-
PC might be infected..
When I search on google and click the search results, at first it will go to the website I want and then it will be redirect me to another website.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Atleen at 18:41:36.71 on Fri 03/18/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.744 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Atleen\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094927713312
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143345146468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38173.7355208333
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\atleen\applic~1\mozilla\firefox\profiles\j3uzqc9c.default\
FF - component: c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}\components\Kym-ta.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Mignet Assistant Service: {b03c18ba-d7b2-6ac5-0be5-7d014d274183} - c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-19 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 27576]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2007-1-10 243584]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1803224]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-6-8 86098]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2005-4-3 95232]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
.
=============== Created Last 30 ================
.
2011-03-16 11:24:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-16 11:13:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-16 11:13:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-03-16 04:48:07 -------- d-----w- c:\docume~1\atleen\applic~1\Malwarebytes
2011-03-16 04:47:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 04:47:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-16 04:47:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-16 04:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 01:29:56 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-14 04:46:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-13 01:07:48 127190 ----a-w- c:\windows\system32\foEtCk58k.exe
2011-03-13 01:07:47 2064384 ----a-w- c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}\components\Kym-ta.dll
2011-03-11 02:53:11 -------- d-----w- C:\83a029cfbab080c80b6da8b7
2011-03-08 11:39:46 -------- d-----w- c:\windows\system32\Adobe
.
==================== Find3M ====================
.
2011-01-12 06:22:12 285480 ----a-w- c:\windows\system32\guard32.dll
.
============= FINISH: 18:43:40.84 ===============
-
hi parasiteangel,
We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the log in your reply:
Guide to using Combofix
-
Hi shelf life,
Thank you so much for the quick reply.
I tried running combofix, with AVG and Comodo disabled,but it says that the installation failed.
-
I tried to disable the comodo by disabling the defense+ and firewall and combofix seemed to run but it it wants me to uninstall avg.
Please advise.
Thank you so much.
-
go ahead and uninstall AVG via the add/remove programs panel and restart your computer then run combofix.
-
I am not sure but I have a feeling that the combofix is stuck. In case combofix stopped working in the middle, what do you recommend I do?
thanks
-
Unfortunately my desktop froze so I had to restart it.
Combofix was not able to finish and there was no log created.
I'm sorry if there is too much problem.
Do I just run it again?
-
Try running combofix in safe mode for now. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option on the list; safe mode. Once at the safe mode desktop run combofix.
-
Thank you so much again for helping me.
Here is my combofix result:
ComboFix 11-03-15.02 - Atleen 03/20/2011 11:57:13.5.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1241 [GMT -7:00]
