xXsokiXx
2010-06-12, 21:05
After i used combofix to get rid of protection center.
,what do i do next
I got this ,then what do i do?
ComboFix 10-06-11.01 - Jason 06/12/2010 14:30:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.239.117 [GMT -4:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Jason\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\Jason\Cookies\debun.vbs
c:\documents and settings\Jason\Cookies\ebuh.bin
c:\documents and settings\Jason\Cookies\exugafyh.scr
c:\documents and settings\Jason\Cookies\guji.vbs
c:\documents and settings\Jason\Cookies\kasyw._sy
c:\documents and settings\Jason\Cookies\koxis.sys
c:\documents and settings\Jason\Cookies\lacik.reg
c:\documents and settings\Jason\Cookies\lesy.vbs
c:\documents and settings\Jason\Cookies\mojybiva.com
c:\documents and settings\Jason\Cookies\mykuqozij.inf
c:\documents and settings\Jason\Cookies\myvafym.lib
c:\documents and settings\Jason\Cookies\noke.scr
c:\documents and settings\Jason\Cookies\novebaraqi.ban
c:\documents and settings\Jason\Cookies\omupehuc.pif
c:\documents and settings\Jason\Cookies\onygasugop.scr
c:\documents and settings\Jason\Cookies\pagiradano.pif
c:\documents and settings\Jason\Cookies\qineritof.bin
c:\documents and settings\Jason\Cookies\qykew.dl
c:\documents and settings\Jason\Cookies\reqyla.inf
c:\documents and settings\Jason\Cookies\suxigotyf.dl
c:\documents and settings\Jason\Cookies\ycikov.dat
c:\documents and settings\Jason\Cookies\ytym._sy
c:\documents and settings\Jason\Cookies\yzusikyvo.scr
c:\documents and settings\Jason\Cookies\zuxagypowe.sys
c:\documents and settings\Jason\Favorites\Download programs.url
c:\documents and settings\Jason\Favorites\Games.url
c:\documents and settings\Jason\Favorites\Translator.url
c:\documents and settings\Jason\Favorites\Videos.url
c:\program files\Protection Center
c:\program files\Protection Center\about.ico
c:\program files\Protection Center\activate.ico
c:\program files\Protection Center\buy.ico
c:\program files\Protection Center\cnt.db
c:\program files\Protection Center\cntext.dll
c:\program files\Protection Center\cnthook.dll
c:\program files\Protection Center\cntprot.exe
c:\program files\Protection Center\help.ico
c:\program files\Protection Center\scan.ico
c:\program files\Protection Center\settings.ico
c:\program files\Protection Center\splash.mp3
c:\program files\Protection Center\Uninstall.exe
c:\program files\Protection Center\update.ico
c:\program files\Protection Center\virus.mp3
c:\windows\docyril._sy
c:\windows\irelyvy.dll
c:\windows\okisenyci.exe
c:\windows\ozufyvuhu._sy
c:\windows\picezo.scr
c:\windows\PRAGMAeectftpetu
c:\windows\PRAGMAeectftpetu\PRAGMAc.dll
c:\windows\PRAGMAeectftpetu\PRAGMAcfg.ini
c:\windows\PRAGMAeectftpetu\PRAGMAd.sys
c:\windows\PRAGMAeectftpetu\PRAGMAsrcr.dat
c:\windows\PRAGMAqjixtbvoxu
c:\windows\PRAGMAqjixtbvoxu\pragmabbr.dll
c:\windows\PRAGMAqjixtbvoxu\PRAGMAc.dll
c:\windows\PRAGMAqjixtbvoxu\PRAGMAcfg.ini
c:\windows\PRAGMAqjixtbvoxu\PRAGMAd.sys
c:\windows\PRAGMAqjixtbvoxu\pragmaserf.dll
c:\windows\PRAGMAqjixtbvoxu\PRAGMAsrcr.dat
c:\windows\system32\dbcb.sys
c:\windows\system32\drivers\fmtc.sys
c:\windows\system32\drivers\iukdt.sys
c:\windows\system32\fbcdaeeccd.dll
c:\windows\udorohu._sy
c:\windows\vijetib.scr
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_PRAGMAeectftpetu
-------\Legacy_PRAGMAeectftpetu
-------\Service_PRAGMAqjixtbvoxu
-------\Legacy_PRAGMAqjixtbvoxu
-------\Legacy_dbcb
-------\Legacy_kmlxn
-------\Legacy_qwpqjis
-------\Service_dbcb
-------\Service_kmlxn
-------\Service_qwpqjis
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.
