Author Topic: help can't remove trojan horse agent2.fmq virus and its killing me (Read 13495 times)

gearhead · « **on:** May 22, 2009, 12:19:33 AM »

I am desperately in need of some help in removing trojan horse agent2.fmq that avg found in my computer. There is 123 files infected all in system32 and all ending with .dll here is one example C:\Windows\System32\atmfd32.dll
Avg will not allow me to remove or heal in even in administrator mode it also says it cant go to the virus vault saying that it is full when there is absolutely nothing in it. The performance of the computer seems to be unaffected when idle it only shows between 1% to 4% under task manager. I followed all the required steps on the web sites and here are the logs

SUPERANTISPYWARE LOG

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2009 at 07:19 PM

Application Version : 4.26.1002

Core Rules Database Version : 3902
Trace Rules Database Version: 1848

Scan type : Complete Scan
Total Scan Time : 20:37:57

Memory items scanned : 763
Memory threats detected : 0
Registry items scanned : 8568
Registry threats detected : 0
File items scanned : 739469
File threats detected : 139

Adware.Tracking Cookie
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@apmebf[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@atdmt[2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@atwola[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@casalemedia[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@chitika[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@clickbank[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@clickcash[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@doubleclick[2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@imrworldwide[2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@invitemedia[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@media6degrees[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@mediaplex[2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@statcounter[1].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@tacoda[2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@apmebf[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@atdmt[2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@atwola[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@casalemedia[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@chitika[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@clickbank[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@clickcash[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@doubleclick[2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@imrworldwide[2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@invitemedia[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@media6degrees[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@mediaplex[2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@statcounter[1].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@tacoda[2].txt
   C:\Documents and Settings\Scott\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@advertising[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@apmebf[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@atdmt[2].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@atwola[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@casalemedia[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@chitika[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@clickbank[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@clickcash[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@doubleclick[2].txt
   C:\Documents and Settings\Scott\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@imrworldwide[2].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@invitemedia[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@media6degrees[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@mediaplex[2].txt
   C:\Documents and Settings\Scott\Cookies\Low\[email protected][1].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@statcounter[1].txt
   C:\Documents and Settings\Scott\Cookies\Low\[email protected][2].txt
   C:\Documents and Settings\Scott\Cookies\Low\scott@tacoda[2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@apmebf[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@atdmt[2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@atwola[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@casalemedia[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@chitika[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@clickbank[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@clickcash[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@doubleclick[2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@imrworldwide[2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@invitemedia[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@media6degrees[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@mediaplex[2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@statcounter[1].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@tacoda[2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@apmebf[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@atdmt[2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@atwola[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@casalemedia[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@chitika[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@clickbank[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@clickcash[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@doubleclick[2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@imrworldwide[2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@invitemedia[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@media6degrees[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@mediaplex[2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@statcounter[1].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Application Data\Microsoft\Windows\Cookies\Low\scott@tacoda[2].txt
   C:\Users\Scott\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Cookies\Low\scott@advertising[1].txt
   C:\Users\Scott\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\Cookies\Low\scott@apmebf[1].txt
   C:\Users\Scott\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Cookies\Low\scott@atdmt[2].txt
   C:\Users\Scott\Cookies\Low\scott@atwola[1].txt
   C:\Users\Scott\Cookies\Low\scott@casalemedia[1].txt
   C:\Users\Scott\Cookies\Low\scott@chitika[1].txt
   C:\Users\Scott\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\Cookies\Low\scott@clickbank[1].txt
   C:\Users\Scott\Cookies\Low\scott@clickcash[1].txt
   C:\Users\Scott\Cookies\Low\scott@doubleclick[2].txt
   C:\Users\Scott\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Cookies\Low\scott@imrworldwide[2].txt
   C:\Users\Scott\Cookies\Low\scott@invitemedia[1].txt
   C:\Users\Scott\Cookies\Low\scott@media6degrees[1].txt
   C:\Users\Scott\Cookies\Low\scott@mediaplex[2].txt
   C:\Users\Scott\Cookies\Low\[email protected][1].txt
   C:\Users\Scott\Cookies\Low\scott@statcounter[1].txt
   C:\Users\Scott\Cookies\Low\[email protected][2].txt
   C:\Users\Scott\Cookies\Low\scott@tacoda[2].txt

Adware.Vundo Variant
   C:\WINDOWS\SYSTEM32\CSRSRV32.DLL

MALWAREBYTES ANTI-MALWARE

Malwarebytes' Anti-Malware 1.36
Database version: 2161
Windows 6.0.6001 Service Pack 1

20/05/2009 11:37:42 PM
mbam-log-2009-05-20 (23-37-42).txt

Scan type: Quick Scan
Objects scanned: 81792
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:40 AM, on 21/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://video.manheim.com/lib/LiveSound.dll
O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} (LgbContent Control) - http://pre.liveglobalbid.com/lgbkc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M4iPodWPDService - Mediafour Corporation - C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 10234 bytes

Thank you in advance for your help and hope to please hear something soon.

evilfantasy · « **Reply #1 on:** May 22, 2009, 01:34:21 AM »

Right click HijackThis and select 'Run as Administrator' the select Do a system scan only.

Place a check mark next to the following entries: (if there)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

.
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

gearhead · « **Reply #2 on:** May 23, 2009, 12:55:54 PM »

thank you evilfantasy for your help i did everything in your post but the 125 infected virus are still there in my system32 files nothing changed. I don't even know what this virus does but it is driving me crazy, i use this computer for everything and now i am afraid to use it for anything. So please ,please respond soon i feel like my life is in stasis.

COMBOFIX LOG

ComboFix 09-05-22.05 - Trampy 23/05/2009 2:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3070.2011 [GMT -7:00]
Running from: c:\users\Trampy\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Scott\AppData\Roaming\inst.exe
c:\windows\system32\audiosrv32.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\chtbrkr32.dll
c:\windows\system32\KBL.LOG
c:\windows\winhelp.ini
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.

2009-05-23 09:10 . 2009-05-23 09:10   --------   d-----w   c:\users\Scott\AppData\Local\temp
2009-05-22 00:12 . 2009-05-06 18:06   4784464   ----a-w   c:\programdata\Microsoft\Windows Defender\Definition Updates\{68B15C52-6A44-4444-8D37-1F1C45C8AF87}\mpengine.dll
2009-05-20 15:46 . 2009-05-10 03:00   2051864   ----a-w   c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-20 15:46 . 2009-05-10 03:00   354584   ----a-w   c:\programdata\avg8\update\backup\avgxch32.dll
2009-05-20 15:46 . 2009-05-10 03:00   424472   ----a-w   c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-20 15:46 . 2009-05-10 02:59   177432   ----a-w   c:\programdata\avg8\update\backup\avgmail.dll
2009-05-20 15:46 . 2009-05-10 03:00   3288344   ----a-w   c:\programdata\avg8\update\backup\setup.exe
2009-05-20 15:46 . 2009-05-10 02:59   312088   ----a-w   c:\programdata\avg8\update\backup\avglngx.dll
2009-05-20 15:46 . 2009-05-10 03:00   486168   ----a-w   c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-20 15:46 . 2009-05-10 02:59   755992   ----a-w   c:\programdata\avg8\update\backup\avginet.dll
2009-05-20 15:46 . 2009-05-10 02:59   1437464   ----a-w   c:\programdata\avg8\update\backup\avgupd.dll
2009-05-14 03:51 . 2009-05-10 03:00   3399960   ----a-w   c:\programdata\avg8\update\backup\avgui.exe
2009-05-14 03:51 . 2009-05-10 03:00   2302232   ----a-w   c:\programdata\avg8\update\backup\avguiadv.dll
2009-05-10 07:59 . 2008-06-20 01:14   97800   ----a-w   c:\windows\system32\infocardapi.dll
2009-05-10 07:59 . 2008-06-20 01:14   43544   ----a-w   c:\windows\system32\PresentationHostProxy.dll
2009-05-10 07:59 . 2008-06-20 01:14   105016   ----a-w   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-10 07:59 . 2008-06-20 01:14   11264   ----a-w   c:\windows\system32\icardres.dll
2009-05-10 07:59 . 2008-06-20 01:14   622080   ----a-w   c:\windows\system32\icardagt.exe
2009-05-10 07:59 . 2008-06-20 01:14   781344   ----a-w   c:\windows\system32\PresentationNative_v0300.dll
2009-05-10 07:59 . 2008-06-20 01:14   326160   ----a-w   c:\windows\system32\PresentationHost.exe
2009-05-10 07:53 . 2008-07-27 18:03   96760   ----a-w   c:\windows\system32\dfshim.dll
2009-05-10 07:53 . 2008-07-27 18:03   282112   ----a-w   c:\windows\system32\mscoree.dll
2009-05-10 07:53 . 2008-07-27 18:03   41984   ----a-w   c:\windows\system32\netfxperf.dll
2009-05-10 07:53 . 2008-07-27 18:03   158720   ----a-w   c:\windows\system32\mscorier.dll
2009-05-10 07:52 . 2008-07-27 18:03   83968   ----a-w   c:\windows\system32\mscories.dll
2009-05-10 07:09 . 2009-05-10 07:09   --------   d-----w   c:\program files\Trend Micro
2009-05-10 07:01 . 2009-05-10 07:01   --------   d-----w   c:\program files\CCleaner
2009-05-10 06:49 . 2009-05-10 06:50   --------   d-----w   c:\programdata\AOL
2009-05-09 06:28 . 2009-05-09 06:28   680   ----a-w   c:\users\Trampy\AppData\Local\d3d9caps.dat
2009-05-08 22:35 . 2009-05-08 22:35   10134   ----a-r   c:\users\Trampy\AppData\Roaming\Microsoft\Installer\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}\ARPPRODUCTICON.exe
2009-05-08 22:33 . 2009-05-08 22:33   --------   d-----w   c:\users\Trampy\AppData\Roaming\Avery
2009-05-08 22:18 . 2009-05-08 22:18   --------   d-----w   c:\users\Trampy\AppData\Roaming\Yahoo!
2009-05-08 08:15 . 2009-05-08 08:15   --------   d-----w   c:\users\Trampy\AppData\Roaming\Malwarebytes
2009-05-08 08:15 . 2009-04-06 22:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-05-08 08:15 . 2009-04-06 22:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 08:15 . 2009-05-08 08:15   --------   d-----w   c:\programdata\Malwarebytes
2009-05-08 08:15 . 2009-05-08 08:15   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-05-07 05:03 . 2009-05-07 05:03   --------   d-----w   c:\programdata\SUPERAntiSpyware.com
2009-05-07 05:03 . 2009-05-23 08:25   --------   d-----w   c:\users\Trampy\AppData\Roaming\SUPERAntiSpyware.com
2009-05-07 05:03 . 2009-05-23 08:24   --------   d-----w   c:\program files\SUPERAntiSpyware
2009-05-06 21:59 . 2009-05-06 21:59   139264   ----a-w   c:\windows\system32\dmvdsitf3232.dll
2009-05-06 21:56 . 2009-05-06 21:56   139264   ----a-w   c:\windows\system32\dmscript323232.dll
2009-05-06 21:52 . 2009-05-06 21:52   139264   ----a-w   c:\windows\system32\dmdskres23232.dll
2009-05-06 21:50 . 2009-05-06 21:50   139264   ----a-w   c:\windows\system32\dmcompos3232.dll
2009-05-06 21:48 . 2009-05-06 21:48   139264   ----a-w   c:\windows\system32\dispci3232.dll
2009-05-06 21:47 . 2009-05-06 21:47   139264   ----a-w   c:\windows\system32\dinput83232.dll
2009-05-06 21:44 . 2009-05-06 21:44   139264   ----a-w   c:\windows\system32\difxapi3232.dll
2009-05-06 21:41 . 2009-05-06 21:41   139264   ----a-w   c:\windows\system32\dhcpcsvc63232.dll
2009-05-06 21:40 . 2009-05-06 21:40   139264   ----a-w   c:\windows\system32\dhcpcmonitor3232.dll
2009-05-06 21:39 . 2009-05-06 21:39   139264   ----a-w   c:\windows\system32\DfsShlEx32.dll
2009-05-06 21:37 . 2009-05-06 21:37   139264   ----a-w   c:\windows\system32\dfrgifps3232.dll
2009-05-06 21:35 . 2009-05-06 21:35   139264   ----a-w   c:\windows\system32\deskperf3232.dll
2009-05-06 21:33 . 2009-05-06 21:33   139264   ----a-w   c:\windows\system32\deploytk3232.dll
2009-05-06 21:31 . 2009-05-06 21:31   139264   ----a-w   c:\windows\system32\DDACLSys3232.dll
2009-05-06 20:57 . 2009-05-06 20:57   139264   ----a-w   c:\windows\system32\dwmredir32.dll
2009-05-06 20:53 . 2009-05-06 20:53   139264   ----a-w   c:\windows\system32\dsprop32.dll
2009-05-06 20:52 . 2009-05-06 20:52   139264   ----a-w   c:\windows\system32\dskquoui32.dll
2009-05-06 20:48 . 2009-05-06 20:48   139264   ----a-w   c:\windows\system32\drmmgrtn32.dll
2009-05-06 20:47 . 2009-05-06 20:47   139264   ----a-w   c:\windows\system32\dps32.dll
2009-05-06 20:43 . 2009-05-06 20:43   139264   ----a-w   c:\windows\system32\dot3ui32.dll
2009-05-06 20:42 . 2009-05-06 20:42   139264   ----a-w   c:\windows\system32\dot3msm32.dll
2009-05-06 20:41 . 2009-05-06 20:41   139264   ----a-w   c:\windows\system32\dot3gpclnt32.dll
2009-05-06 20:39 . 2009-05-06 20:39   139264   ----a-w   c:\windows\system32\dnssd32.dll
2009-05-06 20:38 . 2009-05-06 20:38   139264   ----a-w   c:\windows\system32\dnshc32.dll
2009-05-06 20:37 . 2009-05-06 20:37   139264   ----a-w   c:\windows\system32\dmvdsitf32.dll
2009-05-06 20:33 . 2009-05-06 20:33   139264   ----a-w   c:\windows\system32\dmintf3232.dll
2009-05-06 20:27 . 2009-05-06 20:27   139264   ----a-w   c:\windows\system32\dimsroam3232.dll
2009-05-06 20:26 . 2009-05-06 20:26   139264   ----a-w   c:\windows\system32\dimsjob32.dll
2009-05-06 20:25 . 2009-05-06 20:25   139264   ----a-w   c:\windows\system32\diagperf32.dll
2009-05-06 20:25 . 2009-05-07 03:34   --------   d--h--w   C:\$AVG8.VAULT$
2009-05-06 20:23 . 2009-05-06 20:23   139264   ----a-w   c:\windows\system32\dmdskres232.dll
2009-05-06 16:51 . 2009-05-06 16:51   0   ----a-w   c:\users\Trampy\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-05-04 19:46 . 2009-05-04 19:46   --------   d-----w   c:\users\Trampy\AppData\Roaming\Shareaza
2009-05-04 19:46 . 2009-05-04 19:46   --------   d-----w   c:\users\Trampy\AppData\Local\Shareaza
2009-05-03 09:05 . 2009-05-03 09:05   --------   d-----w   c:\program files\Shareaza
2009-05-03 09:05 . 2009-05-03 09:05   --------   d-----w   c:\users\Scott\AppData\Roaming\Shareaza
2009-05-03 09:05 . 2009-05-03 09:05   --------   d-----w   c:\users\Scott\AppData\Local\Shareaza
2009-05-03 08:41 . 2009-05-03 09:12   --------   d-----w   c:\program files\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 08:57 . 2008-06-07 08:01   --------   d-----w   c:\programdata\avg8
2009-05-23 08:24 . 2009-03-04 00:50   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-05-14 03:50 . 2008-03-22 03:34   27430   ----a-w   c:\users\Trampy\AppData\Roaming\nvModes.dat
2009-05-13 10:00 . 2006-11-02 11:18   --------   d-----w   c:\program files\Windows Mail
2009-05-11 04:39 . 2008-03-26 06:52   --------   d-----w   c:\users\Trampy\AppData\Roaming\Skype
2009-05-11 03:06 . 2008-06-14 03:33   --------   d-----w   c:\users\Trampy\AppData\Roaming\skypePM
2009-05-10 09:14 . 2008-03-22 02:11   114176   ----a-w   c:\users\Trampy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-10 09:09 . 2008-03-22 02:06   --------   d-----w   c:\program files\Yahoo!
2009-05-10 08:14 . 2008-03-22 04:20   114176   ----a-w   c:\users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-10 08:11 . 2007-11-26 05:02   --------   d-----w   c:\programdata\Microsoft Help
2009-05-10 06:52 . 2007-11-26 03:22   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-05-10 06:52 . 2008-03-22 02:00   --------   d-----w   c:\program files\Electronic Arts
2009-05-06 23:39 . 2008-03-22 03:56   --------   d-----w   c:\users\Trampy\AppData\Roaming\FrostWire
2009-05-06 20:24 . 2009-05-06 20:24   139264   ----a-w   c:\windows\system32\d3dx9_313232.dll
2009-05-06 20:23 . 2009-05-06 20:23   139264   ----a-w   c:\windows\system32\dmcompos32.dll
2009-05-03 19:15 . 2008-03-22 04:34   --------   d-----w   c:\users\Scott\AppData\Roaming\FrostWire
2009-05-03 09:13 . 2008-03-22 03:56   --------   d-----w   c:\program files\FrostWire
2009-05-03 08:58 . 2009-05-03 08:42   --------   d-----w   c:\users\Scott\AppData\Roaming\LimeWire
2009-04-19 19:13 . 2008-03-22 19:33   --------   d-----w   c:\programdata\DVD Shrink
2009-04-13 05:42 . 2008-04-05 22:07   --------   d-----w   c:\users\Trampy\AppData\Roaming\Image Zone Express
2009-04-13 05:36 . 2007-11-26 05:08   --------   d-----w   c:\programdata\HP
2009-04-05 19:22 . 2009-04-05 19:22   --------   d-----w   c:\program files\TOD 042009
2009-03-29 06:29 . 2009-03-29 06:29   --------   d-----w   c:\users\Scott\AppData\Roaming\Vso
2009-03-29 06:29 . 2009-03-29 06:29   47360   ----a-w   c:\windows\system32\drivers\pcouffin.sys
2009-03-29 06:29 . 2009-03-29 06:29   47360   ----a-w   c:\users\Scott\AppData\Roaming\pcouffin.sys
2009-03-29 06:29 . 2009-03-29 06:29   47360   ----a-w   c:\users\Scott\AppData\Roaming\pcouffin.sys
2009-03-29 06:29 . 2009-03-29 06:28   --------   d-----w   c:\program files\DVDFab 5
2009-03-27 07:39 . 2007-11-26 05:37   --------   d-----w   c:\program files\Java
2009-03-24 16:39 . 2008-06-13 01:00   139163   ----a-w   c:\windows\hpoins15.dat
2009-03-17 03:38 . 2009-04-15 00:42   13824   ----a-w   c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 00:42   24064   ----a-w   c:\windows\system32\amxread.dll
2009-03-09 12:19 . 2009-01-06 05:27   410984   ----a-w   c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-10 08:05   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-10 08:05   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-10 08:05   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-10 08:05   109056   ----a-w   c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-10 08:05   109568   ----a-w   c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-10 08:05   132608   ----a-w   c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-10 08:05   107520   ----a-w   c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-10 08:05   107008   ----a-w   c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-10 08:05   103936   ----a-w   c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-10 08:05   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-10 08:05   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-10 08:05   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-10 08:05   66560   ----a-w   c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-10 08:05   169472   ----a-w   c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-10 08:05   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-10 08:05   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-10 08:05   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-10 08:05   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-06 18:54 . 2008-03-25 05:48   4718   ----a-w   c:\users\Trampy\AppData\Roaming\wklnhst.dat
2009-03-03 04:46 . 2009-04-15 00:42   3599328   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 00:42   3547632   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 00:42   183296   ----a-w   c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 00:42   551424   ----a-w   c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 00:42   26112   ----a-w   c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 00:42   98304   ----a-w   c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 00:42   54784   ----a-w   c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 00:42   44032   ----a-w   c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 00:42   666624   ----a-w   c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 00:42   17408   ----a-w   c:\windows\system32\iashost.exe
2008-08-23 20:23 . 2008-08-23 20:23   22   --sha-w   c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-10 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-6-6 967960]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-11-25 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334D7D46-1D66-4022-9908-87E1DE0A7302}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB94DB1A-C77D-4DCA-92AD-54C57CE00BEE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{024EC2AC-121D-42C7-B3BF-433BBDDF1748}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{547192FF-6A40-4864-9D00-AFECDB174310}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{391B6388-EF39-4888-80F0-848D80BEDBAC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A39F5BBE-109E-486E-890C-52083EB71AC6}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1549E52B-0550-4D8C-B4D8-F2F2E329B029}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9DCE8ADF-2ADB-48A7-B6C2-40E215C1E407}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{37823207-F53D-459C-9145-89EC4EFD9396}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{18BBEB1E-B2C8-4BDD-AFA4-398D088275EE}"= Disabled:UDP:c:\users\Scott\AppData\Local\Temp\7zS9DCD.tmp\setup\HPZnui01.exe:hpznui01.exe
"{069B6ECC-8E0D-407F-A5DA-457984E02139}"= Disabled:TCP:c:\users\Scott\AppData\Local\Temp\7zS9DCD.tmp\setup\HPZnui01.exe:hpznui01.exe
"{85259C0D-B7E5-4C74-9244-93EE52C1C830}"= Disabled:UDP:c:\users\Trampy\AppData\Local\Temp\7zS7D98.tmp\setup\HPZnui01.exe:hpznui01.exe
"{41CE7228-B13A-48FA-A9E5-97BA526D78A9}"= Disabled:TCP:c:\users\Trampy\AppData\Local\Temp\7zS7D98.tmp\setup\HPZnui01.exe:hpznui01.exe
"{61EE5DA8-B126-4D58-A1E1-39A0139D5D32}"= Disabled:UDP:c:\users\Trampy\AppData\Local\Temp\7zS7FC9.tmp\setup\HPZnui01.exe:hpznui01.exe
"{C9812562-C151-4011-9FEC-3DD314C5CE9A}"= Disabled:TCP:c:\users\Trampy\AppData\Local\Temp\7zS7FC9.tmp\setup\HPZnui01.exe:hpznui01.exe
"{3A0F950A-CF7D-4A65-AF95-161B767DA018}"= Disabled:UDP:c:\users\Trampy\AppData\Local\Temp\7zSF160.tmp\setup\HPZnui01.exe:hpznui01.exe
"{FAD2E12F-7D82-47E0-83B8-04DE22178A02}"= Disabled:TCP:c:\users\Trampy\AppData\Local\Temp\7zSF160.tmp\setup\HPZnui01.exe:hpznui01.exe
"{08F2A214-F5B0-4B86-AD7C-6633EBEFC297}"= Disabled:UDP:c:\users\Trampy\AppData\Local\Temp\7zS8822.tmp\setup\HPZnui01.exe:hpznui01.exe
"{C390FFF2-A1F0-47A8-A853-8671830BE557}"= Disabled:TCP:c:\users\Trampy\AppData\Local\Temp\7zS8822.tmp\setup\HPZnui01.exe:hpznui01.exe
"{DC731DB9-23FC-4534-AABF-51FE12018A88}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5D77B784-BAAD-48E3-8C2D-B1286B73032E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{953E10EA-2A67-487E-A725-CC550BE71468}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{A04F628A-AA4E-408D-8F2F-94DB898D9BD8}"= UDP:c:\program files\HP\Photosmart Essential\UserTrackUtility.exe:Enable HP Product Improvement Data Collection
"{F5FA984C-88E8-4E3F-AECA-202CC0F4C0E4}"= TCP:c:\program files\HP\Photosmart Essential\UserTrackUtility.exe:Enable HP Product Improvement Data Collection
"{41F7482A-5C03-4786-82E6-CF858CD2E281}"= UDP:c:\program files\HP\Digital Imaging\bin\hpqdirec.exe:HP Solution Center
"{F852C74E-73AA-4055-A6C4-361989A3FF45}"= TCP:c:\program files\HP\Digital Imaging\bin\hpqdirec.exe:HP Solution Center
"{C68F2381-8457-4DDF-B64D-326BB3153A2E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DC03CD86-D09C-4081-BB36-759C5D5C4C00}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3A597B70-96C8-4BE1-83E4-DF52C2C588CC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{684C5F2F-5777-4148-ABAB-9DEA23B6DA12}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{BF4A58F8-269B-414E-A2E9-7EAFA65BF846}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{9B618E5A-FE77-4893-A8A3-23655226787F}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [12/02/2008 8:58 AM 279808]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [23/01/2008 1:31 PM 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile   REG_MULTI_SZ     wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ     WcesComm RapiMgr
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\User_Feed_Synchronization-{B1C2A2BD-0430-464E-B358-34383BAF06DD}.job
- c:\windows\system32\msfeedssync.exe [2009-05-10 11:31]

2009-05-23 c:\windows\Tasks\User_Feed_Synchronization-{FED050BD-772C-4099-AEC5-36373193B218}.job
- c:\windows\system32\msfeedssync.exe [2009-05-10 11:31]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 02:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-23 2:12
ComboFix-quarantined-files.txt 2009-05-23 09:12

Pre-Run: 104,161,280,000 bytes free
Post-Run: 107,909,668,864 bytes free

322   --- E O F ---   2009-05-22 00:12

evilfantasy · « **Reply #3 on:** May 24, 2009, 11:41:55 AM »

Sorry for the delay.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

FixCSet::

File::
c:\windows\system32\dmvdsitf3232.dll
c:\windows\system32\dmscript323232.dll
c:\windows\system32\dmdskres23232.dll
c:\windows\system32\dmcompos3232.dll
c:\windows\system32\dispci3232.dll
c:\windows\system32\dinput83232.dll
c:\windows\system32\difxapi3232.dll
c:\windows\system32\dhcpcsvc63232.dll
c:\windows\system32\dhcpcmonitor3232.dll
c:\windows\system32\DfsShlEx32.dll
c:\windows\system32\dfrgifps3232.dll
c:\windows\system32\deskperf3232.dll
c:\windows\system32\deploytk3232.dll
c:\windows\system32\DDACLSys3232.dll
c:\windows\system32\dwmredir32.dll
c:\windows\system32\dsprop32.dll
c:\windows\system32\dskquoui32.dll
c:\windows\system32\drmmgrtn32.dll
c:\windows\system32\dps32.dll
c:\windows\system32\dot3ui32.dll
c:\windows\system32\dot3msm32.dll
c:\windows\system32\dot3gpclnt32.dll
c:\windows\system32\dnssd32.dll
c:\windows\system32\dnshc32.dll
c:\windows\system32\dmvdsitf32.dll
c:\windows\system32\dmintf3232.dll
c:\windows\system32\dimsroam3232.dll
c:\windows\system32\dimsjob32.dll
c:\windows\system32\diagperf32.dll
c:\windows\system32\dmdskres232.dll
c:\users\Trampy\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

gearhead · « **Reply #4 on:** May 24, 2009, 06:54:56 PM »

process done but majority are still there and now there are more in C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\DDACLSys3232.dll
(about 32 infected files like this, the other 96 or so are still in system32)
What ever that is and i can't delete them because avg is still telling me the virus valut is full when it is empty. I am really appreciating your help and hoping that we are somewhere near the end, please respond soon. Here is the new log

