GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Please, Please Help Me! I tried to install Malwarebytes...

View previous topic View next topic Go down

Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 5:02 am

To get rid of WiniBlueSoft, but a runtime error keeps popping up as I try to install or run. I am on XP Home Edition. I can't open task manager either. I'd like not to have to reinstall windows.

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by Belahzur on Wed Jun 03, 2009 1:15 pm

Hello.
Delete this file in bold:
C:\Windows\system32\blocker.dll

Let me know if you can run exe files now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 3:37 pm

Hi,
I couldn't delete the file (C:\Windows\system32\blocker.dll) normally, but I installed killbox and tried from there. That wouldn't delete the file either unless I checked "delete on reboot" (don't know why). So, I rebooted and ran SmitFraudFix and cleaned the registry. The notepad rapport looked like this:

SmitFraudFix v2.418

Scan done at 11:09:53.20, Wed 06/03/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\autorun.inf Deleted

IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


RK


DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CFDF6C9-54B8-4444-9DB6-9EA8B846A84C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CFDF6C9-54B8-4444-9DB6-9EA8B846A84C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4CFDF6C9-54B8-4444-9DB6-9EA8B846A84C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4CFDF6C9-54B8-4444-9DB6-9EA8B846A84C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


RK.2



Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End




After that it let me run Malwarebytes. I ran a full scan and the log looks like this:

Malwarebytes' Anti-Malware 1.37
Database version: 2223
Windows 5.1.2600 Service Pack 3

6/3/2009 11:35:38 AM
mbam-log-2009-06-03 (11-35-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150917
Time elapsed: 16 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Owner\Start Menu\Programs\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\WinBlueSoft Software (Rogue.WinBlue) -> Quarantined and deleted successfully.
c:\program files\winbluesoft software\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.

Files Infected:
c:\!KillBox\blocker.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\!KillBox\blocker.dll( 1) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\!KillBox\blocker.dll( 2) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Desktop\Media_Player_11_Plugin_2.3.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\application data\Mozilla\Firefox\Profiles\farkdf6c.default\Cache\077A6C49d01 (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\playalldvd\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5f6fefc6-97d5-44c2-af64-30aaa07fcc7e}\RP147\A0023687.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\playalldvd\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\winbluesoft software\winbluesoft\data.bin (Rogue.WinBlue) -> Quarantined and deleted successfully.
c:\program files\winbluesoft software\winbluesoft\WinBlueSoft.exe (Rogue.WinBlue) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\RECYCLER\S-5-0-22-100001120-100019817-100014814-4174.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tempo-setup2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


I'll re-post again after I reboot.

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by Belahzur on Wed Jun 03, 2009 3:41 pm

Oh, well done.
Didn you see Killbox instructions for someone else? we very rarely use that beause we have other tools that are widely used, but at least we still have some tools that aren't targetted.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 5:04 pm

Yeah, I saw it recommended to someone else because I tried a lot of different programs and Winblusoft was blocking almost everything, but it worked! Smile

Everything seems to be running fine and there's no sign of the virus. Thanks for the help.
I'm betting one of the initial mandatory actions is to get rid of the blocker.dll file. That seems to be what's blocking all programs that can delete the virus.

Thank you.

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by Belahzur on Wed Jun 03, 2009 5:05 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 5:28 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 13:26:45.53 on Wed 06/03/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.312 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program

files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program

files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg8\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program

files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program

files\askbardis\bar\bin\askBar.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common

files\ahead\lib\NMBgMonitor.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [tempo-setup2.exe] c:\windows\system32\tempo-setup2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: NoDispBackgroundPage = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

[You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -

[You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

[You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: blocker.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\farkdf6c.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner\application data\move

networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys

[2009-2-25 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-25

108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-2-25 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-3-21 8192]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-25 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-25 298776]
S2 gupdate1c997a9ce12b68e;Google Update Service (gupdate1c997a9ce12b68e);c:\program

files\google\update\GoogleUpdate.exe [2009-2-25 133104]

=============== Created Last 30 ================

2009-06-03 11:57 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-06-03 11:05 --d----- C:\!KillBox
2009-06-03 02:07 --d----- c:\program files\SmitFraudFixPro
2009-06-03 00:53 --d----- c:\program files\Trend Micro
2009-06-03 00:13 40,160 a-------

c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 00:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-03 00:13 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 00:13 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-02 23:12 16,795 a------- c:\windows\54931tzoj71c.cpl
2009-06-01 02:05 6,776 a------- c:\windows\system32\11955zorm265.exe
2009-05-31 02:09 --d----- c:\program files\Windows Media Connect 2
2009-05-31 02:08 --d----- C:\dc501ccfd977a9bb8c1abb9df3
2009-05-31 02:08 --d----- c:\windows\system32\LogFiles
2009-05-30 10:42 --d----- c:\windows\system32\scripting
2009-05-30 10:42 --d----- c:\windows\l2schemas
2009-05-30 10:42 --d----- c:\windows\system32\en
2009-05-30 10:42 --d----- c:\windows\system32\bits
2009-05-30 10:39 --d----- c:\windows\ServicePackFiles
2009-05-30 10:37 --d----- c:\windows\network diagnostic
2009-05-30 10:33 --d----- c:\windows\EHome
2009-05-28 13:13 8,270 a------- c:\windows\system32\3z2175p9698.exe
2009-05-26 10:34 3,056 a------- c:\windows\system32\2531back9oo51418z.exe
2009-05-26 10:05 17,705 a------- c:\windows\10z99vi9us35c.bin
2009-05-26 01:40 6,636 a------- c:\windows\system32\30034haczto59190.cpl
2009-05-25 01:16 15,054 a------- c:\windows\system32\zdcdownloade92557.cpl
2009-05-24 18:06 4,642 a------- c:\windows\system32\19368hackt5zl2e4.ocx
2009-05-24 13:20 4,056 a------- c:\windows\system32\25173nz9-a-virus203.exe
2009-05-23 23:53 2,693 a------- c:\windows\system32\3930zpy9c5.exe
2009-05-21 22:04 16,234 a------- c:\windows\system32\2zb3backd5o9865.dll
2009-05-19 07:59 7,842 a------- c:\windows\28636zp59bot7ce.bin
2009-05-18 00:50 15,254 a------- c:\windows\system32\2033895cktzol50.bin
2009-05-17 08:59 14,358 a------- c:\windows\system32\77czad9war51524.bin
2009-05-10 04:56 10,503 a------- c:\windows\system32\4548backdozr2395.exe
2009-05-10 02:27 10,463 a------- c:\windows\d43zo5nloader2907.exe
2009-05-10 01:38 14,566 a------- c:\windows\system32\14z265roj90.ocx
2009-05-08 08:23 17,780 a------- c:\windows\5fb3t9ie58z4.bin
2009-05-08 02:03 29,696 a------- c:\windows\system32\Addon2VB.dll
2009-05-08 02:03 65,536 a------- c:\windows\system32\Project2.ocx
2009-05-08 00:07 1,760 a------- c:\windows\system32\objsafe.tlb
2009-05-08 00:07 82,960 a------- c:\windows\system32\Picclp32.ocx
2009-05-08 00:07 70,088 a------- c:\windows\system32\Project2-1.ocx
2009-05-08 00:07 1,453 a------- c:\windows\system32\Project2.INF
2009-05-08 00:07 --d----- c:\program files\eGames
2009-05-06 18:11 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-05-06 18:05 --d----- C:\UT2004
2009-05-04 18:54 --d----- c:\program files\GPL MPEG Decoder
2009-05-04 14:39 10,602 a------- c:\windows\1a98bzck59or890.ocx

==================== Find3M ====================

2009-06-03 11:09 3,224 a------- c:\windows\system32\tmp.reg
2009-06-02 23:12 13,405 a------- c:\windows\1115sp59se3z56.dll
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-30 10:44 76,487 a-------

c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-12 08:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-12 08:30 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 08:30 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-04 09:59 7,351 a------- c:\windows\system32\19354hac5to9z28e.exe
2009-05-02 11:37 18,082 a------- c:\windows\system32\413adownloade959z8.bin
2009-04-24 10:58 3,454 a------- c:\windows\4175nzt9a-virus659.dll
2009-04-24 04:30 11,148 a------- c:\windows\system32\45dspzw9re1281.dll
2009-04-22 19:49 3,417 a------- c:\windows\196z0vir9s355.exe
2009-04-22 12:10 13,463 a------- c:\windows\system32\303zdown9oade52325.exe
2009-04-21 12:39 15,159 a------- c:\windows\25456zot-9-virus735.bin
2009-04-21 02:29 11,926 a------- c:\windows\system32\z765bac9door2580.bin
2009-04-16 23:03 4,823 a------- c:\windows\913sp5mbot38z.exe
2009-04-15 16:32 3,627 a------- c:\windows\6z89steal3524.dll
2009-04-15 15:27 157,280 a------- c:\windows\hphins26.dat
2009-04-13 18:01 5,416 a------- c:\windows\1916stza5201.bin
2009-04-13 05:47 7,591 a------- c:\windows\system32\245z8spamb9t556.exe
2009-04-07 17:03 6,189 a------- c:\windows\system32\z9859tro9213.dll
2009-04-06 23:45 13,976 a------- c:\windows\system32\za5b59yware705.dll
2009-04-06 09:26 5,508 a------- c:\windows\system32\z4915ddwar9257.dll
2009-04-04 14:03 11,802 a------- c:\windows\44z2vi9505.exe
2009-04-04 04:47 7,215 a------- c:\windows\932zt5oj182.exe
2009-04-04 03:21 6,171 a------- c:\windows\9bc5backzoor473.dll
2009-03-27 16:01 16,765 a------- c:\windows\system32\244ad9wnloadzr1995.exe
2009-03-27 02:58 1,203,922 a------- c:\windows\apppatch\SET1FFA.tmp
2009-03-24 23:25 15,014 a------- c:\windows\system32\546downloa59r274z.exe
2009-03-21 10:18 986,112 -------- c:\windows\system32\_004328_.tmp.dll
2009-03-20 09:52 17,340 a------- c:\windows\system32\z61779acktool59c.dll
2009-03-16 21:54 18,160 a------- c:\windows\system32\747vi51912z.bin
2009-03-14 21:48 8,632 a------- c:\windows\system32\38665ackdoor28z9.bin
2009-03-14 18:06 16,000 a------- c:\windows\z951spambot3b7.exe
2009-03-07 21:19 14,256 a------- c:\windows\system32\40215hreatz4098.exe
2009-03-06 10:44 283,648 -------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\SET2061.tmp

============= FINISH: 13:26:51.76 ===============

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by Belahzur on Wed Jun 03, 2009 5:34 pm

Hello.
The log shows there is still a lot of infection files left.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 6:16 pm