2010-06-12 17:58 . 2010-06-12 18:00 -------- d-----w- C:\rei
2010-06-12 17:56 . 2010-06-12 17:56 -------- d-----w- c:\program files\Reimage
2010-06-12 00:56 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-12 00:39 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-12 00:31 . 2010-06-12 01:21 -------- d-----w- c:\program files\Spyware Doctor
2010-06-12 00:31 . 2010-06-12 01:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-02 12:12 . 2010-06-02 12:12 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-06-02 12:12 . 2010-06-02 12:12 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2010-05-28 00:03 . 2010-05-28 00:03 161744 ----a-w- c:\windows\system32\ba9ee95ed062fe9bdeff47ba457c6981.exe
2010-05-28 00:03 . 2010-05-28 00:03 161808 ----a-w- c:\windows\system32\f7d89562892a937192e29b88ecb297b2.exe
2010-05-27 23:42 . 2010-05-27 23:42 -------- d-----w- c:\program files\Auslogics
2010-05-27 16:59 . 2010-05-27 16:59 161744 ----a-w- c:\windows\system32\224cb41273f9fbed87a096cb34a8c507.exe
2010-05-27 16:59 . 2010-05-27 16:59 161808 ----a-w- c:\windows\system32\044d413637f191863b2d54229eabf7e4.exe
2010-05-26 21:54 . 2010-05-26 21:54 161744 ----a-w- c:\windows\system32\91c5cebafc4615d129a8810f07636ed7.exe
2010-05-26 21:54 . 2010-05-26 21:54 161808 ----a-w- c:\windows\system32\73440e83b5c197bf1414e2d961a1e0b7.exe
2010-05-26 19:55 . 2010-05-26 19:55 161744 ----a-w- c:\windows\system32\65a4a91b93dfd581fcbde0742c211404.exe
2010-05-26 19:55 . 2010-05-26 19:55 161808 ----a-w- c:\windows\system32\83f9c56319a0123266cf1e8bb770a253.exe
2010-05-25 14:01 . 2010-05-25 14:01 1731088 ----a-w- c:\documents and settings\Jason\Application Data\Multi File Downloader\update.exe
2010-05-24 19:50 . 2010-05-24 19:50 161744 ----a-w- c:\windows\system32\59c27325f3af48b859801d92778edad8.exe
2010-05-24 19:50 . 2010-05-24 19:50 161808 ----a-w- c:\windows\system32\2cae5725120ce5359b790e480514cc32.exe
2010-05-24 18:30 . 2010-05-24 18:30 161808 ----a-w- c:\windows\system32\94ce571d29322ca77bfecb3a9dddc2bc.exe
2010-05-22 19:03 . 2010-05-22 19:03 161744 ----a-w- c:\windows\system32\7f6219e1404524e4d4fdbac283c56ddd.exe
2010-05-22 19:03 . 2010-05-22 19:03 161808 ----a-w- c:\windows\system32\bb49037c07751dbe5fbba839627e32a8.exe
2010-05-22 17:41 . 2010-05-22 17:41 161744 ----a-w- c:\windows\system32\f0c53e3156ccd57466ae21a013f7450c.exe
2010-05-22 17:41 . 2010-05-22 17:41 161808 ----a-w- c:\windows\system32\a7a50fc670f9d466821e109591567dbf.exe
2010-05-22 15:16 . 2010-05-22 15:16 161744 ----a-w- c:\windows\system32\a08654611b7affd05648cbff83b63bf0.exe
2010-05-22 15:16 . 2010-05-22 15:16 161808 ----a-w- c:\windows\system32\42358f3e3501bf5b416af2c20ce4dce5.exe
2010-05-21 22:54 . 2010-05-21 22:54 161744 ----a-w- c:\windows\system32\4a69220563d302f21b2a04e0c5384370.exe
2010-05-21 22:54 . 2010-05-21 22:54 161808 ----a-w- c:\windows\system32\c9712a0e6e753b9ef25063d99db6efcc.exe
2010-05-21 19:02 . 2010-05-21 19:02 161744 ----a-w- c:\windows\system32\a22602852c45b5bb851a567628d91c33.exe
2010-05-21 19:02 . 2010-05-21 19:02 161808 ----a-w- c:\windows\system32\ff1f3098adf28e0fed41c54e6007b908.exe
2010-05-18 19:56 . 2010-05-18 19:56 161744 ----a-w- c:\windows\system32\77679c2cde4f3520bbe23d516331e29b.exe
2010-05-18 19:56 . 2010-05-18 19:56 161808 ----a-w- c:\windows\system32\46096b6bd069353fff83f2d14180bb4e.exe
2010-05-18 12:56 . 2010-05-18 12:56 161744 ----a-w- c:\windows\system32\99929a899d8326ddb073b659db0f3f22.exe
2010-05-18 12:56 . 2010-05-18 12:56 161808 ----a-w- c:\windows\system32\8cff5481658a5790cd4b57a92191055c.exe
2010-05-17 20:15 . 2010-05-17 20:15 161744 ----a-w- c:\windows\system32\24579cff7d45f7965c67b9e6d4141785.exe
2010-05-17 20:15 . 2010-05-17 20:15 161808 ----a-w- c:\windows\system32\f0d7bc9d852123cb4f0694c0d9dafe10.exe
2010-05-15 21:38 . 2010-05-15 21:38 161744 ----a-w- c:\windows\system32\4c649fe9c84a2c4be3b1dae5cd8682ad.exe
2010-05-15 21:38 . 2010-05-15 21:38 161808 ----a-w- c:\windows\system32\0ce2d127b6ee79b3a32de2247d6c15ce.exe
2010-05-15 21:22 . 2010-05-15 21:22 81 ----a-w- c:\documents and settings\Jason\fixdrives.reg
2010-05-15 20:47 . 2010-05-15 20:47 161744 ----a-w- c:\windows\system32\6701a0f4ac384a89bd6926d21f56864d.exe
2010-05-15 20:47 . 2010-05-15 20:47 161808 ----a-w- c:\windows\system32\61e185e7a65caf4df28a16146e04e513.exe
2010-05-15 20:25 . 2010-05-15 20:25 -------- d-----w- c:\documents and settings\Jason\Application Data\SUPERAntiSpyware.com
2010-05-15 20:25 . 2010-05-15 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-15 20:24 . 2010-05-28 21:38 -------- d-----w- c:\documents and settings\Jason\Application Data\Auslogics
2010-05-15 20:18 . 2010-05-15 20:18 161744 ----a-w- c:\windows\system32\4599b3ad0db482a1558fbf353d9a81c2.exe
2010-05-15 20:18 . 2010-05-15 20:18 161808 ----a-w- c:\windows\system32\77695fa7e46d36b60203534decc3e809.exe
2010-05-13 20:00 . 2010-05-13 20:00 161744 ----a-w- c:\windows\system32\e8b988edd4357233e8954d0e0132b9d8.exe
2010-05-13 20:00 . 2010-05-13 20:00 161808 ----a-w- c:\windows\system32\26fbeebaf1165d6fa538c9ee25ae6c48.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 01:19 . 2009-08-29 22:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-11 22:10 . 2009-09-15 22:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 20:55 . 2008-06-10 21:09 2068 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-25 19:33 . 2009-11-25 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2010-05-25 14:01 . 2009-11-25 22:49 -------- d-----w- c:\documents and settings\Jason\Application Data\Multi File Downloader
