Comments for Linabbs's blog http://www.linabbs.com/blog A blog on computer security. Thu, 11 Mar 2010 01:58:40 +0000 http://wordpress.org/?v=2.3.1 Comment on programs on my pc will not open. they say can not connect to the internet by punji http://www.linabbs.com/blog/2009/02/16/programs-on-my-pc-will-not-open-they-say-can-not-connect-to-the-internet/#comment-22 punji Thu, 19 Feb 2009 04:02:24 +0000 http://www.linabbs.com/blog/2009/02/16/programs-on-my-pc-will-not-open-they-say-can-not-connect-to-the-internet/#comment-22 it sounds like u have a virus, i used to have the same problem and i had to format. but run an online scanner first for trojans or viruses. I found some programs which they are very good to run as well. Run Cleanup first restart ur pc, then run a program called Malwarebytes' Anti-Malware, download it install it let it to the updates, then switch off pc, and take off the cord for the internet. restart ur pc and scan it. good luck it sounds like u have a virus, i used to have the same problem and i had to format. but run an online scanner first for trojans or viruses. I found some programs which they are very good to run as well. Run Cleanup first restart ur pc, then run a program called Malwarebytes’ Anti-Malware, download it install it let it to the updates, then switch off pc, and take off the cord for the internet. restart ur pc and scan it.

good luck

]]> Comment on [Resolved] can’t open antivirus site and update antivirus by kymodoce http://www.linabbs.com/blog/2009/01/20/resolved-cant-open-antivirus-site-and-update-antivirus/#comment-7 kymodoce Tue, 03 Feb 2009 14:20:22 +0000 http://www.linabbs.com/blog/2009/01/20/resolved-cant-open-antivirus-site-and-update-antivirus/#comment-7 Hi Guys, I have facing the same problem like one mentioned above and i have also tried using all the given options like Combofix but still the problem persist. Have tried reinstalling firefox. Nothing is helping me out and its more than 2 weeks now. Am attaching below the log file of combofix. Dave help me clearing this one out please ___ Combo Log File ComboFix 09-02-02.04 - varsha 2009-02-03 19:16:03.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.318 [GMT 5.5:30] Running from: d:\setups\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))) . 2009-02-01 20:22 . 2009-02-01 20:22 d-------- c:\windows\system32\IOSUBSYS 2009-02-01 20:22 . 2008-08-01 03:47 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys 2009-02-01 20:22 . 2008-08-01 03:47 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys 2009-01-31 19:22 . 2009-01-31 19:22 d-------- c:\documents and settings\varsha\Application Data\Flickr 2009-01-31 13:36 . 2009-01-31 13:36 d-------- c:\program files\ffdshow 2009-01-31 13:36 . 2009-01-31 19:20 d-------- c:\documents and settings\varsha\Application Data\HTSK 2009-01-29 22:14 . 2009-01-29 22:14 d-------- c:\program files\Trend Micro 2009-01-29 22:03 . 2009-01-29 22:03 0 --a------ c:\windows\nsreg.dat 2009-01-26 13:32 . 2009-01-26 14:29 12,368 --a------ c:\windows\system32\x_dtrace_log 2009-01-26 13:21 . 2009-01-28 20:13 d-------- c:\program files\Common Files\Softwin 2009-01-25 15:06 . 2009-01-25 15:06 d---s---- c:\documents and settings\varsha\UserData 2009-01-24 19:05 . 2009-01-24 19:05 1,152 --a------ c:\windows\system32\windrv.sys 2009-01-24 18:27 . 2003-08-21 09:32 307,712 --a------ c:\windows\system32\QuickTouch.cpl 2009-01-24 18:23 . 2003-10-27 20:17 190,465 --a------ c:\windows\system32\drivers\o2mmb.sys 2009-01-24 18:23 . 2003-10-30 01:14 34,329 --------- c:\windows\O2_Uninstall.EXE 2009-01-24 18:23 . 2003-10-31 15:25 8,008 --a------ c:\windows\system32\drivers\o2mmb.cat 2009-01-24 18:23 . 2003-08-26 08:46 5,817 --a------ c:\windows\system32\drivers\MbxStby.sys 2009-01-24 18:23 . 2003-10-28 14:34 2,539 --a------ c:\windows\system32\drivers\o2mmb.inf 2009-01-24 18:22 . 2003-08-21 18:25 94,600 --a------ c:\windows\system32\drivers\Apfiltr.sys 2009-01-24 18:22 . 2003-07-04 14:00 87,805 --a------ c:\windows\system32\Vxdif.dll 2009-01-24 18:18 . 2003-10-02 14:17 155,648 --a------ c:\windows\system32\igfxres.dll 2009-01-24 18:02 . 2004-01-06 10:10 256,688 --a------ c:\windows\system32\drivers\stac97.sys 2009-01-24 18:02 . 2003-10-29 08:40 102,481 --a------ c:\windows\system32\stac97.cpl 2009-01-23 18:48 . 2003-11-21 15:20 113,152 --a------ c:\windows\system32\drivers\b57xp32.sys 2009-01-23 18:48 . 2003-11-21 15:20 113,152 --a--c--- c:\windows\system32\dllcache\b57xp32.sys 2009-01-23 17:37 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-01-23 17:17 . 2009-01-23 17:17 d-------- c:\program files\Microsoft Works 2009-01-23 17:16 . 2009-01-23 17:16 d-------- c:\program files\MSBuild 2009-01-23 16:23 . 2009-01-29 21:47 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-01-23 16:21 . 2009-01-23 16:21 dr-h----- C:\MSOCache 2009-01-20 23:08 . 2001-08-17 19:29 3,072 --a------ c:\windows\system32\drivers\audstub.sys 2009-01-20 23:07 . 2004-08-04 06:26 152,576 --a------ c:\windows\system32\irftp.exe 2009-01-20 23:07 . 2004-08-04 04:30 87,424 --a------ c:\windows\system32\drivers\irda.sys 2009-01-20 23:07 . 2004-08-04 04:29 57,472 --a------ c:\windows\system32\drivers\redbook.sys 2009-01-20 23:07 . 2001-08-17 17:40 35,913 --a------ c:\windows\system32\drivers\smcirda.sys 2009-01-20 23:07 . 2004-08-04 06:26 27,136 --a------ c:\windows\system32\irmon.dll 2009-01-20 23:07 . 2001-08-17 19:21 19,584 --a------ c:\windows\system32\drivers\rasirda.sys 2009-01-20 23:07 . 2004-08-04 06:26 8,192 --a------ c:\windows\system32\wshirda.dll 2009-01-20 23:07 . 2001-08-17 19:16 6,400 --a------ c:\windows\system32\drivers\enum1394.sys 2009-01-20 23:06 . 2004-08-04 00:56 74,240 --a------ c:\windows\system32\usbui.dll 2009-01-20 23:06 . 2004-08-04 00:56 74,240 --a--c--- c:\windows\system32\dllcache\usbui.dll 2009-01-20 23:06 . 2004-08-04 04:37 14,080 --a------ c:\windows\system32\drivers\CmBatt.sys 2009-01-20 23:06 . 2001-08-17 19:27 14,080 --a------ c:\windows\system32\drivers\battc.sys 2009-01-20 23:06 . 2001-08-17 19:28 9,344 --a------ c:\windows\system32\drivers\compbatt.sys 2009-01-20 23:06 . 2004-08-04 04:29 5,504 --a------ c:\windows\system32\drivers\intelide.sys 2009-01-20 23:03 . 2009-01-24 19:42 d--h----- c:\documents and settings\Default User.WINDOWS 2009-01-20 23:03 . 2009-01-20 15:09 dr------- c:\documents and settings\All Users.WINDOWS\Documents 2009-01-20 23:02 . 2009-01-20 15:17 261 --a------ c:\windows\system32\$winnt$.inf 2009-01-20 16:19 . 2009-01-20 16:19 d-------- c:\program files\Kaspersky Lab 2009-01-20 16:15 . 2009-01-20 16:21 d-------- c:\documents and settings\varsha\Application Data\U3 2009-01-20 16:15 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-20 15:20 . 2009-01-25 15:06 d-------- c:\documents and settings\varsha 2009-01-20 15:18 . 2009-01-20 15:18 d--hs---- c:\documents and settings\NetworkService.NT AUTHORITY 2009-01-20 15:18 . 2009-01-20 15:18 d--hs---- c:\documents and settings\LocalService.NT AUTHORITY 2009-01-20 15:18 . 2009-01-20 15:18 8,192 --a------ c:\windows\REGLOCS.OLD 2009-01-20 15:15 . 2004-08-04 06:37 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex 2009-01-20 15:14 . 2004-08-04 06:37 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll 2009-01-20 15:13 . 2004-08-04 06:37 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll 2009-01-20 15:12 . 2009-01-20 15:12 316,640 --a------ c:\windows\WMSysPr9.prx 2009-01-20 15:12 . 2009-01-20 15:12 23,392 --a------ c:\windows\system32\nscompat.tlb 2009-01-20 15:12 . 2009-01-20 15:12 16,832 --a------ c:\windows\system32\amcompat.tlb 2009-01-20 15:12 . 2009-01-20 15:12 2,577 --a------ c:\windows\system32\CONFIG.NT 2009-01-20 15:12 . 2009-01-20 15:12 0 --a------ c:\windows\control.ini 2009-01-20 15:11 . 2009-01-20 15:12 d--hs---- c:\documents and settings\All Users.WINDOWS\DRM 2009-01-20 15:10 . 2004-08-04 06:37 4,399,505 --a--c--- c:\windows\system32\dllcache\nls302en.lex 2009-01-20 15:10 . 2009-01-20 15:10 749 -rah----- c:\windows\WindowsShell.Manifest 2009-01-20 15:10 . 2009-01-20 15:10 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2009-01-20 15:10 . 2009-01-20 15:10 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2009-01-20 15:10 . 2009-01-20 15:10 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2009-01-20 15:10 . 2009-01-20 15:10 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2009-01-20 15:10 . 2009-01-20 15:10 749 -rah----- c:\windows\system32\cdplayer.exe.manifest 2009-01-20 15:10 . 2009-01-20 15:10 488 -rah----- c:\windows\system32\WindowsLogon.manifest 2009-01-20 15:10 . 2009-01-20 15:10 488 -rah----- c:\windows\system32\logonui.exe.manifest 2009-01-20 15:08 . 2009-01-20 15:08 21,640 --a------ c:\windows\system32\emptyregdb.dat 2009-01-20 15:08 . 2009-01-20 15:08 37 --a------ c:\windows\vbaddin.ini 2009-01-20 15:08 . 2009-01-20 15:08 36 --a------ c:\windows\vb.ini 2009-01-20 08:54 . 2009-01-20 08:54 d-------- c:\documents and settings\Administrator 2009-01-20 04:57 . 2009-01-20 04:57 d-------- c:\windows\Provisioning 2009-01-20 04:57 . 2009-01-20 23:01 d-------- c:\windows\PeerNet 2009-01-20 04:57 . 2009-01-20 23:01 d-------- c:\windows\ehome 2009-01-19 21:18 . 2004-08-04 10:26 539,136 --a--c--- c:\windows\system32\dllcache\dialer.exe 2009-01-19 21:18 . 2004-08-04 10:26 281,088 --a--c--- c:\windows\system32\dllcache\pinball.exe 2009-01-19 21:18 . 2004-08-04 10:26 214,528 --a--c--- c:\windows\system32\dllcache\wordpad.exe 2009-01-19 21:18 . 2004-08-07 05:45 42,577 --a--c--- c:\windows\system32\dllcache\bckgzm.exe 2009-01-19 21:18 . 2004-08-07 05:45 42,575 --a--c--- c:\windows\system32\dllcache\chkrzm.exe 2009-01-19 21:18 . 2004-08-07 05:47 42,574 --a--c--- c:\windows\system32\dllcache\rvsezm.exe 2009-01-19 21:18 . 2004-08-07 05:47 42,573 --a--c--- c:\windows\system32\dllcache\shvlzm.exe 2009-01-19 21:18 . 2004-08-07 05:46 42,573 --a--c--- c:\windows\system32\dllcache\hrtzzm.exe 2009-01-19 21:18 . 2004-08-07 05:48 36,937 --a--c--- c:\windows\system32\dllcache\zclientm.exe 2009-01-19 21:07 . 2004-08-07 05:47 36,864 --a--c--- c:\windows\system32\dllcache\sapisvr.exe 2009-01-17 16:44 . 2009-01-17 16:44 d-------- c:\program files\ClamWin 2009-01-17 16:44 . 2009-01-17 16:44 d-------- c:\documents and settings\All Users\.clamwin 2009-01-06 04:03 . 2009-01-06 04:03 3,751,995 --a------ c:\windows\system32\GPhotos.scr . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-01 14:52 --------- d-----w c:\program files\Google 2009-01-31 15:07 --------- d-----w c:\program files\Flickr Uploadr 2009-01-24 12:55 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-24 12:54 --------- d-----w c:\program files\Fujitsu 2009-01-24 12:52 --------- d-----w c:\program files\Apoint2K 2009-01-24 12:33 --------- d-----w c:\program files\usb_spk 2009-01-17 12:11 --------- d-----w c:\program files\Winamp 2009-01-17 12:05 --------- d-----w c:\program files\Common Files\Motive 2008-12-16 13:08 --------- d-----w c:\program files\RegCure 2008-12-13 10:33 --------- d-----w c:\program files\Yahoo! 2008-12-04 16:18 --------- d-----w c:\program files\JoneSoft 2008-12-04 15:58 --------- d-----w c:\program files\Java 2004-08-04 01:07 168,032 --sha-r c:\windows\system32\ccxpvd.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-24_19.51.01.88 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-31 22:17:04 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys + 2002-01-04 22:18:16 974,848 ----a-w c:\windows\system32\mfc70.dll + 2002-01-04 22:06:38 964,608 ----a-w c:\windows\system32\mfc70u.dll + 2003-03-18 15:50:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll + 2003-03-18 15:42:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll + 2002-01-04 22:08:38 54,784 ----a-w c:\windows\system32\msvci70.dll + 2002-01-04 22:10:20 487,424 ----a-w c:\windows\system32\msvcp70.dll + 2003-03-18 14:44:52 499,712 ----a-w c:\windows\system32\msvcp71.dll + 2002-01-04 21:07:28 344,064 ----a-w c:\windows\system32\msvcr70.dll + 2003-02-20 23:12:22 348,160 ----a-w c:\windows\system32\msvcr71.dll + 2008-07-31 22:17:04 588,272 ------w c:\windows\system32\px.dll + 2008-07-31 22:17:04 543,216 ------w c:\windows\system32\pxdrv.dll + 2008-07-31 22:17:04 72,176 ------w c:\windows\system32\pxhpinst.exe + 2008-07-31 22:17:04 186,864 ------w c:\windows\system32\pxmas.dll + 2008-07-31 22:17:04 379,376 ------w c:\windows\system32\pxwave.dll + 2008-07-31 22:17:04 88,560 ------w c:\windows\system32\vxblock.dll + 2005-09-22 20:05:10 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Google Update"="c:\documents and settings\varsha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-29 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-07-16 159744] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440] "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2003-08-21 242688] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2003-11-13 81920] "AGRSMMSG"="AGRSMMSG.exe" [2003-09-24 c:\windows\AGRSMMSG.exe] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9988:TCP"= 9988:TCP:cwjufvvp S2 bhvgn;Installer Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S2 usnzoqzai;Time Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S3 PCIUtil;PCI Utility;\??\c:\docume~1\varsha\LOCALS~1\Temp\PCIUtil.sys --> c:\docume~1\varsha\LOCALS~1\Temp\PCIUtil.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs bhvgn usnzoqzai [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72d79d30-e6df-11dd-9472-8d730ecb6232}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72d79d31-e6df-11dd-9472-8d730ecb6232}] \Shell\AutoRun\command - wscript.exe ProtectFile.vbs \Shell\explore\Command - wscript.exe ProtectFile.vbs \Shell\open\Command - wscript.exe ProtectFile.vbs . Contents of the 'Scheduled Tasks' folder 2009-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-789336058-1343024091-1003.job - c:\documents and settings\varsha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-29 21:50] . . ------- Supplementary Scan ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {C0DC3A08-CA84-48FB-91CB-4B86A9AB1C94} = 218.248.255.162,218.248.255.139 FF - ProfilePath - c:\documents and settings\varsha\Application Data\Mozilla\Firefox\Profiles\kue00hhh.default\ FF - plugin: c:\documents and settings\varsha\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 19:17:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bhvgn] "ServiceDll"="c:\windows\system32\ccxpvd.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnzoqzai] "ServiceDll"="c:\windows\system32\ccxpvd.dll" . Completion time: 2009-02-03 19:18:53 ComboFix-quarantined-files.txt 2009-02-03 13:48:50 ComboFix2.txt 2009-01-24 14:21:49 Pre-Run: 4,686,639,104 bytes free Post-Run: 4,739,096,576 bytes free 210 ------------------- Please do let me know if anything else is needed Regards Hi Guys,
I have facing the same problem like one mentioned above and i have also tried using all the given options like Combofix but still the problem persist. Have tried reinstalling firefox. Nothing is helping me out and its more than 2 weeks now. Am attaching below the log file of combofix.

Dave help me clearing this one out please

___ Combo Log File

ComboFix 09-02-02.04 - varsha 2009-02-03 19:16:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.318 [GMT 5.5:30]
Running from: d:\setups\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-01 20:22 . 2009-02-01 20:22 d——– c:\windows\system32\IOSUBSYS
2009-02-01 20:22 . 2008-08-01 03:47 9,200 ——— c:\windows\system32\drivers\cdralw2k.sys
2009-02-01 20:22 . 2008-08-01 03:47 9,072 ——— c:\windows\system32\drivers\cdr4_xp.sys
2009-01-31 19:22 . 2009-01-31 19:22 d——– c:\documents and settings\varsha\Application Data\Flickr
2009-01-31 13:36 . 2009-01-31 13:36 d——– c:\program files\ffdshow
2009-01-31 13:36 . 2009-01-31 19:20 d——– c:\documents and settings\varsha\Application Data\HTSK
2009-01-29 22:14 . 2009-01-29 22:14 d——– c:\program files\Trend Micro
2009-01-29 22:03 . 2009-01-29 22:03 0 –a—— c:\windows\nsreg.dat
2009-01-26 13:32 . 2009-01-26 14:29 12,368 –a—— c:\windows\system32\x_dtrace_log
2009-01-26 13:21 . 2009-01-28 20:13 d——– c:\program files\Common Files\Softwin
2009-01-25 15:06 . 2009-01-25 15:06 d—s—- c:\documents and settings\varsha\UserData
2009-01-24 19:05 . 2009-01-24 19:05 1,152 –a—— c:\windows\system32\windrv.sys
2009-01-24 18:27 . 2003-08-21 09:32 307,712 –a—— c:\windows\system32\QuickTouch.cpl
2009-01-24 18:23 . 2003-10-27 20:17 190,465 –a—— c:\windows\system32\drivers\o2mmb.sys
2009-01-24 18:23 . 2003-10-30 01:14 34,329 ——— c:\windows\O2_Uninstall.EXE
2009-01-24 18:23 . 2003-10-31 15:25 8,008 –a—— c:\windows\system32\drivers\o2mmb.cat
2009-01-24 18:23 . 2003-08-26 08:46 5,817 –a—— c:\windows\system32\drivers\MbxStby.sys
2009-01-24 18:23 . 2003-10-28 14:34 2,539 –a—— c:\windows\system32\drivers\o2mmb.inf
2009-01-24 18:22 . 2003-08-21 18:25 94,600 –a—— c:\windows\system32\drivers\Apfiltr.sys
2009-01-24 18:22 . 2003-07-04 14:00 87,805 –a—— c:\windows\system32\Vxdif.dll
2009-01-24 18:18 . 2003-10-02 14:17 155,648 –a—— c:\windows\system32\igfxres.dll
2009-01-24 18:02 . 2004-01-06 10:10 256,688 –a—— c:\windows\system32\drivers\stac97.sys
2009-01-24 18:02 . 2003-10-29 08:40 102,481 –a—— c:\windows\system32\stac97.cpl
2009-01-23 18:48 . 2003-11-21 15:20 113,152 –a—— c:\windows\system32\drivers\b57xp32.sys
2009-01-23 18:48 . 2003-11-21 15:20 113,152 –a–c— c:\windows\system32\dllcache\b57xp32.sys
2009-01-23 17:37 . 2006-10-26 19:56 32,592 –a—— c:\windows\system32\msonpmon.dll
2009-01-23 17:17 . 2009-01-23 17:17 d——– c:\program files\Microsoft Works
2009-01-23 17:16 . 2009-01-23 17:16 d——– c:\program files\MSBuild
2009-01-23 16:23 . 2009-01-29 21:47 d——– c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-01-23 16:21 . 2009-01-23 16:21 dr-h—– C:\MSOCache
2009-01-20 23:08 . 2001-08-17 19:29 3,072 –a—— c:\windows\system32\drivers\audstub.sys
2009-01-20 23:07 . 2004-08-04 06:26 152,576 –a—— c:\windows\system32\irftp.exe
2009-01-20 23:07 . 2004-08-04 04:30 87,424 –a—— c:\windows\system32\drivers\irda.sys
2009-01-20 23:07 . 2004-08-04 04:29 57,472 –a—— c:\windows\system32\drivers\redbook.sys
2009-01-20 23:07 . 2001-08-17 17:40 35,913 –a—— c:\windows\system32\drivers\smcirda.sys
2009-01-20 23:07 . 2004-08-04 06:26 27,136 –a—— c:\windows\system32\irmon.dll
2009-01-20 23:07 . 2001-08-17 19:21 19,584 –a—— c:\windows\system32\drivers\rasirda.sys
2009-01-20 23:07 . 2004-08-04 06:26 8,192 –a—— c:\windows\system32\wshirda.dll
2009-01-20 23:07 . 2001-08-17 19:16 6,400 –a—— c:\windows\system32\drivers\enum1394.sys
2009-01-20 23:06 . 2004-08-04 00:56 74,240 –a—— c:\windows\system32\usbui.dll
2009-01-20 23:06 . 2004-08-04 00:56 74,240 –a–c— c:\windows\system32\dllcache\usbui.dll
2009-01-20 23:06 . 2004-08-04 04:37 14,080 –a—— c:\windows\system32\drivers\CmBatt.sys
2009-01-20 23:06 . 2001-08-17 19:27 14,080 –a—— c:\windows\system32\drivers\battc.sys
2009-01-20 23:06 . 2001-08-17 19:28 9,344 –a—— c:\windows\system32\drivers\compbatt.sys
2009-01-20 23:06 . 2004-08-04 04:29 5,504 –a—— c:\windows\system32\drivers\intelide.sys
2009-01-20 23:03 . 2009-01-24 19:42 d–h—– c:\documents and settings\Default User.WINDOWS
2009-01-20 23:03 . 2009-01-20 15:09 dr——- c:\documents and settings\All Users.WINDOWS\Documents
2009-01-20 23:02 . 2009-01-20 15:17 261 –a—— c:\windows\system32\$winnt$.inf
2009-01-20 16:19 . 2009-01-20 16:19 d——– c:\program files\Kaspersky Lab
2009-01-20 16:15 . 2009-01-20 16:21 d——– c:\documents and settings\varsha\Application Data\U3
2009-01-20 16:15 . 2004-08-03 23:08 26,496 –a–c— c:\windows\system32\dllcache\usbstor.sys
2009-01-20 15:20 . 2009-01-25 15:06 d——– c:\documents and settings\varsha
2009-01-20 15:18 . 2009-01-20 15:18 d–hs—- c:\documents and settings\NetworkService.NT AUTHORITY
2009-01-20 15:18 . 2009-01-20 15:18 d–hs—- c:\documents and settings\LocalService.NT AUTHORITY
2009-01-20 15:18 . 2009-01-20 15:18 8,192 –a—— c:\windows\REGLOCS.OLD
2009-01-20 15:15 . 2004-08-04 06:37 1,875,968 –a–c— c:\windows\system32\dllcache\msir3jp.lex
2009-01-20 15:14 . 2004-08-04 06:37 13,463,552 –a–c— c:\windows\system32\dllcache\hwxjpn.dll
2009-01-20 15:13 . 2004-08-04 06:37 2,134,528 –a–c— c:\windows\system32\dllcache\smtpsnap.dll
2009-01-20 15:12 . 2009-01-20 15:12 316,640 –a—— c:\windows\WMSysPr9.prx
2009-01-20 15:12 . 2009-01-20 15:12 23,392 –a—— c:\windows\system32\nscompat.tlb
2009-01-20 15:12 . 2009-01-20 15:12 16,832 –a—— c:\windows\system32\amcompat.tlb
2009-01-20 15:12 . 2009-01-20 15:12 2,577 –a—— c:\windows\system32\CONFIG.NT
2009-01-20 15:12 . 2009-01-20 15:12 0 –a—— c:\windows\control.ini
2009-01-20 15:11 . 2009-01-20 15:12 d–hs—- c:\documents and settings\All Users.WINDOWS\DRM
2009-01-20 15:10 . 2004-08-04 06:37 4,399,505 –a–c— c:\windows\system32\dllcache\nls302en.lex
2009-01-20 15:10 . 2009-01-20 15:10 749 -rah—– c:\windows\WindowsShell.Manifest
2009-01-20 15:10 . 2009-01-20 15:10 749 -rah—– c:\windows\system32\wuaucpl.cpl.manifest
2009-01-20 15:10 . 2009-01-20 15:10 749 -rah—– c:\windows\system32\sapi.cpl.manifest
2009-01-20 15:10 . 2009-01-20 15:10 749 -rah—– c:\windows\system32\nwc.cpl.manifest
2009-01-20 15:10 . 2009-01-20 15:10 749 -rah—– c:\windows\system32\ncpa.cpl.manifest
2009-01-20 15:10 . 2009-01-20 15:10 749 -rah—– c:\windows\system32\cdplayer.exe.manifest
2009-01-20 15:10 . 2009-01-20 15:10 488 -rah—– c:\windows\system32\WindowsLogon.manifest
2009-01-20 15:10 . 2009-01-20 15:10 488 -rah—– c:\windows\system32\logonui.exe.manifest
2009-01-20 15:08 . 2009-01-20 15:08 21,640 –a—— c:\windows\system32\emptyregdb.dat
2009-01-20 15:08 . 2009-01-20 15:08 37 –a—— c:\windows\vbaddin.ini
2009-01-20 15:08 . 2009-01-20 15:08 36 –a—— c:\windows\vb.ini
2009-01-20 08:54 . 2009-01-20 08:54 d——– c:\documents and settings\Administrator
2009-01-20 04:57 . 2009-01-20 04:57 d——– c:\windows\Provisioning
2009-01-20 04:57 . 2009-01-20 23:01 d——– c:\windows\PeerNet
2009-01-20 04:57 . 2009-01-20 23:01 d——– c:\windows\ehome
2009-01-19 21:18 . 2004-08-04 10:26 539,136 –a–c— c:\windows\system32\dllcache\dialer.exe
2009-01-19 21:18 . 2004-08-04 10:26 281,088 –a–c— c:\windows\system32\dllcache\pinball.exe
2009-01-19 21:18 . 2004-08-04 10:26 214,528 –a–c— c:\windows\system32\dllcache\wordpad.exe
2009-01-19 21:18 . 2004-08-07 05:45 42,577 –a–c— c:\windows\system32\dllcache\bckgzm.exe
2009-01-19 21:18 . 2004-08-07 05:45 42,575 –a–c— c:\windows\system32\dllcache\chkrzm.exe
2009-01-19 21:18 . 2004-08-07 05:47 42,574 –a–c— c:\windows\system32\dllcache\rvsezm.exe
2009-01-19 21:18 . 2004-08-07 05:47 42,573 –a–c— c:\windows\system32\dllcache\shvlzm.exe
2009-01-19 21:18 . 2004-08-07 05:46 42,573 –a–c— c:\windows\system32\dllcache\hrtzzm.exe
2009-01-19 21:18 . 2004-08-07 05:48 36,937 –a–c— c:\windows\system32\dllcache\zclientm.exe
2009-01-19 21:07 . 2004-08-07 05:47 36,864 –a–c— c:\windows\system32\dllcache\sapisvr.exe
2009-01-17 16:44 . 2009-01-17 16:44 d——– c:\program files\ClamWin
2009-01-17 16:44 . 2009-01-17 16:44 d——– c:\documents and settings\All Users\.clamwin
2009-01-06 04:03 . 2009-01-06 04:03 3,751,995 –a—— c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 14:52 ——— d—–w c:\program files\Google
2009-01-31 15:07 ——— d—–w c:\program files\Flickr Uploadr
2009-01-24 12:55 ——— d–h–w c:\program files\InstallShield Installation Information
2009-01-24 12:54 ——— d—–w c:\program files\Fujitsu
2009-01-24 12:52 ——— d—–w c:\program files\Apoint2K
2009-01-24 12:33 ——— d—–w c:\program files\usb_spk
2009-01-17 12:11 ——— d—–w c:\program files\Winamp
2009-01-17 12:05 ——— d—–w c:\program files\Common Files\Motive
2008-12-16 13:08 ——— d—–w c:\program files\RegCure
2008-12-13 10:33 ——— d—–w c:\program files\Yahoo!
2008-12-04 16:18 ——— d—–w c:\program files\JoneSoft
2008-12-04 15:58 ——— d—–w c:\program files\Java
2004-08-04 01:07 168,032 –sha-r c:\windows\system32\ccxpvd.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-24_19.51.01.88 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-31 22:17:04 43,872 —-a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2002-01-04 22:18:16 974,848 —-a-w c:\windows\system32\mfc70.dll
+ 2002-01-04 22:06:38 964,608 —-a-w c:\windows\system32\mfc70u.dll
+ 2003-03-18 15:50:00 1,060,864 —-a-w c:\windows\system32\mfc71.dll
+ 2003-03-18 15:42:12 1,047,552 —-a-w c:\windows\system32\mfc71u.dll
+ 2002-01-04 22:08:38 54,784 —-a-w c:\windows\system32\msvci70.dll
+ 2002-01-04 22:10:20 487,424 —-a-w c:\windows\system32\msvcp70.dll
+ 2003-03-18 14:44:52 499,712 —-a-w c:\windows\system32\msvcp71.dll
+ 2002-01-04 21:07:28 344,064 —-a-w c:\windows\system32\msvcr70.dll
+ 2003-02-20 23:12:22 348,160 —-a-w c:\windows\system32\msvcr71.dll
+ 2008-07-31 22:17:04 588,272 ——w c:\windows\system32\px.dll
+ 2008-07-31 22:17:04 543,216 ——w c:\windows\system32\pxdrv.dll
+ 2008-07-31 22:17:04 72,176 ——w c:\windows\system32\pxhpinst.exe
+ 2008-07-31 22:17:04 186,864 ——w c:\windows\system32\pxmas.dll
+ 2008-07-31 22:17:04 379,376 ——w c:\windows\system32\pxwave.dll
+ 2008-07-31 22:17:04 88,560 ——w c:\windows\system32\vxblock.dll
+ 2005-09-22 20:05:10 65,536 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=”c:\windows\system32\ctfmon.exe” [2004-08-04 15360]
“Google Update”=”c:\documents and settings\varsha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” [2009-01-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“GrooveMonitor”=”c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 31016]
“HotKeysCmds”=”c:\windows\system32\hkcmd.exe” [2003-10-02 118784]
“Apoint”=”c:\program files\Apoint2K\Apoint.exe” [2003-07-16 159744]
“LoadBtnHnd”=”c:\program files\Fujitsu\BtnHnd\BtnHnd.exe” [2003-08-21 61440]
“LoadFujitsuQuickTouch”=”c:\program files\Fujitsu\Application Panel\QuickTouch.exe” [2003-08-21 242688]
“IndicatorUtility”=”c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe” [2003-11-13 81920]
“AGRSMMSG”=”AGRSMMSG.exe” [2003-09-24 c:\windows\AGRSMMSG.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“9988:TCP”= 9988:TCP:cwjufvvp

S2 bhvgn;Installer Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 usnzoqzai;Time Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 PCIUtil;PCI Utility;\??\c:\docume~1\varsha\LOCALS~1\Temp\PCIUtil.sys –> c:\docume~1\varsha\LOCALS~1\Temp\PCIUtil.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bhvgn
usnzoqzai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72d79d30-e6df-11dd-9472-8d730ecb6232}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72d79d31-e6df-11dd-9472-8d730ecb6232}]
\Shell\AutoRun\command - wscript.exe ProtectFile.vbs
\Shell\explore\Command - wscript.exe ProtectFile.vbs
\Shell\open\Command - wscript.exe ProtectFile.vbs
.
Contents of the ‘Scheduled Tasks’ folder

2009-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-789336058-1343024091-1003.job
- c:\documents and settings\varsha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-29 21:50]
.
.
——- Supplementary Scan ——-
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C0DC3A08-CA84-48FB-91CB-4B86A9AB1C94} = 218.248.255.162,218.248.255.139
FF - ProfilePath - c:\documents and settings\varsha\Application Data\Mozilla\Firefox\Profiles\kue00hhh.default\
FF - plugin: c:\documents and settings\varsha\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 19:17:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bhvgn]
“ServiceDll”=”c:\windows\system32\ccxpvd.dll”

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnzoqzai]
“ServiceDll”=”c:\windows\system32\ccxpvd.dll”
.
Completion time: 2009-02-03 19:18:53
ComboFix-quarantined-files.txt 2009-02-03 13:48:50
ComboFix2.txt 2009-01-24 14:21:49

Pre-Run: 4,686,639,104 bytes free
Post-Run: 4,739,096,576 bytes free

210
——————-

Please do let me know if anything else is needed

Regards

]]>