Running from: c:\documents and settings\Atleen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\mt
c:\windows\system32\mt\029.spr
c:\windows\system32\mt\029s.spr
c:\windows\system32\mt\030.pal
c:\windows\system32\mt\030.sid
c:\windows\system32\mt\030.spr
c:\windows\system32\mt\030.spr2
c:\windows\system32\mt\030s.spr
c:\windows\system32\mt\030s.spr2
c:\windows\system32\mt\031.pal
c:\windows\system32\mt\031.sid
c:\windows\system32\mt\031.spr
c:\windows\system32\mt\031s.spr
c:\windows\system32\mt\032.pal
c:\windows\system32\mt\032.sid
c:\windows\system32\mt\032.spr
c:\windows\system32\mt\032s.spr
c:\windows\system32\mt\033.pal
c:\windows\system32\mt\033.sid
c:\windows\system32\mt\033.spr
c:\windows\system32\mt\033s.spr
c:\windows\system32\mt\034.pal
c:\windows\system32\mt\034.sid
c:\windows\system32\mt\034.spr
c:\windows\system32\mt\034s.spr
c:\windows\system32\mt\035.pal
c:\windows\system32\mt\035.sid
c:\windows\system32\mt\035.spr
c:\windows\system32\mt\035s.spr
c:\windows\system32\mt\036.pal
c:\windows\system32\mt\036.sid
c:\windows\system32\mt\036.spr
c:\windows\system32\mt\036s.spr
c:\windows\system32\mt\037.pal
c:\windows\system32\mt\037.sid
c:\windows\system32\mt\037.spr
c:\windows\system32\mt\037s.spr
c:\windows\system32\mt\038.pal
c:\windows\system32\mt\038.sid
c:\windows\system32\mt\038.spr
c:\windows\system32\mt\038s.spr
c:\windows\system32\mt\039.pal
c:\windows\system32\mt\039.sid
c:\windows\system32\mt\039.spr
c:\windows\system32\mt\039s.spr
c:\windows\system32\mt\040-.pal
c:\windows\system32\mt\040-.sid
c:\windows\system32\mt\040-.spr
c:\windows\system32\mt\040-s.spr
c:\windows\system32\mt\040.pal
c:\windows\system32\mt\040.sid
c:\windows\system32\mt\040.spr
c:\windows\system32\mt\040s.spr
c:\windows\system32\mt\041.pal
c:\windows\system32\mt\041.sid
c:\windows\system32\mt\041.spr
c:\windows\system32\mt\041s.spr
c:\windows\system32\mt\042.pal
c:\windows\system32\mt\042.sid
c:\windows\system32\mt\042.spr
c:\windows\system32\mt\042s.spr
c:\windows\system32\mt\043.pal
c:\windows\system32\mt\043.sid
c:\windows\system32\mt\043.spr
c:\windows\system32\mt\043s.spr
c:\windows\system32\mt\044.pal
c:\windows\system32\mt\044.sid
c:\windows\system32\mt\044.spr
c:\windows\system32\mt\044s.spr
c:\windows\system32\mt\045.pal
c:\windows\system32\mt\045.sid
c:\windows\system32\mt\045.spr
c:\windows\system32\mt\045s.spr
c:\windows\system32\mt\10a.pal
c:\windows\system32\mt\10a.sid
c:\windows\system32\mt\10a.spr
c:\windows\system32\mt\10as.spr
c:\windows\system32\mt\10b.pal
c:\windows\system32\mt\10b.sid
c:\windows\system32\mt\10b.spr
c:\windows\system32\mt\10bs.spr
c:\windows\system32\mt\10c.pal
c:\windows\system32\mt\10c.sid
c:\windows\system32\mt\10c.spr
c:\windows\system32\mt\10cs.spr
c:\windows\system32\mt\1152.pal
c:\windows\system32\mt\1152.sid
c:\windows\system32\mt\1152.spr
c:\windows\system32\mt\1152s.spr
c:\windows\system32\mt\151.pal
c:\windows\system32\mt\151.sid
c:\windows\system32\mt\151.spr
c:\windows\system32\mt\151s.spr
c:\windows\system32\mt\153.pal
c:\windows\system32\mt\153.sid
c:\windows\system32\mt\153.spr
c:\windows\system32\mt\153s.spr
c:\windows\system32\mt\30a.pal
c:\windows\system32\mt\30a.sid
c:\windows\system32\mt\30a.spr
c:\windows\system32\mt\30as.spr
c:\windows\system32\mt\30b.pal
c:\windows\system32\mt\30b.sid
c:\windows\system32\mt\30b.spr
c:\windows\system32\mt\30bs.spr
c:\windows\system32\mt\30c.pal
c:\windows\system32\mt\30c.sid
c:\windows\system32\mt\30c.spr
c:\windows\system32\mt\30cs.spr
c:\windows\system32\mt\30d.pal
c:\windows\system32\mt\30d.sid
c:\windows\system32\mt\30d.spr
c:\windows\system32\mt\30ds.spr
c:\windows\system32\mt\30e.pal
c:\windows\system32\mt\30e.sid
c:\windows\system32\mt\30e.spr
c:\windows\system32\mt\30es.spr
c:\windows\system32\mt\30f.pal
c:\windows\system32\mt\30f.sid
c:\windows\system32\mt\30f.spr
c:\windows\system32\mt\30fs.spr
c:\windows\system32\mt\30g.pal
c:\windows\system32\mt\30g.sid
c:\windows\system32\mt\30g.spr
c:\windows\system32\mt\30gs.spr
c:\windows\system32\mt\40a.pal
c:\windows\system32\mt\40a.sid
c:\windows\system32\mt\40a.spr
c:\windows\system32\mt\40as.spr
c:\windows\system32\mt\40b.pal
c:\windows\system32\mt\40b.sid
c:\windows\system32\mt\40b.spr
c:\windows\system32\mt\40bs.spr
c:\windows\system32\mt\40c.pal
c:\windows\system32\mt\40c.sid
c:\windows\system32\mt\40c.spr
c:\windows\system32\mt\40cs.spr
c:\windows\system32\mt\40d.pal
c:\windows\system32\mt\40d.sid
c:\windows\system32\mt\40d.spr
c:\windows\system32\mt\40ds.spr
c:\windows\system32\mt\40e.pal
c:\windows\system32\mt\40e.sid
c:\windows\system32\mt\40e.spr
c:\windows\system32\mt\40es.spr
c:\windows\system32\mt\40f.pal
c:\windows\system32\mt\40f.sid
c:\windows\system32\mt\40f.spr
c:\windows\system32\mt\40fs.spr
c:\windows\system32\mt\50a.pal
c:\windows\system32\mt\50a.sid
c:\windows\system32\mt\50a.spr
c:\windows\system32\mt\50as.spr
c:\windows\system32\mt\50b.pal
c:\windows\system32\mt\50b.sid
c:\windows\system32\mt\50b.spr
c:\windows\system32\mt\50bs.spr
c:\windows\system32\mt\50c.pal
c:\windows\system32\mt\50c.sid
c:\windows\system32\mt\50c.spr
c:\windows\system32\mt\50cs.spr
c:\windows\system32\mt\50d.pal
c:\windows\system32\mt\50d.sid
c:\windows\system32\mt\50d.spr
c:\windows\system32\mt\50ds.spr
c:\windows\system32\mt\50e.pal
c:\windows\system32\mt\50e.sid
c:\windows\system32\mt\50e.spr
c:\windows\system32\mt\50es.spr
c:\windows\system32\mt\60b.pal
c:\windows\system32\mt\60b.sid
c:\windows\system32\mt\60b.spr
c:\windows\system32\mt\60bs.spr
c:\windows\system32\mt\70a.pal
c:\windows\system32\mt\70a.sid
c:\windows\system32\mt\70a.spr
c:\windows\system32\mt\70as.spr
c:\windows\system32\mt\bow.pal
c:\windows\system32\mt\bow.sid
c:\windows\system32\mt\bow.spr
c:\windows\system32\mt\bows.spr
c:\windows\system32\mt\droptree1.pal
c:\windows\system32\mt\droptree1.spr
c:\windows\system32\mt\droptree1s.pal
c:\windows\system32\mt\droptree1s.spr
c:\windows\system32\mt\droptree2.pal
c:\windows\system32\mt\droptree2.spr
c:\windows\system32\mt\droptree2s.pal
c:\windows\system32\mt\droptree2s.spr
c:\windows\system32\mt\h40a.pal
c:\windows\system32\mt\h40a.sid
c:\windows\system32\mt\h40a.spr
c:\windows\system32\mt\h40as.spr
c:\windows\system32\mt\m001.pal
c:\windows\system32\mt\m001.sid
c:\windows\system32\mt\m001.spr
c:\windows\system32\mt\m001s.spr
c:\windows\system32\mt\m002.pal
c:\windows\system32\mt\m002.sid
c:\windows\system32\mt\m002.spr
c:\windows\system32\mt\m002s.spr
c:\windows\system32\mt\m003.pal
c:\windows\system32\mt\m003.sid
c:\windows\system32\mt\m003.spr
c:\windows\system32\mt\m003s.spr
c:\windows\system32\mt\m004.pal
c:\windows\system32\mt\m004.sid
c:\windows\system32\mt\m004.spr
c:\windows\system32\mt\m004s.spr
c:\windows\system32\mt\m005.pal
c:\windows\system32\mt\m005.sid
c:\windows\system32\mt\m005.spr
c:\windows\system32\mt\m005s.spr
c:\windows\system32\mt\m006.pal
c:\windows\system32\mt\m006.sid
c:\windows\system32\mt\m006.spr
c:\windows\system32\mt\m006s.spr
c:\windows\system32\mt\m007.pal
c:\windows\system32\mt\m007.sid
c:\windows\system32\mt\m007.spr
c:\windows\system32\mt\m007s.spr
c:\windows\system32\mt\m008.pal
c:\windows\system32\mt\m008.sid
c:\windows\system32\mt\m008.spr
c:\windows\system32\mt\m008s.spr
c:\windows\system32\mt\m009.pal
c:\windows\system32\mt\m009.sid
c:\windows\system32\mt\m009.spr
c:\windows\system32\mt\m009s.spr
c:\windows\system32\mt\m010.pal
c:\windows\system32\mt\m010.sid
c:\windows\system32\mt\m010.spr