ComboFix 09-06-01.03 - Owner 06/03/2009 14:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.334 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10051n5t-a-virz965f.cpl
c:\windows\101zs9ambot39f5.exe
c:\windows\10365v5zu969b.exe
c:\windows\10439zot-a-vi5us3dc.bin
c:\windows\10486sp5mb9z769.ocx
c:\windows\1063b9ckdoor541z.ocx
c:\windows\10649troz5c9.bin
c:\windows\10981nzt-a-viru53aa9.dll
c:\windows\10bdzir52579.bin
c:\windows\10z98worm1635.dll
c:\windows\10z99vi9us35c.bin
c:\windows\1115sp59se3z56.dll
c:\windows\1115spy9aze115.ocx
c:\windows\11995pywaze354.bin
c:\windows\11z5not-a-vi5us3f79.ocx
c:\windows\12508tro59zc.exe
c:\windows\12558hac9toolz32.exe
c:\windows\13212n5t-9-vizus206.ocx
c:\windows\13245ackdoorz2329.exe
c:\windows\134z35ot-a-virus9ba.ocx
c:\windows\13575hack9oo528az.cpl
c:\windows\13891n59za-virus458.ocx
c:\windows\1419viruz598.ocx
c:\windows\144995zy660.dll
c:\windows\14898t9oj5z8.exe
c:\windows\149evzr505.bin
c:\windows\14e5spywzre9152.bin
c:\windows\14z99troj5d0.cpl
c:\windows\15035sza5bot4b9.cpl
c:\windows\15101vi9usze.cpl
c:\windows\1556down9oader14z9.exe
c:\windows\15698zpam5ota59.ocx
c:\windows\157939a5ztool7d2.bin
c:\windows\158555otza-v9rus24f.bin
c:\windows\159159azk5ool3be.dll
c:\windows\15z53sp9mbot6f3.cpl
c:\windows\16360not5a9viruz1ab.bin
c:\windows\16514troj996z.ocx
c:\windows\16828tr594z8.exe
c:\windows\17295spa9bzt4dc.bin
c:\windows\17353z5oj792.bin
c:\windows\1835tzoj90a.dll
c:\windows\18856troz2c9.cpl
c:\windows\18e2zownloader11975.bin
c:\windows\190zthre954938.ocx
c:\windows\1916stza5201.bin
c:\windows\192295zcktool6a0.ocx
c:\windows\19324spamzot510.dll
c:\windows\193faddw9rz4105.exe
c:\windows\1956vir1z3.ocx
c:\windows\19591spam9ot1z0.cpl
c:\windows\19619wor93z85.ocx
c:\windows\196z0vir9s355.exe
c:\windows\19762not-a5virusz10.cpl
c:\windows\197ddownloa5er56z.cpl
c:\windows\19e5threat13050z.bin
c:\windows\1a98bzck59or890.ocx
c:\windows\1c62zt9al285.bin
c:\windows\1ce5bz9kdoor751.bin
c:\windows\1f85dowzloade52629.ocx
c:\windows\1z095v5rus4c39.cpl
c:\windows\1z097vir9s35b.bin
c:\windows\1z14ba5kd9or1011.exe
c:\windows\1z539v9rus2a7.bin
c:\windows\1z979troj58d.ocx
c:\windows\200dthz59994.dll
c:\windows\20659spy3a4z.dll
c:\windows\20696zorm69a5.exe
c:\windows\2079s9arze3855.ocx
c:\windows\20819spazb5t4ba.dll
c:\windows\2099virzs55f9.dll
c:\windows\215455zoj9d0.ocx
c:\windows\2156szeal908.ocx
c:\windows\21z17s5y92d.dll
c:\windows\22z40vi5us796.cpl
c:\windows\23280wo9z57a.cpl
c:\windows\235etzief919.cpl
c:\windows\23999not-5-vi9usz55.dll
c:\windows\23d5s9ea53z07.cpl
c:\windows\23z57ha9ktool5be.bin
c:\windows\24059not-a-vzrus5d.dll
c:\windows\24177z9t-a-vi5us729.cpl
c:\windows\24699wzrm65e9.exe
c:\windows\24855hzckto9l615.ocx
c:\windows\248z895oj218.dll
c:\windows\24966s5ambo92z6.ocx
c:\windows\25033sp9mbotb2z.cpl
c:\windows\252279o5-a-vzrus420.ocx
c:\windows\25456zot-9-virus735.bin
c:\windows\25470hzcktool6d9.dll
c:\windows\2552v9ruz7535.exe
c:\windows\25559spyz3d5.exe
c:\windows\255699roj5b2z.bin
c:\windows\25600z5rm7039.bin
c:\windows\2568zhac5too95a2.exe
c:\windows\25927zorm90.cpl
c:\windows\259455oz-a-viru9573.bin
c:\windows\2673wo9mz5.bin
c:\windows\2685zt9oj2e75.ocx
c:\windows\26zbaddwar51893.bin
c:\windows\27a5thizf9575.dll
c:\windows\28009z9ambot5f.dll
c:\windows\281z2hackt95l151.dll
c:\windows\282adzwar98415.bin
c:\windows\2854zwormfd9.cpl
c:\windows\28636zp59bot7ce.bin
c:\windows\29105hac9zool457.ocx
c:\windows\29155spambzt12a.ocx
c:\windows\293395izf3055.exe
c:\windows\29508s9am5oz251.exe
c:\windows\29509vi5zs4dc.exe
c:\windows\29516hacktoolz0.ocx
c:\windows\295709rojz15.cpl
c:\windows\2984sz9rse151.bin
c:\windows\29b99pars5z424.bin
c:\windows\2a16threaz90522.cpl
c:\windows\2b0zba9kdoo51475.exe
c:\windows\2c2fbackd9zr1578.cpl
c:\windows\2z509w5rm5fa.exe
c:\windows\2z761w5rm97b.exe
c:\windows\2z929virus5565.cpl
c:\windows\3015szy5are2999.exe
c:\windows\3055szarse589.bin
c:\windows\30928tro5z45.dll
c:\windows\30995parze2195.bin
c:\windows\30ezspars52019.bin
c:\windows\30z89sp959d5.exe
c:\windows\311zspyware19065.exe
c:\windows\31757s9ambzt5ef.cpl
c:\windows\3182ste9z2315.ocx
c:\windows\318z7virus395.exe
c:\windows\31z02viru539.exe
c:\windows\3210zackt9ol56.cpl
c:\windows\32z75spa9bot2f1.cpl
c:\windows\3339s5eal1674z.exe
c:\windows\33409ack5oor425z.dll
c:\windows\33a9spyw5re2072z.bin
c:\windows\3415zack5oor1959.ocx
c:\windows\3494zac5door3065.cpl
c:\windows\3519bazkdoor2229.dll
c:\windows\3573hackto956ez.dll
c:\windows\359dthzeat21219.cpl
c:\windows\36759ormza0.ocx
c:\windows\37cdt5iez2987.bin
c:\windows\3819hack5ool57dz.ocx
c:\windows\3894spa95ez469.ocx
c:\windows\39175zpambot595.dll
c:\windows\3925thief1z76.bin
c:\windows\39756hzcktoo53ef.exe
c:\windows\39f5vir304z.bin
c:\windows\3d63thzef9515.exe
c:\windows\3f5bsparze549.dll
c:\windows\3z159hief652.exe
c:\windows\3z58ste9l554.exe
c:\windows\3ze2s5yw9re553.cpl
c:\windows\4019downlzade51649.cpl
c:\windows\404bb5ckdo9r2z57.ocx
c:\windows\4147ste9lz555.ocx
c:\windows\4175nzt9a-virus659.dll
c:\windows\4413tr9z4085.dll
c:\windows\446do5nloaderz49.bin
c:\windows\44z2vi9505.exe
c:\windows\4559zhief15699.bin
c:\windows\4595vir577z.cpl
c:\windows\4596thiefz981.ocx
c:\windows\45c4ad9ware30z6.exe
c:\windows\484download5r3059z.cpl
c:\windows\4914troj19z5.cpl
c:\windows\499e5teal134z.bin
c:\windows\4a4zbackd9or2546.exe
c:\windows\4a51vi9954z.bin
c:\windows\4c535parse286z9.bin
c:\windows\4f2z5dd9are2572.dll
c:\windows\4ffespz9se12715.exe
c:\windows\4z08s5yw9re1189.cpl
c:\windows\4z8cspyw5re9688.ocx
c:\windows\4zdfvir1495.cpl
c:\windows\500asp59zre3018.cpl
c:\windows\5059v5rus6z7.bin
c:\windows\505a5hzeat23179.bin
c:\windows\5119ztr9j127.cpl
c:\windows\51530n9t-a-viruz94.bin
c:\windows\51553hac9tzol653.dll
c:\windows\515dvir217z9.exe
c:\windows\51c95parse2189z.cpl
c:\windows\51cfste9z2560.cpl
c:\windows\51z5rm159.exe
c:\windows\525zsp979.cpl
c:\windows\52a79ddzare2732.cpl
c:\windows\53794not-a-virusz849.dll
c:\windows\539edownloa5ez3244.cpl
c:\windows\539esparsz2653.ocx
c:\windows\53atzreat25952.bin
c:\windows\53ddown5zader1449.bin
c:\windows\5471v9rusz54.cpl
c:\windows\54931tzoj71c.cpl
c:\windows\5520ba9kzoor423.exe
c:\windows\55211h9cztool3d4.ocx
c:\windows\5589troj599z.ocx
c:\windows\5599thief30z9.ocx
c:\windows\55c8dow9loadez248.cpl
c:\windows\55zes5eal5729.bin
c:\windows\56945z9rm6f3.bin
c:\windows\56a3sparze98825.cpl
c:\windows\56d9baczdoor2190.dll
c:\windows\57359troj53z.ocx
c:\windows\5794noz-9-virus4fa.bin
c:\windows\57e0st5az596.exe
c:\windows\585095eaz2315.cpl
c:\windows\592ft5reat43z6.exe
c:\windows\5959ad9ware1765z.exe
c:\windows\5960zddware313.bin
c:\windows\59854wormz59.bin
c:\windows\59b8threat3z444.cpl
c:\windows\5c10spyza9e2451.dll
c:\windows\5c85dow9loa5er49z.dll
c:\windows\5d0759r674z.ocx
c:\windows\5da2zownloa9er1698.exe
c:\windows\5df1szeal259.ocx
c:\windows\5e55spaz9e2306.exe
c:\windows\5eb5add9arz2469.ocx
c:\windows\5fb3t9ie58z4.bin
c:\windows\5z035wo9m553.bin
c:\windows\5z2f5ir9015.exe
c:\windows\5z39threat2758.exe
c:\windows\5z7cba5k9oor1230.cpl
c:\windows\5z9tr59b1.ocx
c:\windows\6139backdoo581z.exe
c:\windows\6154bacz9oor3037.dll
c:\windows\61f45o9nloadzr2950.ocx
c:\windows\6450downloazer599.cpl
c:\windows\6519vir6z7.ocx
c:\windows\65e5thie91334z.bin
c:\windows\66b9dow5loaderz5.ocx
c:\windows\6726downl9aderz005.cpl
c:\windows\6762azdwar92594.dll
c:\windows\6764azdware5914.ocx
c:\windows\67895hzef1509.bin
c:\windows\67c5addwzr92615.bin
c:\windows\67d495z374.bin
c:\windows\68b25ddwaze2249.bin
c:\windows\693bszars926775.exe
c:\windows\6954n95-a-virusz93.cpl
c:\windows\69b1ad9w5rez925.bin
c:\windows\69d2addzare559.dll
c:\windows\6c5dthrea93051z.dll
c:\windows\6cz7thie93235.ocx
c:\windows\6dczba5kdoor9433.bin
c:\windows\6dda5ac9door61z.bin
c:\windows\6f61thrzat25699.cpl
c:\windows\6z45backdoor192.dll
c:\windows\6z45wo95524.cpl
c:\windows\6z89steal3524.dll
c:\windows\713backzoor5962.dll
c:\windows\715ddow9loader2352z.ocx
c:\windows\7229spazse503.bin
c:\windows\7296no5-azvirus346.bin
c:\windows\731z5pyware1819.ocx
c:\windows\73e5spyzare2979.ocx
c:\windows\7409troj6z95.exe
c:\windows\7501zir9719.dll
c:\windows\754b9owzloader1095.ocx
c:\windows\75935ackdooz1804.exe
c:\windows\75b75ir9723z.exe
c:\windows\75z9hackt5ol790.dll
c:\windows\771addwa593227z.ocx
c:\windows\7915thie9325z.cpl
c:\windows\79z65hief1192.bin
c:\windows\79zd5ownloade9729.dll
c:\windows\7a1d5ownloade98z1.cpl
c:\windows\7a36backdzo9652.ocx
c:\windows\7b94zteal2252.bin
c:\windows\7cbzspars51409.dll
c:\windows\7cdfzh9ef1955.ocx
c:\windows\7d98threat157z.cpl
c:\windows\7f9cthzea5196.bin
c:\windows\7fc85ir9665z.dll
c:\windows\7z6ha9ktool3f45.ocx
c:\windows\8208hackt9ozc5.cpl
c:\windows\834backdozr1958.dll
c:\windows\837zspy9e95.bin
c:\windows\84z9wor51b19.bin
c:\windows\864zvi9us451.ocx
c:\windows\87355pz2199.ocx
c:\windows\89299pz5585.bin
c:\windows\8932zir5s277.dll
c:\windows\8e6s9yware1525z.cpl
c:\windows\8z39ddware2305.exe
c:\windows\9051zspy65.exe
c:\windows\90d9backdzor547.bin
c:\windows\913sp5mbot38z.exe
c:\windows\9195w9rm7z5.exe
c:\windows\921fzh5ef2638.ocx
c:\windows\92365irus613z.dll
c:\windows\92415troj55z.dll
c:\windows\9250threat2055z.bin
c:\windows\92545acktool5cz9.bin
c:\windows\9274zviru5161.exe
c:\windows\92faaddwzre5247.bin
c:\windows\932zt5oj182.exe
c:\windows\935thief97z.cpl
c:\windows\9409wor5zd0.ocx
c:\windows\9433v5rusz9f.exe
c:\windows\94z55not-a-virus388.ocx
c:\windows\957not5a-9irzs1c1.dll
c:\windows\95det5zef930.cpl
c:\windows\95ezthreat28876.cpl
c:\windows\95z5addware5439.exe
c:\windows\9605pyware2596z.exe
c:\windows\9659woz57bb.bin
c:\windows\97165no5-z-virus703.bin
c:\windows\9753sparse156z.bin
c:\windows\9754spz349.exe
c:\windows\9783spywa5e2z50.dll
c:\windows\9794wo95z52.dll
c:\windows\9822downl5ader688z.ocx
c:\windows\9859ste5l1z38.dll
c:\windows\98a5threat1z257.ocx
c:\windows\9926h5ckt9ol4f6z.dll
c:\windows\995cdzwnloader2092.bin
c:\windows\99865zoj794.exe
c:\windows\99z15wo5m520.cpl
c:\windows\9a4zthreat35617.dll
c:\windows\9b5czdoor2577.bin
c:\windows\9bc5backzoor473.dll
c:\windows\9cz0stea52196.ocx
c:\windows\9d2avir5309z.dll
c:\windows\9d4v5r14z0.dll
c:\windows\a25stezl1192.ocx
c:\windows\a5s5ywa9e1318z.exe
c:\windows\b54spyw5rez795.cpl
c:\windows\c2ct9zef1395.cpl
c:\windows\d43zo5nloader2907.exe
c:\windows\d4spyzare17695.exe
c:\windows\da9vi5409z.dll
c:\windows\e29downzo9der22645.ocx
c:\windows\e81sp9rze2541.exe
c:\windows\ea7th5eat12z369.bin
c:\windows\f6sp5zse698.bin
c:\windows\fz5down9oader3063.exe

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 6:19 pm

c:\windows\system32\_004283_.tmp.dll
c:\windows\system32\_004284_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004286_.tmp.dll
c:\windows\system32\_004293_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004295_.tmp.dll
c:\windows\system32\_004296_.tmp.dll
c:\windows\system32\_004298_.tmp.dll
c:\windows\system32\_004299_.tmp.dll
c:\windows\system32\_004302_.tmp.dll
c:\windows\system32\_004303_.tmp.dll
c:\windows\system32\_004305_.tmp.dll
c:\windows\system32\_004306_.tmp.dll
c:\windows\system32\_004307_.tmp.dll
c:\windows\system32\_004309_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004317_.tmp.dll
c:\windows\system32\_004318_.tmp.dll
c:\windows\system32\_004320_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004327_.tmp.dll
c:\windows\system32\_004328_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004332_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\_004335_.tmp.dll
c:\windows\system32\_004336_.tmp.dll
c:\windows\system32\_004341_.tmp.dll
c:\windows\system32\_004343_.tmp.dll
c:\windows\system32\_004344_.tmp.dll
c:\windows\system32\10563h5ckt9olz26.dll
c:\windows\system32\10942zp59d4.dll
c:\windows\system32\10950not-a-9izus23.exe
c:\windows\system32\10973tzoj95.cpl
c:\windows\system32\11313vi59s6d7z.ocx
c:\windows\system32\113349ot-5-virus6fz.ocx
c:\windows\system32\11579spy49dz.ocx
c:\windows\system32\11955zorm265.exe
c:\windows\system32\11999n9t-a-vizus3d5.cpl
c:\windows\system32\11bzstea52998.dll
c:\windows\system32\11z479pambot2755.exe
c:\windows\system32\12065p9rse16z2.ocx
c:\windows\system32\12z59virus5e4.dll
c:\windows\system32\133405zambot3cf9.dll
c:\windows\system32\13520wormz959.bin
c:\windows\system32\13899spaz95t6e9.bin
c:\windows\system32\13909hacztoo5275.bin
c:\windows\system32\14347hack9ooz4b5.cpl
c:\windows\system32\1443dow5loaze91916.dll
c:\windows\system32\1457n59-a-zirus253.exe
c:\windows\system32\149029pambot5zf.ocx
c:\windows\system32\14925zpy9ff.ocx
c:\windows\system32\14z265roj90.ocx
c:\windows\system32\154409ot-z-virus10e5.cpl
c:\windows\system32\15513troj295z.cpl
c:\windows\system32\1555zvi9us571.cpl
c:\windows\system32\15815spzm5ot6619.ocx
c:\windows\system32\15841wor5509z.dll
c:\windows\system32\158z5ambot922.dll
c:\windows\system32\15994zot-a9virusb7.bin
c:\windows\system32\15z55troj596.exe
c:\windows\system32\15z79hacktool98f.cpl
c:\windows\system32\166375iruz789.bin
c:\windows\system32\170709pamb5t30z.ocx
c:\windows\system32\1741zwo9m504.cpl
c:\windows\system32\17835hiz91840.bin
c:\windows\system32\17849spaz5ot4949.dll
c:\windows\system32\17999ziru5d8.dll
c:\windows\system32\17z85hacktool359.exe
c:\windows\system32\18249vi9us15z.dll
c:\windows\system32\18429vzrus4509.cpl
c:\windows\system32\184z2wor93c55.cpl
c:\windows\system32\1925backdo5r122z.dll
c:\windows\system32\1930zot-a-5ir9s7a6.ocx
c:\windows\system32\19354hac5to9z28e.exe
c:\windows\system32\19368hackt5zl2e4.ocx
c:\windows\system32\19401w5rmz69.bin
c:\windows\system32\1957zhacktool367.bin
c:\windows\system32\19598tzoj50.bin
c:\windows\system32\1979zvi5us4d3.cpl
c:\windows\system32\19cf95eaz1247.bin
c:\windows\system32\1fb9az5ware2968.cpl
c:\windows\system32\1z22spar9e3508.ocx
c:\windows\system32\1z517w9rm683.cpl
c:\windows\system32\1z533spy9e.cpl
c:\windows\system32\1z999s5y908.ocx
c:\windows\system32\20075ot-a-zirus269.dll
c:\windows\system32\2020not-azvir5s219.bin
c:\windows\system32\20330t9oj753z.cpl
c:\windows\system32\2033895cktzol50.bin
c:\windows\system32\20476w9rm58z.exe
c:\windows\system32\209fsp9rsz1515.ocx
c:\windows\system32\21139zpamb5t49c9.exe
c:\windows\system32\21156hacktozl905.bin
c:\windows\system32\2131zwo9545.bin
c:\windows\system32\21z90troj7f5.dll
c:\windows\system32\22095hzc9tool91.cpl
c:\windows\system32\22282w95m62z.ocx
c:\windows\system32\22992vi5us50z.dll
c:\windows\system32\22czback9oor5015.dll
c:\windows\system32\23457no9-a-vzr5s3de.dll
c:\windows\system32\234879ot-a5virusze6.dll
c:\windows\system32\2364backdzor2965.dll
c:\windows\system32\23754w9rm12z.bin
c:\windows\system32\2385addz95e1814.cpl
c:\windows\system32\23873sp5zbot5bd9.bin
c:\windows\system32\23967tro564dz.ocx
c:\windows\system32\244ad9wnloadzr1995.exe
c:\windows\system32\245z8spamb9t556.exe
c:\windows\system32\245zpy5a39.exe
c:\windows\system32\24a59irz0445.dll
c:\windows\system32\25173nz9-a-virus203.exe
c:\windows\system32\2531back9oo51418z.exe
c:\windows\system32\253z7w9rm650.exe
c:\windows\system32\25779r5j28z.exe
c:\windows\system32\25976hacktool328z.exe
c:\windows\system32\25a9virz26.exe
c:\windows\system32\25z63spambot595.exe
c:\windows\system32\26609szy195.exe
c:\windows\system32\26796worm5zc5.cpl
c:\windows\system32\26993spyz5.ocx
c:\windows\system32\27259ha9ktzol175.dll
c:\windows\system32\27795szy75f.exe
c:\windows\system32\277d9wnlozder8025.cpl
c:\windows\system32\2798ztr5918e.dll
c:\windows\system32\28260z9ambot3005.cpl
c:\windows\system32\282ebac5do9r2760z.dll
c:\windows\system32\2859spy33fz.cpl
c:\windows\system32\29091not-z-virus3995.cpl
c:\windows\system32\290za5dware9155.dll
c:\windows\system32\29370hazktool7175.dll
c:\windows\system32\294539zy555.dll
c:\windows\system32\295not9azvirus3dc.cpl
c:\windows\system32\2971ztroj556.ocx
c:\windows\system32\2992s5y59z.ocx
c:\windows\system32\299f5ir371z.cpl
c:\windows\system32\29cbsp5rsez45.ocx
c:\windows\system32\29e5zhief1530.ocx
c:\windows\system32\2abz95ckdoor2041.cpl
c:\windows\system32\2b2es95zare2024.ocx
c:\windows\system32\2z335spy993.ocx
c:\windows\system32\2zb3backd5o9865.dll
c:\windows\system32\30034haczto59190.cpl
c:\windows\system32\300z85or95c2.cpl
c:\windows\system32\303539roz5d2.bin
c:\windows\system32\303zdown9oade52325.exe
c:\windows\system32\3058stea92z67.cpl
c:\windows\system32\3095sparse28z4.ocx
c:\windows\system32\309z35p9e5.dll
c:\windows\system32\30bdadd95rez729.exe
c:\windows\system32\31238wo5m69z.cpl
c:\windows\system32\3157zt5oj9c.dll
c:\windows\system32\31749zacktoo57a4.cpl
c:\windows\system32\3175thizf891.exe
c:\windows\system32\317spamb9t350z.exe
c:\windows\system32\31b9sp5rse199z.cpl
c:\windows\system32\32312spam5oz19b.bin
c:\windows\system32\32ees9eal254z.ocx
c:\windows\system32\3569hacztool9e3.dll
c:\windows\system32\35a6spy5zr92194.exe
c:\windows\system32\38665ackdoor28z9.bin
c:\windows\system32\389cth5ezt158309.exe
c:\windows\system32\39112virus50z.cpl
c:\windows\system32\3930zpy9c5.exe
c:\windows\system32\3995adzware3079.cpl
c:\windows\system32\39z6v9r5984.ocx
c:\windows\system32\3a3c9ackdzo51920.dll
c:\windows\system32\3b59backdoorz4895.cpl
c:\windows\system32\3b92sparz9635.bin
c:\windows\system32\3c44thi9f3507z.cpl
c:\windows\system32\3d9abackdoo5559z.ocx
c:\windows\system32\3dd65ow9zoader367.exe
c:\windows\system32\3z2175p9698.exe
c:\windows\system32\3z55s9eal5367.bin
c:\windows\system32\3z57vir9s677.ocx
c:\windows\system32\3z9879orm585.bin
c:\windows\system32\40215hreatz4098.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\4071spy9are546z.dll
c:\windows\system32\40755pa9sez59.cpl
c:\windows\system32\40c9zhief30495.dll
c:\windows\system32\413adownloade959z8.bin
c:\windows\system32\4197s5arse287z.exe
c:\windows\system32\421dvir92z5.dll
c:\windows\system32\44eesp59arz1255.exe
c:\windows\system32\451asze9l2009.dll
c:\windows\system32\4548backdozr2395.exe
c:\windows\system32\45dspzw9re1281.dll
c:\windows\system32\45ethiefz8059.bin
c:\windows\system32\466caddwa952z63.dll
c:\windows\system32\4839virz52a3.cpl
c:\windows\system32\483dthiez9655.exe
c:\windows\system32\4856down9ozder2129.cpl
c:\windows\system32\48b3th9e5306z.cpl
c:\windows\system32\4993baczdoor5185.exe
c:\windows\system32\49debzckdoo5393.exe
c:\windows\system32\49z7t5ief635.exe
c:\windows\system32\4a56z59rse680.dll
c:\windows\system32\4a5s9arze1555.dll
c:\windows\system32\4ad5z9reat38005.cpl
c:\windows\system32\4b5tzief359.cpl
c:\windows\system32\4e10spa5se912z.exe
c:\windows\system32\4ez1vir2495.ocx
c:\windows\system32\4fezthi591219.ocx
c:\windows\system32\4z82v5rus9e3.dll
c:\windows\system32\4z91spy954.cpl

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 6:20 pm

c:\windows\system32\50308s9yzed.ocx
c:\windows\system32\506fspa9ze825.bin
c:\windows\system32\51113vi9us52z.dll
c:\windows\system32\5119steal9z75.exe
c:\windows\system32\51584hackzool79.dll
c:\windows\system32\52090spazbot394.cpl
c:\windows\system32\521abzckdoor2493.exe
c:\windows\system32\5275adzw9re1995.bin
c:\windows\system32\5393szarse176.exe
c:\windows\system32\54509wzrm1e2.exe
c:\windows\system32\546downloa59r274z.exe
c:\windows\system32\5489wozm5a9.exe
c:\windows\system32\54999dzware2504.dll
c:\windows\system32\550adownlozder1799.cpl
c:\windows\system32\552zs9arse47.dll
c:\windows\system32\553thz9at12657.cpl
c:\windows\system32\5555zr975.cpl
c:\windows\system32\555zsp9726.bin
c:\windows\system32\559szywa5e9407.dll
c:\windows\system32\559zthief1520.exe
c:\windows\system32\55f2dow5load9rz33.ocx
c:\windows\system32\5651wo5mz9b.dll
c:\windows\system32\566z9troj99e.dll
c:\windows\system32\56ze5ddware2019.bin
c:\windows\system32\572d5hre9t266z.bin
c:\windows\system32\57z10worm498.ocx
c:\windows\system32\5830v9rus35z.exe
c:\windows\system32\58not-a-vizus4799.bin
c:\windows\system32\59293hacztool57f.ocx
c:\windows\system32\5945zhief2122.dll
c:\windows\system32\59499pyware58z.exe
c:\windows\system32\5950stezl22675.cpl
c:\windows\system32\5957downlzader503.bin
c:\windows\system32\595roj2za.ocx
c:\windows\system32\59z8threat21995.dll
c:\windows\system32\5a4fthie51290z.dll
c:\windows\system32\5a935ir110z.cpl
c:\windows\system32\5a93do5nzoader1975.bin
c:\windows\system32\5a99sparze409.bin
c:\windows\system32\5a9aspar5e2757z.ocx
c:\windows\system32\5b2da9dwaz5577.cpl
c:\windows\system32\5b79vzr2308.ocx
c:\windows\system32\5bz9threa514254.dll
c:\windows\system32\5c09sp9rse414z.exe
c:\windows\system32\5c7abaczdo5r18399.exe
c:\windows\system32\5d8fthzeat59266.cpl
c:\windows\system32\5e5b9ddwaze2326.cpl
c:\windows\system32\5eddzteal1690.dll
c:\windows\system32\5f19spa9se289z.exe
c:\windows\system32\5f8viz3190.ocx
c:\windows\system32\5z079teal30.dll
c:\windows\system32\5z25steal9539.cpl
c:\windows\system32\5z8159py58d.ocx
c:\windows\system32\5z819teal2732.cpl
c:\windows\system32\6091hackto5z383.dll
c:\windows\system32\623no5-a-vir9sz7b.ocx
c:\windows\system32\6258th5ef943z.cpl
c:\windows\system32\6395trojz38.bin
c:\windows\system32\639virz755.ocx
c:\windows\system32\639zv59us477.cpl
c:\windows\system32\64zthre9t31851.dll
c:\windows\system32\6501threa911z31.ocx
c:\windows\system32\654zs5ea93145.exe
c:\windows\system32\6569backzoor951.bin
c:\windows\system32\65edownloadzr30759.cpl
c:\windows\system32\65f9vzr2596.bin
c:\windows\system32\668fb9ckzoor2475.bin
c:\windows\system32\67z6downloa9er805.dll
c:\windows\system32\6945trojz61.cpl
c:\windows\system32\6994az9wa5e1745.bin
c:\windows\system32\699cthr5at2359z.bin
c:\windows\system32\69c59pywarz1850.ocx
c:\windows\system32\69e5pyware1059z.cpl
c:\windows\system32\6af8s5azse9419.cpl
c:\windows\system32\6befdow9loader2875z.bin
c:\windows\system32\6d0at5izf10249.exe
c:\windows\system32\6e3zt59eat22862.exe
c:\windows\system32\6ee3threz59079.ocx
c:\windows\system32\6z8fb5ckdoor29319.exe
c:\windows\system32\6ze6ste5l2191.dll
c:\windows\system32\7159szarse51.exe
c:\windows\system32\71a9a5dwarz1554.cpl
c:\windows\system32\7385vir9s4z9.exe
c:\windows\system32\747vi51912z.bin
c:\windows\system32\74fev5r193z.ocx
c:\windows\system32\7594spa9sz999.exe
c:\windows\system32\76e59ddwzre25075.bin
c:\windows\system32\76z4vir9095.dll
c:\windows\system32\7759s5y9arz1433.exe
c:\windows\system32\77czad9war51524.bin
c:\windows\system32\7855bazkdo9r51.bin
c:\windows\system32\794b5zckdoor653.bin
c:\windows\system32\7995backdzor3091.dll
c:\windows\system32\79c8thief15z0.ocx
c:\windows\system32\7a635hreat32948z.ocx
c:\windows\system32\7b4bdownl95der20z.bin
c:\windows\system32\7bbc5hief9z6.dll
c:\windows\system32\7c95addwarz1455.bin
c:\windows\system32\7ca5bzck9oor2671.exe
c:\windows\system32\7e10addwzr53579.bin
c:\windows\system32\7e2e5ddwarez879.exe
c:\windows\system32\7f37threa5193z6.bin
c:\windows\system32\827bzc5do9r1317.dll
c:\windows\system32\843woz529a.bin
c:\windows\system32\85189pz7b0.cpl
c:\windows\system32\858downloadz91725.bin
c:\windows\system32\8825not-azvirus629.bin
c:\windows\system32\8955wzrm2ba.bin
c:\windows\system32\9004vir9s5z0.exe
c:\windows\system32\91025tzo563e.bin
c:\windows\system32\9191spy5z5.dll
c:\windows\system32\9259threzt15067.exe
c:\windows\system32\927dszeal1457.ocx
c:\windows\system32\9293wo9mzf05.ocx
c:\windows\system32\939485ackzool645.cpl
c:\windows\system32\951z6tr5j610.bin
c:\windows\system32\9524hacktoo5791z.bin
c:\windows\system32\95257vizus379.ocx
c:\windows\system32\9587sparse2z6.bin
c:\windows\system32\95c7zddware3182.cpl
c:\windows\system32\9615tzoj159.cpl
c:\windows\system32\9626zirus1765.dll
c:\windows\system32\969zpy34a5.dll
c:\windows\system32\9720spars51z90.cpl
c:\windows\system32\98178virusz825.dll
c:\windows\system32\98255zrm4db.cpl
c:\windows\system32\986spy1z5.cpl
c:\windows\system32\9902ha5ktooz25c.bin
c:\windows\system32\99296z5rm14d.bin
c:\windows\system32\9z33addware534.cpl
c:\windows\system32\a2bt5z9at12566.dll
c:\windows\system32\a5zt5ief1795.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\b1csz9r5e1514.cpl
c:\windows\system32\b45addwarez928.exe
c:\windows\system32\c14vi5z759.cpl
c:\windows\system32\dumphive.exe
c:\windows\system32\f88t9re5t783z.bin
c:\windows\system32\fb6adz9are6395.bin
c:\windows\system32\fc5a5dw9re4z6.cpl
c:\windows\system32\ffdz5yware2970.dll
c:\windows\system32\fz9addwa9e2563.bin
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\z012sp9wa5e3092.bin
c:\windows\system32\z059vir3080.cpl
c:\windows\system32\z15185py589.ocx
c:\windows\system32\z1940spamb5t175.cpl
c:\windows\system32\z2c7addware28459.dll
c:\windows\system32\z459spambot3045.ocx
c:\windows\system32\z4915ddwar9257.dll
c:\windows\system32\z50405roj1309.cpl
c:\windows\system32\z546threat12539.exe
c:\windows\system32\z5590troj719.cpl
c:\windows\system32\z5898w5rm3e69.exe
c:\windows\system32\z599sparse49.cpl
c:\windows\system32\z5vir5sc49.exe
c:\windows\system32\z61779acktool59c.dll
c:\windows\system32\z765bac9door2580.bin
c:\windows\system32\z7ea9ackd5or2531.cpl
c:\windows\system32\z8879hacktool365.bin
c:\windows\system32\z94downlo5der2061.exe
c:\windows\system32\z9735worm33c.exe
c:\windows\system32\z9859tro9213.dll
c:\windows\system32\z999hi5f935.ocx
c:\windows\system32\z9f5d5wnloader1617.bin
c:\windows\system32\za5b59yware705.dll
c:\windows\system32\zasp5r9e1281.dll
c:\windows\system32\zc19steal9045.dll
c:\windows\system32\zd3fsteal975.ocx
c:\windows\system32\zda3a95ware708.exe
c:\windows\system32\zdcdownloade92557.cpl
c:\windows\system32\zfc2down59ader2351.bin
c:\windows\z0302h5cktool5a9.exe
c:\windows\z0511t5oja99.dll
c:\windows\z17csp95se911.bin
c:\windows\z1885w9r54ae.bin
c:\windows\z1dcst5al9108.dll
c:\windows\z465back9oor2875.bin
c:\windows\z4910tr9j55f.ocx
c:\windows\z5ebac9door3510.dll
c:\windows\z5f2sparse9005.cpl
c:\windows\z7526troj3a9.dll
c:\windows\z8098sp9452.bin
c:\windows\z895n5t-a-virus49c.cpl
c:\windows\z9135worm2f7.ocx
c:\windows\z9137s5ambo9215.cpl
c:\windows\z950sp5rse983.cpl
c:\windows\z951spambot3b7.exe
c:\windows\z956steal1985.cpl
c:\windows\za695ir631.cpl
c:\windows\zb09downloader3503.dll
c:\windows\zcb9thie917205.ocx
c:\windows\zdffthie9305.ocx
c:\windows\ze39addw5re2852.cpl
c:\windows\zf12s5eal1969.ocx
c:\windows\zfe9vi5589.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 15:57 . 2009-06-03 15:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-03 15:17 . 2009-06-03 15:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-03 15:05 . 2009-06-03 15:35 -------- d-----w- C:\!KillBox
2009-06-03 06:07 . 2009-06-03 06:13 -------- d-----w- c:\program files\SmitFraudFixPro
2009-06-03 05:27 . 2009-06-03 05:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-03 04:53 . 2009-06-03 04:53 -------- d-----w- c:\program files\Trend Micro
2009-06-03 04:13 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 04:13 . 2009-06-03 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 04:13 . 2009-06-03 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 04:13 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 06:11 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-31 06:09 . 2009-05-31 06:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-31 06:08 . 2009-05-31 06:09 -------- d-----w- C:\dc501ccfd977a9bb8c1abb9df3
2009-05-31 06:08 . 2009-05-31 06:09 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-31 06:08 . 2009-05-31 06:08 -------- d-----w- c:\windows\system32\LogFiles
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\scripting
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\l2schemas
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\en
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\bits
2009-05-30 14:39 . 2009-05-30 14:43 -------- d-----w- c:\windows\ServicePackFiles
2009-05-30 14:33 . 2009-05-30 14:33 -------- d-----w- c:\windows\EHome
2009-05-29 01:20 . 2009-05-29 01:20 127877 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-05-29 01:20 . 2009-05-29 01:20 1685856 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-19 12:20 . 2009-05-12 12:30 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 12:20 . 2009-05-12 12:30 3288344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 12:20 . 2009-05-12 12:30 424472 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 12:20 . 2009-05-12 12:30 486168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 12:20 . 2009-05-12 12:30 354584 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 12:20 . 2009-05-12 12:30 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 12:20 . 2009-05-12 12:30 177432 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 12:19 . 2009-05-12 12:29 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 12:19 . 2009-05-12 12:29 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-13 06:00 . 2009-05-13 06:09 965344 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-05-08 06:03 . 1999-06-09 14:40 29696 ----a-w- c:\windows\system32\Addon2VB.dll
2009-05-08 04:07 . 2009-06-03 04:05 -------- d-----w- c:\program files\eGames
2009-05-06 22:11 . 2009-05-06 22:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-06 22:05 . 2009-05-06 22:10 -------- d-----w- C:\UT2004
2009-05-04 22:54 . 2009-05-04 22:54 -------- d-----w- c:\program files\GPL MPEG Decoder

