55.bin
c:\windows\system32\4e54doznloade530609.ocx
c:\windows\system32\4f1cth9ea514z2.dll
c:\windows\system32\4f86ste9l1587z.exe
c:\windows\system32\4z35addw5re11139.dll
c:\windows\system32\4z819p5mbot733.dll
c:\windows\system32\5054virus59cz.cpl
c:\windows\system32\5084addw9re2z75.ocx
c:\windows\system32\50caste9z24375.dll
c:\windows\system32\5104zworm12c9.bin
c:\windows\system32\51165azktool6e89.cpl
c:\windows\system32\5130ba9kdoorz743.dll
c:\windows\system32\5145stzal2869.exe
c:\windows\system32\5171viz9sdc5.bin
c:\windows\system32\5215zorm902.ocx
c:\windows\system32\521eb5ckdzor229.exe
c:\windows\system32\5232zpywar51399.cpl
c:\windows\system32\5233troz3d29.exe
c:\windows\system32\52485spambzt799.exe
c:\windows\system32\52659owzloade52754.exe
c:\windows\system32\529sz5al595.cpl
c:\windows\system32\52z65sp96a.cpl
c:\windows\system32\5318v9rzs7c7.cpl
c:\windows\system32\5339add9are59z.bin
c:\windows\system32\53azbackd9or558.bin
c:\windows\system32\5411spz50a9.dll
c:\windows\system32\5479vzr2706.exe
c:\windows\system32\54925dzware730.cpl
c:\windows\system32\5495spzr9e1691.bin
c:\windows\system32\54z3v5r14739.cpl
c:\windows\system32\54z6wo9m1bf.bin
c:\windows\system32\5514szea52719.exe
c:\windows\system32\5526bz9kdoor1062.bin
c:\windows\system32\55974zpy46a.exe
c:\windows\system32\55threa9229z6.exe
c:\windows\system32\5607nz9-a5virus15.dll
c:\windows\system32\5612spzwa9e1034.dll
c:\windows\system32\5687wor921z5.cpl
c:\windows\system32\56b6s5arse97z.ocx
c:\windows\system32\56c35hrezt273219.bin
c:\windows\system32\56f4sparse1z889.cpl
c:\windows\system32\572as59rse3z.exe
c:\windows\system32\5753noz-a-vi9us580.bin
c:\windows\system32\57czsp9rse5251.bin
c:\windows\system32\583azown9oader5482.exe
c:\windows\system32\5855s9ywarez996.exe
c:\windows\system32\585999roz3dc.exe
c:\windows\system32\5859sparze26275.exe
c:\windows\system32\59293not9a-virzs33e.bin
c:\windows\system32\5931spar5e41z.bin
c:\windows\system32\5955spyzare335.exe
c:\windows\system32\595fba5zdoor2414.ocx
c:\windows\system32\596ezteal2999.exe
c:\windows\system32\59759z9rus7ec.ocx
c:\windows\system32\59969worz80.exe
c:\windows\system32\59bez5dware601.exe
c:\windows\system32\59e7steal19z3.cpl
c:\windows\system32\5a08a5dwaze1529.bin
c:\windows\system32\5af3backdo9r281z.bin
c:\windows\system32\5b3zvir18795.dll
c:\windows\system32\5b65thief889z.bin
c:\windows\system32\5c7caddware159z.ocx
c:\windows\system32\5e5spy5are973z.ocx
c:\windows\system32\5e5zdownl9ader589.dll
c:\windows\system32\5e8do9nloade5251z.ocx
c:\windows\system32\5f05vi9z194.dll
c:\windows\system32\5fd4sp9rsz1325.dll
c:\windows\system32\5z90sp9d7.bin
c:\windows\system32\5z94do5nl9ader723.ocx
c:\windows\system32\5zaeaddware13599.exe
c:\windows\system32\6052spzrse13879.dll
c:\windows\system32\60e0thrzat19502.cpl
c:\windows\system32\60z0vir9s75c.ocx
c:\windows\system32\61czs95ware1632.ocx
c:\windows\system32\6281not5a-ziru91a0.dll
c:\windows\system32\6390steaz1335.ocx
c:\windows\system32\6568spar5z1689.dll
c:\windows\system32\6574th5ef978z.exe
c:\windows\system32\659z9ir355.exe
c:\windows\system32\65fvi983z.exe
c:\windows\system32\65z6sp9mbot79b.bin
c:\windows\system32\66025orm34z9.ocx
c:\windows\system32\6660s9azbo5575.ocx
c:\windows\system32\6754zir9059.bin
c:\windows\system32\682ds9ea51370z.ocx
c:\windows\system32\683ezown5o9der2891.exe
c:\windows\system32\6890ba5kdoor791z.bin
c:\windows\system32\6900thze52795.exe
c:\windows\system32\699zvi5175.exe
c:\windows\system32\69d7dowzloader1155.ocx
c:\windows\system32\6a41thr9at32z35.dll
c:\windows\system32\6a51ad5w9re128z.exe
c:\windows\system32\6a5at9izf2855.bin
c:\windows\system32\6ac29ddwarez751.cpl
c:\windows\system32\6c229dd5are1z59.bin
c:\windows\system32\6c81ad5wzre2986.cpl
c:\windows\system32\6fe0azdwa5e690.bin