c:\windows\system32\mt\m010s.spr
c:\windows\system32\mt\m011.pal
c:\windows\system32\mt\m011.sid
c:\windows\system32\mt\m011.spr
c:\windows\system32\mt\m011s.spr
c:\windows\system32\mt\m012.pal
c:\windows\system32\mt\m012.sid
c:\windows\system32\mt\m012.spr
c:\windows\system32\mt\m012s.spr
c:\windows\system32\mt\m013.pal
c:\windows\system32\mt\m013.sid
c:\windows\system32\mt\m013.spr
c:\windows\system32\mt\m013s.spr
c:\windows\system32\mt\m014.pal
c:\windows\system32\mt\m014.sid
c:\windows\system32\mt\m014.spr
c:\windows\system32\mt\m014s.spr
c:\windows\system32\mt\s001.pal
c:\windows\system32\mt\s001.sid
c:\windows\system32\mt\s001.spr
c:\windows\system32\mt\s001h.pal
c:\windows\system32\mt\s001h.sid
c:\windows\system32\mt\s001h.spr
c:\windows\system32\mt\s001hs.spr
c:\windows\system32\mt\s001s.spr
c:\windows\system32\mt\s002.pal
c:\windows\system32\mt\s002.sid
c:\windows\system32\mt\s002.spr
c:\windows\system32\mt\s002s.spr
c:\windows\system32\mt\s003.pal
c:\windows\system32\mt\s003.sid
c:\windows\system32\mt\s003.spr
c:\windows\system32\mt\s003s.spr
c:\windows\system32\mt\s004.pal
c:\windows\system32\mt\s004.sid
c:\windows\system32\mt\s004.spr
c:\windows\system32\mt\s004s.spr
c:\windows\system32\mt\s005.pal
c:\windows\system32\mt\s005.sid
c:\windows\system32\mt\s005.spr
c:\windows\system32\mt\s005s.spr
c:\windows\system32\mt\s006.pal
c:\windows\system32\mt\s006.sid
c:\windows\system32\mt\s006.spr
c:\windows\system32\mt\s006s.spr
c:\windows\system32\mt\s007.pal
c:\windows\system32\mt\s007.sid
c:\windows\system32\mt\s007.spr
c:\windows\system32\mt\s007s.spr
c:\windows\system32\mt\s010.pal
c:\windows\system32\mt\s010.sid
c:\windows\system32\mt\s010.spr
c:\windows\system32\mt\s010_1.pal
c:\windows\system32\mt\s010_1.sid
c:\windows\system32\mt\s010_1.spr
c:\windows\system32\mt\s010s.spr
c:\windows\system32\mt\s011.pal
c:\windows\system32\mt\s011.sid
c:\windows\system32\mt\s011.spr
c:\windows\system32\mt\s011s.spr
c:\windows\system32\mt\sh001.pal
c:\windows\system32\mt\sh001.sid
c:\windows\system32\mt\sh001.spr
c:\windows\system32\mt\sh001s.spr
c:\windows\system32\mt\sm000.pal
c:\windows\system32\mt\sm000.sid
c:\windows\system32\mt\sm000.spr
c:\windows\system32\mt\sm000s.spr
c:\windows\system32\mt\sm001.pal
c:\windows\system32\mt\sm001.sid
c:\windows\system32\mt\sm001.spr
c:\windows\system32\mt\sm001s.spr
c:\windows\system32\mt\sm003.pal
c:\windows\system32\mt\sm003.sid
c:\windows\system32\mt\sm003.spr
c:\windows\system32\mt\sm003s.spr
c:\windows\system32\mt\sm032.pal
c:\windows\system32\mt\sm042.pal
c:\windows\system32\mt\ssan.pal
c:\windows\system32\mt\ssan.sid
c:\windows\system32\mt\ssan.spr
c:\windows\system32\mt\ssans.spr
c:\windows\tempf.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-20 01:05 . 2011-03-20 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-19 01:38 . 2011-03-19 01:39 -------- d-----w- c:\program files\ERUNT
2011-03-16 11:24 . 2011-03-16 11:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-16 11:13 . 2011-03-16 11:13 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-16 11:13 . 2011-03-16 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-03-16 04:48 . 2011-03-16 04:48 -------- d-----w- c:\documents and settings\Atleen\Application Data\Malwarebytes
2011-03-16 04:47 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 04:47 . 2011-03-16 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-16 04:47 . 2011-03-16 04:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-16 04:47 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 01:29 . 2011-03-15 01:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-03-14 04:50 . 2011-03-14 04:51 -------- d-----w- c:\documents and settings\Atleen\Application Data\DivX
