Active Windows is slow ! Internet acts abnormal

zeeshanhashmi · 2010/03/17

Hi

here is the contents of that file :

C:\Program Files\WinUHA\UHARC.EXE a variant of Win32/TrojanDownloader.FakeAlert.GO trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{95D3FC0D-EF3E-4C76-9893-0E17BF4E94B3}\RP133\A0040586.EXE a variant of Win32/TrojanDownloader.FakeAlert.GO trojan cleaned by deleting - quarantined

broni · 2010/03/17

Good

Give me fresh HJT log, please.

zeeshanhashmi · 2010/03/17

ComboFix 10-03-16.03 - Zeeshan Hashmi 03/18/2010 7:14.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.118 [GMT 5:00]
Running from: c:\documents and settings\Zeeshan Hashmi\Desktop\Naats\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-17 06:12 . 2010-03-17 06:12 -------- d-----w- c:\program files\ESET
2010-03-17 05:30 . 2010-03-17 16:55 -------- d-----w- c:\documents and settings\Zeeshan Hashmi\Application Data\DivX
2010-03-17 05:30 . 2010-03-17 05:23 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-17 05:30 . 2010-03-17 05:22 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-17 05:30 . 2010-03-17 05:30 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-17 05:30 . 2010-03-17 05:30 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-17 05:28 . 2010-03-17 05:28 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-03-17 05:28 . 2010-03-17 05:28 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-17 05:28 . 2010-03-17 05:28 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-17 05:28 . 2010-03-17 05:28 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-17 05:28 . 2010-03-17 05:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-17 05:28 . 2010-03-17 05:28 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-03-17 05:24 . 2010-03-17 05:30 -------- d-----w- c:\program files\DivX
2010-03-17 05:22 . 2010-03-17 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-13 12:16 . 2010-03-16 17:55 -------- d-----w- c:\documents and settings\Zeeshan Hashmi\Application Data\Apple Computer
2010-03-13 12:16 . 2009-05-18 09:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-13 12:16 . 2008-04-17 08:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-13 12:14 . 2010-03-13 12:14 -------- d-----w- c:\program files\iPod
2010-03-13 12:14 . 2010-03-13 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-13 12:13 . 2010-03-13 12:13 -------- d-----w- c:\program files\Bonjour
2010-03-13 12:12 . 2010-03-13 12:13 -------- d-----w- c:\program files\QuickTime
2010-03-13 12:12 . 2010-03-13 12:12 -------- d-----w- c:\documents and settings\Zeeshan Hashmi\Local Settings\Application Data\Apple
2010-03-13 12:11 . 2010-03-13 12:11 -------- d-----w- c:\program files\Apple Software Update
2010-03-13 12:11 . 2010-03-13 12:16 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-13 12:10 . 2010-03-13 12:14 -------- d-----w- c:\program files\Common Files\Apple
2010-03-13 12:10 . 2010-03-13 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-08 07:38 . 2010-03-08 07:38 -------- d-----w- c:\documents and settings\Zeeshan Hashmi\Application Data\Malwarebytes
2010-03-08 07:38 . 2010-01-07 11:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 07:38 . 2010-03-08 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-08 07:38 . 2010-01-07 11:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 11:39 . 2010-03-02 11:39 -------- d-----r- C:\MSOCache
2010-03-02 11:22 . 2010-03-02 11:22 -------- d-----w- c:\program files\Microsoft
2010-03-01 06:46 . 2010-03-01 06:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-23 11:31 . 2010-02-23 11:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-19 10:39 . 2009-12-16 09:42 43008 ----a-w- c:\documents and settings\Zeeshan Hashmi\Application Data\Mozilla\Firefox\Profiles\i2th74tw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-19 10:39 . 2009-12-16 09:42 340480 ----a-w- c:\documents and settings\Zeeshan Hashmi\Application Data\Mozilla\Firefox\Profiles\i2th74tw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-19 10:39 . 2009-12-16 09:42 872960 ----a-w- c:\documents and settings\Zeeshan Hashmi\Application Data\Mozilla\Firefox\Profiles\i2th74tw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-02-19 10:39 . 2009-12-16 09:41 346624 ----a-w- c:\documents and settings\Zeeshan Hashmi\Application Data\Mozilla\Firefox\Profiles\i2th74tw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 02:19 . 2007-11-14 14:25 -------- d-----w- c:\documents and settings\Zeeshan Hashmi\Application Data\Skype
2010-03-18 02:05 . 2008-12-27 18:06 -------- d-----w- c:\documents and settings\Zeeshan Hashmi\Application Data\skypePM
2010-03-17 17:52 . 2008-12-22 12:28 -------- d-----w- c:\documents and settings\Zeeshan Hashmi\Application Data\FileZilla
2010-03-17 05:29 . 2010-03-17 05:29 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 57676 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 84035 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-03-17 05:29 . 2010-03-17 05:29 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-03-15 04:38 . 2008-12-22 12:28 -------- d-----w- c:\program files\FileZilla FTP Client
2010-03-13 12:14 . 2007-08-07 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-03 04:40 . 2009-05-23 19:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-26 15:15 . 2009-08-04 14:03 -------- d-----w- c:\documents and settings\Zeeshan Hashmi\Application Data\vlc
2010-02-23 18:38 . 2007-06-06 03:46 -------- d-----w- c:\program files\Google
2010-02-23 11:31 . 2009-06-25 11:54 -------- d-----r- c:\program files\Skype
2010-02-23 11:30 . 2007-11-14 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-15 13:41 . 2010-02-15 13:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-08_17.41.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-17 05:29 . 2009-12-01 19:14 68080 c:\windows\system32\pxinsa64.exe
+ 2010-03-17 05:29 . 2009-12-01 19:14 72176 c:\windows\system32\pxhpinst.exe
+ 2010-03-17 05:29 . 2009-12-01 19:14 68080 c:\windows\system32\pxcpya64.exe
+ 2010-03-13 12:11 . 2009-08-28 14:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2010-03-13 12:11 . 2009-08-28 14:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2010-03-13 12:16 . 2009-05-18 09:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-03-17 05:29 . 2009-12-01 19:14 44944 c:\windows\system32\drivers\PxHelp20.sys
+ 2008-12-12 06:11 . 2008-12-12 06:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 06:18 . 2008-12-12 06:18 87336 c:\windows\system32\dns-sd.exe
- 2007-05-25 04:39 . 2010-03-08 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-17 06:07 . 2010-03-17 06:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-17 02:24 . 2010-03-17 06:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010031720100318\index.dat
+ 2010-03-16 03:50 . 2010-03-16 03:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010031620100317\index.dat
+ 2010-03-09 03:18 . 2010-03-09 03:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010030920100310\index.dat
+ 2007-05-25 04:39 . 2010-03-17 06:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-25 04:39 . 2010-03-08 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-25 04:39 . 2010-03-08 03:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-09 03:17 . 2010-03-17 06:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-13 12:12 . 2010-03-13 12:12 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2010-03-13 12:13 . 2010-03-13 12:13 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2010-03-17 05:29 . 2009-12-01 19:14 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2010-03-17 05:29 . 2009-12-01 19:14 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-07-11 20:12 . 2009-07-11 20:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 20:09 . 2009-07-11 20:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 20:08 . 2009-07-11 20:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2010-03-17 05:29 . 2009-12-01 19:14 100848 c:\windows\system32\vxblock.dll
+ 2010-03-17 05:29 . 2009-12-01 19:14 440816 c:\windows\system32\pxwave.dll
+ 2010-03-17 05:29 . 2009-12-01 19:14 219632 c:\windows\system32\pxmas.dll
+ 2010-03-17 05:29 . 2009-12-01 19:14 125424 c:\windows\system32\pxinsi64.exe
+ 2010-03-17 05:29 . 2009-12-01 19:14 559600 c:\windows\system32\pxdrv.dll
+ 2010-03-17 05:29 . 2009-12-01 19:14 123888 c:\windows\system32\pxcpyi64.exe
+ 2010-03-17 05:29 . 2009-12-01 19:14 133616 c:\windows\system32\pxafs.dll
+ 2010-03-17 05:29 . 2009-12-01 19:14 678384 c:\windows\system32\px.dll
+ 2010-03-13 12:16 . 2008-04-17 08:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-03-17 05:28 . 2010-03-17 05:28 169472 c:\windows\Installer\aa90b2.msi
+ 2010-03-13 12:10 . 2010-03-13 12:10 796672 c:\windows\Installer\1f525b9.msi
+ 2010-03-13 12:17 . 2010-03-13 12:17 102400 c:\windows\Installer\{81063354-9060-42B2-A000-1EBE96778AA9}\iTunesIco.exe
+ 2010-03-17 05:29 . 2009-12-01 19:14 2083312 c:\windows\system32\pxsfs.dll
+ 2010-03-13 12:11 . 2009-08-28 14:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2010-03-13 12:11 . 2009-08-28 14:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2010-03-13 12:17 . 2010-03-13 12:17 4449280 c:\windows\Installer\1f525d9.msi
+ 2010-03-13 12:13 . 2010-03-13 12:13 1659392 c:\windows\Installer\1f525d5.msi
+ 2010-03-13 12:13 . 2010-03-13 12:13 9473024 c:\windows\Installer\1f525ce.msi
+ 2010-03-13 12:12 . 2010-03-13 12:12 1549312 c:\windows\Installer\1f525c7.msi
+ 2010-03-13 12:11 . 2010-03-13 12:11 3310592 c:\windows\Installer\1f525c0.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE "= "c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 126976]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 68856]
"Google Update "= "c:\documents and settings\Zeeshan Hashmi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-01 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "CHDAudPropShortcut.exe" [2007-12-23 61952]
"Acrobat Assistant 7.0 "= "c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2007-12-23 483328]
"VSOCheckTask "= "c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online "= "c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MCAgentExe "= "c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe "= "c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MPSExe "= "c:\progra~1\mcafee.com\mps\mscifapp.exe" [2005-05-24 274432]
"MSKAGENTEXE "= "c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 126976]
"MSKDetectorExe "= "c:\progra~1\McAfee\SPAMKI~1\MskDetct.exe" [2005-03-23 1111040]
"igfxtray "= "c:\windows\System32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd "= "c:\windows\System32\hkcmd.exe" [2006-03-22 77824]
"igfxpers "= "c:\windows\System32\igfxpers.exe" [2006-03-22 118784]
"MPFExe "= "c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 950272]
"OASClnt "= "c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MMReminderService "= "c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2008-12-11 37656]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper "= "d:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-7-22 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-8-11 40448]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-8-10 745472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 86016]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-8-6 41051]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-5-25 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-05-25 10:22 63040 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0isabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0isabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0isabled:ActiveSync RAPI Manager
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"d:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0isabled:ActiveSync Service

R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [8/6/2009 3:50 PM 24645]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2010 11:38 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [5/26/2007 1:00 PM 52384]
S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [5/26/2007 1:00 PM 6096]
S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [5/26/2007 1:00 PM 84384]
S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cur_serd.sys [5/26/2007 1:00 PM 66048]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/8/2010 12:38 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 18:38]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 18:38]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-152049171-725345543-1003Core.job
- c:\documents and settings\Zeeshan Hashmi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-01 17:22]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-152049171-725345543-1003UA.job
- c:\documents and settings\Zeeshan Hashmi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-01 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\mclsp.dll
FF - ProfilePath - c:\documents and settings\Zeeshan Hashmi\Application Data\Mozilla\Firefox\Profiles\i2th74tw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Zeeshan Hashmi\Application Data\Mozilla\Firefox\Profiles\i2th74tw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Zeeshan Hashmi\Application Data\Mozilla\Firefox\Profiles\i2th74tw.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Zeeshan Hashmi\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 07:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\mclsphlr\gdlsphlr.dll
c:\windows\system32\McRtl32.dll

- - - - - - - > 'explorer.exe'(1320)
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-03-18 07:21:35
ComboFix-quarantined-files.txt 2010-03-18 02:21
ComboFix2.txt 2010-03-17 04:37
ComboFix3.txt 2010-03-08 17:43

Pre-Run: 77,680,386,048 bytes free
Post-Run: 77,651,197,952 bytes free

- - End Of File - - FE353E383A165AE07EFA030993609513

zeeshanhashmi · 2010/03/17

Okay this is what opened when the Combo Fix finished. I then opened the other log file, but the contents are same, and I can't post that here.

broni · 2010/03/17

No, no, sorry for the confusion.
My fault.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

zeeshanhashmi · 2010/03/17

k, there is this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:04 AM, on 3/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zeeshan Hashmi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe "
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

--
End of file - 12989 bytes

broni · 2010/03/17

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zeeshan Hashmi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

5. Click on Fix checked button.

6. Go Start>Run (Vista users - "Start search "), type in:
cmd
Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

Command Prompt window will open.
Type in:
sc stop MySQL
Press Enter.
Wait for the service to be stopped.

Type in:
sc delete MySQL
Press Enter.
Wait for confirmation.

7. Restart computer.

8. Post new HijackThis log.

zeeshanhashmi · 2010/03/17

will this delete MySQL ? I do not want to delete that.

broni · 2010/03/17

This service:
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
is a fake.

zeeshanhashmi · 2010/03/17

ok thanks

broni · 2010/03/17

....

Log in or Sign up

Active Windows is slow ! Internet acts abnormal

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Windows is slow ! Internet acts abnormal

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

zeeshanhashmi Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches