Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access any anti-malware websites....


  • This topic is locked This topic is locked
10 replies to this topic

#1 G-Force

G-Force

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 18 August 2009 - 11:45 AM

Received assistance here: http://www.bleepingcomputer.com/forums/t/249566/spybot-search-and-destroy-not-starting/ ~ OB

Hey guys,
I have a Windows Xp pro. SP2 installed on my PC. Off lately i have been having a lot of problems with it. I have already posted in the other Forums of Bleepingcomputer and i was suggested various measures in order to find out and cure the problems. I was asked to download some software by the members on the forum. But i had a problem accessing those sites. Infact i have a problem accessing almost all the antimalware/virus sites. Because of this i cannot perform the necessary scans. And currently i do not have access to another PC from which i can download the necessary files. I scanned using HijackThis and i request you guys to PLEASE analyze it and guide me fix it.

The log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:04 PM, on 8/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~1\antiphis.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~1\apop.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~1\antiphis.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\cateye.exe
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~1\Sensor.EXE /LOADRUN
O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\QUICKH~1\QUICKH~1\acappaa.exe
O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~1\QUICKH~2\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~1\Sensor.EXE /check
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94562ECA-7067-4C94-86E0-06CFC1FC4B62}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\quickh~1\quickh~2\wl_hook.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9f7fa4e0dd20) (gupdate1c9f7fa4e0dd20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
O23 - Service: Quick Heal Total Security Mail Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Total Security Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\strtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10130 bytes

Thanks in advance.

Edited by Orange Blossom, 18 August 2009 - 08:29 PM.


BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:23 AM

Posted 30 August 2009 - 11:42 AM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh HijackThis log back here :thumbup2:
Posted Image

#3 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 30 August 2009 - 12:46 PM

Hey there Baabiouz! I had almost given up hope on this problem. Actually my primary problem was that my PC used to hung up on the Welcome screen. But for many days i haven't had that problem. As for the "antimalware websites" websites problem, i have no problem opening any of them. I managed to run Spybot by changing the extension to .bat and scanned using that. I think that is what really made the difference. But i don't want to take any chances and so i request you to analyze my HJT log and guide me furthur. Thanx in advance. Cheers!

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:14 PM, on 8/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~1\antiphis.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~1\apop.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~1\antiphis.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\cateye.exe
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~1\Sensor.EXE /LOADRUN
O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\QUICKH~1\QUICKH~1\acappaa.exe
O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~1\QUICKH~2\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~1\Sensor.EXE /check
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94562ECA-7067-4C94-86E0-06CFC1FC4B62}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\quickh~1\quickh~2\wl_hook.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9f7fa4e0dd20) (gupdate1c9f7fa4e0dd20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
O23 - Service: Quick Heal Total Security Mail Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Total Security Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\strtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10049 bytes

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:23 AM

Posted 30 August 2009 - 12:59 PM

Hello :thumbup2:


Step #1
Backup Your Registry with ERUNT
  • Please click HERE to download Erunt.zip
  • Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


Step #2
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Step #3
Download DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please downloadDDS from one of the links below and save it to your desktop:

Posted Image
Download DDS and save it to your desktop from Link1
Link2
Link3
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Step #4
In your next reply, please post:
  • DDS.txt
  • Attach.txt
  • Mbam results

Edited by Baabiouz, 30 August 2009 - 01:00 PM.

Posted Image

#5 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 06 September 2009 - 07:06 AM

Hey Baabiouz,
thanx for all the help. I really appreciate it. I also apologise for the late reply. Anyways I followed all the instructions and scanned using the Anti-Malwarebytes' software and the DDS tool. For some strange reason the Anti-Malwarebytes' runs smoothly for just above an hour and then it freezes. I've tried scanning two-three times but everytime it froze. So i couldn't post the log. O would try to post it as soon as possible. To keep you busy till then i have posted the DDS log and attached the file you asked me to.

Waiting for furthur instructions.

DDS log:


DDS (Ver_09-07-30.01) - NTFSx86
Run by J@�D?? at 17:24:16.79 on Sun 09/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1374 [GMT 5.5:30]

AV: Total Security 10.00 *On-access scanning disabled* (Updated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\J@€€\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Total Security Toolbar: {5c6227f4-39e2-4468-b69e-29aeb12a7f88} - c:\progra~1\quickh~1\quickh~1\antiphis.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: APop Class: {efca9d4b-f2e8-487d-8505-e4d0e459abfe} - c:\progra~1\quickh~1\quickh~1\apop.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Total Security Toolbar: {5c6227f4-39e2-4468-b69e-29aeb12a7f88} - c:\progra~1\quickh~1\quickh~1\antiphis.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Resume copy] copyfstq.exe /startup
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Email Protection] c:\progra~1\quickh~1\quickh~1\EMLPROUI.EXE
mRun: [Update Scheduler] c:\progra~1\quickh~1\quickh~1\UPSCHD.EXE /CHECK
mRun: [On-Line Protection] c:\progra~1\quickh~1\quickh~1\cateye.exe
mRun: [Startup Scan] c:\progra~1\quickh~1\quickh~1\Sensor.EXE /LOADRUN
mRun: [ResumeQuickupDownload] c:\progra~1\quickh~1\quickh~1\acappaa.exe
mRun: [Quick Heal Monitor] c:\progra~1\quickh~1\quickh~2\op_mon.exe /tray /noservice
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Messenger] c:\progra~1\quickh~1\quickh~1\SCANMSG.EXE
mRunOnce: [Startup Scan] c:\progra~1\quickh~1\quickh~1\Sensor.EXE /check
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {94562ECA-7067-4C94-86E0-06CFC1FC4B62} = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\quickh~1\quickh~2\wl_hook.dll c:\progra~1\google\go333c~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\j@3326~1\applic~1\mozilla\firefox\profiles\ivrn74nr.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\j@€€\application data\mozilla\firefox\profiles\ivrn74nr.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\j@€€\application data\mozilla\firefox\profiles\ivrn74nr.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-6-2 673920]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2009-6-2 65152]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2009-6-2 28664]
R2 Online Protection System;Online Protection System;c:\progra~1\quickh~1\quickh~1\opssvc.exe [2009-6-2 17280]
R2 Quick Heal Total Security Mail Protection;Quick Heal Total Security Mail Protection;c:\progra~1\quickh~1\quickh~1\EMLPROXY.EXE [2009-6-2 50560]
R2 Quick Update Service;Quick Update Service;c:\progra~1\quickh~1\quickh~1\quhlpsvc.exe [2009-6-2 58752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-4 604488]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-6-2 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-6-2 234640]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2009-7-19 6528]
S0 myoteu;myoteu;c:\windows\system32\drivers\lhsjd.sys --> c:\windows\system32\drivers\lhsjd.sys [?]
S2 acssrv;Quick Heal Client Security Service;c:\progra~1\quickh~1\quickh~2\acs.exe [2009-6-2 1224704]
S2 gupdate1c9f7fa4e0dd20;Google Update Service (gupdate1c9f7fa4e0dd20);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104]
S2 Startup Handler;Quick Heal Total Security Startup Handler;c:\progra~1\quickh~1\quickh~1\strtsvc.exe [2009-6-2 54656]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\j@3326~1\locals~1\temp\goaa.tmp --> c:\docume~1\j@3326~1\locals~1\temp\GOAA.tmp [?]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-10 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\e30.tmp --> c:\windows\system32\E30.tmp [?]
S3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\video3d32.sys --> c:\windows\system32\drivers\Video3D32.sys [?]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\ZTEUsbser.sys [2009-6-2 97920]