COMBOFIX LOG attempt number 2

ComboFix 09-05-22.05 - Trampy 24/05/2009 13:07.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3070.1640 [GMT -7:00]
Running from: c:\users\Trampy\Desktop\ComboFix.exe
Command switches used :: c:\users\Trampy\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
c:\users\Trampy\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\windows\system32\DDACLSys3232.dll
c:\windows\system32\deploytk3232.dll
c:\windows\system32\deskperf3232.dll
c:\windows\system32\dfrgifps3232.dll
c:\windows\system32\DfsShlEx32.dll
c:\windows\system32\dhcpcmonitor3232.dll
c:\windows\system32\dhcpcsvc63232.dll
c:\windows\system32\diagperf32.dll
c:\windows\system32\difxapi3232.dll
c:\windows\system32\dimsjob32.dll
c:\windows\system32\dimsroam3232.dll
c:\windows\system32\dinput83232.dll
c:\windows\system32\dispci3232.dll
c:\windows\system32\dmcompos3232.dll
c:\windows\system32\dmdskres232.dll
c:\windows\system32\dmdskres23232.dll
c:\windows\system32\dmintf3232.dll
c:\windows\system32\dmscript323232.dll
c:\windows\system32\dmvdsitf32.dll
c:\windows\system32\dmvdsitf3232.dll
c:\windows\system32\dnshc32.dll
c:\windows\system32\dnssd32.dll
c:\windows\system32\dot3gpclnt32.dll
c:\windows\system32\dot3msm32.dll
c:\windows\system32\dot3ui32.dll
c:\windows\system32\dps32.dll
c:\windows\system32\drmmgrtn32.dll
c:\windows\system32\dskquoui32.dll
c:\windows\system32\dsprop32.dll
c:\windows\system32\dwmredir32.dll
.
PEV Error: LocalSettingsFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Trampy\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\windows\system32\DDACLSys3232.dll
c:\windows\system32\deploytk3232.dll
c:\windows\system32\deskperf3232.dll
c:\windows\system32\dfrgifps3232.dll
c:\windows\system32\DfsShlEx32.dll
c:\windows\system32\dhcpcmonitor3232.dll
c:\windows\system32\dhcpcsvc63232.dll
c:\windows\system32\diagperf32.dll
c:\windows\system32\difxapi3232.dll
c:\windows\system32\dimsjob32.dll
c:\windows\system32\dimsroam3232.dll
c:\windows\system32\dinput83232.dll
c:\windows\system32\dispci3232.dll
c:\windows\system32\dmcompos3232.dll
c:\windows\system32\dmdskres232.dll
c:\windows\system32\dmdskres23232.dll
c:\windows\system32\dmintf3232.dll
c:\windows\system32\dmscript323232.dll
c:\windows\system32\dmvdsitf32.dll
c:\windows\system32\dmvdsitf3232.dll
c:\windows\system32\dnshc32.dll
c:\windows\system32\dnssd32.dll
c:\windows\system32\dot3gpclnt32.dll
c:\windows\system32\dot3msm32.dll
c:\windows\system32\dot3ui32.dll
c:\windows\system32\dps32.dll
c:\windows\system32\drmmgrtn32.dll
c:\windows\system32\dskquoui32.dll
c:\windows\system32\dsprop32.dll
c:\windows\system32\dwmredir32.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 09:23 . 2009-05-23 09:23   11952   ----a-w   c:\windows\system32\avgrsstx.dll
2009-05-23 09:23 . 2009-05-23 09:23   108552   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-05-23 09:22 . 2009-05-23 09:22   325896   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-05-23 09:22 . 2009-05-24 16:10   --------   d-----w   c:\windows\system32\drivers\Avg
2009-05-23 09:22 . 2009-05-23 09:22   27784   ----a-w   c:\windows\system32\drivers\avgmfx86.sys
2009-05-23 09:12 . 2009-05-24 07:46   --------   d-----w   c:\users\Scott\AppData\Local\temp
2009-05-22 00:12 . 2009-05-06 18:06   4784464   ----a-w   c:\programdata\Microsoft\Windows Defender\Definition Updates\{68B15C52-6A44-4444-8D37-1F1C45C8AF87}\mpengine.dll
2009-05-20 15:46 . 2009-05-10 03:00   2051864   ----a-w   c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-20 15:46 . 2009-05-10 03:00   354584   ----a-w   c:\programdata\avg8\update\backup\avgxch32.dll
2009-05-20 15:46 . 2009-05-10 03:00   424472   ----a-w   c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-20 15:46 . 2009-05-10 02:59   177432   ----a-w   c:\programdata\avg8\update\backup\avgmail.dll
2009-05-20 15:46 . 2009-05-10 03:00   3288344   ----a-w   c:\programdata\avg8\update\backup\setup.exe
2009-05-20 15:46 . 2009-05-10 02:59   312088   ----a-w   c:\programdata\avg8\update\backup\avglngx.dll
2009-05-20 15:46 . 2009-05-10 03:00   486168   ----a-w   c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-20 15:46 . 2009-05-10 02:59   755992   ----a-w   c:\programdata\avg8\update\backup\avginet.dll
2009-05-20 15:46 . 2009-05-10 02:59   1437464   ----a-w   c:\programdata\avg8\update\backup\avgupd.dll
2009-05-14 03:51 . 2009-05-10 03:00   3399960   ----a-w   c:\programdata\avg8\update\backup\avgui.exe
2009-05-14 03:51 . 2009-05-10 03:00   2302232   ----a-w   c:\programdata\avg8\update\backup\avguiadv.dll
2009-05-10 07:59 . 2008-06-20 01:14   97800   ----a-w   c:\windows\system32\infocardapi.dll
2009-05-10 07:59 . 2008-06-20 01:14   43544   ----a-w   c:\windows\system32\PresentationHostProxy.dll
2009-05-10 07:59 . 2008-06-20 01:14   105016   ----a-w   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-10 07:59 . 2008-06-20 01:14   11264   ----a-w   c:\windows\system32\icardres.dll
2009-05-10 07:59 . 2008-06-20 01:14   622080   ----a-w   c:\windows\system32\icardagt.exe
2009-05-10 07:59 . 2008-06-20 01:14   781344   ----a-w   c:\windows\system32\PresentationNative_v0300.dll
2009-05-10 07:59 . 2008-06-20 01:14   326160   ----a-w   c:\windows\system32\PresentationHost.exe
2009-05-10 07:53 . 2008-07-27 18:03   96760   ----a-w   c:\windows\system32\dfshim.dll
2009-05-10 07:53 . 2008-07-27 18:03   282112   ----a-w   c:\windows\system32\mscoree.dll
2009-05-10 07:53 . 2008-07-27 18:03   41984   ----a-w   c:\windows\system32\netfxperf.dll
2009-05-10 07:53 . 2008-07-27 18:03   158720   ----a-w   c:\windows\system32\mscorier.dll
2009-05-10 07:52 . 2008-07-27 18:03   83968   ----a-w   c:\windows\system32\mscories.dll
2009-05-10 07:09 . 2009-05-10 07:09   --------   d-----w   c:\program files\Trend Micro
2009-05-10 07:01 . 2009-05-10 07:01   --------   d-----w   c:\program files\CCleaner
2009-05-10 06:49 . 2009-05-10 06:50   --------   d-----w   c:\programdata\AOL
2009-05-09 06:28 . 2009-05-09 06:28   680   ----a-w   c:\users\Trampy\AppData\Local\d3d9caps.dat
2009-05-08 22:35 . 2009-05-08 22:35   10134   ----a-r   c:\users\Trampy\AppData\Roaming\Microsoft\Installer\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}\ARPPRODUCTICON.exe
2009-05-08 22:33 . 2009-05-08 22:33   --------   d-----w   c:\users\Trampy\AppData\Roaming\Avery
2009-05-08 22:18 . 2009-05-08 22:18   --------   d-----w   c:\users\Trampy\AppData\Roaming\Yahoo!
2009-05-08 08:15 . 2009-05-08 08:15   --------   d-----w   c:\users\Trampy\AppData\Roaming\Malwarebytes
2009-05-08 08:15 . 2009-04-06 22:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-05-08 08:15 . 2009-04-06 22:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 08:15 . 2009-05-08 08:15   --------   d-----w   c:\programdata\Malwarebytes
2009-05-08 08:15 . 2009-05-08 08:15   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-05-07 05:03 . 2009-05-07 05:03   --------   d-----w   c:\programdata\SUPERAntiSpyware.com
2009-05-07 05:03 . 2009-05-23 08:25   --------   d-----w   c:\users\Trampy\AppData\Roaming\SUPERAntiSpyware.com
2009-05-07 05:03 . 2009-05-23 08:24   --------   d-----w   c:\program files\SUPERAntiSpyware
2009-05-06 20:25 . 2009-05-07 03:34   --------   d--h--w   C:\$AVG8.VAULT$
2009-05-06 20:23 . 2009-05-06 20:23   139264   ----a-w   c:\windows\system32\dmcompos32.dll
2009-05-04 19:46 . 2009-05-04 19:46   --------   d-----w   c:\users\Trampy\AppData\Roaming\Shareaza
2009-05-04 19:46 . 2009-05-04 19:46   --------   d-----w   c:\users\Trampy\AppData\Local\Shareaza
2009-05-03 09:05 . 2009-05-03 09:05   --------   d-----w   c:\program files\Shareaza
2009-05-03 09:05 . 2009-05-03 09:05   --------   d-----w   c:\users\Scott\AppData\Roaming\Shareaza
2009-05-03 09:05 . 2009-05-03 09:05   --------   d-----w   c:\users\Scott\AppData\Local\Shareaza
2009-05-03 08:41 . 2009-05-03 09:12   --------   d-----w   c:\program files\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 09:22 . 2008-06-07 08:01   --------   d-----w   c:\programdata\avg8
2009-05-23 08:24 . 2009-03-04 00:50   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-05-14 03:50 . 2008-03-22 03:34   27430   ----a-w   c:\users\Trampy\AppData\Roaming\nvModes.dat
2009-05-13 10:00 . 2006-11-02 11:18   --------   d-----w   c:\program files\Windows Mail
2009-05-11 04:39 . 2008-03-26 06:52   --------   d-----w   c:\users\Trampy\AppData\Roaming\Skype
2009-05-11 03:06 . 2008-06-14 03:33   --------   d-----w   c:\users\Trampy\AppData\Roaming\skypePM
2009-05-10 09:14 . 2008-03-22 02:11   114176   ----a-w   c:\users\Trampy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-10 09:09 . 2008-03-22 02:06   --------   d-----w   c:\program files\Yahoo!
2009-05-10 08:14 . 2008-03-22 04:20   114176   ----a-w   c:\users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-10 08:11 . 2007-11-26 05:02   --------   d-----w   c:\programdata\Microsoft Help
2009-05-10 06:52 . 2007-11-26 03:22   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-05-10 06:52 . 2008-03-22 02:00   --------   d-----w   c:\program files\Electronic Arts
2009-05-06 23:39 . 2008-03-22 03:56   --------   d-----w   c:\users\Trampy\AppData\Roaming\FrostWire
2009-05-06 20:24 . 2009-05-06 20:24   139264   ----a-w   c:\windows\system32\d3dx9_313232.dll
2009-05-06 20:23 . 2009-05-06 20:23   139264   ----a-w   c:\windows\system32\dispci32.dll
2009-05-03 19:15 . 2008-03-22 04:34   --------   d-----w   c:\users\Scott\AppData\Roaming\FrostWire
2009-05-03 09:13 . 2008-03-22 03:56   --------   d-----w   c:\program files\FrostWire
2009-05-03 08:58 . 2009-05-03 08:42   --------   d-----w   c:\users\Scott\AppData\Roaming\LimeWire