2011-03-14 04:46 . 2011-03-17 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-03-11 02:53 . 2011-03-11 02:53 -------- d-----w- C:\83a029cfbab080c80b6da8b7
2011-03-08 11:39 . 2011-03-08 11:40 -------- d-----w- c:\windows\system32\Adobe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 06:22 . 2010-06-02 02:00 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-12 06:22 . 2010-06-02 02:00 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-12 06:22 . 2010-06-02 02:00 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-12 06:22 . 2010-06-04 18:55 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-12 06:22 . 2010-06-02 02:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-20 2548552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Atleen^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Atleen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Atleen^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
path=c:\documents and settings\Atleen\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-07-22 20:38 88361 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2003-09-29 06:22 36352 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-03-06 00:32 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-04 07:56 50176 ----a-w- c:\windows\eHome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 21:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 20:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-06-26 18:33 243248 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-05-25 00:21 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sHotKey]
2003-08-22 17:22 45056 ----a-w- c:\program files\Sony\sHotKey\SHOTKEY.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-11-03 19:55 1052672 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZZZ]
2004-03-24 17:40 147456 ----a-w- c:\windows\SONYSYS\Eflyer\EFlyer_Popup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"YahooAUService"=2 (0x2)
"SonicStageMonitoring"=2 (0x2)
"aawservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\PLDTPlay\\ServerScout\\ServerScout.exe"=
"c:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe"=
"c:\\Program Files\\Sony\\vaio media 3.0\\Vc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Sierra\\Counter-Strike\\svchost.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 27576]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [1/10/2007 10:39 PM 243584]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 11:28 AM 204800]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [6/8/2004 2:54 PM 86098]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [4/3/2005 6:08 PM 95232]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
.
Contents of the 'Scheduled Tasks' folder
.
2004-07-11 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
2004-07-16 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
2004-07-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Atleen\Application Data\Mozilla\Firefox\Profiles\j3uzqc9c.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 12:15
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3710816040-3839843654-1662050968-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\ehRec.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\HPZipm12.exe
c:\windows\system32\java.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-20 12:24:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-20 19:23
ComboFix2.txt 2010-06-12 04:32
.
Pre-Run: 96,088,223,744 bytes free
Post-Run: 94,411,616,256 bytes free
.
- - End Of File - - 557109B5D597B583E6D646DB0C822D2E
-
no problem, your welcome. Try running combofix now in "normal" mode. Also check malwarebytes for updates and scan with it to see if it digs up anything after you try combofix first.