=============== Created Last 30 ================

2009-09-05 18:07 17,799 a------- c:\windows\5603ztea91550.exe
2009-09-04 04:54 7,499 a------- c:\windows\system32\230not-a-vi95s3ze.ocx
2009-09-03 18:51 81,920 a------- c:\windows\ALCFDRTM.VER
2009-09-03 18:51 81,920 a------- c:\windows\ALCFDRTM.EXE
2009-09-03 15:04 <DIR> --d----- c:\docume~1\j@3326~1\applic~1\MozillaControl
2009-09-03 15:04 <DIR> --d----- c:\program files\Mozilla ActiveX Control v1.7.12
2009-09-03 15:03 <DIR> --d----- c:\program files\Graboid
2009-09-02 15:16 25,600 ac------ c:\windows\system32\dllcache\usbser.sys
2009-09-02 15:16 25,600 a------- c:\windows\system32\drivers\usbser.sys
2009-08-29 01:04 4,832 a------- c:\windows\9deabackdo5r1024z.dll
2009-08-29 00:12 15,011 a------- c:\windows\54f9backdooz27585.bin
2009-08-26 14:44 10,829 a------- c:\windows\system32\1116szarse5905.ocx
2009-08-25 12:44 5,705 a------- c:\windows\system32\51f4zpywar9845.cpl
2009-08-24 21:55 8,241 a------- c:\windows\335ezte9l5296.dll
2009-08-22 19:23 7,289 a------- c:\windows\system32\150959py4zd.dll
2009-08-22 02:40 3,974 a------- c:\windows\28z349py57d.exe
2009-08-21 16:53 5,831 a------- c:\windows\system32\18a7doznl5ader910.cpl
2009-08-21 05:23 9,083 a------- c:\windows\3a6dthrz5912531.ocx
2009-08-20 12:38 12,293 a------- c:\windows\system32\10217ha5ktool41z9.dll
2009-08-19 21:03 <DIR> --d----- c:\program files\FixTunes
2009-08-18 23:41 991,037 a------- C:\QUAR.RPT
2009-08-18 22:18 3,910 a------- c:\windows\system32\z3693hac5tool98.exe
2009-08-18 21:46 <DIR> --d----- c:\program files\Trend Micro
2009-08-17 12:26 6,144 -------- c:\windows\system32\3.tmp
2009-08-17 12:26 6,144 -------- c:\windows\system32\2.tmp
2009-08-17 12:26 6,144 -------- c:\windows\system32\1.tmp
2009-08-17 03:14 7,888 a------- c:\windows\555zv9r1264.cpl
2009-08-16 11:34 11,606 a------- c:\windows\system32\6fa9vzr25005.cpl
2009-08-16 10:38 <DIR> --d----- c:\program files\Sophos
2009-08-16 06:58 3,888 a------- c:\windows\10z4ha9k5ool30c.exe
2009-08-15 21:59 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 21:59 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-15 21:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 13:51 <DIR> --d----- c:\docume~1\j@3326~1\applic~1\Malwarebytes
2009-08-15 12:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-15 05:05 15,253 a------- c:\windows\system32\4398vir5694z.cpl
2009-08-14 17:07 8,971 a------- c:\windows\system32\45z0addwa9e1148.exe
2009-08-14 01:55 12,305 a------- c:\windows\system32\29243worz1015.ocx
2009-08-13 13:07 18,211 a------- c:\windows\system32\49f1thizf20365.dll
2009-08-12 23:46 6,426 a------- c:\windows\z9adba5kdoor3217.dll
2009-08-10 19:53 2,036,720 a------- c:\program files\GoogleDesktopSetup.exe
2009-08-10 15:48 16,148 a------- c:\windows\11zdownloade51696.cpl
2009-08-10 12:32 <DIR> --d----- c:\windows\system32\NtmsData
2009-08-10 08:56 17,604 a------- c:\windows\system32\29595ir1169z.cpl
2009-08-09 18:27 13,930 a------- c:\windows\2697zhie53199.exe
2009-08-09 17:03 <DIR> --d----- c:\program files\mkvtoavis
2009-08-09 17:02 <DIR> --d----- c:\program files\mkvtoavi
2009-08-08 16:02 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-08 16:02 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-08 16:02 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-08-08 08:38 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-08-08 08:38 <DIR> --d----- c:\program files\Hamachi
2009-08-08 06:07 11,861 a------- c:\windows\3389th5zf319.dll
2009-08-07 21:04 9,557 a------- c:\windows\system32\11964virz952c.cpl

==================== Find3M ====================

2009-09-06 00:11 7,340,032 a---h--- c:\documents and settings\j@€€\NTUSER.DAT
2009-08-05 14:12 15,281 a------- c:\windows\system32\7102backdoo9165z.exe
2009-08-04 05:05 4,692 a------- c:\windows\14z665irus3fa9.exe
2009-08-04 01:37 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-08-04 01:36 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-08-02 19:02 1,606,064 a------- c:\program files\googletalk-setup.exe
2009-07-28 15:45 3,417 a------- c:\windows\system32\21909hac9toolzb5.dll
2009-07-27 13:14 6,855 a------- c:\windows\daethr9zt274895.dll
2009-07-25 13:06 12,077,145 a------- c:\windows\lark-screen-saver.scr
2009-07-24 08:34 4,800 a------- c:\windows\system32\6z65th5e9t11775.bin
2009-07-20 07:39 3,250 a------- c:\windows\2z353not-a-virus951.bin
2009-07-19 17:13 6,528 a------- c:\windows\system32\drivers\jumi.sys
2009-07-17 18:37 4,096 a------- c:\windows\d3dx.dat
2009-07-17 10:07 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-16 16:28 8,981 a------- c:\windows\20300ha9k5ool26z.bin
2009-07-15 11:48 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-07-14 09:38 2,602 a------- c:\windows\system32\z3b9ir5888.exe
2009-07-14 01:39 5,311 a------- c:\windows\3z9baddw5re1996.dll
2009-07-12 22:19 13,535 a------- c:\windows\system32\22z3threat19075.dll
2009-07-12 19:02 7,833 a------- c:\windows\system32\9350hacktool7z9.dll
2009-07-10 11:04 18,348 a------- c:\windows\a08thz5at25906.exe
2009-07-10 10:07 16,994 a------- c:\windows\system32\2z258worm4a89.exe
2009-07-10 05:28 5,445 a------- c:\windows\1385ztr9j6a2.bin
2009-07-09 07:13 12,904 a------- c:\windows\system32\3eb8z9yware1115.exe
2009-07-03 14:33 17,373 a------- c:\windows\system32\5493thi9z5156.exe
2009-07-02 17:04 5,935 a------- c:\windows\1e7fdownloa9zr2542.dll
2009-07-01 20:50 13,150 a------- c:\windows\system32\z595hacktool6cc9.exe
2009-06-28 11:42 16,981 a------- c:\windows\system32\32733spzmbot5659.dll
2009-06-27 13:30 499,712 a------- c:\windows\system32\msvcp71.dll
2009-06-27 13:30 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-26 10:37 9,423 a------- c:\windows\145fsparsz30139.dll
2009-06-22 19:55 8,692 a------- c:\windows\15c9steal14z89.exe
2009-06-22 02:34 11,020 a------- c:\windows\system32\7ad9ad9ware3175z.dll
2009-06-21 08:46 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-14 15:30 2,730 a------- c:\windows\e96stzal5931.bin
2009-06-14 10:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-13 14:14 8,881 a------- c:\windows\16991troj495z.exe
2009-06-12 17:08 14,569 a------- c:\windows\system32\5904thzef1523.bin
2009-06-11 14:51 2,647 a------- c:\windows\z581hacktool679.bin
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-09 21:32 3,116 a------- c:\windows\52905roj19z9.bin
2009-06-09 19:13 5,020 a------- c:\windows\system32\29523viru91ze.bin
2009-06-09 04:30 9,062 a------- c:\windows\2e98th95zt5341.exe
2009-06-05 11:42 39,424 a------- c:\windows\inf\usbaapl.sys

============= FINISH: 17:25:01.26 ===============

Attached Files


Edited by G-Force, 06 September 2009 - 07:07 AM.