2010-05-11 20:07 . 2010-05-11 20:07 161744 ----a-w- c:\windows\system32\89d43c31933ff381685749752de5dba9.exe
2010-05-11 20:07 . 2010-05-11 20:07 161808 ----a-w- c:\windows\system32\e1fcb3247d761b413371c0806aa2cfc2.exe
2010-05-11 17:48 . 2010-05-11 17:48 161744 ----a-w- c:\windows\system32\181fd7b39f960336c8cfee66b56295ae.exe
2010-05-11 17:48 . 2010-05-11 17:48 161808 ----a-w- c:\windows\system32\e4f5bf3521b775d6d8ed82aa1e246806.exe
2010-05-11 14:13 . 2010-05-11 14:13 161744 ----a-w- c:\windows\system32\1fbd02ba2b429c3ee2d10f74ebbf37b1.exe
2010-05-11 14:13 . 2010-05-11 14:13 161808 ----a-w- c:\windows\system32\308e2f56770138c154f6089c450c3fa8.exe
2010-05-10 19:53 . 2010-05-10 19:53 161744 ----a-w- c:\windows\system32\17f51efbd9c8e4187b27142a3ca29b27.exe
2010-05-10 19:52 . 2010-05-10 19:52 161808 ----a-w- c:\windows\system32\f6ad2b28456dd999db4ee3dad902ecf2.exe
2010-05-09 18:35 . 2010-05-09 18:35 161744 ----a-w- c:\windows\system32\a13d16f1bd304e004263c5ed6fd087bc.exe
2010-05-09 18:34 . 2010-05-09 18:34 161808 ----a-w- c:\windows\system32\a52cec9643ff7b303dc6c0b703950481.exe
2010-05-08 19:11 . 2010-05-08 19:11 161744 ----a-w- c:\windows\system32\79644af189c844d97d12f257a5b91305.exe
2010-05-08 19:10 . 2010-05-08 19:10 161808 ----a-w- c:\windows\system32\76fb1ea260406359ee90369ea09b741c.exe
2010-05-07 23:00 . 2010-05-07 23:00 161744 ----a-w- c:\windows\system32\2a3da35ba76bc743665cd337288fa113.exe
2010-05-07 23:00 . 2010-05-07 23:00 161808 ----a-w- c:\windows\system32\5c01700f7d880a99662fb3f3c59de0a8.exe
2010-05-07 13:59 . 2010-05-07 13:59 161744 ----a-w- c:\windows\system32\de6e4923cdfc39ff841ea548863d973e.exe
2010-05-07 13:59 . 2010-05-07 13:59 161808 ----a-w- c:\windows\system32\6d23ac31eff04b19cc36d164ed957bfa.exe
2010-05-07 13:13 . 2010-05-07 13:13 161744 ----a-w- c:\windows\system32\fbff6b1ab4120690239f743b6a71e9a0.exe
2010-05-07 13:12 . 2010-05-07 13:12 161808 ----a-w- c:\windows\system32\2259cd3dcb108667fa95344ad238c167.exe
2010-05-07 00:29 . 2010-05-07 00:27 -------- d-----w- c:\program files\tuxguitar-1.0-jet
2010-05-05 22:08 . 2010-05-05 22:08 161744 ----a-w- c:\windows\system32\a96512d1d6ba32f9c78cbf30ebdb6fe3.exe
2010-05-05 22:08 . 2010-05-05 22:08 161808 ----a-w- c:\windows\system32\7a02ef492016ddd1381690ba811c8acf.exe
2010-05-05 16:32 . 2010-05-05 16:32 161744 ----a-w- c:\windows\system32\52b7574349705d8e99264b6995de2e85.exe
2010-05-05 16:32 . 2010-05-05 16:32 161808 ----a-w- c:\windows\system32\f02f19232e0c1ddfb283dbd3f75064e1.exe
2010-05-05 14:06 . 2010-05-05 14:06 161744 ----a-w- c:\windows\system32\556a79f3142cf630e45b83b2560b4c14.exe
2010-05-05 14:06 . 2010-05-05 14:06 161808 ----a-w- c:\windows\system32\852db6d25686e6c3735193746c9b6de6.exe
2010-05-04 12:47 . 2010-05-04 12:47 161744 ----a-w- c:\windows\system32\8adf67ad05a3af0b28ab66255ff0af40.exe
2010-05-04 12:47 . 2010-05-04 12:47 161808 ----a-w- c:\windows\system32\cd5c68fda19b9b5e6327417f60fe1bb2.exe
2010-05-03 23:43 . 2010-05-03 23:43 161744 ----a-w- c:\windows\system32\3c76e3a1bb7dcc4b6b36a3a6274b2748.exe
2010-05-03 23:43 . 2010-05-03 23:43 161808 ----a-w- c:\windows\system32\f9e1c900a6cb1f94954ddcf1e4cd8825.exe
2010-05-03 21:39 . 2010-05-03 21:39 161744 ----a-w- c:\windows\system32\53db57ee249ef100bbbe4f9843d526d7.exe
2010-05-03 21:39 . 2010-05-03 21:39 161808 ----a-w- c:\windows\system32\6d1c123fa2e3a3a5652a88639dd7f3e0.exe
2010-05-01 19:02 . 2010-05-01 19:02 161744 ----a-w- c:\windows\system32\1010ec09fbd8dd146496f846043f11bb.exe
2010-05-01 19:02 . 2010-05-01 19:02 161808 ----a-w- c:\windows\system32\72ba4690e30c926c09adf4ad33612c54.exe
2010-04-29 19:39 . 2009-09-15 22:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-09-15 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-27 22:02 . 2010-04-27 22:02 161744 ----a-w- c:\windows\system32\339be584c15e90d0f495c0a601d3fd28.exe
2010-04-27 22:02 . 2010-04-27 22:02 161808 ----a-w- c:\windows\system32\4002b51c0348cc0b0e7e77f334adc18c.exe
2010-04-24 15:24 . 2010-04-24 15:24 165392 ----a-w- c:\windows\system32\299dd74ecdf0e66a07512ab20619bcfb.exe
2010-04-22 20:02 . 2010-04-22 20:02 165392 ----a-w- c:\windows\system32\83eaf11a75976827437b12fde5c3d646.exe
2010-04-16 16:09 . 2004-08-04 20:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2000-01-01 20:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-10 17:47 . 2010-04-10 17:47 165392 ----a-w- c:\windows\system32\69a520af64bd7f6d90b1c614d5b984de.exe
2010-04-08 23:39 . 2010-04-08 23:39 165392 ----a-w- c:\windows\system32\e257d0d454439e29d3d2937d81ea6612.exe
2010-04-05 19:39 . 2010-04-05 19:39 165392 ----a-w- c:\windows\system32\0d845626ac553827d0b4204502a70201.exe
2010-04-04 20:42 . 2010-04-04 20:42 165392 ----a-w- c:\windows\system32\000e07ab90bf0b243d98af6f44bcf7f8.exe
2010-03-27 19:39 . 2010-03-27 19:39 165392 -c--a-w- c:\windows\system32\c57482b9b43b965ad387c2d3e82c07f1.exe
2010-03-26 14:33 . 2010-05-05 00:29 1496064 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-05-05 00:29 43008 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-05-05 00:29 339456 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-05-05 00:29 346112 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-23 21:49 . 2009-11-20 17:18 79488 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-22 15:42 . 2010-03-22 15:42 165392 -c--a-w- c:\windows\system32\3f33fa228f84456ebe5297be2cec1ca8.exe
2010-03-19 23:31 . 2010-03-19 23:31 165392 -c--a-w- c:\windows\system32\40e6c0b0cca4d2930dfa5945e59c2681.exe
2010-03-18 23:08 . 2010-03-18 23:08 165392 -c--a-w- c:\windows\system32\97fedc905237c6872778c5def0a4f468.exe
2010-03-14 20:18 . 2010-03-14 20:18 165392 -c--a-w- c:\windows\system32\4971d1af70638fd518daa43ff2d73dbe.exe
2009-09-15 19:18 . 2009-09-15 19:18 15581 ----a-w- c:\program files\Common Files\joqude.dl
2009-09-15 19:18 . 2009-09-15 19:18 14500 ----a-w- c:\program files\Common Files\nonyrivuno.ban
2009-09-15 19:18 . 2009-09-15 19:18 13725 ----a-w- c:\program files\Common Files\wuzes._dl
2009-09-14 23:44 . 2009-09-14 23:44 16459 ----a-w- c:\program files\Common Files\gyqiretose.exe
2009-09-14 23:44 . 2009-09-14 23:44 15282 ----a-w- c:\program files\Common Files\wybahyju._dl
2009-09-14 23:44 . 2009-09-14 23:44 10542 ----a-w- c:\program files\Common Files\otuq.scr
2009-09-12 00:05 . 2009-09-12 00:05 11429 ----a-w- c:\program files\Common Files\majumibipe.sys
2009-09-12 00:05 . 2009-09-12 00:05 19191 ----a-w- c:\program files\Common Files\sikif.sys
2009-09-12 00:05 . 2009-09-12 00:05 12071 ----a-w- c:\program files\Common Files\ijihipoji.sys
2009-09-10 19:46 . 2009-09-10 19:46 19499 ----a-w- c:\program files\Common Files\bahe.vbs
2009-09-10 19:46 . 2009-09-10 19:46 14105 ----a-w- c:\program files\Common Files\ymuz.bat
2009-09-10 19:46 . 2009-09-10 19:46 19921 ----a-w- c:\program files\Common Files\ceroz.db
2009-09-07 23:23 . 2009-09-07 23:23 19269 ----a-w- c:\program files\Common Files\iqehajim.scr
2009-09-07 23:23 . 2009-09-07 23:23 18134 ----a-w- c:\program files\Common Files\qezymekygy.bin
2009-09-07 23:23 . 2009-09-07 23:23 16487 ----a-w- c:\program files\Common Files\gynobakewe.ban
2009-09-03 20:03 . 2009-09-03 20:03 14748 ----a-w- c:\program files\Common Files\ajunaz.ban
2009-09-03 20:03 . 2009-09-03 20:03 16933 ----a-w- c:\program files\Common Files\omar.pif
2009-09-03 20:03 . 2009-09-03 20:03 11040 ----a-w- c:\program files\Common Files\uqybev.vbs
2009-09-02 20:26 . 2009-09-02 20:26 15565 ----a-w- c:\program files\Common Files\mapohuge.vbs
2009-09-02 20:26 . 2009-09-02 20:26 17381 ----a-w- c:\program files\Common Files\gopu.lib
2009-09-02 20:26 . 2009-09-02 20:26 12928 ----a-w- c:\program files\Common Files\ihyxazeci.dll
2009-09-02 20:26 . 2009-09-02 20:26 12304 ----a-w- c:\program files\Common Files\ymydaliho.exe
2009-08-29 22:24 . 2009-08-29 22:24 13506 ----a-w- c:\program files\Common Files\quke.lib
2009-08-29 22:24 . 2009-08-29 22:24 11700 ----a-w- c:\program files\Common Files\xadohywa.inf
2009-08-29 22:24 . 2009-08-29 22:24 17998 ----a-w- c:\program files\Common Files\zahyjaryc.bat
2009-08-29 21:31 . 2009-08-29 21:31 14930 ----a-w- c:\program files\Common Files\azewe.inf
2009-08-29 21:31 . 2009-08-29 21:31 10036 ----a-w- c:\program files\Common Files\ijolux.pif
2009-08-29 21:31 . 2009-08-29 21:31 12975 ----a-w- c:\program files\Common Files\ukijuqocis.vbs
2009-08-29 21:31 . 2009-08-29 21:31 12441 ----a-w- c:\program files\Common Files\tyjetuz.pif
2009-12-24 18:42 . 2009-12-09 23:56 119312 ----a-w- c:\program files\mozilla firefox\components\aadedaabaeddcba.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-03-22 2349080]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-03-22 15:36 2349080 ----a-w- c:\program files\ToggleEN\tbTog0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-03-22 2349080]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-03-22 2349080]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auslogics BoostSpeed"="c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2010-02-10 480368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2000-01-01 136600]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-05-08 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares vista]
2008-07-04 23:58 3196416 ----a-w- c:\program files\Ares Vista\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"iPod Service"=3 (0x3)
"ccdbabbbd"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Ares Vista\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Jason\\Desktop\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23431:TCP"= 23431:TCP:BitComet 23431 TCP
"23431:UDP"= 23431:UDP:BitComet 23431 UDP
S0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys --> c:\windows\system32\Drivers\avgrkx86.sys [?]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S4 0766e8e413cd4e5775b03d1dfb542d23;0766e8e413cd4e5775b03d1dfb542d23;c:\windows\system32\0766e8e413cd4e5775b03d1dfb542d23.sys [12/9/2009 7:55 PM 39936]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 ccdbabbbd;6e767934a788d94cfb3f24a938a8ffac;c:\windows\ccdbabbbd.exe /s --> c:\windows\ccdbabbbd.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/18/2009 4:58 PM 24652]
.
Contents of the 'Scheduled Tasks' folder
2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]
2010-06-12 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-06-07 07:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\aadedaabaeddcba.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Protection Center - c:\program files\Protection Center\cntprot.exe
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-Multi File Downloader - c:\program files\Multi File Downloader\MultiFileDownloader.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 14:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(788)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\wt\updater\wcmdmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-12 14:54:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-12 18:54
Pre-Run: 22,219,382,784 bytes free
Post-Run: 22,237,691,904 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E03652D912F0CED0FA6C6A321475216A
,what do i do next
I got this ,then what do i do?
ComboFix 10-06-11.01 - Jason 06/12/2010 14:30:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.239.117 [GMT -4:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Jason\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\Jason\Cookies\debun.vbs
c:\documents and settings\Jason\Cookies\ebuh.bin
c:\documents and settings\Jason\Cookies\exugafyh.scr
c:\documents and settings\Jason\Cookies\guji.vbs
c:\documents and settings\Jason\Cookies\kasyw._sy
c:\documents and settings\Jason\Cookies\koxis.sys
c:\documents and settings\Jason\Cookies\lacik.reg
c:\documents and settings\Jason\Cookies\lesy.vbs
c:\documents and settings\Jason\Cookies\mojybiva.com
c:\documents and settings\Jason\Cookies\mykuqozij.inf
c:\documents and settings\Jason\Cookies\myvafym.lib
c:\documents and settings\Jason\Cookies\noke.scr
c:\documents and settings\Jason\Cookies\novebaraqi.ban
c:\documents and settings\Jason\Cookies\omupehuc.pif
c:\documents and settings\Jason\Cookies\onygasugop.scr
c:\documents and settings\Jason\Cookies\pagiradano.pif
c:\documents and settings\Jason\Cookies\qineritof.bin
c:\documents and settings\Jason\Cookies\qykew.dl
c:\documents and settings\Jason\Cookies\reqyla.inf
c:\documents and settings\Jason\Cookies\suxigotyf.dl
c:\documents and settings\Jason\Cookies\ycikov.dat
c:\documents and settings\Jason\Cookies\ytym._sy
c:\documents and settings\Jason\Cookies\yzusikyvo.scr
c:\documents and settings\Jason\Cookies\zuxagypowe.sys
c:\documents and settings\Jason\Favorites\Download programs.url
c:\documents and settings\Jason\Favorites\Games.url
c:\documents and settings\Jason\Favorites\Translator.url
c:\documents and settings\Jason\Favorites\Videos.url
c:\program files\Protection Center
c:\program files\Protection Center\about.ico
c:\program files\Protection Center\activate.ico
c:\program files\Protection Center\buy.ico
c:\program files\Protection Center\cnt.db
c:\program files\Protection Center\cntext.dll
c:\program files\Protection Center\cnthook.dll
c:\program files\Protection Center\cntprot.exe
c:\program files\Protection Center\help.ico
c:\program files\Protection Center\scan.ico
c:\program files\Protection Center\settings.ico
c:\program files\Protection Center\splash.mp3
c:\program files\Protection Center\Uninstall.exe
c:\program files\Protection Center\update.ico
c:\program files\Protection Center\virus.mp3
c:\windows\docyril._sy
c:\windows\irelyvy.dll
c:\windows\okisenyci.exe
c:\windows\ozufyvuhu._sy
c:\windows\picezo.scr
c:\windows\PRAGMAeectftpetu
c:\windows\PRAGMAeectftpetu\PRAGMAc.dll
c:\windows\PRAGMAeectftpetu\PRAGMAcfg.ini
c:\windows\PRAGMAeectftpetu\PRAGMAd.sys
c:\windows\PRAGMAeectftpetu\PRAGMAsrcr.dat
c:\windows\PRAGMAqjixtbvoxu
c:\windows\PRAGMAqjixtbvoxu\pragmabbr.dll
c:\windows\PRAGMAqjixtbvoxu\PRAGMAc.dll
c:\windows\PRAGMAqjixtbvoxu\PRAGMAcfg.ini
c:\windows\PRAGMAqjixtbvoxu\PRAGMAd.sys
c:\windows\PRAGMAqjixtbvoxu\pragmaserf.dll
c:\windows\PRAGMAqjixtbvoxu\PRAGMAsrcr.dat
c:\windows\system32\dbcb.sys
c:\windows\system32\drivers\fmtc.sys
c:\windows\system32\drivers\iukdt.sys
c:\windows\system32\fbcdaeeccd.dll
c:\windows\udorohu._sy
c:\windows\vijetib.scr
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_PRAGMAeectftpetu
-------\Legacy_PRAGMAeectftpetu
-------\Service_PRAGMAqjixtbvoxu
-------\Legacy_PRAGMAqjixtbvoxu
-------\Legacy_dbcb
-------\Legacy_kmlxn
-------\Legacy_qwpqjis
-------\Service_dbcb
-------\Service_kmlxn
-------\Service_qwpqjis
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.
2010-06-12 17:58 . 2010-06-12 18:00 -------- d-----w- C:\rei
2010-06-12 17:56 . 2010-06-12 17:56 -------- d-----w- c:\program files\Reimage
2010-06-12 00:56 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-12 00:39 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-12 00:31 . 2010-06-12 01:21 -------- d-----w- c:\program files\Spyware Doctor
2010-06-12 00:31 . 2010-06-12 01:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-02 12:12 . 2010-06-02 12:12 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-06-02 12:12 . 2010-06-02 12:12 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2010-05-28 00:03 . 2010-05-28 00:03 161744 ----a-w- c:\windows\system32\ba9ee95ed062fe9bdeff47ba457c6981.exe
2010-05-28 00:03 . 2010-05-28 00:03 161808 ----a-w- c:\windows\system32\f7d89562892a937192e29b88ecb297b2.exe
2010-05-27 23:42 . 2010-05-27 23:42 -------- d-----w- c:\program files\Auslogics
2010-05-27 16:59 . 2010-05-27 16:59 161744 ----a-w- c:\windows\system32\224cb41273f9fbed87a096cb34a8c507.exe
2010-05-27 16:59 . 2010-05-27 16:59 161808 ----a-w- c:\windows\system32\044d413637f191863b2d54229eabf7e4.exe
2010-05-26 21:54 . 2010-05-26 21:54 161744 ----a-w- c:\windows\system32\91c5cebafc4615d129a8810f07636ed7.exe
2010-05-26 21:54 . 2010-05-26 21:54 161808 ----a-w- c:\windows\system32\73440e83b5c197bf1414e2d961a1e0b7.exe
2010-05-26 19:55 . 2010-05-26 19:55 161744 ----a-w- c:\windows\system32\65a4a91b93dfd581fcbde0742c211404.exe
2010-05-26 19:55 . 2010-05-26 19:55 161808 ----a-w- c:\windows\system32\83f9c56319a0123266cf1e8bb770a253.exe
2010-05-25 14:01 . 2010-05-25 14:01 1731088 ----a-w- c:\documents and settings\Jason\Application Data\Multi File Downloader\update.exe
2010-05-24 19:50 . 2010-05-24 19:50 161744 ----a-w- c:\windows\system32\59c27325f3af48b859801d92778edad8.exe
2010-05-24 19:50 . 2010-05-24 19:50 161808 ----a-w- c:\windows\system32\2cae5725120ce5359b790e480514cc32.exe
2010-05-24 18:30 . 2010-05-24 18:30 161808 ----a-w- c:\windows\system32\94ce571d29322ca77bfecb3a9dddc2bc.exe
2010-05-22 19:03 . 2010-05-22 19:03 161744 ----a-w- c:\windows\system32\7f6219e1404524e4d4fdbac283c56ddd.exe
2010-05-22 19:03 . 2010-05-22 19:03 161808 ----a-w- c:\windows\system32\bb49037c07751dbe5fbba839627e32a8.exe
2010-05-22 17:41 . 2010-05-22 17:41 161744 ----a-w- c:\windows\system32\f0c53e3156ccd57466ae21a013f7450c.exe
2010-05-22 17:41 . 2010-05-22 17:41 161808 ----a-w- c:\windows\system32\a7a50fc670f9d466821e109591567dbf.exe
2010-05-22 15:16 . 2010-05-22 15:16 161744 ----a-w- c:\windows\system32\a08654611b7affd05648cbff83b63bf0.exe
2010-05-22 15:16 . 2010-05-22 15:16 161808 ----a-w- c:\windows\system32\42358f3e3501bf5b416af2c20ce4dce5.exe
2010-05-21 22:54 . 2010-05-21 22:54 161744 ----a-w- c:\windows\system32\4a69220563d302f21b2a04e0c5384370.exe
2010-05-21 22:54 . 2010-05-21 22:54 161808 ----a-w- c:\windows\system32\c9712a0e6e753b9ef25063d99db6efcc.exe
2010-05-21 19:02 . 2010-05-21 19:02 161744 ----a-w- c:\windows\system32\a22602852c45b5bb851a567628d91c33.exe
2010-05-21 19:02 . 2010-05-21 19:02 161808 ----a-w- c:\windows\system32\ff1f3098adf28e0fed41c54e6007b908.exe
2010-05-18 19:56 . 2010-05-18 19:56 161744 ----a-w- c:\windows\system32\77679c2cde4f3520bbe23d516331e29b.exe
2010-05-18 19:56 . 2010-05-18 19:56 161808 ----a-w- c:\windows\system32\46096b6bd069353fff83f2d14180bb4e.exe
2010-05-18 12:56 . 2010-05-18 12:56 161744 ----a-w- c:\windows\system32\99929a899d8326ddb073b659db0f3f22.exe
2010-05-18 12:56 . 2010-05-18 12:56 161808 ----a-w- c:\windows\system32\8cff5481658a5790cd4b57a92191055c.exe
2010-05-17 20:15 . 2010-05-17 20:15 161744 ----a-w- c:\windows\system32\24579cff7d45f7965c67b9e6d4141785.exe
2010-05-17 20:15 . 2010-05-17 20:15 161808 ----a-w- c:\windows\system32\f0d7bc9d852123cb4f0694c0d9dafe10.exe
2010-05-15 21:38 . 2010-05-15 21:38 161744 ----a-w- c:\windows\system32\4c649fe9c84a2c4be3b1dae5cd8682ad.exe
2010-05-15 21:38 . 2010-05-15 21:38 161808 ----a-w- c:\windows\system32\0ce2d127b6ee79b3a32de2247d6c15ce.exe
2010-05-15 21:22 . 2010-05-15 21:22 81 ----a-w- c:\documents and settings\Jason\fixdrives.reg
2010-05-15 20:47 . 2010-05-15 20:47 161744 ----a-w- c:\windows\system32\6701a0f4ac384a89bd6926d21f56864d.exe
2010-05-15 20:47 . 2010-05-15 20:47 161808 ----a-w- c:\windows\system32\61e185e7a65caf4df28a16146e04e513.exe
2010-05-15 20:25 . 2010-05-15 20:25 -------- d-----w- c:\documents and settings\Jason\Application Data\SUPERAntiSpyware.com
2010-05-15 20:25 . 2010-05-15 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-15 20:24 . 2010-05-28 21:38 -------- d-----w- c:\documents and settings\Jason\Application Data\Auslogics
2010-05-15 20:18 . 2010-05-15 20:18 161744 ----a-w- c:\windows\system32\4599b3ad0db482a1558fbf353d9a81c2.exe
2010-05-15 20:18 . 2010-05-15 20:18 161808 ----a-w- c:\windows\system32\77695fa7e46d36b60203534decc3e809.exe
2010-05-13 20:00 . 2010-05-13 20:00 161744 ----a-w- c:\windows\system32\e8b988edd4357233e8954d0e0132b9d8.exe
2010-05-13 20:00 . 2010-05-13 20:00 161808 ----a-w- c:\windows\system32\26fbeebaf1165d6fa538c9ee25ae6c48.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 01:19 . 2009-08-29 22:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-11 22:10 . 2009-09-15 22:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 20:55 . 2008-06-10 21:09 2068 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-25 19:33 . 2009-11-25 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2010-05-25 14:01 . 2009-11-25 22:49 -------- d-----w- c:\documents and settings\Jason\Application Data\Multi File Downloader
2010-05-11 20:07 . 2010-05-11 20:07 161744 ----a-w- c:\windows\system32\89d43c31933ff381685749752de5dba9.exe
2010-05-11 20:07 . 2010-05-11 20:07 161808 ----a-w- c:\windows\system32\e1fcb3247d761b413371c0806aa2cfc2.exe
2010-05-11 17:48 . 2010-05-11 17:48 161744 ----a-w- c:\windows\system32\181fd7b39f960336c8cfee66b56295ae.exe
2010-05-11 17:48 . 2010-05-11 17:48 161808 ----a-w- c:\windows\system32\e4f5bf3521b775d6d8ed82aa1e246806.exe
2010-05-11 14:13 . 2010-05-11 14:13 161744 ----a-w- c:\windows\system32\1fbd02ba2b429c3ee2d10f74ebbf37b1.exe
2010-05-11 14:13 . 2010-05-11 14:13 161808 ----a-w- c:\windows\system32\308e2f56770138c154f6089c450c3fa8.exe
2010-05-10 19:53 . 2010-05-10 19:53 161744 ----a-w- c:\windows\system32\17f51efbd9c8e4187b27142a3ca29b27.exe
2010-05-10 19:52 . 2010-05-10 19:52 161808 ----a-w- c:\windows\system32\f6ad2b28456dd999db4ee3dad902ecf2.exe
2010-05-09 18:35 . 2010-05-09 18:35 161744 ----a-w- c:\windows\system32\a13d16f1bd304e004263c5ed6fd087bc.exe
2010-05-09 18:34 . 2010-05-09 18:34 161808 ----a-w- c:\windows\system32\a52cec9643ff7b303dc6c0b703950481.exe
2010-05-08 19:11 . 2010-05-08 19:11 161744 ----a-w- c:\windows\system32\79644af189c844d97d12f257a5b91305.exe
2010-05-08 19:10 . 2010-05-08 19:10 161808 ----a-w- c:\windows\system32\76fb1ea260406359ee90369ea09b741c.exe
2010-05-07 23:00 . 2010-05-07 23:00 161744 ----a-w- c:\windows\system32\2a3da35ba76bc743665cd337288fa113.exe
2010-05-07 23:00 . 2010-05-07 23:00 161808 ----a-w- c:\windows\system32\5c01700f7d880a99662fb3f3c59de0a8.exe
2010-05-07 13:59 . 2010-05-07 13:59 161744 ----a-w- c:\windows\system32\de6e4923cdfc39ff841ea548863d973e.exe
2010-05-07 13:59 . 2010-05-07 13:59 161808 ----a-w- c:\windows\system32\6d23ac31eff04b19cc36d164ed957bfa.exe
2010-05-07 13:13 . 2010-05-07 13:13 161744 ----a-w- c:\windows\system32\fbff6b1ab4120690239f743b6a71e9a0.exe
2010-05-07 13:12 . 2010-05-07 13:12 161808 ----a-w- c:\windows\system32\2259cd3dcb108667fa95344ad238c167.exe
2010-05-07 00:29 . 2010-05-07 00:27 -------- d-----w- c:\program files\tuxguitar-1.0-jet
2010-05-05 22:08 . 2010-05-05 22:08 161744 ----a-w- c:\windows\system32\a96512d1d6ba32f9c78cbf30ebdb6fe3.exe
2010-05-05 22:08 . 2010-05-05 22:08 161808 ----a-w- c:\windows\system32\7a02ef492016ddd1381690ba811c8acf.exe
2010-05-05 16:32 . 2010-05-05 16:32 161744 ----a-w- c:\windows\system32\52b7574349705d8e99264b6995de2e85.exe
2010-05-05 16:32 . 2010-05-05 16:32 161808 ----a-w- c:\windows\system32\f02f19232e0c1ddfb283dbd3f75064e1.exe
2010-05-05 14:06 . 2010-05-05 14:06 161744 ----a-w- c:\windows\system32\556a79f3142cf630e45b83b2560b4c14.exe
2010-05-05 14:06 . 2010-05-05 14:06 161808 ----a-w- c:\windows\system32\852db6d25686e6c3735193746c9b6de6.exe
2010-05-04 12:47 . 2010-05-04 12:47 161744 ----a-w- c:\windows\system32\8adf67ad05a3af0b28ab66255ff0af40.exe
2010-05-04 12:47 . 2010-05-04 12:47 161808 ----a-w- c:\windows\system32\cd5c68fda19b9b5e6327417f60fe1bb2.exe
2010-05-03 23:43 . 2010-05-03 23:43 161744 ----a-w- c:\windows\system32\3c76e3a1bb7dcc4b6b36a3a6274b2748.exe
2010-05-03 23:43 . 2010-05-03 23:43 161808 ----a-w- c:\windows\system32\f9e1c900a6cb1f94954ddcf1e4cd8825.exe
2010-05-03 21:39 . 2010-05-03 21:39 161744 ----a-w- c:\windows\system32\53db57ee249ef100bbbe4f9843d526d7.exe
2010-05-03 21:39 . 2010-05-03 21:39 161808 ----a-w- c:\windows\system32\6d1c123fa2e3a3a5652a88639dd7f3e0.exe
2010-05-01 19:02 . 2010-05-01 19:02 161744 ----a-w- c:\windows\system32\1010ec09fbd8dd146496f846043f11bb.exe
2010-05-01 19:02 . 2010-05-01 19:02 161808 ----a-w- c:\windows\system32\72ba4690e30c926c09adf4ad33612c54.exe
2010-04-29 19:39 . 2009-09-15 22:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-09-15 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-27 22:02 . 2010-04-27 22:02 161744 ----a-w- c:\windows\system32\339be584c15e90d0f495c0a601d3fd28.exe
2010-04-27 22:02 . 2010-04-27 22:02 161808 ----a-w- c:\windows\system32\4002b51c0348cc0b0e7e77f334adc18c.exe
2010-04-24 15:24 . 2010-04-24 15:24 165392 ----a-w- c:\windows\system32\299dd74ecdf0e66a07512ab20619bcfb.exe
2010-04-22 20:02 . 2010-04-22 20:02 165392 ----a-w- c:\windows\system32\83eaf11a75976827437b12fde5c3d646.exe
2010-04-16 16:09 . 2004-08-04 20:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2000-01-01 20:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-10 17:47 . 2010-04-10 17:47 165392 ----a-w- c:\windows\system32\69a520af64bd7f6d90b1c614d5b984de.exe
2010-04-08 23:39 . 2010-04-08 23:39 165392 ----a-w- c:\windows\system32\e257d0d454439e29d3d2937d81ea6612.exe
2010-04-05 19:39 . 2010-04-05 19:39 165392 ----a-w- c:\windows\system32\0d845626ac553827d0b4204502a70201.exe
2010-04-04 20:42 . 2010-04-04 20:42 165392 ----a-w- c:\windows\system32\000e07ab90bf0b243d98af6f44bcf7f8.exe
2010-03-27 19:39 . 2010-03-27 19:39 165392 -c--a-w- c:\windows\system32\c57482b9b43b965ad387c2d3e82c07f1.exe
2010-03-26 14:33 . 2010-05-05 00:29 1496064 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-05-05 00:29 43008 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-05-05 00:29 339456 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-05-05 00:29 346112 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-23 21:49 . 2009-11-20 17:18 79488 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-22 15:42 . 2010-03-22 15:42 165392 -c--a-w- c:\windows\system32\3f33fa228f84456ebe5297be2cec1ca8.exe
2010-03-19 23:31 . 2010-03-19 23:31 165392 -c--a-w- c:\windows\system32\40e6c0b0cca4d2930dfa5945e59c2681.exe
2010-03-18 23:08 . 2010-03-18 23:08 165392 -c--a-w- c:\windows\system32\97fedc905237c6872778c5def0a4f468.exe
2010-03-14 20:18 . 2010-03-14 20:18 165392 -c--a-w- c:\windows\system32\4971d1af70638fd518daa43ff2d73dbe.exe
2009-09-15 19:18 . 2009-09-15 19:18 15581 ----a-w- c:\program files\Common Files\joqude.dl
2009-09-15 19:18 . 2009-09-15 19:18 14500 ----a-w- c:\program files\Common Files\nonyrivuno.ban
2009-09-15 19:18 . 2009-09-15 19:18 13725 ----a-w- c:\program files\Common Files\wuzes._dl
2009-09-14 23:44 . 2009-09-14 23:44 16459 ----a-w- c:\program files\Common Files\gyqiretose.exe
2009-09-14 23:44 . 2009-09-14 23:44 15282 ----a-w- c:\program files\Common Files\wybahyju._dl
2009-09-14 23:44 . 2009-09-14 23:44 10542 ----a-w- c:\program files\Common Files\otuq.scr
2009-09-12 00:05 . 2009-09-12 00:05 11429 ----a-w- c:\program files\Common Files\majumibipe.sys
2009-09-12 00:05 . 2009-09-12 00:05 19191 ----a-w- c:\program files\Common Files\sikif.sys
2009-09-12 00:05 . 2009-09-12 00:05 12071 ----a-w- c:\program files\Common Files\ijihipoji.sys
2009-09-10 19:46 . 2009-09-10 19:46 19499 ----a-w- c:\program files\Common Files\bahe.vbs
2009-09-10 19:46 . 2009-09-10 19:46 14105 ----a-w- c:\program files\Common Files\ymuz.bat
2009-09-10 19:46 . 2009-09-10 19:46 19921 ----a-w- c:\program files\Common Files\ceroz.db
2009-09-07 23:23 . 2009-09-07 23:23 19269 ----a-w- c:\program files\Common Files\iqehajim.scr
2009-09-07 23:23 . 2009-09-07 23:23 18134 ----a-w- c:\program files\Common Files\qezymekygy.bin
2009-09-07 23:23 . 2009-09-07 23:23 16487 ----a-w- c:\program files\Common Files\gynobakewe.ban
2009-09-03 20:03 . 2009-09-03 20:03 14748 ----a-w- c:\program files\Common Files\ajunaz.ban
2009-09-03 20:03 . 2009-09-03 20:03 16933 ----a-w- c:\program files\Common Files\omar.pif
2009-09-03 20:03 . 2009-09-03 20:03 11040 ----a-w- c:\program files\Common Files\uqybev.vbs
2009-09-02 20:26 . 2009-09-02 20:26 15565 ----a-w- c:\program files\Common Files\mapohuge.vbs
2009-09-02 20:26 . 2009-09-02 20:26 17381 ----a-w- c:\program files\Common Files\gopu.lib
2009-09-02 20:26 . 2009-09-02 20:26 12928 ----a-w- c:\program files\Common Files\ihyxazeci.dll
2009-09-02 20:26 . 2009-09-02 20:26 12304 ----a-w- c:\program files\Common Files\ymydaliho.exe
2009-08-29 22:24 . 2009-08-29 22:24 13506 ----a-w- c:\program files\Common Files\quke.lib
2009-08-29 22:24 . 2009-08-29 22:24 11700 ----a-w- c:\program files\Common Files\xadohywa.inf
2009-08-29 22:24 . 2009-08-29 22:24 17998 ----a-w- c:\program files\Common Files\zahyjaryc.bat
2009-08-29 21:31 . 2009-08-29 21:31 14930 ----a-w- c:\program files\Common Files\azewe.inf
2009-08-29 21:31 . 2009-08-29 21:31 10036 ----a-w- c:\program files\Common Files\ijolux.pif
2009-08-29 21:31 . 2009-08-29 21:31 12975 ----a-w- c:\program files\Common Files\ukijuqocis.vbs
2009-08-29 21:31 . 2009-08-29 21:31 12441 ----a-w- c:\program files\Common Files\tyjetuz.pif
2009-12-24 18:42 . 2009-12-09 23:56 119312 ----a-w- c:\program files\mozilla firefox\components\aadedaabaeddcba.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-03-22 2349080]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-03-22 15:36 2349080 ----a-w- c:\program files\ToggleEN\tbTog0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-03-22 2349080]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-03-22 2349080]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auslogics BoostSpeed"="c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2010-02-10 480368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2000-01-01 136600]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-05-08 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares vista]
2008-07-04 23:58 3196416 ----a-w- c:\program files\Ares Vista\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"iPod Service"=3 (0x3)
"ccdbabbbd"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Ares Vista\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Jason\\Desktop\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23431:TCP"= 23431:TCP:BitComet 23431 TCP
"23431:UDP"= 23431:UDP:BitComet 23431 UDP
S0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys --> c:\windows\system32\Drivers\avgrkx86.sys [?]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Jason\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S4 0766e8e413cd4e5775b03d1dfb542d23;0766e8e413cd4e5775b03d1dfb542d23;c:\windows\system32\0766e8e413cd4e5775b03d1dfb542d23.sys [12/9/2009 7:55 PM 39936]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 ccdbabbbd;6e767934a788d94cfb3f24a938a8ffac;c:\windows\ccdbabbbd.exe /s --> c:\windows\ccdbabbbd.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/18/2009 4:58 PM 24652]
.
Contents of the 'Scheduled Tasks' folder
2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]
2010-06-12 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-06-07 07:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1xgluhzk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\aadedaabaeddcba.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Protection Center - c:\program files\Protection Center\cntprot.exe
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-Multi File Downloader - c:\program files\Multi File Downloader\MultiFileDownloader.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 14:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(788)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\wt\updater\wcmdmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-12 14:54:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-12 18:54
Pre-Run: 22,219,382,784 bytes free
Post-Run: 22,237,691,904 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E03652D912F0CED0FA6C6A321475216A