c:\windows\system32\7075spy9ar51005z.bin
c:\windows\system32\7085z9yware5379.cpl
c:\windows\system32\7088thze5915576.ocx
c:\windows\system32\717bdownlo59erz527.cpl
c:\windows\system32\71fzthre9t321445.bin
c:\windows\system32\723bthrzat5269.cpl
c:\windows\system32\7592noz-5-virus35a.dll
c:\windows\system32\7594thi5z69.bin
c:\windows\system32\7755threa9z4056.ocx
c:\windows\system32\7899thie95z29.bin
c:\windows\system32\79195iz1344.exe
c:\windows\system32\7930zac5door2930.ocx
c:\windows\system32\7935s5ezl1522.bin
c:\windows\system32\7939st5alz579.dll
c:\windows\system32\7987threat1z05.dll
c:\windows\system32\7999zroj658.exe
c:\windows\system32\7bc9azdwar95437.dll
c:\windows\system32\7bd5backzoor27369.ocx
c:\windows\system32\7c65addwzre9170.ocx
c:\windows\system32\7d3abazkd9or3572.ocx
c:\windows\system32\7d3e5t9alz812.exe
c:\windows\system32\7ee4zownload5r1930.cpl
c:\windows\system32\7z8aadd5a9e18.bin
c:\windows\system32\8120troz79e5.bin
c:\windows\system32\8158z59-a-virus1cb.ocx
c:\windows\system32\843backdoo5399z.exe
c:\windows\system32\846dowzloader9501.exe
c:\windows\system32\8588spambo9z38.bin
c:\windows\system32\897downzoader5159.cpl
c:\windows\system32\905885roz4e8.exe
c:\windows\system32\90evi51766z.cpl
c:\windows\system32\91906zirusc5.ocx
c:\windows\system32\929z2spy5495.ocx
c:\windows\system32\93729zi5us4c4.cpl
c:\windows\system32\940zir95417.dll
c:\windows\system32\94z2sp5mbot1b2.exe
c:\windows\system32\94z9no5-a-virus118.cpl
c:\windows\system32\95314virzs42f.dll
c:\windows\system32\954aaddwaze572.dll
c:\windows\system32\95591hacktozl6cc.dll
c:\windows\system32\9563v5rus16z.ocx
c:\windows\system32\9599spamboz53.exe
c:\windows\system32\96szeal2685.cpl
c:\windows\system32\9755steal289z.exe
c:\windows\system32\975aspazs5605.cpl
c:\windows\system32\97zback5oor960.cpl
c:\windows\system32\986fspa5se3z9.dll
c:\windows\system32\9895zroj518.dll
c:\windows\system32\9915vi5us4z39.ocx
c:\windows\system32\9963virus3z5.cpl
c:\windows\system32\9967spz55d.bin
c:\windows\system32\99athzef31925.dll
c:\windows\system32\9a3zthief30575.exe
c:\windows\system32\9czadd5ar9968.ocx
c:\windows\system32\9d1cdow5loadez851.cpl
c:\windows\system32\9d785zeal1832.cpl
c:\windows\system32\9d9et5iez600.dll
c:\windows\system32\9z091troj50.cpl
c:\windows\system32\9z705hreat6476.exe
c:\windows\system32\atmli.dll
c:\windows\system32\b36threa9557z3.cpl
c:\windows\system32\bvwveoib.ini
c:\windows\system32\c5athie97z6.ocx
c:\windows\system32\c705zeal1639.dll
c:\windows\system32\c9ft5reat2z222.ocx
c:\windows\system32\cojystnm.ini
c:\windows\system32\d285p9ware28z6.dll
c:\windows\system32\d59zddware109.dll
c:\windows\system32\drivers\fuqkveit.sys
c:\windows\system32\drivers\pjtbntey.sys
c:\windows\system32\e1eszywar51948.bin
c:\windows\system32\e50sparse5z59.dll
c:\windows\system32\e65spyza9e8975.dll
c:\windows\system32\e9aspaz9e29995.dll
c:\windows\system32\hrssognp.dll
c:\windows\system32\ngjemv.dll
c:\windows\system32\qcmynlhv.ini
c:\windows\system32\qpkdgngq.ini
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\wdngrwip.dll
c:\windows\system32\xxomlqio.dll
c:\windows\system32\yvfihh.dll
c:\windows\system32\z05cdownl9ader2440.ocx
c:\windows\system32\z17stea95079.cpl
c:\windows\system32\z251virus795.exe
c:\windows\system32\z4051t5oj39c9.ocx
c:\windows\system32\z4919no9-5-virus7ab.ocx
c:\windows\system32\z5292spambotd0.bin
c:\windows\system32\z55839irus45b.bin
c:\windows\system32\z5609wor51899.cpl
c:\windows\system32\z6c7sparse52139.bin
c:\windows\system32\z7755ddwar92375.cpl
c:\windows\system32\z889vir1959.cpl
c:\windows\system32\z8athi9f5206.ocx
c:\windows\system32\z9561s5956a.bin
c:\windows\system32\z9585wo5m398.cpl
c:\windows\system32\z994vir5238.dll
c:\windows\system32\z9b35teal598.cpl
c:\windows\system32\zaa5spywar91955.exe
c:\windows\system32\zae45ackdo9r894.bin
c:\windows\system32\zcec5hief289.dll
c:\windows\system32\zefa9pyware5145.cpl
c:\windows\z0289virus25e.bin
c:\windows\z0cathie928255.ocx
c:\windows\z20cste592265.cpl
c:\windows\z2591virus359.bin
c:\windows\z2dd5ownloader1091.exe
c:\windows\z304sp5mbot3059.dll
c:\windows\z3850h9c5tool151.ocx
c:\windows\z434troj759.ocx
c:\windows\z4632tr5j129.ocx
c:\windows\z501spyware1951.exe
c:\windows\z5693spy4eb.cpl
c:\windows\z6165v9rus72b.bin
c:\windows\z66d5ir14989.ocx
c:\windows\z820ste9l5145.cpl
c:\windows\z8456hacktool94b.exe
c:\windows\z875spambo9715.dll
c:\windows\z8955teal1978.cpl
c:\windows\z955spy395.cpl
c:\windows\z9615py5d1.dll
c:\windows\z9951spy35a9.dll
c:\windows\zbbd9dd5are3274.cpl
c:\windows\zd4bs9ar5e1629.exe
c:\windows\zfd59ir761.ocx
.
---- Previous Run -------
.
C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\Seekapp
c:\documents and settings\All Users\Application Data\Seekapp\seekapp122.exe
c:\program files\RelevantKnowledge
c:\windows\system32\drivers\gxvxcoivyerpvbcuhaodiqjmgrywsvkexlpja.sys
c:\windows\system32\gxvxcljqpujlkkuteehlyepyluntuvxvjtekc.dll
c:\windows\system32\gxvxcwuvjcyaqotpmtutcntgdbnnnoehibpfr.dll
c:\windows\wiaserviv.log
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Legacy_FUQKVEIT
-------\Service_fuqkveit


((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 05:17 . 2009-06-06 05:17 3018113 ----a-r- C:\Combo-Fix.exe
2009-06-06 04:16 . 2009-01-14 23:11 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-06 04:16 . 2009-01-14 23:11 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 04:16 . 2009-06-06 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 03:35 . 2009-06-06 04:57 114411 ----a-w- C:\MGlogs.zip
2009-06-06 03:35 . 2009-06-06 05:16 -------- d-----w- C:\MGtools
2009-06-06 03:34 . 2009-06-06 03:34 1342151 ----a-w- C:\MGtools.exe
2009-06-06 03:04 . 2009-06-06 03:04 -------- d-----w- c:\program files\Trend Micro
2009-06-05 17:30 . 2004-02-23 08:00 1386496 ----a-w- c:\windows\system32\MSVBVM60.DLL
2009-06-03 01:29 . 2009-06-03 01:29 14042 ----a-w- c:\windows\system32\89555r9jz.exe
2009-06-03 01:29 . 2009-06-03 01:29 361472 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-06-02 23:30 . 2008-11-05 17:14 1048576 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ujihy2ny.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash\components\IBitCometExtension.dll
2009-05-31 17:40 . 2009-05-31 17:40 -------- d-----w- c:\program files\1 Moon Above
2009-05-31 17:40 . 2006-03-10 19:10 749568 ----a-w- c:\windows\system32\1 Moon Above.exe
2009-05-31 17:40 . 2006-03-09 00:46 65536 ----a-w- c:\windows\system32\1 Moon Above.dll
2009-05-31 17:40 . 2005-01-11 02:51 40960 ----a-w- c:\windows\system32\1 Moon Above.scr
2009-05-31 17:36 . 2009-05-31 17:36 -------- d-----w- c:\program files\Planet Quest
2009-05-31 17:36 . 2006-02-17 00:15 954368 ----a-w- c:\windows\system32\Planet Quest.exe