#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:23 AM

Posted 06 September 2009 - 09:42 AM

Hello

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
Posted Image

#7 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 06 September 2009 - 10:44 AM

Hey ,

I completed scaaning using the anti-malwarebytes' and the log is below. I will scan using combofix and post the results asap. Thanx again for your help.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

9/6/2009 9:06:41 PM
mbam-log-2009-09-06 (21-06-41).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 275186
Time elapsed: 1 hour(s), 18 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ESQULzcounter (Trojan.Agent) -> Quarantined and deleted successfully.

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:23 AM

Posted 06 September 2009 - 11:36 AM

Ok. :thumbup2:
Posted Image

#9 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 07 September 2009 - 01:01 PM

Hello Baabiouz,
I just finished scanning with combofix. The scan went smoothly. Is it okay if i uninstall the windows recovery console now?
Anyways the Combofix log is as folows:


ComboFix 09-09-06.06 - J@€€ 09/07/2009 23:09.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1438 [GMT 5.5:30]
Running from: F:\ComboFix.exe
AV: Total Security 10.00 *On-access scanning disabled* (Updated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\105165pa9bot506z.bin
c:\windows\10552ha9ztool7af.dll
c:\windows\10556zir9s45f.dll
c:\windows\105c9zyware1579.dll
c:\windows\1096spa9s5907z.dll
c:\windows\10z4ha9k5ool30c.exe
c:\windows\10z5vir2595.bin
c:\windows\11539no5-9-virusz25.dll
c:\windows\11570vzrus739.cpl
c:\windows\11640zro59c7.exe
c:\windows\11z28trojf59.bin
c:\windows\11zdownloade51696.cpl
c:\windows\12525spazb9t6375.dll
c:\windows\12560not-a-virzs339.bin
c:\windows\129z5tr9je45.exe
c:\windows\12a7s9a5sz2531.dll
c:\windows\12z85ackdoor1291.bin
c:\windows\132585ot-a-v9rus682z.ocx
c:\windows\13595sp5mb9t78z.dll
c:\windows\1385ztr9j6a2.bin
c:\windows\144z75o9m7cf.bin
c:\windows\14594viz9s694.exe
c:\windows\145fsparsz30139.dll
c:\windows\1467z5acktool3d59.cpl
c:\windows\14972zp51a4.bin
c:\windows\149759roj558z.ocx
c:\windows\14as9y5arz1729.ocx
c:\windows\14z665irus3fa9.exe
c:\windows\15157nzt-a-9irus39f.ocx
c:\windows\15392spy232z.dll
c:\windows\15538spambot1zb9.exe
c:\windows\15564hackto9z109.cpl
c:\windows\15596wozm5af.bin
c:\windows\15960zirus3c9.ocx
c:\windows\1599addzare1566.ocx
c:\windows\15c9steal14z89.exe
c:\windows\15d1t5ief9340z.bin
c:\windows\15d3szyw9re2295.exe
c:\windows\16568szy659.cpl
c:\windows\16637ha9ktool57z.ocx
c:\windows\1667doznloa5er2993.cpl
c:\windows\1674zwo59433.dll
c:\windows\1687zhack9ool6d5.dll
c:\windows\16991troj495z.exe
c:\windows\17058ha5ktool95z.bin
c:\windows\17353s9y7z6.bin
c:\windows\17952virus5d8z.dll
c:\windows\18457notza59irus161.bin
c:\windows\1859ba5k9oor967z.ocx
c:\windows\18633w5z92ef.ocx
c:\windows\18656sp598z.dll
c:\windows\18752hackz5ol5149.exe
c:\windows\1890sparse571z.ocx
c:\windows\189bdownload5z1890.cpl
c:\windows\199v5rz379.bin
c:\windows\1a4cdoznlo9der1115.cpl
c:\windows\1c0e5hi9fz031.bin
c:\windows\1c569zckdoor8175.exe
c:\windows\1c8ba9dware965z.bin
c:\windows\1ccbaddz9re14925.exe
c:\windows\1d58zpyware28109.ocx
c:\windows\1d77spyza9e24095.bin
c:\windows\1e7fdownloa9zr2542.dll
c:\windows\1e9f9zeal15.exe
c:\windows\1fb79hie51300z.cpl
c:\windows\1z235or9126.ocx
c:\windows\1z390virus259.exe
c:\windows\1z555i9us710.dll
c:\windows\20300ha9k5ool26z.bin
c:\windows\20555spazb9t610.cpl
c:\windows\2087spambzt595.bin
c:\windows\21008not-a9viruz5cb.bin
c:\windows\217dthre9tz555.exe
c:\windows\21z35hr9at16426.cpl
c:\windows\21zes9eal1305.cpl
c:\windows\22257spamb9tz58.exe
c:\windows\225915pam9ote7z.cpl
c:\windows\22629hazkt9ol658.ocx
c:\windows\226z7v5r9s455.ocx
c:\windows\22956spz1715.exe
c:\windows\22967spzmb9t56.ocx
c:\windows\22acth9zf5021.dll
c:\windows\232015orm28z9.cpl
c:\windows\23474spaz5ot19c.exe
c:\windows\235zs5ambot4d9.exe
c:\windows\23e2bac9doorz258.ocx
c:\windows\24116s9z457.dll
c:\windows\246759reat1z59.cpl
c:\windows\24dat9zef625.bin
c:\windows\24z50s9y68f.exe
c:\windows\25052spamb9t5zd.ocx
c:\windows\25184z5ckto9l4b6.dll
c:\windows\251zsparse3971.ocx
c:\windows\253539zoj5ae5.dll
c:\windows\254939zy592.cpl
c:\windows\2556vir1z499.cpl
c:\windows\259z9hreat31501.cpl
c:\windows\25a9backzoo92601.exe
c:\windows\25b9steal5z54.ocx
c:\windows\25zethie91895.ocx
c:\windows\26329hzck5ool721.cpl
c:\windows\26532hac9toolzf6.dll
c:\windows\2697zhie53199.exe
c:\windows\2699spambot5z25.ocx
c:\windows\27512hackzool89.cpl
c:\windows\2761dowzlo95er551.cpl
c:\windows\27640not-9-v5rusbdz.exe
c:\windows\28228t9zj5c4.exe
c:\windows\284z9virus3985.exe
c:\windows\28519pyw5re24z4.cpl
c:\windows\2851ztro92f4.bin
c:\windows\28639sp5mboz40b.exe
c:\windows\2864vir9s6d5z.ocx
c:\windows\28735not5azv9rus15e.exe
c:\windows\28796w5rm64z.dll
c:\windows\28899spy555z.cpl
c:\windows\2892spyzare5438.dll
c:\windows\28979zpy5be9.exe
c:\windows\28z349py57d.exe
c:\windows\29008s9amboz4dd5.exe
c:\windows\29019sz5429.dll
c:\windows\29061sp9594z.exe
c:\windows\2914vir195z5.dll
c:\windows\294z9wo9m6235.exe
c:\windows\29505acktoolz89.dll
c:\windows\29555troj19z.bin
c:\windows\298cvirz651.ocx
c:\windows\299795zrm64b.exe
c:\windows\299935irus6f8z.cpl
c:\windows\2a9athreatz1503.exe
c:\windows\2b15a9dware2820z.exe
c:\windows\2be7thre9t4435z.exe
c:\windows\2c39ad5ware1z55.exe
c:\windows\2cbf9hie53z9.bin
c:\windows\2d59downl5adzr149.exe
c:\windows\2e98th95zt5341.exe
c:\windows\2z353not-a-virus951.bin
c:\windows\2z50s9y548.exe
c:\windows\30245spambzt1879.bin
c:\windows\31959tro57z9.exe
c:\windows\31fzthi952079.dll
c:\windows\32951tz5j61f.cpl
c:\windows\32cbdow9loazer5184.bin
c:\windows\335ezte9l5296.dll
c:\windows\3389th5zf319.dll
c:\windows\3556downlzad5r2789.ocx
c:\windows\355thi9fz253.ocx
c:\windows\35606v9rusz97.ocx
c:\windows\35c9sparze1492.cpl
c:\windows\3913a5dware1882z.cpl
c:\windows\3954virzs395.exe
c:\windows\396zt9rea51185.ocx
c:\windows\3988th59z2735.ocx
c:\windows\39a0bzckdoor32155.cpl
c:\windows\39bevir3255z.ocx
c:\windows\39fbv5z3101.bin
c:\windows\39z35spy503.cpl
c:\windows\39z5backdo9r1430.dll
c:\windows\3a6dthrz5912531.ocx
c:\windows\3b59viz164.ocx
c:\windows\3d739hi5f213z.ocx
c:\windows\3dzasteal29475.exe
c:\windows\3e7eaz9ware27415.exe
c:\windows\3z2019irus151.bin
c:\windows\3z2849iru545f.bin
c:\windows\3z4bst5al9929.cpl
c:\windows\3z9baddw5re1996.dll
c:\windows\3zc3thr9a511332.dll
c:\windows\40fdbac95oor1z71.bin
c:\windows\415cspzrse1392.dll
c:\windows\41cfdoz5lo9der1579.bin
c:\windows\4261d9wnloade513z1.bin
c:\windows\426zth5e9389.dll
c:\windows\45599zwnloader544.cpl
c:\windows\456cthrzat1929.dll
c:\windows\457cba95zoor956.exe
c:\windows\45z1ba9kdoor2536.ocx
c:\windows\4604t9re5t1360z.ocx
c:\windows\46cdth9eat407z5.bin
c:\windows\46e7back9zor3156.bin
c:\windows\4855stezl139.ocx
c:\windows\4904tzreat55381.ocx
c:\windows\49555hie9184z.exe
c:\windows\4968hac9to5l1c1z.dll
c:\windows\49acspars5z97.exe
c:\windows\49b9spz5se898.bin
c:\windows\4aef9ir53z1.ocx
c:\windows\4bb6zpyw5r9246.ocx
c:\windows\4c255zwnloade9215.cpl
c:\windows\4cces9eal2z785.bin
c:\windows\4z6cd5wnloader319.ocx
c:\windows\50108spy79z9.cpl
c:\windows\502downloaderz944.ocx
c:\windows\5055hacktozl90.ocx
c:\windows\50593wozm4cf.cpl
c:\windows\5089zot-a-5irus380.dll
c:\windows\5109t5reat293z0.dll
c:\windows\516zadd9are2996.exe
c:\windows\52905roj19z9.bin
c:\windows\5296trojz5a.bin
c:\windows\5315stz9l2936.ocx
c:\windows\5363tzie99505.exe
c:\windows\53991troj3c8z.cpl
c:\windows\53baspzrse27935.dll
c:\windows\5469zrojd7.cpl
c:\windows\549dvir5074z.bin
c:\windows\54f9backdooz27585.bin
c:\windows\5550s9zware1126.ocx
c:\windows\5556vi9z275.ocx
c:\windows\5559hzcktool93.ocx
c:\windows\555zv9r1264.cpl
c:\windows\55a6v9rz15.cpl
c:\windows\55ab5h9zat18395.ocx
c:\windows\55czdo5nloader2119.ocx
c:\windows\55e1tzief4949.cpl
c:\windows\55z1sparse9705.ocx
c:\windows\55zf5i92922.bin
c:\windows\5603ztea91550.exe
c:\windows\5657zw9rm25.bin
c:\windows\565bt9zeat24323.ocx
c:\windows\5662downlz9der1151.exe
c:\windows\566z9ackdoor526.ocx
c:\windows\56d9azdw9re2219.dll
c:\windows\56ebthreatz9145.exe
c:\windows\5729viz33.ocx
c:\windows\57409a5ktool63z.cpl
c:\windows\57799hief117z.cpl
c:\windows\58079not-z-vi9us1f5.cpl
c:\windows\589529py4fz.dll
c:\windows\590addware2695z.ocx
c:\windows\590zpa5se2229.cpl
c:\windows\5949threat7z81.ocx
c:\windows\5966stz9l2267.dll
c:\windows\5968spazse2535.bin
c:\windows\599athreat1z4525.bin
c:\windows\599dztea5155.ocx
c:\windows\59a8downloaderz05.ocx
c:\windows\59b2bzckdoor5705.exe
c:\windows\5a68zparse1696.dll
c:\windows\5ab3addwar514z9.ocx
c:\windows\5ae3s9ars516z1.bin
c:\windows\5az29ackdo5r28.cpl
c:\windows\5b98sp9rse251z.dll
c:\windows\5c50t9reat5z245.bin
c:\windows\5d25steaz2529.cpl
c:\windows\5d63t9reat5z1.ocx
c:\windows\5dzat59eat96.dll
c:\windows\5f9ddowzloader19115.bin
c:\windows\5z449ir1695.bin
c:\windows\5z89s9eal2504.bin
c:\windows\5z90vir9187.cpl
c:\windows\60459ozm587.ocx
c:\windows\6092doznloader4395.cpl
c:\windows\61bzvir9587.exe
c:\windows\635asp95ze2447.exe
c:\windows\6403s5ars9z636.exe
c:\windows\6419wzrm5a0.bin
c:\windows\64579irus2afz.bin
c:\windows\651dv9515z5.bin
c:\windows\6543addwa9550z.exe
c:\windows\659bthrea96z475.dll
c:\windows\65d7zparse3179.dll
c:\windows\65z7spy7759.cpl
c:\windows\67z95hreat39603.bin
c:\windows\68c39d5ware173z.bin
c:\windows\6956downloaderz082.dll
c:\windows\6afcz5ief1739.exe
c:\windows\6e50viz9576.exe
c:\windows\6efdaddwzr92554.ocx
c:\windows\6z4bvir3954.exe
c:\windows\7239vzr1459.dll
c:\windows\729zstea51407.cpl
c:\windows\73fbv95z069.exe
c:\windows\746fdownlo95erz487.exe
c:\windows\75ezthrea5127039.exe
c:\windows\75fc9hief22z1.dll
c:\windows\7640h9ckto5l6zf.dll
c:\windows\7695vi9190z.ocx
c:\windows\769zt5ief695.dll
c:\windows\7b38bzck5oor9265.cpl
c:\windows\7b9ethiefz595.dll
c:\windows\7c09ba9kdzor1549.bin
c:\windows\7casz5ware999.bin
c:\windows\7z20vi98175.bin
c:\windows\8135spam9zt607.ocx
c:\windows\8815hacktooz3955.cpl
c:\windows\88z9sp9359.bin
c:\windows\8911z9c5tool1de.ocx
c:\windows\8939viz5s366.dll
c:\windows\903775zambot495.ocx
c:\windows\90572hazkt5ol585.cpl
c:\windows\9078not9a-vi5zs1eb.dll
c:\windows\90z5spambot510.exe
c:\windows\91035orm3f7z.dll
c:\windows\910z3spy56e.ocx
c:\windows\9295ztroj3c0.exe
c:\windows\93055not-a-vzrusa.dll
c:\windows\9435zpyware2898.bin
c:\windows\947945orm1c4z.bin
c:\windows\947ztroj495.cpl
c:\windows\94900ha5ktool73fz.ocx
c:\windows\950athreat535z.bin
c:\windows\953wormzd1.dll
c:\windows\958zvir5796.ocx
c:\windows\96647not-a-vizus579.dll
c:\windows\9675hr9at20421z.ocx
c:\windows\96z4vir2516.exe
c:\windows\97702n5t-a-vizus3d5.bin
c:\windows\994bvi554z.ocx
c:\windows\9989spambz51a29.exe
c:\windows\9bd3downloazer5435.bin
c:\windows\9c41szyware1015.dll
c:\windows\9c815pywarz2696.ocx
c:\windows\9cc9ackdozr3135.cpl
c:\windows\9d4ab5ckzoor2754.exe
c:\windows\9db5ckdoorz349.exe
c:\windows\9deabackdo5r1024z.dll
c:\windows\9fbzteal1556.ocx
c:\windows\9z552troj1cf.cpl
c:\windows\9z591hackto5l447.exe
c:\windows\9z764t5oj356.exe
c:\windows\9z85virus458.exe
c:\windows\9zfbs5eal356.cpl
c:\windows\a08thz5at25906.exe
c:\windows\b0zdownloa9er1551.ocx
c:\windows\c19t5reatz3960.ocx
c:\windows\c52t9reatz515.cpl
c:\windows\daethr9zt274895.dll
c:\windows\dezthie51934.cpl
c:\windows\e289pyware5z8.ocx
c:\windows\e96stzal5931.bin
c:\windows\f93v5r3z39.dll
c:\windows\fd8st59z1050.cpl
c:\windows\feabackdo9z573.exe
c:\windows\system32\101z05py6f9.ocx
c:\windows\system32\10217ha5ktool41z9.dll
c:\windows\system32\10273szy5965.cpl
c:\windows\system32\109z95rm16.bin
c:\windows\system32\1116szarse5905.ocx
c:\windows\system32\1119zh95ktool613.ocx
c:\windows\system32\1178not-a-vz9us5c1.bin
c:\windows\system32\11893spa5bot3zf.exe
c:\windows\system32\11964virz952c.cpl
c:\windows\system32\11z259acktoolb5.dll
c:\windows\system32\12085tzoj59.dll
c:\windows\system32\12181hazktoo977a5.exe
c:\windows\system32\1229zt5oj4559.cpl
c:\windows\system32\12588zirus6b59.exe
c:\windows\system32\12992virus529z.bin
c:\windows\system32\12dzb9c5door129.cpl
c:\windows\system32\1318d9wnloaze5149.exe
c:\windows\system32\1366159ambot4z0.ocx
c:\windows\system32\1384w5rm97bz.bin
c:\windows\system32\14135hazktoo54a69.exe
c:\windows\system32\1419addwa59317z.dll
c:\windows\system32\141z3no5-a-virus25d9.ocx
c:\windows\system32\14404not-9-v5rzs3df.dll
c:\windows\system32\1440zpy5169.bin
c:\windows\system32\14644hackt5oz959.cpl
c:\windows\system32\14751t5oz90e.bin
c:\windows\system32\14c9backdoor25z69.exe
c:\windows\system32\14z95spy4eb.bin
c:\windows\system32\150959py4zd.dll
c:\windows\system32\15184tr9jz2f.exe
c:\windows\system32\15279orz695.exe
c:\windows\system32\152z6t5o9ba.bin
c:\windows\system32\15359troj39z.cpl
c:\windows\system32\15393spamboz12f.exe
c:\windows\system32\15399hacktzol4f59.cpl
c:\windows\system32\15725not-a9virzs120.ocx
c:\windows\system32\15989not-a-5irus99z.dll
c:\windows\system32\1598s9amboz795.dll
c:\windows\system32\15f3downz9ader1527.exe
c:\windows\system32\15z14n9t5a-virus26b.dll
c:\windows\system32\16389nzt-a-viru5120.bin
c:\windows\system32\1652n9t5a-virus4e6z.cpl
c:\windows\system32\168z65py197.bin
c:\windows\system32\17045par9z1699.exe
c:\windows\system32\17252zot-a-vir5s18d9.bin
c:\windows\system32\17539not-a-virz57a59.exe
c:\windows\system32\17558troj9z4.exe
c:\windows\system32\17775not5azvirus19c.cpl
c:\windows\system32\17796viruz15d9.cpl
c:\windows\system32\17807tz9j65c.ocx
c:\windows\system32\178z1vir5s39d.ocx
c:\windows\system32\17b3threa54490z.bin
c:\windows\system32\1827znot9a-vir5s5ed.exe
c:\windows\system32\18495spy9z5.bin
c:\windows\system32\1892stza52405.dll
c:\windows\system32\18a7doznl5ader910.cpl
c:\windows\system32\18b9tzief519.ocx
c:\windows\system32\18zd5pars9842.cpl
c:\windows\system32\19319hacktool590z.exe
c:\windows\system32\194z4wormb5.cpl
c:\windows\system32\19758worm5bz.bin
c:\windows\system32\19918notza-95rus3c6.ocx
c:\windows\system32\19z54troj64b9.exe
c:\windows\system32\1b4dd59nloaderz1.bin
c:\windows\system32\1b61thzea59467.cpl
c:\windows\system32\1ba0zackd9o52433.dll
c:\windows\system32\1dzbbackdoo9585.ocx
c:\windows\system32\1e2fth5zat93274.bin
c:\windows\system32\1ea2s5azse9580.cpl
c:\windows\system32\1f28zi91465.ocx
c:\windows\system32\1f5sp9rsz2368.bin
c:\windows\system32\1z199not-a-virus537.exe
c:\windows\system32\1z656worm9bf.exe
c:\windows\system32\1z919sp5399.bin
c:\windows\system32\1zd4thie91905.cpl
c:\windows\system32\1zf9sparse2225.bin
c:\windows\system32\2013zvi95s189.bin
c:\windows\system32\204369acktooz65f.cpl
c:\windows\system32\20896not-a-zi95s52a.cpl
c:\windows\system32\21909hac9toolzb5.dll
c:\windows\system32\22129z55de.bin
c:\windows\system32\22552hazktoo93af.ocx
c:\windows\system32\22764spaz5ot49b.dll
c:\windows\system32\22855not-9-virus1dcz.bin
c:\windows\system32\22z3threat19075.dll
c:\windows\system32\230not-a-vi95s3ze.ocx
c:\windows\system32\23516v9rzs359.cpl
c:\windows\system32\2356backdoor95z.cpl
c:\windows\system32\238z9s5976c.bin
c:\windows\system32\23935not-9-vizus59.ocx
c:\windows\system32\24095tz5j6d5.dll
c:\windows\system32\24z94h9ckto5l7d3.exe
c:\windows\system32\25125sp94z9.dll
c:\windows\system32\2525zspambo933d.exe
c:\windows\system32\25315notza-9irus4e8.dll
c:\windows\system32\25355noz-5-vi9us29c.bin
c:\windows\system32\25505az9door2915.ocx
c:\windows\system32\259155pz2ae.exe
c:\windows\system32\25b15a9kdzor3242.cpl
c:\windows\system32\25dz9ir12445.ocx
c:\windows\system32\25z14sp9mbot33a.cpl
c:\windows\system32\26190v59us3z9.exe
c:\windows\system32\26205vir9s666z.ocx
c:\windows\system32\262665orz709.bin
c:\windows\system32\269d5iz1475.dll
c:\windows\system32\269fbazkdoor10569.exe
c:\windows\system32\27250spam9oz540.dll
c:\windows\system32\27500spzmb9t2ae.exe
c:\windows\system32\27527tr9z5e3.ocx
c:\windows\system32\2775sz9ware852.dll
c:\windows\system32\27955tea94z9.bin
c:\windows\system32\279at5rzat6010.exe
c:\windows\system32\28576spam9ot705z.ocx
c:\windows\system32\28721z9o5193.cpl
c:\windows\system32\29050hacktozl7d1.ocx
c:\windows\system32\29191vz5us769.cpl
c:\windows\system32\29243worz1015.ocx
c:\windows\system32\29285spy3dz.exe
c:\windows\system32\293719zo52df.bin
c:\windows\system32\29523viru91ze.bin
c:\windows\system32\29554zot-a-vi9us457.ocx
c:\windows\system32\29595ir1169z.cpl
c:\windows\system32\29652noz-a-virus189.cpl
c:\windows\system32\29848z5oj28b.bin
c:\windows\system32\29926vzr5s19.exe
c:\windows\system32\2998zv5rus616.cpl
c:\windows\system32\2a4baddwar9555z.exe
c:\windows\system32\2ca9ba5zdoor986.ocx
c:\windows\system32\2d829p5ware2478z.cpl
c:\windows\system32\2e915ownloaderz524.bin
c:\windows\system32\2eefspyza9e27705.cpl
c:\windows\system32\2z258worm4a89.exe
c:\windows\system32\2z558spambot59.exe
c:\windows\system32\2z9459rm5c2.exe
c:\windows\system32\2z950vi5us3bd9.dll
c:\windows\system32\3003sp9mbo545z.cpl
c:\windows\system32\30400sp5mboz2b29.cpl
c:\windows\system32\30469vzr9s58a.ocx
c:\windows\system32\30z975acktool291.dll
c:\windows\system32\31877not5a-vir9s705z.exe
c:\windows\system32\319spa9sez5945.cpl
c:\windows\system32\3235t5izf9915.dll
c:\windows\system32\324685ro9z56.cpl
c:\windows\system32\32733spzmbot5659.dll
c:\windows\system32\3292vir1515z.bin
c:\windows\system32\3366hac9tool501z.exe
c:\windows\system32\33b4ad5wzr92385.dll
c:\windows\system32\35035zy599.ocx
c:\windows\system32\35152virus931z.exe
c:\windows\system32\3598zirus252.bin
c:\windows\system32\49f1thizf20365.dll
c:\windows\system32\518zvi5us6dc9.exe
c:\windows\system32\5973t9reat1z560.exe
c:\windows\system32\675f5par9e25z9.dll
c:\windows\system32\6f59backdoorz2959.bin
c:\windows\system32\705zdownloa9er2305.exe
c:\windows\system32\7a555zief1691.dll
c:\windows\system32\88275oz-a-vir9s496.exe
c:\windows\system32\94943hacktool5ze.exe
c:\windows\system32\z8250spy194.bin
c:\windows\z0139parse1445.ocx
c:\windows\z0355ac9tool492.cpl
c:\windows\z1513worm129.ocx
c:\windows\z1ea95eal2194.bin
c:\windows\z2c0addw9re5345.cpl
c:\windows\z301steal29625.cpl
c:\windows\z350295oj4cd.dll
c:\windows\z351595oj185.dll
c:\windows\z52asteal9228.cpl
c:\windows\z5569not5a-virus33f.ocx
c:\windows\z581hacktool679.bin
c:\windows\z595spyware2782.ocx
c:\windows\z5faddw9re3028.exe
c:\windows\z6503sp5m9ot325.exe
c:\windows\z6591hacktoo9499.exe
c:\windows\z750thie9550.exe
c:\windows\z85279pambot64e.ocx
c:\windows\z8785ackd9or2448.dll
c:\windows\z94sp5rse2649.dll
c:\windows\z9645sp95e.dll
c:\windows\z9812w5rm425.exe
c:\windows\z9958spambot590.ocx
c:\windows\z9999ir1759.ocx
c:\windows\z9adba5kdoor3217.dll
c:\windows\zd0caddw5re15229.cpl
c:\windows\zf51thi5f2195.bin
F:\keylogger.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-12-18 15:24 . 2009-12-18 15:24 2658 ----a-w- c:\windows\system32\bdbad9zar5456.dll
2009-11-28 08:55 . 2009-11-28 08:55 2696 ----a-w- c:\windows\system32\9ab1downloa5er3z6.exe
2009-10-27 20:49 . 2009-10-27 20:49 2754 ----a-w- c:\windows\system32\592spa59otzb1.bin
2009-10-23 02:29 . 2009-10-23 02:29 3488 ----a-w- c:\windows\system32\56089wozm7f9.bin
2009-10-20 22:14 . 2009-10-20 22:14 7664 ----a-w- c:\windows\system32\d485ddwzr9947.bin
2009-10-17 10:52 . 2009-10-17 10:52 7821 ----a-w- c:\windows\system32\6319hackt5zl1aa.bin
2009-10-16 19:38 . 2009-10-16 19:38 4459 ----a-w- c:\windows\system32\3fcezparse9258.dll
2009-10-01 05:36 . 2009-10-01 05:36 3892 ----a-w- c:\windows\system32\53099troj6f3z.exe
2009-09-18 11:08 . 2009-09-18 11:08 4687 ----a-w- c:\windows\system32\z15dbackdoor659.exe
2009-09-11 05:04 . 2009-09-11 05:04 9791 ----a-w- c:\windows\system32\z8326hack9oo546.bin
2009-09-03 13:21 . 2009-09-03 13:21 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2009-09-03 09:49 . 2009-09-03 09:49 -------- d-----w- c:\documents and settings\���J@�€�����
2009-09-03 09:34 . 2009-09-03 09:34 -------- d-----w- c:\documents and settings\J@€€\Local Settings\Application Data\Graboid_Inc
2009-09-03 09:34 . 2009-09-03 09:34 -------- d-----w- c:\documents and settings\J@€€\Application Data\MozillaControl
2009-09-03 09:34 . 2009-09-03 09:49 -------- d-----w- c:\documents and settings\J@€€\Local Settings\Application Data\Graboid
2009-09-03 09:34 . 2009-09-03 09:34 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-09-03 09:33 . 2009-09-03 09:34 -------- d-----w- c:\program files\Graboid
2009-09-02 09:46 . 2004-08-03 17:38 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-09-02 09:46 . 2004-08-03 17:38 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-08-19 15:33 . 2009-08-19 15:34 -------- d-----w- c:\program files\FixTunes
2009-08-18 16:48 . 2009-08-18 16:48 3910 ----a-w- c:\windows\system32\z3693hac5tool98.exe
2009-08-18 16:16 . 2009-08-18 16:16 -------- d-----w- c:\program files\Trend Micro
2009-08-16 05:08 . 2009-08-16 05:08 -------- d-----w- c:\program files\Sophos
2009-08-15 16:29 . 2009-08-03 08:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 16:29 . 2009-09-02 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 16:29 . 2009-08-03 08:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 08:21 . 2009-08-15 08:21 -------- d-----w- c:\documents and settings\J@€€\Application Data\Malwarebytes
2009-08-15 06:36 . 2009-08-15 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-14 11:37 . 2009-08-14 11:37 8971 ----a-w- c:\windows\system32\45z0addwa9e1148.exe
2009-08-11 09:38 . 2009-08-16 12:12 -------- d-----w- c:\documents and settings\J@€€\Local Settings\Application Data\Adobe
2009-08-10 14:23 . 2009-08-10 14:24 2036720 ----a-w- c:\program files\GoogleDesktopSetup.exe
2009-08-10 07:02 . 2009-08-10 07:02 -------- d-----w- c:\windows\system32\NtmsData
2009-08-09 12:08 . 2009-08-09 12:08 -------- d-----w- c:\documents and settings\Admin\Bluetooth Software
2009-08-09 11:33 . 2009-08-09 11:33 -------- d-----w- c:\program files\mkvtoavis
2009-08-09 11:32 . 2009-08-09 11:32 -------- d-----w- c:\program files\mkvtoavi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 07:25 . 2009-06-20 04:06 -------- d-----w- c:\documents and settings\Admin\Application Data\ZoomBrowser EX
2009-09-06 07:15 . 2009-06-12 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-04 01:59 . 2009-07-27 15:47 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2009-09-03 09:35 . 2009-06-07 07:25 -------- d-----w- c:\documents and settings\J@€€\Application Data\vlc
2009-09-02 09:47 . 2009-08-04 18:34 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Suite
2009-08-30 13:14 . 2009-07-25 07:51 -------- d-----w- c:\documents and settings\Admin\Application Data\Ahead
2009-08-26 11:12 . 2009-07-25 12:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-26 08:48 . 2009-06-02 07:08 -------- d-----w- c:\program files\Garena
2009-08-19 09:46 . 2009-06-01 18:38 -------- d-----w- c:\program files\ASUS
2009-08-18 16:03 . 2009-07-30 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 11:30 . 2009-08-02 05:22 -------- d-----w- c:\program files\FLV to MP4 Converter
2009-08-18 11:28 . 2009-07-30 07:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-14 15:28 . 2009-06-05 06:29 -------- d-----w- c:\documents and settings\J@€€\Application Data\LimeWire
2009-08-14 06:37 . 2009-08-02 05:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Winamp
2009-08-10 14:25 . 2009-06-16 13:07 -------- d-----w- c:\program files\Google
2009-08-08 14:48 . 2009-06-01 18:02 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-08 10:32 . 2009-08-08 10:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-08 10:32 . 2009-08-08 10:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-08 03:22 . 2009-08-08 03:09 -------- d-----w- c:\documents and settings\J@€€\Application Data\Hamachi
2009-08-08 03:09 . 2009-08-08 03:08 -------- d-----w- c:\program files\Hamachi
2009-08-08 03:08 . 2009-08-08 03:08 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-07 18:02 . 2009-06-01 19:06 43920 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 08:42 . 2009-08-05 08:42 15281 ----a-w- c:\windows\system32\7102backdoo9165z.exe
2009-08-03 20:08 . 2009-08-03 20:06 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-03 20:07 . 2009-08-03 20:07 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-03 20:06 . 2009-08-03 20:06 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-03 20:06 . 2009-08-03 20:06 -------- d-----w- c:\documents and settings\J@€€\Application Data\TuneUp Software
2009-08-03 20:06 . 2009-08-03 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-08-03 20:05 . 2009-08-03 20:05 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-02 13:32 . 2009-08-02 13:32 1606064 ----a-w- c:\program files\googletalk-setup.exe
2009-08-02 11:54 . 2009-06-01 19:28 43920 ----a-w- c:\documents and settings\J@€€\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-02 05:18 . 2009-08-02 05:18 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-02 05:17 . 2009-08-02 05:17 -------- d-----w- c:\program files\Microsoft.NET
2009-07-31 07:31 . 2009-07-05 13:19 -------- d-----w- c:\program files\iTunes
2009-07-31 07:31 . 2009-07-31 07:31 -------- d-----w- c:\program files\iPod
2009-07-31 07:31 . 2009-07-13 11:05 -------- d-----w- c:\program files\Common Files\Apple
2009-07-27 16:16 . 2009-07-27 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-27 15:54 . 2009-07-27 15:54 -------- d-----w- c:\program files\AskSearch
2009-07-27 15:48 . 2009-07-27 15:48 -------- d-----w- c:\program files\uTorrent
2009-07-27 05:46 . 2009-07-27 05:46 -------- d-----w- c:\program files\Kundan Hate
2009-07-26 04:01 . 2009-07-25 07:28 -------- d-----w- c:\program files\Dream Aquarium
2009-07-25 07:49 . 2009-07-25 07:49 -------- d-----w- c:\program files\kardile yogesh
2009-07-25 07:47 . 2009-07-25 07:47 -------- d-----w- c:\program files\mahindra
2009-07-25 07:46 . 2009-07-25 07:46 -------- d-----w- c:\program files\yadav p
2009-07-25 07:44 . 2009-07-25 07:44 -------- d-----w- c:\program files\Nagpur joungal
2009-07-25 07:40 . 2009-07-25 07:40 -------- d-----w- c:\program files\purohit raja
2009-07-25 07:39 . 2009-07-25 07:39 -------- d-----w- c:\program files\shayadri 2
2009-07-25 07:36 . 2009-07-25 07:36 12077145 ----a-w- c:\windows\lark-screen-saver.scr
2009-07-25 07:28 . 2009-07-25 07:28 -------- d-----w- c:\program files\Dream Aquarium ver.1.700 screen saver on Dd9qc1bs
2009-07-24 03:04 . 2009-07-24 03:04 4800 ----a-w- c:\windows\system32\6z65th5e9t11775.bin
2009-07-23 18:54 . 2009-07-23 18:48 -------- d-----w- c:\program files\Jumi
2009-07-22 16:00 . 2009-07-22 16:00 -------- d-----w- c:\documents and settings\J@€€\Application Data\Xilisoft Corporation
2009-07-22 15:58 . 2009-07-22 15:58 -------- d-----w- c:\program files\Xilisoft
2009-07-19 11:43 . 2009-07-19 11:43 6528 ----a-w- c:\windows\system32\drivers\jumi.sys
2009-07-18 15:36 . 2009-07-18 15:36 -------- d-----w- c:\documents and settings\Admin\Application Data\CyberLink
2009-07-18 15:36 . 2009-07-18 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-18 15:13 . 2009-07-18 15:10 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2009-07-17 13:07 . 2009-07-17 13:07 4096 ----a-w- c:\windows\d3dx.dat
2009-07-17 12:33 . 2009-07-17 12:33 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-17 11:52 . 2009-07-17 04:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-17 04:51 . 2009-07-17 04:46 -------- d-----w- c:\program files\SWAT 4
2009-07-17 04:44 . 2009-07-17 04:37 -------- d-----w- c:\documents and settings\J@€€\Application Data\DAEMON Tools Lite
2009-07-17 04:42 . 2009-07-17 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-17 04:42 . 2009-07-17 04:42 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-17 04:37 . 2009-07-17 04:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-16 18:01 . 2009-07-16 18:01 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-16 09:43 . 2009-06-01 18:19 -------- d-----w- c:\program files\CyberLink
2009-07-16 09:43 . 2009-06-01 17:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 09:34 . 2009-07-08 12:39 -------- d-----w- c:\documents and settings\J@€€\Application Data\Ahead
2009-07-15 06:18 . 2009-08-03 20:06 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-14 07:02 . 2009-07-13 19:49 -------- d-----w- c:\program files\Opera 10 Beta
2009-07-14 04:08 . 2009-07-14 04:08 2602 ----a-w- c:\windows\system32\z3b9ir5888.exe
2009-07-13 13:44 . 2009-06-07 07:38 -------- d-----w- c:\documents and settings\J@€€\Application Data\Apple Computer
2009-07-13 11:11 . 2009-07-13 11:11 -------- d-----w- c:\program files\Apple Software Update
2009-07-13 07:39 . 2009-06-06 07:58 -------- d-----w- c:\documents and settings\J@€€\Application Data\mIRC
2009-07-13 04:54 . 2009-06-06 07:58 -------- d-----w- c:\program files\mIRC
2009-07-12 13:32 . 2009-07-12 13:32 7833 ----a-w- c:\windows\system32\9350hacktool7z9.dll
2009-07-09 01:43 . 2009-07-09 01:43 12904 ----a-w- c:\windows\system32\3eb8z9yware1115.exe
2009-07-03 09:03 . 2009-07-03 09:03 17373 ----a-w- c:\windows\system32\5493thi9z5156.exe
2009-07-01 15:20 . 2009-07-01 15:20 13150 ----a-w- c:\windows\system32\z595hacktool6cc9.exe
2009-06-27 08:00 . 2009-06-01 18:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-27 08:00 . 2009-06-01 18:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-21 21:04 . 2009-06-21 21:04 11020 ----a-w- c:\windows\system32\7ad9ad9ware3175z.dll
2009-06-21 03:16 . 2009-06-01 18:06 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-12 11:38 . 2009-06-12 11:38 14569 ----a-w- c:\windows\system32\5904thzef1523.bin
2009-06-10 02:58 . 2009-06-10 02:58 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 02:58 . 2009-06-10 02:58 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 02:58 . 2009-06-10 02:58 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 02:58 . 2009-06-10 02:58 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 02:58 . 2009-06-10 02:58 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 02:58 . 2009-06-10 02:58 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 02:58 . 2009-06-10 02:58 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 00:33 . 2009-06-10 00:33 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 00:33 . 2009-06-10 00:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 00:33 . 2009-06-01 18:06 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 00:33 . 2009-03-27 04:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 00:33 . 2009-03-27 04:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 00:33 . 2006-08-11 13:43 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 00:33 . 2006-08-11 13:42 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 00:33 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-10 14:25 . 2009-08-10 14:25 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"Email Protection"="c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2009-06-02 267648]
"Update Scheduler"="c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE" [2009-06-02 95616]
"On-Line Protection"="c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe" [2009-06-02 210304]
"Startup Scan"="c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE" [2009-06-02 144768]
"ResumeQuickupDownload"="c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe" [2009-06-02 95616]
"Quick Heal Monitor"="c:\progra~1\QUICKH~1\QUICKH~2\op_mon.exe" [2008-07-31 1941504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-13 16116224]
"Resume copy"="copyfstq.exe" - c:\windows\copyfstq.exe [2009-06-01 73728]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Startup Scan"="c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE" [2009-06-02 144768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9109:TCP"= 9109:TCP:vrzhroj

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [6/2/2009 12:02 PM 673920]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [6/2/2009 11:56 AM 65152]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [6/2/2009 11:56 AM 28664]
R2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe [6/2/2009 11:56 AM 17280]
R2 Quick Heal Total Security Mail Protection;Quick Heal Total Security Mail Protection;c:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [6/2/2009 11:56 AM 50560]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [6/2/2009 11:56 AM 58752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/4/2009 1:37 AM 604488]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [6/2/2009 12:01 PM 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [6/2/2009 12:02 PM 234640]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [7/19/2009 5:13 PM 6528]
S0 myoteu;myoteu;c:\windows\system32\drivers\lhsjd.sys --> c:\windows\system32\drivers\lhsjd.sys [?]
S2 acssrv;Quick Heal Client Security Service;c:\progra~1\QUICKH~1\QUICKH~2\acs.exe [6/2/2009 12:01 PM 1224704]
S2 gupdate1c9f7fa4e0dd20;Google Update Service (gupdate1c9f7fa4e0dd20);c:\program files\Google\Update\GoogleUpdate.exe [6/20/2009 6:09 PM 133104]
S2 Startup Handler;Quick Heal Total Security Startup Handler;c:\progra~1\QUICKH~1\QUICKH~1\strtsvc.exe [6/2/2009 11:56 AM 54656]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\J@3326~1\LOCALS~1\Temp\GOAA.tmp --> c:\docume~1\J@3326~1\LOCALS~1\Temp\GOAA.tmp [?]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/10/2009 7:55 PM 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\E30.tmp --> c:\windows\system32\E30.tmp [?]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\ZTEUsbser.sys [6/2/2009 12:17 AM 97920]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
xfutzycs
owrzdt
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 05:24]

2009-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-16 14:01]

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 12:39]

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 12:39]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-484061587-725345543-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-20 12:23]

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-484061587-725345543-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-20 12:23]

2009-06-01 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

2009-06-01 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- G:\setup.exe [2004-08-03 19:26]

2009-06-01 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-06-01 21:46]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {94562ECA-7067-4C94-86E0-06CFC1FC4B62} = 192.168.1.1
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\J@€€\Application Data\Mozilla\Firefox\Profiles\ivrn74nr.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\J@€€\Application Data\Mozilla\Firefox\Profiles\ivrn74nr.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\J@€€\Application Data\Mozilla\Firefox\Profiles\ivrn74nr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\J@3326~1\LOCALS~1\Temp\GOAA.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E30.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\QUICKH~1\QUICKH~1\SCANWSCS.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\QUICKH~1\QUICKH~1\ONLINENT.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-07 23:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-07 17:56

Pre-Run: 8,180,285,440 bytes free
Post-Run: 8,189,657,088 bytes free

824 --- E O F --- 2009-08-04 05:09

#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:23 AM

Posted 07 September 2009 - 01:17 PM

Hello


Please disable Teatimer as it may interfere with the fix.
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Once your log is clean you can re-enable those settings in TeaTimer.



Do not remove your Recovery Console. If something goes wrong we may get it fixed back with Recovery Console.


Please click your Start button then Click on Run and type in the following without the quotes: "notepad" Then copy (Ctrl C) and paste (Ctrl V) the following text in the codebox,
File::
c:\windows\system32\bdbad9zar5456.dll
c:\windows\system32\9ab1downloa5er3z6.exe
c:\windows\system32\592spa59otzb1.bin
c:\windows\system32\56089wozm7f9.bin
c:\windows\system32\d485ddwzr9947.bin
c:\windows\system32\6319hackt5zl1aa.bin
c:\windows\system32\3fcezparse9258.dll
c:\windows\system32\53099troj6f3z.exe
c:\windows\system32\z15dbackdoor659.exe
c:\windows\system32\z8326hack9oo546.bin
c:\windows\system32\z3693hac5tool98.exe
c:\windows\system32\45z0addwa9e1148.exe
c:\windows\system32\7102backdoo9165z.exe
c:\windows\system32\6z65th5e9t11775.bin
c:\windows\system32\z3b9ir5888.exe
c:\windows\system32\9350hacktool7z9.dll
c:\windows\system32\3eb8z9yware1115.exe
c:\windows\system32\5493thi9z5156.exe
c:\windows\system32\z595hacktool6cc9.exe
c:\windows\system32\7ad9ad9ware3175z.dll
c:\windows\system32\5904thzef1523.bin
c:\windows\system32\drivers\jumi.sys
c:\windows\system32\drivers\lhsjd.sys

Driver::
jumi
myoteu


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Please post Combofix log, Mbam results and a fresh HijackThis log back here. :thumbup2:

Edited by Baabiouz, 07 September 2009 - 01:18 PM.

Posted Image

#11 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:23 AM

Posted 13 September 2009 - 05:52 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users