2009-04-19 19:13 . 2008-03-22 19:33   --------   d-----w   c:\programdata\DVD Shrink
2009-04-13 05:42 . 2008-04-05 22:07   --------   d-----w   c:\users\Trampy\AppData\Roaming\Image Zone Express
2009-04-13 05:36 . 2007-11-26 05:08   --------   d-----w   c:\programdata\HP
2009-04-05 19:22 . 2009-04-05 19:22   --------   d-----w   c:\program files\TOD 042009
2009-03-29 06:29 . 2009-03-29 06:29   --------   d-----w   c:\users\Scott\AppData\Roaming\Vso
2009-03-29 06:29 . 2009-03-29 06:29   47360   ----a-w   c:\windows\system32\drivers\pcouffin.sys
2009-03-29 06:29 . 2009-03-29 06:29   47360   ----a-w   c:\users\Scott\AppData\Roaming\pcouffin.sys
2009-03-29 06:29 . 2009-03-29 06:29   47360   ----a-w   c:\users\Scott\AppData\Roaming\pcouffin.sys
2009-03-29 06:29 . 2009-03-29 06:28   --------   d-----w   c:\program files\DVDFab 5
2009-03-27 07:39 . 2007-11-26 05:37   --------   d-----w   c:\program files\Java
2009-03-24 16:39 . 2008-06-13 01:00   139163   ----a-w   c:\windows\hpoins15.dat
2009-03-17 03:38 . 2009-04-15 00:42   13824   ----a-w   c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 00:42   24064   ----a-w   c:\windows\system32\amxread.dll
2009-03-09 12:19 . 2009-01-06 05:27   410984   ----a-w   c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-10 08:05   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-10 08:05   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-10 08:05   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-10 08:05   109056   ----a-w   c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-10 08:05   109568   ----a-w   c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-10 08:05   132608   ----a-w   c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-10 08:05   107520   ----a-w   c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-10 08:05   107008   ----a-w   c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-10 08:05   103936   ----a-w   c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-10 08:05   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-10 08:05   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-10 08:05   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-10 08:05   66560   ----a-w   c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-10 08:05   169472   ----a-w   c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-10 08:05   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-10 08:05   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-10 08:05   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-10 08:05   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-06 18:54 . 2008-03-25 05:48   4718   ----a-w   c:\users\Trampy\AppData\Roaming\wklnhst.dat
2009-03-03 04:46 . 2009-04-15 00:42   3599328   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 00:42   3547632   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 00:42   183296   ----a-w   c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 00:42   551424   ----a-w   c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 00:42   26112   ----a-w   c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 00:42   98304   ----a-w   c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 00:42   54784   ----a-w   c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 00:42   44032   ----a-w   c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 00:42   666624   ----a-w   c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 00:42   17408   ----a-w   c:\windows\system32\iashost.exe
2008-08-23 20:23 . 2008-08-23 20:23   22   --sha-w   c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-23_09.10.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-26 03:18 . 2009-05-24 20:14   45968 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-24 20:14   94868 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-22 09:49 . 2009-05-22 17:45   16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-22 09:49 . 2009-05-23 09:24   16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-22 09:49 . 2009-05-22 17:45   49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-22 09:49 . 2009-05-23 09:24   49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-22 09:49 . 2009-05-22 17:45   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-22 09:49 . 2009-05-23 09:24   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-22 17:32 . 2009-05-21 06:13   5700 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-03-22 17:32 . 2009-05-24 20:11   5700 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-03-22 01:58 . 2009-05-24 20:14   8612 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3414194690-3933354525-3287570163-1000_UserData.bin
- 2009-05-23 08:58 . 2009-05-23 08:58   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-24 20:12 . 2009-05-24 20:12   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-21 19:32 . 2009-05-24 19:55   468512 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-03-22 02:46 . 2009-05-24 20:11   129960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-23 1947928]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-10 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-6-6 967960]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-11-25 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334D7D46-1D66-4022-9908-87E1DE0A7302}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB94DB1A-C77D-4DCA-92AD-54C57CE00BEE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{024EC2AC-121D-42C7-B3BF-433BBDDF1748}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{547192FF-6A40-4864-9D00-AFECDB174310}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{391B6388-EF39-4888-80F0-848D80BEDBAC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A39F5BBE-109E-486E-890C-52083EB71AC6}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1549E52B-0550-4D8C-B4D8-F2F2E329B029}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9DCE8ADF-2ADB-48A7-B6C2-40E215C1E407}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{37823207-F53D-459C-9145-89EC4EFD9396}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{18BBEB1E-B2C8-4BDD-AFA4-398D088275EE}"= Disabled:UDP:c:\users\Scott\AppData\Local\Temp\7zS9DCD.tmp\setup\HPZnui01.exe:hpznui01.exe
"{069B6ECC-8E0D-407F-A5DA-457984E02139}"= Disabled:TCP:c:\users\Scott\AppData\Local\Temp\7zS9DCD.tmp\setup\HPZnui01.exe:hpznui01.exe
"{85259C0D-B7E5-4C74-9244-93EE52C1C830}"= Disabled:UDP:c:\users\Trampy\AppData\Local\Temp\7zS7D98.tmp\setup\HPZnui01.exe:hpznui01.exe
"{41CE7228-B13A-48FA-A9E5-97BA526D78A9}"= Disabled:TCP:c:\users\Trampy\AppData\Local\Temp\7zS7D98.tmp\setup\HPZnui01.exe:hpznui01.exe
"{61EE5DA8-B126-4D58-A1E1-39A0139D5D32}"= Disabled:UDP:c:\users\Trampy\AppData\Local\Temp\7zS7FC9.tmp\setup\HPZnui01.exe:hpznui01.exe
"{C9812562-C151-4011-9FEC-3DD314C5CE9A}"= Disabled:TCP:c:\users\Trampy\AppData\Local\Temp\7zS7FC9.tmp\setup\HPZnui01.exe:hpznui01.exe
"{3A0F950A-CF7D-4A65-AF95-161B767DA018}"= Disabled:UDP:c:\users\Trampy\AppData\Local\Temp\7zSF160.tmp\setup\HPZnui01.exe:hpznui01.exe
"{FAD2E12F-7D82-47E0-83B8-04DE22178A02}"= Disabled:TCP:c:\users\Trampy\AppData\Local\Temp\7zSF160.tmp\setup\HPZnui01.exe:hpznui01.exe
"{08F2A214-F5B0-4B86-AD7C-6633EBEFC297}"= Disabled:UDP:c:\users\Trampy\AppData\Local\Temp\7zS8822.tmp\setup\HPZnui01.exe:hpznui01.exe
"{C390FFF2-A1F0-47A8-A853-8671830BE557}"= Disabled:TCP:c:\users\Trampy\AppData\Local\Temp\7zS8822.tmp\setup\HPZnui01.exe:hpznui01.exe
"{DC731DB9-23FC-4534-AABF-51FE12018A88}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5D77B784-BAAD-48E3-8C2D-B1286B73032E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{953E10EA-2A67-487E-A725-CC550BE71468}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{A04F628A-AA4E-408D-8F2F-94DB898D9BD8}"= UDP:c:\program files\HP\Photosmart Essential\UserTrackUtility.exe:Enable HP Product Improvement Data Collection
"{F5FA984C-88E8-4E3F-AECA-202CC0F4C0E4}"= TCP:c:\program files\HP\Photosmart Essential\UserTrackUtility.exe:Enable HP Product Improvement Data Collection
"{41F7482A-5C03-4786-82E6-CF858CD2E281}"= UDP:c:\program files\HP\Digital Imaging\bin\hpqdirec.exe:HP Solution Center
"{F852C74E-73AA-4055-A6C4-361989A3FF45}"= TCP:c:\program files\HP\Digital Imaging\bin\hpqdirec.exe:HP Solution Center
"{C68F2381-8457-4DDF-B64D-326BB3153A2E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DC03CD86-D09C-4081-BB36-759C5D5C4C00}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3A597B70-96C8-4BE1-83E4-DF52C2C588CC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{684C5F2F-5777-4148-ABAB-9DEA23B6DA12}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{BF4A58F8-269B-414E-A2E9-7EAFA65BF846}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{9B618E5A-FE77-4893-A8A3-23655226787F}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{92A16C25-B307-480D-82BE-64EB8E337E60}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A3D84D6C-5709-43DF-8A70-C1663F53A7F8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [12/02/2008 8:58 AM 279808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/05/2009 2:22 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/05/2009 2:23 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/05/2009 2:22 AM 298776]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [23/01/2008 1:31 PM 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile   REG_MULTI_SZ     wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ     WcesComm RapiMgr
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\User_Feed_Synchronization-{B1C2A2BD-0430-464E-B358-34383BAF06DD}.job
- c:\windows\system32\msfeedssync.exe [2009-05-10 11:31]

2009-05-24 c:\windows\Tasks\User_Feed_Synchronization-{FED050BD-772C-4099-AEC5-36373193B218}.job
- c:\windows\system32\msfeedssync.exe [2009-05-10 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 13:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5920)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Mediafour\XPlay 3\XPCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-05-24 13:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 20:22
ComboFix2.txt 2009-05-23 09:12

Pre-Run: 107,391,275,008 bytes free
Post-Run: 107,574,005,760 bytes free

405   --- E O F ---   2009-05-22 00:12

evilfantasy · « **Reply #5 on:** May 24, 2009, 07:51:28 PM »

Just slow down please and stick to my instructions. Stop trying to delete stuff when you are not sure what it is. C:\Qoobox\Quarantine is the ComboFix quarantine so those files can't do anything to your computer.

Use the ESET Online Antivirus Scanner

This scanner requires Internet Explorer

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

gearhead · « **Reply #6 on:** May 25, 2009, 11:14:02 PM »

hey thanks again but the program found nothing, seems odd because avg's resident shield brought the same viruses back up as the eset program was running.

Thanks I await your response.

ESET LOG

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

evilfantasy · « **Reply #7 on:** May 26, 2009, 11:10:23 AM »

Can you tell me the file paths of where AVG is finding these threats?

gearhead · « **Reply #8 on:** May 26, 2009, 03:52:25 PM »

i would love to but when i bring up the most recent avg scan and highlight the list of virus locations (to paste to your website) it only gives me the option of "copy to clipboard" and for the life of me i can't find where this so called clipboard is located. all the files are still located in the sytem32 files ending with .dll under the c drive. I have tried running a search for the avg cliboard and also searched the avg help content section with no luck. Why they have made this so difficult i don't know but i hope you have a suggestion. Thanks

evilfantasy · « **Reply #9 on:** May 26, 2009, 03:59:16 PM »

Select copy to clipboard and then come back here and right click in the reply box and choose paste.

The clipboard is where the text is saved when you copy text.

How to View Windows Clipboard Contents Easily in Windows XP and Vista

gearhead · « **Reply #10 on:** May 26, 2009, 05:40:41 PM »

that was a *censored* of at lot easier, thanks. here is the list from the avg virus list that will not go into the virus vault because is says its full (its not, its empty) and cannot be deleted no matters what. even as a power user or administrator role. good times

"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\DDACLSys3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\deploytk3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\deskperf3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dfrgifps3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\DfsShlEx32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dhcpcmonitor3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dhcpcsvc63232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\diagperf32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\difxapi3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dimsjob32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dimsroam3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dinput83232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dispci3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dmcompos3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dmdskres232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dmdskres23232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dmintf3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dmscript323232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dmvdsitf32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dmvdsitf3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dnshc32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dnssd32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dot3gpclnt32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dot3msm32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dot3ui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dps32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\drmmgrtn32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dskquoui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dsprop32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_13.04.50.zip:\dwmredir32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\atmfd32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\AudDesign32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\audiodev32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\AudioInfos32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\AudioRecord32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\authfwcfg32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\AuthFWSnapin32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\authui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\AuxiliaryDisplayApi32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\AuxiliaryDisplayCpl32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\AuxiliaryDisplayServices32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\avrt32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\azroles32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\AzSqlExt32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\bcdprov32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\bcrypt32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\bidispl32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\bitsperf32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\bitsprx432.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\blackbox32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\brcpl32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\bridgeres32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\browseui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\bthserv32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\BttnCmns32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\C_IS202232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\C_ISCII32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\C_ISCII3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\capicom32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CardGames32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cabinet32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cdintf25132.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CertEnroll32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CertEnrollUI32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\certmgr32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\chsbrkr32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CHxReadingStringIME32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CHxReadingStringIME3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cic32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\clb32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\clfsw3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cmcfg3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CMDLGFR32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CMDLGFR3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cmifw32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cmlua32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cmpbk323232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cmutil32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cmutil3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CNCI60032.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cnco60032.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CNMLM8732.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cofiredm32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\colbact32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\colbact3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\colorui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\comctl323232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\comres32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\comsvcs32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\comsvcs3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\connect32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\credssp32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\credui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CRPPresentation32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\CRPPresentation3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\certprop32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\certprop3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cryptdll32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cryptsvc32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\cscapi32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\ctl3dv232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\ctl3dv23232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3d10_1core32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3d10_1core3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3d10core32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dim70032.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dim7003232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dx9_2432.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dx9_243232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dx9_2632.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dx9_2832.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dx9_2932.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dx9_293232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\d3dx9_313232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\DDACLSys32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\deploytk32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\devmgr32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\dfrgifps32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\dfshim32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\dhcpcmonitor32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\dhcpcsvc632.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\difxapi32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\dimsroam32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\dispci32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\Windows\System32\dmcompos32.dll";"Trojan horse Agent2.FMQ";"Infected"

evilfantasy · « **Reply #11 on:** May 26, 2009, 05:49:49 PM »

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

OTMoveIt3 by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
C:\Qoobox\Quarantine
C:\Windows\System32\atmfd32.dll
C:\Windows\System32\AudDesign32.dll
C:\Windows\System32\audiodev32.dll
C:\Windows\System32\AudioInfos32.dll
C:\Windows\System32\AudioRecord32.dll
C:\Windows\System32\authfwcfg32.dll
C:\Windows\System32\AuthFWSnapin32.dll
C:\Windows\System32\authui32.dll
C:\Windows\System32\AuxiliaryDisplayApi32.dll
C:\Windows\System32\AuxiliaryDisplayCpl32.dll
C:\Windows\System32\AuxiliaryDisplayServices32.dll
C:\Windows\System32\avrt32.dll
C:\Windows\System32\azroles32.dll
C:\Windows\System32\AzSqlExt32.dll
C:\Windows\System32\bcdprov32.dll
C:\Windows\System32\bcrypt32.dll
C:\Windows\System32\bidispl32.dll
C:\Windows\System32\bitsperf32.dll
C:\Windows\System32\bitsprx432.dll
C:\Windows\System32\blackbox32.dll
C:\Windows\System32\brcpl32.dll
C:\Windows\System32\bridgeres32.dll
C:\Windows\System32\browseui32.dll
C:\Windows\System32\bthserv32.dll
C:\Windows\System32\BttnCmns32.dll
C:\Windows\System32\C_IS202232.dll
C:\Windows\System32\C_ISCII32.dll
C:\Windows\System32\C_ISCII3232.dll
C:\Windows\System32\capicom32.dll
C:\Windows\System32\CardGames32.dll
C:\Windows\System32\cabinet32.dll
C:\Windows\System32\cdintf25132.dll
C:\Windows\System32\CertEnroll32.dll
C:\Windows\System32\CertEnrollUI32.dll
C:\Windows\System32\certmgr32.dll
C:\Windows\System32\chsbrkr32.dll
C:\Windows\System32\CHxReadingStringIME32.dll
C:\Windows\System32\CHxReadingStringIME3232.dll
C:\Windows\System32\cic32.dll
C:\Windows\System32\clb32.dll
C:\Windows\System32\clfsw3232.dll
C:\Windows\System32\cmcfg3232.dll
C:\Windows\System32\CMDLGFR32.dll
C:\Windows\System32\CMDLGFR3232.dll
C:\Windows\System32\cmifw32.dll
C:\Windows\System32\cmlua32.dll
C:\Windows\System32\cmpbk323232.dll
C:\Windows\System32\cmutil32.dll
C:\Windows\System32\cmutil3232.dll
C:\Windows\System32\CNCI60032.dll
C:\Windows\System32\cnco60032.dll
C:\Windows\System32\CNMLM8732.dll
C:\Windows\System32\cofiredm32.dll
C:\Windows\System32\colbact32.dll
C:\Windows\System32\colbact3232.dll
C:\Windows\System32\colorui32.dll
C:\Windows\System32\comctl323232.dll
C:\Windows\System32\comres32.dll
C:\Windows\System32\comsvcs32.dll
C:\Windows\System32\comsvcs3232.dll
C:\Windows\System32\connect32.dll
C:\Windows\System32\credssp32.dll
C:\Windows\System32\credui32.dll
C:\Windows\System32\CRPPresentation32.dll
C:\Windows\System32\CRPPresentation3232.dll
C:\Windows\System32\certprop32.dll
C:\Windows\System32\certprop3232.dll
C:\Windows\System32\cryptdll32.dll
C:\Windows\System32\cryptsvc32.dll
C:\Windows\System32\cscapi32.dll
C:\Windows\System32\ctl3dv232.dll
C:\Windows\System32\ctl3dv23232.dll
C:\Windows\System32\d3d10_1core32.dll
C:\Windows\System32\d3d10_1core3232.dll
C:\Windows\System32\d3d10core32.dll
C:\Windows\System32\d3dim70032.dll
C:\Windows\System32\d3dim7003232.dll
C:\Windows\System32\d3dx9_2432.dll
C:\Windows\System32\d3dx9_243232.dll
C:\Windows\System32\d3dx9_2632.dll
C:\Windows\System32\d3dx9_2832.dll
C:\Windows\System32\d3dx9_2932.dll
C:\Windows\System32\d3dx9_293232.dll
C:\Windows\System32\d3dx9_313232.dll
C:\Windows\System32\DDACLSys32.dll
C:\Windows\System32\deploytk32.dll
C:\Windows\System32\devmgr32.dll
C:\Windows\System32\dfrgifps32.dll
C:\Windows\System32\dfshim32.dll
C:\Windows\System32\dhcpcmonitor32.dll
C:\Windows\System32\dhcpcsvc632.dll
C:\Windows\System32\difxapi32.dll
C:\Windows\System32\dimsroam32.dll
C:\Windows\System32\dispci32.dll
C:\Windows\System32\dmcompos32.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

gearhead · « **Reply #12 on:** May 26, 2009, 09:06:08 PM »

I did as you requested here is the post from otmoveit3. It seems it moved the virus into itself, and is still there. I will post otmoveit3 log, and then the path avg says the virus is now log beneath it. Thanks i await your reply.

OTMoveIt3 Log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Qoobox\Quarantine not found.
LoadLibrary failed for C:\Windows\System32\atmfd32.dll
C:\Windows\System32\atmfd32.dll NOT unregistered.
C:\Windows\System32\atmfd32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\AudDesign32.dll
C:\Windows\System32\AudDesign32.dll NOT unregistered.
C:\Windows\System32\AudDesign32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\audiodev32.dll
C:\Windows\System32\audiodev32.dll NOT unregistered.
C:\Windows\System32\audiodev32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\AudioInfos32.dll
C:\Windows\System32\AudioInfos32.dll NOT unregistered.
C:\Windows\System32\AudioInfos32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\AudioRecord32.dll
C:\Windows\System32\AudioRecord32.dll NOT unregistered.
C:\Windows\System32\AudioRecord32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\authfwcfg32.dll
C:\Windows\System32\authfwcfg32.dll NOT unregistered.
C:\Windows\System32\authfwcfg32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\AuthFWSnapin32.dll
C:\Windows\System32\AuthFWSnapin32.dll NOT unregistered.
C:\Windows\System32\AuthFWSnapin32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\authui32.dll
C:\Windows\System32\authui32.dll NOT unregistered.
C:\Windows\System32\authui32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\AuxiliaryDisplayApi32.dll
C:\Windows\System32\AuxiliaryDisplayApi32.dll NOT unregistered.
C:\Windows\System32\AuxiliaryDisplayApi32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\AuxiliaryDisplayCpl32.dll
C:\Windows\System32\AuxiliaryDisplayCpl32.dll NOT unregistered.
C:\Windows\System32\AuxiliaryDisplayCpl32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\AuxiliaryDisplayServices32.dll
C:\Windows\System32\AuxiliaryDisplayServices32.dll NOT unregistered.
C:\Windows\System32\AuxiliaryDisplayServices32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\avrt32.dll
C:\Windows\System32\avrt32.dll NOT unregistered.
C:\Windows\System32\avrt32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\azroles32.dll
C:\Windows\System32\azroles32.dll NOT unregistered.
C:\Windows\System32\azroles32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\AzSqlExt32.dll
C:\Windows\System32\AzSqlExt32.dll NOT unregistered.
C:\Windows\System32\AzSqlExt32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\bcdprov32.dll
C:\Windows\System32\bcdprov32.dll NOT unregistered.
C:\Windows\System32\bcdprov32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\bcrypt32.dll
C:\Windows\System32\bcrypt32.dll NOT unregistered.
C:\Windows\System32\bcrypt32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\bidispl32.dll
C:\Windows\System32\bidispl32.dll NOT unregistered.
C:\Windows\System32\bidispl32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\bitsperf32.dll
C:\Windows\System32\bitsperf32.dll NOT unregistered.
C:\Windows\System32\bitsperf32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\bitsprx432.dll
C:\Windows\System32\bitsprx432.dll NOT unregistered.
C:\Windows\System32\bitsprx432.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\blackbox32.dll
C:\Windows\System32\blackbox32.dll NOT unregistered.
C:\Windows\System32\blackbox32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\brcpl32.dll
C:\Windows\System32\brcpl32.dll NOT unregistered.
C:\Windows\System32\brcpl32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\bridgeres32.dll
C:\Windows\System32\bridgeres32.dll NOT unregistered.
C:\Windows\System32\bridgeres32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\browseui32.dll
C:\Windows\System32\browseui32.dll NOT unregistered.
C:\Windows\System32\browseui32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\bthserv32.dll
C:\Windows\System32\bthserv32.dll NOT unregistered.
C:\Windows\System32\bthserv32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\BttnCmns32.dll
C:\Windows\System32\BttnCmns32.dll NOT unregistered.
C:\Windows\System32\BttnCmns32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\C_IS202232.dll
C:\Windows\System32\C_IS202232.dll NOT unregistered.
C:\Windows\System32\C_IS202232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\C_ISCII32.dll
C:\Windows\System32\C_ISCII32.dll NOT unregistered.
C:\Windows\System32\C_ISCII32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\C_ISCII3232.dll
C:\Windows\System32\C_ISCII3232.dll NOT unregistered.
C:\Windows\System32\C_ISCII3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\capicom32.dll
C:\Windows\System32\capicom32.dll NOT unregistered.
C:\Windows\System32\capicom32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CardGames32.dll
C:\Windows\System32\CardGames32.dll NOT unregistered.
C:\Windows\System32\CardGames32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cabinet32.dll
C:\Windows\System32\cabinet32.dll NOT unregistered.
C:\Windows\System32\cabinet32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cdintf25132.dll
C:\Windows\System32\cdintf25132.dll NOT unregistered.
C:\Windows\System32\cdintf25132.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CertEnroll32.dll
C:\Windows\System32\CertEnroll32.dll NOT unregistered.
C:\Windows\System32\CertEnroll32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CertEnrollUI32.dll
C:\Windows\System32\CertEnrollUI32.dll NOT unregistered.
C:\Windows\System32\CertEnrollUI32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\certmgr32.dll
C:\Windows\System32\certmgr32.dll NOT unregistered.
C:\Windows\System32\certmgr32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\chsbrkr32.dll
C:\Windows\System32\chsbrkr32.dll NOT unregistered.
C:\Windows\System32\chsbrkr32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CHxReadingStringIME32.dll
C:\Windows\System32\CHxReadingStringIME32.dll NOT unregistered.
C:\Windows\System32\CHxReadingStringIME32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CHxReadingStringIME3232.dll
C:\Windows\System32\CHxReadingStringIME3232.dll NOT unregistered.
C:\Windows\System32\CHxReadingStringIME3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cic32.dll
C:\Windows\System32\cic32.dll NOT unregistered.
C:\Windows\System32\cic32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\clb32.dll
C:\Windows\System32\clb32.dll NOT unregistered.
C:\Windows\System32\clb32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\clfsw3232.dll
C:\Windows\System32\clfsw3232.dll NOT unregistered.
C:\Windows\System32\clfsw3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cmcfg3232.dll
C:\Windows\System32\cmcfg3232.dll NOT unregistered.
C:\Windows\System32\cmcfg3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CMDLGFR32.dll
C:\Windows\System32\CMDLGFR32.dll NOT unregistered.
C:\Windows\System32\CMDLGFR32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CMDLGFR3232.dll
C:\Windows\System32\CMDLGFR3232.dll NOT unregistered.
C:\Windows\System32\CMDLGFR3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cmifw32.dll
C:\Windows\System32\cmifw32.dll NOT unregistered.
C:\Windows\System32\cmifw32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cmlua32.dll
C:\Windows\System32\cmlua32.dll NOT unregistered.
C:\Windows\System32\cmlua32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cmpbk323232.dll
C:\Windows\System32\cmpbk323232.dll NOT unregistered.
C:\Windows\System32\cmpbk323232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cmutil32.dll
C:\Windows\System32\cmutil32.dll NOT unregistered.
C:\Windows\System32\cmutil32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cmutil3232.dll
C:\Windows\System32\cmutil3232.dll NOT unregistered.
C:\Windows\System32\cmutil3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CNCI60032.dll
C:\Windows\System32\CNCI60032.dll NOT unregistered.
C:\Windows\System32\CNCI60032.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cnco60032.dll
C:\Windows\System32\cnco60032.dll NOT unregistered.
C:\Windows\System32\cnco60032.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CNMLM8732.dll
C:\Windows\System32\CNMLM8732.dll NOT unregistered.
C:\Windows\System32\CNMLM8732.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cofiredm32.dll
C:\Windows\System32\cofiredm32.dll NOT unregistered.
C:\Windows\System32\cofiredm32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\colbact32.dll
C:\Windows\System32\colbact32.dll NOT unregistered.
C:\Windows\System32\colbact32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\colbact3232.dll
C:\Windows\System32\colbact3232.dll NOT unregistered.
C:\Windows\System32\colbact3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\colorui32.dll
C:\Windows\System32\colorui32.dll NOT unregistered.
C:\Windows\System32\colorui32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\comctl323232.dll
C:\Windows\System32\comctl323232.dll NOT unregistered.
C:\Windows\System32\comctl323232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\comres32.dll
C:\Windows\System32\comres32.dll NOT unregistered.
C:\Windows\System32\comres32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\comsvcs32.dll
C:\Windows\System32\comsvcs32.dll NOT unregistered.
C:\Windows\System32\comsvcs32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\comsvcs3232.dll
C:\Windows\System32\comsvcs3232.dll NOT unregistered.
C:\Windows\System32\comsvcs3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\connect32.dll
C:\Windows\System32\connect32.dll NOT unregistered.
C:\Windows\System32\connect32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\credssp32.dll
C:\Windows\System32\credssp32.dll NOT unregistered.
C:\Windows\System32\credssp32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\credui32.dll
C:\Windows\System32\credui32.dll NOT unregistered.
C:\Windows\System32\credui32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CRPPresentation32.dll
C:\Windows\System32\CRPPresentation32.dll NOT unregistered.
C:\Windows\System32\CRPPresentation32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\CRPPresentation3232.dll
C:\Windows\System32\CRPPresentation3232.dll NOT unregistered.
C:\Windows\System32\CRPPresentation3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\certprop32.dll
C:\Windows\System32\certprop32.dll NOT unregistered.
C:\Windows\System32\certprop32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\certprop3232.dll
C:\Windows\System32\certprop3232.dll NOT unregistered.
C:\Windows\System32\certprop3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cryptdll32.dll
C:\Windows\System32\cryptdll32.dll NOT unregistered.
C:\Windows\System32\cryptdll32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cryptsvc32.dll
C:\Windows\System32\cryptsvc32.dll NOT unregistered.
C:\Windows\System32\cryptsvc32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\cscapi32.dll
C:\Windows\System32\cscapi32.dll NOT unregistered.
C:\Windows\System32\cscapi32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\ctl3dv232.dll
C:\Windows\System32\ctl3dv232.dll NOT unregistered.
C:\Windows\System32\ctl3dv232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\ctl3dv23232.dll
C:\Windows\System32\ctl3dv23232.dll NOT unregistered.
C:\Windows\System32\ctl3dv23232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3d10_1core32.dll
C:\Windows\System32\d3d10_1core32.dll NOT unregistered.
C:\Windows\System32\d3d10_1core32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3d10_1core3232.dll
C:\Windows\System32\d3d10_1core3232.dll NOT unregistered.
C:\Windows\System32\d3d10_1core3232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3d10core32.dll
C:\Windows\System32\d3d10core32.dll NOT unregistered.
C:\Windows\System32\d3d10core32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dim70032.dll
C:\Windows\System32\d3dim70032.dll NOT unregistered.
C:\Windows\System32\d3dim70032.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dim7003232.dll
C:\Windows\System32\d3dim7003232.dll NOT unregistered.
C:\Windows\System32\d3dim7003232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dx9_2432.dll
C:\Windows\System32\d3dx9_2432.dll NOT unregistered.
C:\Windows\System32\d3dx9_2432.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dx9_243232.dll
C:\Windows\System32\d3dx9_243232.dll NOT unregistered.
C:\Windows\System32\d3dx9_243232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dx9_2632.dll
C:\Windows\System32\d3dx9_2632.dll NOT unregistered.
C:\Windows\System32\d3dx9_2632.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dx9_2832.dll
C:\Windows\System32\d3dx9_2832.dll NOT unregistered.
C:\Windows\System32\d3dx9_2832.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dx9_2932.dll
C:\Windows\System32\d3dx9_2932.dll NOT unregistered.
C:\Windows\System32\d3dx9_2932.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dx9_293232.dll
C:\Windows\System32\d3dx9_293232.dll NOT unregistered.
C:\Windows\System32\d3dx9_293232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\d3dx9_313232.dll
C:\Windows\System32\d3dx9_313232.dll NOT unregistered.
C:\Windows\System32\d3dx9_313232.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\DDACLSys32.dll
C:\Windows\System32\DDACLSys32.dll NOT unregistered.
C:\Windows\System32\DDACLSys32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\deploytk32.dll
C:\Windows\System32\deploytk32.dll NOT unregistered.
C:\Windows\System32\deploytk32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\devmgr32.dll
C:\Windows\System32\devmgr32.dll NOT unregistered.
C:\Windows\System32\devmgr32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\dfrgifps32.dll
C:\Windows\System32\dfrgifps32.dll NOT unregistered.
C:\Windows\System32\dfrgifps32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\dfshim32.dll
C:\Windows\System32\dfshim32.dll NOT unregistered.
C:\Windows\System32\dfshim32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\dhcpcmonitor32.dll
C:\Windows\System32\dhcpcmonitor32.dll NOT unregistered.
C:\Windows\System32\dhcpcmonitor32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\dhcpcsvc632.dll
C:\Windows\System32\dhcpcsvc632.dll NOT unregistered.
C:\Windows\System32\dhcpcsvc632.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\difxapi32.dll
C:\Windows\System32\difxapi32.dll NOT unregistered.
C:\Windows\System32\difxapi32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\dimsroam32.dll
C:\Windows\System32\dimsroam32.dll NOT unregistered.
C:\Windows\System32\dimsroam32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\dispci32.dll
C:\Windows\System32\dispci32.dll NOT unregistered.
C:\Windows\System32\dispci32.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\dmcompos32.dll
C:\Windows\System32\dmcompos32.dll NOT unregistered.
C:\Windows\System32\dmcompos32.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Trampy\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Trampy\AppData\Local\Temp\JETACD1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Trampy\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Trampy\AppData\Local\Temp\~DF7957.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Trampy\AppData\Local\Temp\~DF795C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Trampy\AppData\Local\Temp\~DF79A9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Trampy\AppData\Local\Temp\~DF79AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Trampy\AppData\Local\Temp\~DF79F1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Trampy\AppData\Local\Temp\~DF79FF.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05262009_171838

Files moved on Reboot...
C:\Users\Trampy\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Users\Trampy\AppData\Local\Temp\JETACD1.tmp not found!
C:\Users\Trampy\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Users\Trampy\AppData\Local\Temp\~DF7957.tmp not found!
File C:\Users\Trampy\AppData\Local\Temp\~DF795C.tmp not found!
File C:\Users\Trampy\AppData\Local\Temp\~DF79A9.tmp not found!
File C:\Users\Trampy\AppData\Local\Temp\~DF79AE.tmp not found!
File C:\Users\Trampy\AppData\Local\Temp\~DF79F1.tmp not found!
File C:\Users\Trampy\AppData\Local\Temp\~DF79FF.tmp not found!

AVG VIRUS LOG

"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\atmfd32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\AudDesign32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\audiodev32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\AudioInfos32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\AudioRecord32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\authfwcfg32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\AuthFWSnapin32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\authui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\AuxiliaryDisplayApi32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\AuxiliaryDisplayCpl32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\AuxiliaryDisplayServices32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\avrt32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\azroles32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\AzSqlExt32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\bcdprov32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\bcrypt32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\bidispl32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\bitsperf32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\bitsprx432.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\blackbox32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\brcpl32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\bridgeres32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\browseui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\bthserv32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\BttnCmns32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\C_IS202232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\C_ISCII32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\C_ISCII3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CardGames32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cdintf25132.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CertEnroll32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CertEnrollUI32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\certmgr32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\certprop32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cabinet32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\certprop3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\chsbrkr32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CHxReadingStringIME32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CHxReadingStringIME3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cic32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\capicom32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\clb32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\clfsw3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CMDLGFR32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CMDLGFR3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cmifw32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cmcfg3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cmlua32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cmpbk323232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cmutil32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cmutil3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cnco60032.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cofiredm32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\colbact32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\colbact3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\colorui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\comctl323232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\comres32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\comsvcs32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\comsvcs3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\connect32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\credssp32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CNCI60032.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CNMLM8732.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\credui32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CRPPresentation32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\CRPPresentation3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cryptdll32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cryptsvc32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\cscapi32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\ctl3dv232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\ctl3dv23232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3d10_1core32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3d10_1core3232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3d10core32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dim70032.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dim7003232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dx9_2432.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dx9_243232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dx9_2632.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dx9_2832.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dx9_2932.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dx9_293232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\d3dx9_313232.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\DDACLSys32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\deploytk32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\devmgr32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\dfrgifps32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\dfshim32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\dhcpcmonitor32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\dhcpcsvc632.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\difxapi32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\dimsroam32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\dispci32.dll";"Trojan horse Agent2.FMQ";"Infected"
"C:\_OTMoveIt\MovedFiles\05262009_171838\Windows\System32\dmcompos32.dll";"Trojan horse Agent2.FMQ";"Infected"

evilfantasy · « **Reply #13 on:** May 27, 2009, 10:32:03 AM »

1. Double click OTMoveIt3.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt3

----------

Now make sure this folder is gone. C:\_OTMoveIt

If you have to, delete it, then empty the recycle bin.

How is everything now?

gearhead · « **Reply #14 on:** May 27, 2009, 07:44:43 PM »

great viruses are gone just some tracking cookies left which is odd, i dumped my cookies folder but yet they remain. also i was wondering with all the removal of infected files etc. if it could have possible made any registry issues or if the removal will cause any glitches in the future. Thank you again so much for your help and if you have any tricks to remove these tracking cookies that would be great here is the avg log.

AVG LOG

"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@bluestreak[2].txt";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@bluestreak[2].txt:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\Low\scott@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@2o7[1].txt:\2o7.net.19fe7134";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@2o7[1].txt:\2o7.net.1fd519eb";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@2o7[1].txt:\2o7.net.58f5b4c5";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@2o7[1].txt:\2o7.net.7815c7ab";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[1].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[1].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[2].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@bluestreak[2].txt";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@bluestreak[2].txt:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@casalemedia[2].txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@casalemedia[2].txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@casalemedia[2].txt:\casalemedia.com.fb62dd4b";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@questionmarket[1].txt:\questionmarket.com.767e4302";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@questionmarket[2].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@questionmarket[2].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@questionmarket[2].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@tacoda[1].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@tacoda[1].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Trampy\AppData\Roaming\Microsoft\Windows\Cookies\Low\trampy@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

Computer Hope Forum

News:

Author Topic: help can't remove trojan horse agent2.fmq virus and its killing me (Read 13495 times)

gearhead

help can't remove trojan horse agent2.fmq virus and its killing me

evilfantasy

Re: help can't remove trojan horse agent2.fmq virus and its killing me

gearhead

Re: help can't remove trojan horse agent2.fmq virus and its killing me

evilfantasy

Re: help can't remove trojan horse agent2.fmq virus and its killing me

gearhead

Re: help can't remove trojan horse agent2.fmq virus and its killing me

evilfantasy

Re: help can't remove trojan horse agent2.fmq virus and its killing me

gearhead

Re: help can't remove trojan horse agent2.fmq virus and its killing me

evilfantasy

Re: help can't remove trojan horse agent2.fmq virus and its killing me

gearhead

Re: help can't remove trojan horse agent2.fmq virus and its killing me

evilfantasy

Re: help can't remove trojan horse agent2.fmq virus and its killing me

gearhead

Re: help can't remove trojan horse agent2.fmq virus and its killing me

evilfantasy

Re: help can't remove trojan horse agent2.fmq virus and its killing me

gearhead

Re: help can't remove trojan horse agent2.fmq virus and its killing me

evilfantasy

Re: help can't remove trojan horse agent2.fmq virus and its killing me

gearhead

Re: help can't remove trojan horse agent2.fmq virus and its killing me