Last edited by ozi173 on 6th June 2009, 8:32 pm; edited 1 time in total

This is the last part

2009-05-31 17:36 . 2006-02-17 00:08 65536 ----a-w- c:\windows\system32\Planet Quest.dll
2009-05-31 17:36 . 2005-01-11 02:51 40960 ----a-w- c:\windows\system32\Planet Quest.scr
2009-05-26 05:23 . 2001-08-17 19:12 23070 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2009-05-26 05:23 . 2001-08-17 19:12 23070 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-05-26 05:18 . 2009-05-26 05:18 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-25 15:35 . 2003-04-26 07:08 152576 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-21 01:01 . 2009-05-21 01:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 05:08 . 2008-11-29 05:45 -------- d-----w- c:\program files\BitComet
2009-06-06 03:24 . 2003-04-26 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-06-05 17:48 . 2003-04-27 03:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-05 17:06 . 2009-01-18 19:48 -------- d-----w- c:\documents and settings\admin\Application Data\GetRightToGo
2009-05-27 02:27 . 2008-12-23 01:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-06 23:00 . 2009-05-06 23:00 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2009-05-06 22:56 . 2009-05-06 22:56 -------- d-----w- c:\documents and settings\admin\Application Data\dvdcss
2009-05-01 00:48 . 2008-11-15 18:36 42168 ----a-w- c:\documents and settings\Zara\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 03:48 . 2009-04-29 03:48 -------- d-----w- c:\program files\Activision
2009-04-28 22:50 . 2009-04-28 22:50 -------- d-----w- c:\documents and settings\admin\Application Data\The Creative Assembly
2009-04-28 01:16 . 2009-04-28 01:16 42168 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 18:26 . 2008-12-21 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-25 18:26 . 2008-12-21 18:59 -------- d-----w- c:\program files\Yahoo!
2009-04-25 18:25 . 2009-02-20 01:42 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-04-25 18:25 . 2009-02-20 01:42 -------- d-----w- c:\program files\AVS4YOU
2009-04-20 03:03 . 2009-04-20 03:03 -------- d-----w- c:\program files\Dell AIO Printer A920
2009-04-20 03:03 . 2009-04-20 03:03 -------- d-----w- c:\program files\Dell A920
2009-04-18 14:59 . 2009-01-11 17:48 34 ----a-w- c:\documents and settings\Zara\jagex_runescape_preferences.dat
2009-04-09 18:19 . 2008-11-15 06:16 -------- d-----w- c:\documents and settings\Zara\Application Data\dvdcss
2009-03-25 01:33 . 2009-03-25 01:33 237264 ----a-w- c:\documents and settings\Zara\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-01-01 18:16 . 2009-01-01 18:16 181760 ----a-w- c:\program files\Common Files\Ndm353a2rL.exe
2009-01-01 18:16 . 2009-01-01 18:16 110592 ----a-w- c:\program files\Common Files\dRp6PJ53WU.exe
2004-04-19 09:54 . 2007-09-17 18:23 139264 ----a-w- c:\program files\MSI20Wiz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2002-06-05 167936]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
office.exe [2009-4-26 24455]
SMC2802W 54 Mbps WLAN Utility.lnk - c:\program files\SMC\SMC2802W 54 Mbps WLAN Utility\SMCUTIL.exe [2008-11-10 557056]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

S0 xvjc;xvjc;c:\windows\System32\drivers\qtnqh.sys --> c:\windows\System32\drivers\qtnqh.sys [?]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\Bulk503.sys [10/15/2001 12:45 PM 10599]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\ISO503.SYS [4/9/2002 10:49 AM 526885]
S3 PRISM_ICB;SMC2802W 2.4GHz 54Mbps Wireless PCI Card;c:\windows\system32\drivers\smc2802w.sys [11/10/2008 5:26 AM 57752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FUQKVEIT
*Deregistered* - fuqkveit
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-484763869-1060284298-1004.job
- c:\documents and settings\Zara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 00:09]

2009-06-03 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2008-12-07 18:36]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-procexp90.Sys
SafeBoot-Winqv26.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ujihy2ny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www10.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ujihy2ny.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.2\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www10.yoog.com/search.php?q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 22:42
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(592)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3224)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\mlang.dll
c:\windows\System32\msimtf.dll
c:\windows\System32\MSCTF.dll
c:\windows\System32\MSLS31.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
.
**************************************************************************
.
Completion time: 2009-06-06 22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 05:47

Pre-Run: 4,926,259,200 bytes free
Post-Run: 8,966,873,088 bytes free

946 --- E O F --- 2009-06-05 14:45

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
xvjc
fuqkveit

File::
c:\windows\system32\89555r9jz.exe
c:\windows\system32\tempo-setup2.exe
c:\program files\Common Files\Ndm353a2rL.exe
c:\program files\Common Files\dRp6PJ53WU.exe
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ujihy2ny.default\user.js

Folder::
c:\program files\BitComet

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"=-
"DisableLockWorkstation"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-

Firefox::
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ujihy2ny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www10.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.