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 6:20 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 18:09 . 2009-02-25 20:04 -------- d-----w- c:\program files\DNA
2009-06-03 18:09 . 2009-02-25 20:04 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-06-03 04:03 . 2009-04-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-03 03:17 . 2009-03-02 19:11 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-06-02 22:10 . 2009-02-26 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-02 21:06 . 2009-03-02 23:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-31 08:35 . 2009-02-25 18:44 13496 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 14:44 . 2009-02-25 18:21 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-29 01:20 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-15 04:02 . 2009-02-26 00:32 -------- d-----w- c:\program files\Google
2009-05-12 12:30 . 2009-02-26 00:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-12 12:30 . 2009-02-26 00:35 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 12:30 . 2009-02-26 00:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-12 12:30 . 2009-02-26 00:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-11 21:58 . 2009-04-21 17:13 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-05-06 22:00 . 2009-04-14 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-28 01:41 . 2009-04-28 01:41 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-04-28 01:39 . 2009-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-28 01:38 . 2009-04-28 01:36 -------- d-----w- c:\program files\AIM6
2009-04-28 01:38 . 2009-04-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-04-28 01:37 . 2009-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-04-28 01:37 . 2009-04-28 01:37 -------- d-----w- c:\program files\Common Files\AOL
2009-04-15 19:27 . 2009-04-14 04:24 157280 ----a-w- c:\windows\hphins26.dat
2009-04-15 19:27 . 2009-04-15 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-04-15 17:31 . 2009-04-15 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-14 19:02 . 2009-04-14 19:02 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-04-14 04:59 . 2009-04-14 04:59 -------- d-----w- c:\program files\Common Files\LightScribe
2009-04-14 04:56 . 2009-04-14 04:56 -------- d-----w- c:\program files\Nero
2009-04-14 04:56 . 2009-04-14 04:56 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-14 04:27 . 2009-04-14 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-14 04:26 . 2009-04-14 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-14 04:26 . 2009-04-14 04:25 -------- d-----w- c:\program files\HP
2009-04-14 04:25 . 2009-04-14 04:25 -------- d-----w- c:\program files\Common Files\HP
2009-04-11 20:54 . 2009-04-11 20:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-11 20:53 . 2009-04-11 20:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-03-22 04:57 . 2009-03-22 05:08 331776 ----a-w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2009-03-21 22:45 . 2009-03-21 22:45 0 ----a-w- c:\windows\ativpsrm.bin
2009-03-21 15:25 . 2009-03-21 15:25 62304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-19 17:59 . 2009-03-19 17:59 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-06 14:44 . 2006-02-28 12:00 283648 ------w- c:\windows\system32\pdh.dll
2009-03-06 14:22 . 2009-04-15 04:40 284160 ------w- c:\windows\system32\SET2061.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-25 321344]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-12 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Torrent Files\\Complete\\BitTorrent.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/25/2009 8:35 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/25/2009 8:35 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/25/2009 2:34 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [3/21/2009 1:56 PM 8192]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/25/2009 8:35 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/25/2009 8:35 PM 298776]
S2 gupdate1c997a9ce12b68e;Google Update Service (gupdate1c997a9ce12b68e);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 8:33 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 05:03]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 00:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-tempo-setup2.exe - c:\windows\system32\tempo-setup2.exe
HKLM-Run-NWEReboot - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\farkdf6c.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-03 14:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3312)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\ALCFDRTM.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-06-03 14:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 18:12

Pre-Run: 136,656,646,144 bytes free
Post-Run: 137,460,752,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

990 --- E O F --- 2009-05-31 07:01

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by Belahzur on Wed Jun 03, 2009 6:26 pm

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitTorrent is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • BitTorrent DNA

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\SET2061.tmp

Folder::
C:\!KillBox
c:\program files\SmitFraudFixPro
c:\program files\DNA
c:\documents and settings\Owner\Application Data\DNA
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Owner\Application Data\BitTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Documents and Settings\\Owner\\Desktop\\Torrent Files\\Complete\\BitTorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Part 1

Post by unclebeau on Wed Jun 03, 2009 6:54 pm

ComboFix 09-06-01.03 - Owner 06/03/2009 14:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.330 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\SET2061.tmp"
.
/wow section - STAGE 24
The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
c:\!killbox\Logs\kb.log
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Owner\Application Data\BitTorrent
c:\documents and settings\Owner\Application Data\BitTorrent\[DIVX - AVI] - [Zack And Miri Make A Porn - 2008] - [FULL DVDRip] - [ENG] - [By LondonVirus].torrent
c:\documents and settings\Owner\Application Data\BitTorrent\[Eclipse] Fullmetal Alchemist Brotherhood - 02 (XviD) [3D3D8911].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\[Eclipse] Fullmetal Alchemist Brotherhood - 03 (XviD) [93B77D64].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\[Eclipse] Fullmetal Alchemist Brotherhood - 04 (XviD) [BD914690].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\[SHS-re-enc]_Fullmetal_Alchemist_2_-_Brotherhood_-_01_[704x400_XviD_MP3][37697399].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\8 Minute Workout.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\amped torrent.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\An American Tail Double Feature.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Azrael.02.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Babysitters XXX [DVDRip][[You must be registered and logged in to see this link.]
c:\documents and settings\Owner\Application Data\BitTorrent\Balicki.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Batman.683.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Batman.BftC.03.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\BftC.Arkham.Asylum.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big Love - Season 1.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big Love - Season 2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\big love s03e02.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\big love S03E03.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E01.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E04.HDTV.XviD-0TV.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E05.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E06.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E08.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Big.Love.S03E10.HDTV.XviD-0TV.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\BigLoveS03E07.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\BigLoveS03E09.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\blackest night.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Blair Witch Project 2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Book.Of.Shadows.Blair.Witch.2.SWESUB.DVDRip.XviD-Xzibit.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Bride Wars[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Caligula.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Carmen Electra's Aerobic Striptease Vol. 1 - Aerobic Striptease.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Carmen Electra's Aerobic Striptease Vol. 2 - Fit To Strip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Daemon_Tools_Pro_V4.10.0215.1.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Daemon_Tools_Pro_V4.10.0215.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\DAEMON_Tools_Pro_v4.10.0215_32bit_INTERNAL-PARADOX- WITH CRACK.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Demonlover.2002.DVDRip.XviD-AEN.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\destricted.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Detective 853 (2009) (The Scangstas-DCP).cbr.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\dht.dat
c:\documents and settings\Owner\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\DirectX 10 for Windows XP.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Disciples II Gold Edition + extras.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Donkey Punch KLAXXON.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Drag Me to Hell 2009 -DEViSE-NoRAR.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Drag Me To Hell DVD.SCREENER XviD [2009].avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Dragon Quest VIII Official Strategy Guide (Bradygames).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Driver Detective 6 2 5 Keygen.zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Driver Detective 6.2.5.0 - KeyGen_exe.zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Driver Genius Pro.7z.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Ember.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\ENZO.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Extreme Movie[2008]AC-3(5.1)ENG[UKB-RG Xvid]-keltz.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Fallout.3-RELOADED.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\fc6.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Final Crisis.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\FMA Brotherhood EP 2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\FMA Brotherhood ep 3.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\FMA Brotherhood ep 4.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Freddy's Nightmares.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Ghostbusters.Collection.iNTERNAL.DVDRip.XVID-vRs.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Gotham.Gazette.01.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\How To Give A World Class Blowjob.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\I.Love.You.Man.CAM.AVI.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\ISO Applications Software[] (SCENE-BASE.NET).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\JM_30DAY_SHRED.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Justice League of America 32 (2009) (Avalon-SCC-DCP).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\KUNG-FU PANDA-2008-[DVDRIP][ENG]-KIDZCORNER&J.T.R.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Lakeview Terrace[2008]DVDrip[AC-3(5.1)ENG][a UKB-RG Xvid by]- keltz.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Last.House.On.The.Left.UNRATED.PROPER+EXTRAS.DVDrip.XviD-FBR.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Layout.Briana.Banks.XXX.[DVDRIP][[You must be registered and logged in to see this link.]
c:\documents and settings\Owner\Application Data\BitTorrent\Miss March (2009).avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Miss March.2009.DVDRIP.XviD.Bender.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Miss March[2009]DvDRIP[Eng]-bilbo.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\My Best Friends Girl R5 LINE XviD-COALiTiON.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion - DLCMehrunesRazor [official].zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion - DLCOrrery [official].zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion - DLCThievesDen [official].zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion - DLCVileLair [official].zip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Oblivion_Addons.rar.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Office Space [1999] DVD-Rip.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\P2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\PAUL BLART MALL COP [2009] DVD Rip Xvid (MultiSubs) [StB].torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Paul Blart Mall Cop DVD.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\PC SILENT HILL HOMECOMING Full Game directplay by globe@.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\PSX 4 PC.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Quantum Of Solace.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\resume.dat
c:\documents and settings\Owner\Application Data\BitTorrent\resume.dat.1.bad
c:\documents and settings\Owner\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\Return.To.Oz[1985]DvDrip.DivX[Eng]MP3-hellure.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\rss.dat
c:\documents and settings\Owner\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\settings.dat
c:\documents and settings\Owner\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\Seven.Pounds.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Sex Drive[2008].UNRATED.LIMITED.DVDRIP.XVID.[Eng]-DUQA.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Slumdog Millionaire.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Still Waiting unrated.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Suicide Girls Ay 2 sets.rar.1.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Suicide Girls Ay 2 sets.rar.2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Suicide Girls Ay 2 sets.rar.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman 677 (2008) (Minutemen-Incrediblehunk).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman 679 (2008) (Minutemen-The Duke Boys).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman 680 (2008) (Minutemen-Zonylie).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman Batman.1.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman Batman.2.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Superman Batman.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\superman DCP.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Tae Bo - Focus Abs & Glutes.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Tae.Bo.Cardio.2004.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\the-fighters-stronghold.rar.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Curious Case of Benjamin Button.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Elder Scrolls IV - Oblivion Official Plugins.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The House Bunny 2008 DVDRip Xvid AC3-FLAWL3SS.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\THE LAST HOUSE ON THE LEFT T-MAN.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Monster Squad.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Real Ghostbusters.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Rocketeer.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The.House.Bunny.NTSC.DVDR.RoSubbed-BOW.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Timecrimes.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Twilight.2008.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Underworld Rise Of The Lycans ((2009)) DVDrip(divx)BigbrO.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Unreal Tournament 2004.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Virtual Sex With Monique Alexander.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\WATCHMEN #1-12 plus Extras from Absolute Edition.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\watchmen full 1 to 12 . Pdf version.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Yes.Man.DVDRip.XviD-DASH.torrent
c:\documents and settings\Owner\Application Data\DNA
c:\documents and settings\Owner\Application Data\DNA\dht.dat
c:\documents and settings\Owner\Application Data\DNA\dht.dat.old
c:\documents and settings\Owner\Application Data\DNA\dna.lng
c:\documents and settings\Owner\Application Data\DNA\resume.dat
c:\documents and settings\Owner\Application Data\DNA\resume.dat.old
c:\documents and settings\Owner\Application Data\DNA\rss.dat
c:\documents and settings\Owner\Application Data\DNA\rss.dat.old
c:\documents and settings\Owner\Application Data\DNA\settings.dat
c:\documents and settings\Owner\Application Data\DNA\settings.dat.old
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\SmitFraudFixPro
c:\program files\SmitFraudFixPro\A_VPSchedule.txt
c:\windows\system32\SET2061.tmp

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Part 2

Post by unclebeau on Wed Jun 03, 2009 6:54 pm

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 15:57 . 2009-06-03 15:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-03 15:17 . 2009-06-03 15:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-03 05:27 . 2009-06-03 05:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-03 04:53 . 2009-06-03 04:53 -------- d-----w- c:\program files\Trend Micro
2009-06-03 04:13 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 04:13 . 2009-06-03 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 04:13 . 2009-06-03 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 04:13 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 06:11 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-31 06:09 . 2009-05-31 06:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-31 06:08 . 2009-05-31 06:09 -------- d-----w- C:\dc501ccfd977a9bb8c1abb9df3
2009-05-31 06:08 . 2009-05-31 06:09 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-31 06:08 . 2009-05-31 06:08 -------- d-----w- c:\windows\system32\LogFiles
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\scripting
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\l2schemas
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\en
2009-05-30 14:42 . 2009-05-30 14:42 -------- d-----w- c:\windows\system32\bits
2009-05-30 14:39 . 2009-05-30 14:43 -------- d-----w- c:\windows\ServicePackFiles
2009-05-30 14:33 . 2009-05-30 14:33 -------- d-----w- c:\windows\EHome
2009-05-29 01:20 . 2009-05-29 01:20 127877 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-05-29 01:20 . 2009-05-29 01:20 1685856 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-19 12:20 . 2009-05-12 12:30 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 12:20 . 2009-05-12 12:30 3288344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 12:20 . 2009-05-12 12:30 424472 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 12:20 . 2009-05-12 12:30 486168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 12:20 . 2009-05-12 12:30 354584 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 12:20 . 2009-05-12 12:30 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 12:20 . 2009-05-12 12:30 177432 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 12:19 . 2009-05-12 12:29 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 12:19 . 2009-05-12 12:29 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-13 06:00 . 2009-05-13 06:09 965344 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-05-08 06:03 . 1999-06-09 14:40 29696 ----a-w- c:\windows\system32\Addon2VB.dll
2009-05-08 04:07 . 2009-06-03 04:05 -------- d-----w- c:\program files\eGames
2009-05-06 22:11 . 2009-05-06 22:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-06 22:05 . 2009-05-06 22:10 -------- d-----w- C:\UT2004
2009-05-04 22:54 . 2009-05-04 22:54 -------- d-----w- c:\program files\GPL MPEG Decoder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 22:10 . 2009-02-26 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-02 21:06 . 2009-03-02 23:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-31 08:35 . 2009-02-25 18:44 13496 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 14:44 . 2009-02-25 18:21 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-29 01:20 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-15 04:02 . 2009-02-26 00:32 -------- d-----w- c:\program files\Google
2009-05-12 12:30 . 2009-02-26 00:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-12 12:30 . 2009-02-26 00:35 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 12:30 . 2009-02-26 00:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-12 12:30 . 2009-02-26 00:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-11 21:58 . 2009-04-21 17:13 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-05-06 22:00 . 2009-04-14 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-28 01:41 . 2009-04-28 01:41 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-04-28 01:39 . 2009-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-28 01:38 . 2009-04-28 01:36 -------- d-----w- c:\program files\AIM6
2009-04-28 01:38 . 2009-04-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-04-28 01:37 . 2009-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-04-28 01:37 . 2009-04-28 01:37 -------- d-----w- c:\program files\Common Files\AOL
2009-04-15 19:27 . 2009-04-14 04:24 157280 ----a-w- c:\windows\hphins26.dat
2009-04-15 19:27 . 2009-04-15 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-04-15 17:31 . 2009-04-15 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-14 19:02 . 2009-04-14 19:02 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-04-14 04:59 . 2009-04-14 04:59 -------- d-----w- c:\program files\Common Files\LightScribe
2009-04-14 04:56 . 2009-04-14 04:56 -------- d-----w- c:\program files\Nero
2009-04-14 04:56 . 2009-04-14 04:56 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-14 04:27 . 2009-04-14 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-14 04:26 . 2009-04-14 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-14 04:26 . 2009-04-14 04:25 -------- d-----w- c:\program files\HP
2009-04-14 04:25 . 2009-04-14 04:25 -------- d-----w- c:\program files\Common Files\HP
2009-04-11 20:54 . 2009-04-11 20:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-11 20:53 . 2009-04-11 20:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-03-22 04:57 . 2009-03-22 05:08 331776 ----a-w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2009-03-21 22:45 . 2009-03-21 22:45 0 ----a-w- c:\windows\ativpsrm.bin
2009-03-21 15:25 . 2009-03-21 15:25 62304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-19 17:59 . 2009-03-19 17:59 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-06 14:44 . 2006-02-28 12:00 283648 ------w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-03 18:46 . 2009-06-03 18:46 16384 c:\windows\temp\Perflib_Perfdata_52c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-12 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/25/2009 8:35 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/25/2009 8:35 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/25/2009 2:34 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [3/21/2009 1:56 PM 8192]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/25/2009 8:35 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/25/2009 8:35 PM 298776]
S2 gupdate1c997a9ce12b68e;Google Update Service (gupdate1c997a9ce12b68e);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 8:33 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 05:03]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 00:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Part 3

Post by unclebeau on Wed Jun 03, 2009 6:55 pm

.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\farkdf6c.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-03 14:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1168)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\ALCFDRTM.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-06-03 14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 18:50
ComboFix2.txt 2009-06-03 18:12

Pre-Run: 140,705,071,104 bytes free
Post-Run: 140,690,550,784 bytes free

371 --- E O F --- 2009-05-31 07:01

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by Belahzur on Wed Jun 03, 2009 6:59 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Please, Please Help Me! I tried to install Malwarebytes...

Post by unclebeau on Wed Jun 03, 2009 7:10 pm

It's running great actually. Thank you so much. Hooray!

unclebeau
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-06-03
OS : XP
Points : 27417
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum