kanehobday
2010-08-05, 15:01
So i dont know how i got this trojan as i never go on dodgy sites you know?
Basically its installed all these fake anti virus programs such as "Antimalware Doctor" and says i have to buy them to get rid of the "viruses". Task manager is disabled and my PC comes to a crawl. Also i cant run my normal anti virus (spybot) unless in safe mode. So i ran spybot in safe mode and it said its removed the trojan. But when i boot back into normal mode the trojan is back!
Please help me!
Thanks.
Sorry this isnt a bump i forgot to add the DDS files.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Kane at 18:26:33.50 on 05/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1370 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Kane\Application Data\8F27219CF09509F2E4475D5C7D7DF6DB\newreleaseversion70700.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Kane\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - g:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\kane\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Whuzulejacoy] rundll32.exe "c:\windows\dbcxypl.dll",Startup
uRun: [newreleaseversion70700.exe] c:\documents and settings\kane\application data\8f27219cf09509f2e4475d5c7d7df6db\newreleaseversion70700.exe
uRun: [BSK91O3T6D] c:\docume~1\kane\locals~1\temp\Ahx.exe
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "g:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sta] rundll32 "dvzkp.dll",,Run
mRun: [Rqekesiqas] rundll32.exe "c:\windows\aqehapuhid.dll",Startup
mExplorerRun: [jgyo0w] c:\docume~1\kane\locals~1\temp\19aqp.exe
IE: E&xport to Microsoft Excel - g:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\kane\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\program files\microsoft office\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {FBE4AEAF-548D-4D89-A3AA-44DF6CBBA573} = 90.207.238.97,90.207.238.99
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - g:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kane\applic~1\mozilla\firefox\profiles\cjr7fw7v.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: network.proxy.http - 65.254.51.178
FF - prefs.js: network.proxy.http_port - 8888
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\kane\application data\mozilla\firefox\profiles\cjr7fw7v.default\extensions\{10853dc2-7a27-4e4f-a444-1518b76ab2ec}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\kane\application data\mozilla\firefox\profiles\cjr7fw7v.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\kane\application data\mozilla\firefox\profiles\cjr7fw7v.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\kane\application data\mozilla\firefox\profiles\cjr7fw7v.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\kane\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\kane\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {63BC6D7A-A057-4357-BF8D-F65B9E2D233A} - c:\documents and settings\kane\local settings\application data\{63BC6D7A-A057-4357-BF8D-F65B9E2D233A}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 MpKslf6f5c4c4;MpKslf6f5c4c4;c:\windows\system32\mpenginestore\MpKslf6f5c4c4.sys [2010-8-5 28752]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-9-14 33792]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 DsAudioDevice_310;DsAudioDevice_310;c:\windows\system32\drivers\DsAudioDevice_310.sys [2009-2-23 16640]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-08-05 18:39:39 102400 --sha-r- c:\windows\system32\WISPTIS6.dll
2010-08-05 18:38:27 0 ----a-w- c:\windows\Lgafas.bin
2010-08-05 18:38:26 120 ----a-w- c:\windows\Ggutac.dat
2010-08-05 18:38:15 176640 ----a-w- c:\windows\Azyrea.exe
2010-08-05 18:37:24 5 ----a-w- C:\zrpt.xml
2010-08-05 18:36:32 783360 ----a-w- c:\windows\system32\drivers\knyfvm.sys
2010-08-05 18:35:29 0 d-----w- c:\docume~1\kane\applic~1\8F27219CF09509F2E4475D5C7D7DF6DB
2010-08-05 17:25:21 0 d-----w- C:\05-08-2010
2010-08-05 17:11:31 293376 ------w- c:\windows\system32\browserchoice.exe
2010-08-05 16:26:13 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-05 14:16:10 172 ----a-w- c:\windows\system32\MRT.INI
2010-07-16 04:18:18 246784 ----a-w- c:\windows\system32\zvzkp.dll
2010-07-16 04:18:04 294912 ----a-w- c:\windows\system32\dvzkp.dll
==================== Find3M ====================
2009-11-21 22:35:00 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-11-21 22:35:00 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-11-21 22:35:00 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 18:28:06.82 ===============
Basically its installed all these fake anti virus programs such as "Antimalware Doctor" and says i have to buy them to get rid of the "viruses". Task manager is disabled and my PC comes to a crawl. Also i cant run my normal anti virus (spybot) unless in safe mode. So i ran spybot in safe mode and it said its removed the trojan. But when i boot back into normal mode the trojan is back!
Please help me!
Thanks.
Sorry this isnt a bump i forgot to add the DDS files.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Kane at 18:26:33.50 on 05/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1370 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Kane\Application Data\8F27219CF09509F2E4475D5C7D7DF6DB\newreleaseversion70700.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Kane\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - g:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\kane\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Whuzulejacoy] rundll32.exe "c:\windows\dbcxypl.dll",Startup
uRun: [newreleaseversion70700.exe] c:\documents and settings\kane\application data\8f27219cf09509f2e4475d5c7d7df6db\newreleaseversion70700.exe
uRun: [BSK91O3T6D] c:\docume~1\kane\locals~1\temp\Ahx.exe
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "g:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sta] rundll32 "dvzkp.dll",,Run
mRun: [Rqekesiqas] rundll32.exe "c:\windows\aqehapuhid.dll",Startup
mExplorerRun: [jgyo0w] c:\docume~1\kane\locals~1\temp\19aqp.exe
IE: E&xport to Microsoft Excel - g:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\kane\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\program files\microsoft office\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {FBE4AEAF-548D-4D89-A3AA-44DF6CBBA573} = 90.207.238.97,90.207.238.99
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - g:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kane\applic~1\mozilla\firefox\profiles\cjr7fw7v.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: network.proxy.http - 65.254.51.178
FF - prefs.js: network.proxy.http_port - 8888
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\kane\application data\mozilla\firefox\profiles\cjr7fw7v.default\extensions\{10853dc2-7a27-4e4f-a444-1518b76ab2ec}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\kane\application data\mozilla\firefox\profiles\cjr7fw7v.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\kane\application data\mozilla\firefox\profiles\cjr7fw7v.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\kane\application data\mozilla\firefox\profiles\cjr7fw7v.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\kane\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\kane\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {63BC6D7A-A057-4357-BF8D-F65B9E2D233A} - c:\documents and settings\kane\local settings\application data\{63BC6D7A-A057-4357-BF8D-F65B9E2D233A}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 MpKslf6f5c4c4;MpKslf6f5c4c4;c:\windows\system32\mpenginestore\MpKslf6f5c4c4.sys [2010-8-5 28752]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-9-14 33792]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 DsAudioDevice_310;DsAudioDevice_310;c:\windows\system32\drivers\DsAudioDevice_310.sys [2009-2-23 16640]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-08-05 18:39:39 102400 --sha-r- c:\windows\system32\WISPTIS6.dll
2010-08-05 18:38:27 0 ----a-w- c:\windows\Lgafas.bin
2010-08-05 18:38:26 120 ----a-w- c:\windows\Ggutac.dat
2010-08-05 18:38:15 176640 ----a-w- c:\windows\Azyrea.exe
2010-08-05 18:37:24 5 ----a-w- C:\zrpt.xml
2010-08-05 18:36:32 783360 ----a-w- c:\windows\system32\drivers\knyfvm.sys
2010-08-05 18:35:29 0 d-----w- c:\docume~1\kane\applic~1\8F27219CF09509F2E4475D5C7D7DF6DB
2010-08-05 17:25:21 0 d-----w- C:\05-08-2010
2010-08-05 17:11:31 293376 ------w- c:\windows\system32\browserchoice.exe
2010-08-05 16:26:13 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-05 14:16:10 172 ----a-w- c:\windows\system32\MRT.INI
2010-07-16 04:18:18 246784 ----a-w- c:\windows\system32\zvzkp.dll
2010-07-16 04:18:04 294912 ----a-w- c:\windows\system32\dvzkp.dll
==================== Find3M ====================
2009-11-21 22:35:00 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-11-21 22:35:00 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-11-21 22:35:00 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 18:28:06.82 ===============