uqefacocuwuseh.dll

View previous topic View next topic Go down

uqefacocuwuseh.dll

Post by chubasco on 14th March 2010, 11:12 am

I have an odd entry in my HJT log, uqefacocuwuseh.dll
google has no returns for a search and I've looked at a couple of sites that list dlls etc with no luck
It may be that I am just not recognising something because of the name
but things always seem to turn out messier than you'd expect, so I've posted the log for you to cast an eye over, if you would be so kind
thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:01, on 13/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Documents and Settings\1\Desktop\progs\HotSwap! 4.1.1.0\32bit\HotSwap!.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Jjusu] rundll32.exe "C:\WINDOWS\uqefacocuwuseh.dll",Startup
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [HotSwap! Applet] C:\Documents and Settings\1\Desktop\progs\HotSwap! 4.1.1.0\32bit\HotSwap!.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4951 bytes

chubasco
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-03-01
OS OS : Windows XP Pro
Points Points : 25046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by Belahzur on 14th March 2010, 7:57 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [Jjusu] rundll32.exe "C:\WINDOWS\uqefacocuwuseh.dll",Startup



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by chubasco on 15th March 2010, 4:21 am

I had hoped for indentification, in case it was a usfeul item - any ideas?
removed in safe mode & scanned thereafter:

Malwarebytes' Anti-Malware 1.44
Database version: 3868
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

15/03/2010 03:56:55
mbam-log-2010-03-15 (03-56-55).txt

Scan type: Quick Scan
Objects scanned: 127067
Time elapsed: 18 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

chubasco
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-03-01
OS OS : Windows XP Pro
Points Points : 25046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by Belahzur on 15th March 2010, 9:45 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by chubasco on 15th March 2010, 11:42 pm

OTL logfile created on: 15/03/2010 23:23:57 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 141.05 Gb Free Space | 60.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1397.26 Gb Total Space | 187.73 Gb Free Space | 13.44% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 52.26 Gb Free Space | 3.74% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 3.92 Gb Total Space | 3.91 Gb Free Space | 99.83% Space Free | Partition Type: FAT32
Drive P: | 1397.26 Gb Total Space | 176.52 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive S: | 372.61 Gb Total Space | 60.19 Gb Free Space | 16.15% Space Free | Partition Type: NTFS

Computer Name: A
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/15 22:56:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
PRC - [2009/12/30 17:32:54 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/22 07:29:25 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/22 07:29:25 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 07:29:23 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/22 07:29:22 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/22 07:29:18 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/07/09 08:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/05/02 04:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/08 23:52:40 | 000,098,304 | ---- | M] (KaaKoon) -- C:\Documents and Settings\1\Desktop\progs\HotSwap! 4.1.1.0\32bit\HotSwap!.EXE
PRC - [2005/04/01 17:02:34 | 000,215,040 | ---- | M] () -- C:\Program Files\HDD Thermometer\HDD Thermometer.exe
PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/03/15 22:56:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
MOD - [2008/05/02 04:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/22 07:29:22 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/22 07:29:18 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2006/12/19 15:53:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)


========== Driver Services (SafeList) ==========

DRV - [2009/08/22 07:29:25 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/22 07:29:25 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/13 09:46:34 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/06 04:39:20 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/03/25 05:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/01/17 01:42:18 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/07/09 08:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/06/20 11:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/27 02:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/09/29 02:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/05/04 18:50:20 | 000,114,616 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2006/03/02 19:25:04 | 000,063,555 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/26 02:27:30 | 000,026,730 | R--- | M] (TwinHan Provide) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DtvVideo.sys -- (DtvVideo)
DRV - [2004/02/26 01:42:52 | 000,010,330 | R--- | M] (TwinHan Provide) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DtvAudio.sys -- (DtvAudio)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "file:///C:/Documents%20and%20Settings/1/My%20Documents/mainstream%20switchboard.htm|file:///C:/Documents%20and%20Settings/1/My%20Documents/m%20switchboard.htm"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {FFBC0836-1BCF-4FE5-9B2B-E2E6F53CBDE7}:2.0
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:1.35
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {C90B0826-5A17-4970-A5BF-A43D22452E21}:1.5.20080618
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.6
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.0.5
FF - prefs.js..extensions.enabledItems: {53D677C6-6AB9-4022-A3B9-77D9D139E16E}:1.9.1
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.57
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{53D677C6-6AB9-4022-A3B9-77D9D139E16E}: C:\Documents and Settings\1\Local Settings\Application Data\{53D677C6-6AB9-4022-A3B9-77D9D139E16E} [2010/03/12 16:13:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/23 12:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/02/23 12:22:30 | 000,000,000 | ---D | M]

[2008/06/19 11:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Extensions
[2010/03/13 22:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions
[2009/12/10 08:28:08 | 000,000,000 | ---D | M] (URL Link) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}
[2010/03/08 12:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2009/12/10 08:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/03/08 12:16:00 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/07/07 03:10:19 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/12/16 04:42:27 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/10/08 11:11:01 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2009/07/16 17:45:06 | 000,000,000 | ---D | M] (Copy All Urls) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{960BE052-4847-422b-9AD6-8631D3D0A607}
[2008/06/19 11:15:14 | 000,000,000 | ---D | M] (Direct Link) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{a4ffd900-48b6-11db-b0de-0800200c9a66}
[2009/08/12 19:56:30 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/03/08 12:15:52 | 000,000,000 | ---D | M] (Interclue) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2008/06/27 14:10:50 | 000,000,000 | ---D | M] (Plain Text to Link) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21}
[2009/04/16 21:27:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/06/04 19:40:34 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/03/08 12:15:09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/06/19 11:15:14 | 000,000,000 | ---D | M] (ShrinkThisLink.com Link Shrinker) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{e268df5c-a28d-487a-8fdb-dac40e667ed9}
[2010/03/08 12:15:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/06/01 22:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{FFBC0836-1BCF-4FE5-9B2B-E2E6F53CBDE7}
[2009/10/21 11:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\anticontainer@downthemall.net
[2010/03/08 12:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\artur.dubovoy@gmail.com
[2008/08/28 00:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\dlembed@aeruder.net
[2010/03/08 12:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\flashcatch-amo@flashcatch.com
[2008/06/19 11:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\linky@gemal.dk
[2008/09/12 23:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\rsfind@example.com
[2008/09/26 11:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\snaplinks@snaplinks.net
[2009/10/30 11:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\stealer@physacco.com
[2009/10/26 16:43:27 | 000,002,120 | ---- | M] () -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\searchplugins\bmrk-file-host-search.xml
[2010/03/13 16:27:26 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\searchplugins\torrent-finder.xml
[2009/02/23 12:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/12 21:27:45 | 000,380,712 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13117 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll ([You must be registered and logged in to see this link.]
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ([You must be registered and logged in to see this link.]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [HotSwap! Applet] C:\Documents and Settings\1\Desktop\progs\HotSwap! 4.1.1.0\32bit\HotSwap!.EXE (KaaKoon)
O4 - HKCU..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe ()
O4 - Startup: C:\Documents and Settings\1\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} [You must be registered and logged in to see this link.] (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/01 16:50:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 22:56:05 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
[2010/03/14 21:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/13 04:48:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/12 16:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\{53D677C6-6AB9-4022-A3B9-77D9D139E16E}
[2010/03/03 05:50:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/07 14:52:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/03 17:41:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\1\Application Data\pcouffin.sys
[2008/06/01 18:27:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/01 18:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/01 18:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/15 22:56:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
[2010/03/15 06:51:52 | 057,145,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/15 04:04:42 | 000,352,917 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/15 04:03:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 04:02:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 03:58:38 | 017,039,360 | ---- | M] () -- C:\Documents and Settings\1\ntuser.dat
[2010/03/15 03:58:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\1\ntuser.ini
[2010/03/15 02:17:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Txavikovu.dat
[2010/03/15 02:17:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vlorigo.bin
[2010/03/15 02:16:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/13 12:08:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/12 21:59:18 | 000,161,280 | ---- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 21:28:37 | 324,657,184 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/03/12 21:28:37 | 003,844,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/03/12 21:27:45 | 000,380,712 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/12 17:20:24 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/03/11 12:53:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/07 12:16:17 | 000,380,329 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100312-212745.backup
[2010/03/03 05:55:58 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/03 05:53:54 | 000,505,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/03 05:53:54 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/03 05:53:54 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/27 02:15:38 | 000,066,167 | ---- | M] () -- C:\Documents and Settings\1\My Documents\mainstream switchboard.htm
[2010/02/25 01:33:46 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/23 06:36:42 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010/02/23 06:19:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\housecall.guid.cache
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/12 16:13:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Txavikovu.dat
[2010/03/12 16:13:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vlorigo.bin
[2010/02/23 06:36:42 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/02/23 06:19:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\housecall.guid.cache
[2010/02/07 09:51:21 | 000,013,294 | -HS- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\bU5Sv
[2009/05/24 16:48:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/05/12 16:55:37 | 015,000,000 | ---- | C] () -- C:\Documents and Settings\1\Application Data\WSS.exe
[2009/03/12 03:11:26 | 000,000,168 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2009/03/12 03:11:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2009/03/12 03:11:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2009/03/12 03:11:15 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/23 13:43:42 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2009/01/17 01:32:46 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/11/29 06:22:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/10 15:19:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/11/10 15:19:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/09/27 21:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2008/09/10 08:29:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/09/03 17:41:49 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\1\Application Data\pcouffin.log
[2008/09/03 17:41:46 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\1\Application Data\inst.exe
[2008/09/03 17:41:46 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\1\Application Data\pcouffin.cat
[2008/09/03 17:41:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\1\Application Data\pcouffin.inf
[2008/08/25 16:21:59 | 000,000,545 | ---- | C] () -- C:\Documents and Settings\1\Application Data\AutoGK.ini
[2008/07/12 08:45:26 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2008/06/22 16:28:50 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2008/06/22 16:25:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\ngmap.ini
[2008/06/04 23:27:42 | 000,002,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/04 01:30:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/04 01:09:18 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\1\Application Data\coreavc.ini
[2008/06/02 04:44:40 | 000,161,280 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/02 02:07:34 | 000,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/06/01 17:03:29 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2008/06/01 17:02:55 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/12/29 05:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/29 05:13:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/29 15:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/25 13:24:28 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 11:51:48 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/04/21 18:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 04:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

chubasco
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-03-01
OS OS : Windows XP Pro
Points Points : 25046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by chubasco on 15th March 2010, 11:43 pm

OTL Extras logfile created on: 15/03/2010 23:23:57 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 141.05 Gb Free Space | 60.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1397.26 Gb Total Space | 187.73 Gb Free Space | 13.44% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 52.26 Gb Free Space | 3.74% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 3.92 Gb Total Space | 3.91 Gb Free Space | 99.83% Space Free | Partition Type: FAT32
Drive P: | 1397.26 Gb Total Space | 176.52 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive S: | 372.61 Gb Total Space | 60.19 Gb Free Space | 16.15% Space Free | Partition Type: NTFS

Computer Name: A
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57764:TCP" = 57764:TCP:*:Enabled:Pando P2P TCP Listening Port
"57764:UDP" = 57764:UDP:*:Enabled:Pando P2P UDP Listening Port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14298AFE-9001-9CFB-595E-38BB3DCB25D3}" = ccc-utility
"{1BA6EE26-3358-B634-FD05-D07C964EE944}" = Skins
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4F55E486-4EDE-A879-B6CC-0B07DD475540}" = Catalyst Control Center Graphics Light
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746E4937-CC0E-C8A2-CEF3-41774D227847}" = Catalyst Control Center Graphics Full Existing
"{80A1F948-2D8E-7C25-87AA-6D8294334A5D}" = Catalyst Control Center Core Implementation
"{8A50284B-6426-2FDF-48BD-0895482344E8}" = CCC Help English
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AEB8F226-C238-4636-A289-E540B725B5BB}_is1" = AnyReader
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B93F0E87-FBDB-097E-5DCA-FF99110F26E0}" = Catalyst Control Center Graphics Previews Common
"{C04ED833-89A3-BC13-BAE3-96FDD56933F9}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19DBE5E-712E-4F02-8380-ECEDD951B374}" = VisionDTV
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC31D08-9789-2554-2670-C33BC49F0DD3}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FE2881D8-236B-6B25-2C5A-74CFB00F2756}" = ccc-core-preinstall
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"AutoGK" = Auto Gordian Knot 2.45
"AVG8Uninstall" = AVG Free 8.5
"AVI2Clipboard_is1" = AVI2Clipboard 2.18
"AVS Disc Creator_is1" = AVS Disc Creator version 3.2
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.0.0.5
"AVS VideotoGO_is1" = AVS Video to GO
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter_is1" = AVS Video Converter 5.6
"AVSCDDVDBDDataBurner_is1" = AVS CD\DVD\BD Data Burner version 2.1
"CheckCRC" = CRC32 Calculator - CheckCRC
"CodecInstaller" = CodecInstaller 2.9.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ESET Online Scanner" = ESET Online Scanner v3
"FairUse Wizard_is1" = FairUse Wizard 2.6
"Final Codecs" = Final Codecs 2008 New Year Edition
"FlashGet" = FlashGet 1.8.8.1010
"GOM Player" = GOM Player
"HDCleaner" = HDCleaner
"HDD Thermometer" = HDD Thermometer
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatroskaProp" = MatroskaProp (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 3.1.0
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"NetMeter_is1" = NetMeter 1.1.3
"Neuview Pro_is1" = Neuview Standard and Professional 6.08
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime 3.0" = QuickTime 3.0
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SpywareGuard_is1" = SpywareGuard v2.2
"Ultra Video Joiner_is1" = Ultra Video Joiner 4.8.0108
"Uninstall National Geographic Maps" = National Geographic Maps (Any files created by the program will be left on your system.)
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VideoLAN VLC media player 0.8.6c
"VSO Inspector_is1" = VSO Inspector 1.4.2
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/02/2009 21:04:49 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 8.3.6.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03/02/2009 08:35:40 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 8.3.6.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 06/02/2009 10:04:42 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application flashget.exe, version 1.8.8.1010, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 07/02/2009 09:39:26 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 8.3.6.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 09/02/2009 20:40:07 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 1.0.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/02/2009 05:30:15 | Computer Name = A | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module liblibmpeg2_plugin.dll,
version 0.0.0.0, fault address 0x000165d1.

Error - 15/02/2009 23:46:52 | Computer Name = A | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 1.0.11.0, faulting module
mpegsplitter.ax, version 1.0.0.4, fault address 0x000197eb.

Error - 15/02/2009 23:46:55 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 1.0.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 17/02/2009 01:04:55 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.4503, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/02/2009 20:26:43 | Computer Name = A | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x64575162.

[ System Events ]
Error - 15/03/2010 17:13:27 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 17:13:47 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 17:14:08 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 17:14:29 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 17:14:40 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 17:15:01 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 17:15:12 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 17:15:33 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 17:15:54 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.

Error - 15/03/2010 18:35:02 | Computer Name = A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk9\D.


< End of report >

chubasco
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-03-01
OS OS : Windows XP Pro
Points Points : 25046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by Belahzur on 16th March 2010, 1:14 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by chubasco on 16th March 2010, 1:54 am

ComboFix 10-03-15.04 - 1 16/03/2010 1:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2105 [GMT 0:00]
Running from: P:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\1\Application Data\Desktopicon
c:\documents and settings\1\Application Data\Desktopicon\config.ini
c:\documents and settings\1\Application Data\inst.exe
c:\documents and settings\1\Local Settings\Application Data\{53D677C6-6AB9-4022-A3B9-77D9D139E16E}
c:\documents and settings\1\Local Settings\Application Data\{53D677C6-6AB9-4022-A3B9-77D9D139E16E}\chrome.manifest
c:\documents and settings\1\Local Settings\Application Data\{53D677C6-6AB9-4022-A3B9-77D9D139E16E}\chrome\content\_cfg.js
c:\documents and settings\1\Local Settings\Application Data\{53D677C6-6AB9-4022-A3B9-77D9D139E16E}\chrome\content\overlay.xul
c:\documents and settings\1\Local Settings\Application Data\{53D677C6-6AB9-4022-A3B9-77D9D139E16E}\install.rdf
c:\documents and settings\1\Local Settings\Temporary Internet Files\245xb.jpg
c:\documents and settings\1\Local Settings\Temporary Internet Files\85akYn.jpg
c:\documents and settings\1\Local Settings\Temporary Internet Files\n0mKamXOx.jpg
c:\documents and settings\1\Local Settings\Temporary Internet Files\yN4XOl215.jpg
c:\windows\run.log
c:\windows\system32\Vbshell.tlb

.
((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-14 21:53 . 2010-03-14 21:53 -------- d-----w- c:\program files\ESET
2010-03-12 16:13 . 2010-03-15 02:17 120 ----a-w- c:\windows\Txavikovu.dat
2010-03-12 16:13 . 2010-03-15 02:17 0 ----a-w- c:\windows\Vlorigo.bin
2010-02-23 06:36 . 2010-02-23 06:36 10752 ----a-w- c:\windows\DCEBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 01:43 . 2009-04-21 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HDD Thermometer
2010-03-16 01:42 . 2008-08-05 20:08 22808795 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-03-15 10:45 . 2008-06-20 05:05 -------- d-----w- c:\documents and settings\1\Application Data\dvdcss
2010-03-15 04:08 . 2008-09-04 22:50 -------- d-----w- c:\program files\jdbeta0272
2010-03-13 12:08 . 2008-06-04 23:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-12 21:28 . 2008-09-12 17:56 3844280 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-12 21:28 . 2008-09-12 17:56 324657184 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-26 07:18 . 2008-06-04 01:13 -------- d-----w- c:\program files\FlashGet
2010-02-23 10:27 . 2008-06-02 01:53 -------- d-----w- c:\program files\SpywareGuard
2010-02-19 03:56 . 2008-07-30 20:56 -------- d-----w- c:\program files\FairUse Wizard 2
2010-02-12 15:41 . 2010-02-07 13:17 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-07 18:01 . 2010-02-07 18:01 -------- d-----w- c:\documents and settings\1\Application Data\Windows Search
2010-02-03 10:36 . 2008-06-02 01:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-30 05:00 . 2009-01-12 01:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-25 23:16 . 2009-09-01 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 23:15 . 2009-09-14 11:27 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-25 06:43 . 2010-01-25 06:43 -------- d-----w- c:\program files\MKVtoolnix
2010-01-24 11:54 . 2010-03-08 12:15 1912832 ----a-w- c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch192.dll
2010-01-24 11:54 . 2010-03-08 12:15 1916928 ----a-w- c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch191.dll
2010-01-24 11:54 . 2010-03-08 12:15 1912832 ----a-w- c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch.dll
2010-01-07 16:07 . 2009-09-01 21:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-09-01 21:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2010-01-05 10:00 78336 ------w- c:\windows\system32\ieencode.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2008-06-01 16:45 343040 ----a-w- c:\windows\system32\mspaint.exe
2002-09-11 14:26 . 2008-06-01 17:03 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RSD_HDDThermo"="c:\program files\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 215040]
"HotSwap! Applet"="c:\documents and settings\1\Desktop\progs\HotSwap! 4.1.1.0\32bit\HotSwap!.EXE" [2008-02-08 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-30 2043160]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

c:\documents and settings\1\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 07:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57764:TCP"= 57764:TCP:Pando P2P TCP Listening Port
"57764:UDP"= 57764:UDP:Pando P2P UDP Listening Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/06/2008 18:27 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/06/2008 18:27 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/07/2008 21:22 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/01/2009 13:16 297752]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [12/03/2009 03:11 63555]
S3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [05/10/2008 18:11 10330]
S3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [05/10/2008 18:11 26730]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [12/03/2009 03:11 114616]
.
Contents of the 'Scheduled Tasks' folder

2010-03-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nppl3260.dll
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nprjplug.dll
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-16 01:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(904)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SpywareGuard\dlprotect.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\MatroskaProp\MatroskaProp.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-16 01:50:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 01:50

Pre-Run: 151,247,495,168 bytes free
Post-Run: 152,231,579,648 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4DB3A4637E461C4AF1CECCFA8C6A3158

chubasco
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-03-01
OS OS : Windows XP Pro
Points Points : 25046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by Belahzur on 16th March 2010, 5:07 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\Txavikovu.dat
    c:\windows\Vlorigo.bin
    c:\windows\Internet Logs\tvDebug.zip


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by chubasco on 16th March 2010, 7:16 pm

========== FILES ==========
c:\windows\Txavikovu.dat moved successfully.
c:\windows\Vlorigo.bin moved successfully.
c:\windows\Internet Logs\tvDebug.zip moved successfully.

OTM by OldTimer - Version 3.1.10.0 log created on 03162010_191408

chubasco
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-03-01
OS OS : Windows XP Pro
Points Points : 25046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by Belahzur on 17th March 2010, 1:07 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by chubasco on 17th March 2010, 1:39 am

doesn't seem any different in terms of performance (at the moment) - struggles some of the time (I demand too much, really)
avg found a hiloti virus in mbam yesterday when I tried runnning mbam to check a single file - seemed likes a false positive as it would not repeat and nothing else confirmed it (dumped that version of mbam anyway, got another). couple of other odd reports of minor issues;
tried Eset online - that seemed to think half the files were malware - full AVG scan showed only tracking cookies.

still mystified what the original uqefacocuwuseh.dll was - likewise two of the other files moved by OTM (didn't find anything on google or in malware libraries) - found tvDebug.zip - very conflicting info (as usual) but it seems ok?
Rather bemused by a number of the stuff in the logs, not so much by the bad references, but that there was mention of quite a bit of antimalware stuff that I've never used!

Overall, I don't appear to have a huge list of baddies - so do I get a clean bill of health?

regards

chubasco
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-03-01
OS OS : Windows XP Pro
Points Points : 25046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by Belahzur on 17th March 2010, 9:38 pm

Hello.
The first thing we fixed in Hijack This looks lkike vundo adware to me, but then OTL showed me another infection hiding called Goored, so Combofix binned that, and them 2 files OTM moved are related to Goored. tvDebug.zip is the debug log for Zonealarm, but it's a huge file, so deleting it will save you some HDD space.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by chubasco on 18th March 2010, 4:24 pm

thanks for the info - wish i understood a bit more...
how come all these weren't seen before - is ESET that much better (i'm sure I remember it wasn't so popular in the past) at scanning - or are we now looking at just false positives? (don't think i mind loosing the ones listed as the tools folder is "spare" utils & really just backup)

haven't closed window yet - should I now uninstal app + delete quarantined files?
also have on c:\ a few scraps - _OTM, Combo-Fix54C & Combo-Fix
thanks
regards



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=11da136b65241b40a1afe7cc87d56411
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-14 10:23:55
# local_time=2010-03-14 10:23:55 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 47516883 47516883 0 0
# compatibility_mode=1024 16777175 100 0 56258924 56258924 0 0
# compatibility_mode=8192 67108863 100 0 3763 3763 0 0
# compatibility_mode=9217 16777214 75 67 47361603 53014291 0 0
# scanned=18119
# found=6
# cleaned=6
# scan_time=1652
C:\Documents and Settings\1\Application Data\Sun\Java\Deployment\cache\6.0\11\5c0b7e0b-5b0f1ecf multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\1\Application Data\Sun\Java\Deployment\cache\6.0\15\368dd54f-5340626d OSX/Exploit.Smid.B trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\1\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-72f241e7 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\1\Application Data\Sun\Java\Deployment\cache\6.0\44\69f477ec-6bb31e7b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\1\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-57c7f8b4 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\1\Desktop\Downloads\mainstream\Assorted\Games\Sims\The.Sims.2_with.all.expansions\Kit glamour\Les.Sims.2.Glamour.Kit.iso probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=11da136b65241b40a1afe7cc87d56411
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-18 01:23:31
# local_time=2010-03-18 01:23:31 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 47821097 47821097 0 0
# compatibility_mode=1024 16777175 100 0 56563138 56563138 0 0
# compatibility_mode=8192 67108863 100 0 307977 307977 0 0
# compatibility_mode=9217 16777214 75 67 47665817 53318505 0 0
# scanned=160601
# found=6
# cleaned=6
# scan_time=10627
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\tools\RSD_0.5821\RSD 0.582\ccf2rsdf.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\tools\RSD_0.5821\RSD 0.582\RSD.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\tools\utilities\HCSetup.exe probably a variant of Win32/Genetik trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\tools\utilities\unlocker1.8.6.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\tools\utilities\unlocker1.8.7.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

chubasco
Novice
Novice

Posts Posts : 20
Joined Joined : 2010-03-01
OS OS : Windows XP Pro
Points Points : 25046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: uqefacocuwuseh.dll

Post by Belahzur on 18th March 2010, 11:10 pm

Hello.

This should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum