Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: PC might be infected..

  1. #1
    Junior Member
    Join Date
    Nov 2007
    Posts
    24

    Default PC might be infected..

    When I search on google and click the search results, at first it will go to the website I want and then it will be redirect me to another website.


    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Atleen at 18:41:36.71 on Fri 03/18/2011
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.744 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\java.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Documents and Settings\Atleen\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRunOnce: [RunNarrator] Narrator.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
    DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094927713312
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143345146468
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38173.7355208333
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\atleen\applic~1\mozilla\firefox\profiles\j3uzqc9c.default\
    FF - component: c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}\components\Kym-ta.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Mignet Assistant Service: {b03c18ba-d7b2-6ac5-0be5-7d014d274183} - c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-19 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-19 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-19 243024]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 27576]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
    R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2007-1-10 243584]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1803224]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
    R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-6-8 86098]
    S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2005-4-3 95232]
    S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
    .
    =============== Created Last 30 ================
    .
    2011-03-16 11:24:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2011-03-16 11:13:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-03-16 11:13:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2011-03-16 04:48:07 -------- d-----w- c:\docume~1\atleen\applic~1\Malwarebytes
    2011-03-16 04:47:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-16 04:47:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-03-16 04:47:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-16 04:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-15 01:29:56 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2011-03-14 04:46:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2011-03-13 01:07:48 127190 ----a-w- c:\windows\system32\foEtCk58k.exe
    2011-03-13 01:07:47 2064384 ----a-w- c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}\components\Kym-ta.dll
    2011-03-11 02:53:11 -------- d-----w- C:\83a029cfbab080c80b6da8b7
    2011-03-08 11:39:46 -------- d-----w- c:\windows\system32\Adobe
    .
    ==================== Find3M ====================
    .
    2011-01-12 06:22:12 285480 ----a-w- c:\windows\system32\guard32.dll
    .
    ============= FINISH: 18:43:40.84 ===============

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi parasiteangel,

    We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the log in your reply:

    Guide to using Combofix
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Nov 2007
    Posts
    24

    Default

    Hi shelf life,

    Thank you so much for the quick reply.

    I tried running combofix, with AVG and Comodo disabled,but it says that the installation failed.

  4. #4
    Junior Member
    Join Date
    Nov 2007
    Posts
    24

    Default

    I tried to disable the comodo by disabling the defense+ and firewall and combofix seemed to run but it it wants me to uninstall avg.

    Please advise.

    Thank you so much.

  5. #5
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    go ahead and uninstall AVG via the add/remove programs panel and restart your computer then run combofix.
    How Can I Reduce My Risk?

  6. #6
    Junior Member
    Join Date
    Nov 2007
    Posts
    24

    Default

    I am not sure but I have a feeling that the combofix is stuck. In case combofix stopped working in the middle, what do you recommend I do?

    thanks

  7. #7
    Junior Member
    Join Date
    Nov 2007
    Posts
    24

    Default

    Unfortunately my desktop froze so I had to restart it.

    Combofix was not able to finish and there was no log created.

    I'm sorry if there is too much problem.

    Do I just run it again?

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Try running combofix in safe mode for now. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option on the list; safe mode. Once at the safe mode desktop run combofix.
    How Can I Reduce My Risk?

  9. #9
    Junior Member
    Join Date
    Nov 2007
    Posts
    24

    Default

    Thank you so much again for helping me.

    Here is my combofix result:

    ComboFix 11-03-15.02 - Atleen 03/20/2011 11:57:13.5.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1241 [GMT -7:00]
    Running from: c:\documents and settings\Atleen\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\mt
    c:\windows\system32\mt\029.spr
    c:\windows\system32\mt\029s.spr
    c:\windows\system32\mt\030.pal
    c:\windows\system32\mt\030.sid
    c:\windows\system32\mt\030.spr
    c:\windows\system32\mt\030.spr2
    c:\windows\system32\mt\030s.spr
    c:\windows\system32\mt\030s.spr2
    c:\windows\system32\mt\031.pal
    c:\windows\system32\mt\031.sid
    c:\windows\system32\mt\031.spr
    c:\windows\system32\mt\031s.spr
    c:\windows\system32\mt\032.pal
    c:\windows\system32\mt\032.sid
    c:\windows\system32\mt\032.spr
    c:\windows\system32\mt\032s.spr
    c:\windows\system32\mt\033.pal
    c:\windows\system32\mt\033.sid
    c:\windows\system32\mt\033.spr
    c:\windows\system32\mt\033s.spr
    c:\windows\system32\mt\034.pal
    c:\windows\system32\mt\034.sid
    c:\windows\system32\mt\034.spr
    c:\windows\system32\mt\034s.spr
    c:\windows\system32\mt\035.pal
    c:\windows\system32\mt\035.sid
    c:\windows\system32\mt\035.spr
    c:\windows\system32\mt\035s.spr
    c:\windows\system32\mt\036.pal
    c:\windows\system32\mt\036.sid
    c:\windows\system32\mt\036.spr
    c:\windows\system32\mt\036s.spr
    c:\windows\system32\mt\037.pal
    c:\windows\system32\mt\037.sid
    c:\windows\system32\mt\037.spr
    c:\windows\system32\mt\037s.spr
    c:\windows\system32\mt\038.pal
    c:\windows\system32\mt\038.sid
    c:\windows\system32\mt\038.spr
    c:\windows\system32\mt\038s.spr
    c:\windows\system32\mt\039.pal
    c:\windows\system32\mt\039.sid
    c:\windows\system32\mt\039.spr
    c:\windows\system32\mt\039s.spr
    c:\windows\system32\mt\040-.pal
    c:\windows\system32\mt\040-.sid
    c:\windows\system32\mt\040-.spr
    c:\windows\system32\mt\040-s.spr
    c:\windows\system32\mt\040.pal
    c:\windows\system32\mt\040.sid
    c:\windows\system32\mt\040.spr
    c:\windows\system32\mt\040s.spr
    c:\windows\system32\mt\041.pal
    c:\windows\system32\mt\041.sid
    c:\windows\system32\mt\041.spr
    c:\windows\system32\mt\041s.spr
    c:\windows\system32\mt\042.pal
    c:\windows\system32\mt\042.sid
    c:\windows\system32\mt\042.spr
    c:\windows\system32\mt\042s.spr
    c:\windows\system32\mt\043.pal
    c:\windows\system32\mt\043.sid
    c:\windows\system32\mt\043.spr
    c:\windows\system32\mt\043s.spr
    c:\windows\system32\mt\044.pal
    c:\windows\system32\mt\044.sid
    c:\windows\system32\mt\044.spr
    c:\windows\system32\mt\044s.spr
    c:\windows\system32\mt\045.pal
    c:\windows\system32\mt\045.sid
    c:\windows\system32\mt\045.spr
    c:\windows\system32\mt\045s.spr
    c:\windows\system32\mt\10a.pal
    c:\windows\system32\mt\10a.sid
    c:\windows\system32\mt\10a.spr
    c:\windows\system32\mt\10as.spr
    c:\windows\system32\mt\10b.pal
    c:\windows\system32\mt\10b.sid
    c:\windows\system32\mt\10b.spr
    c:\windows\system32\mt\10bs.spr
    c:\windows\system32\mt\10c.pal
    c:\windows\system32\mt\10c.sid
    c:\windows\system32\mt\10c.spr
    c:\windows\system32\mt\10cs.spr
    c:\windows\system32\mt\1152.pal
    c:\windows\system32\mt\1152.sid
    c:\windows\system32\mt\1152.spr
    c:\windows\system32\mt\1152s.spr
    c:\windows\system32\mt\151.pal
    c:\windows\system32\mt\151.sid
    c:\windows\system32\mt\151.spr
    c:\windows\system32\mt\151s.spr
    c:\windows\system32\mt\153.pal
    c:\windows\system32\mt\153.sid
    c:\windows\system32\mt\153.spr
    c:\windows\system32\mt\153s.spr
    c:\windows\system32\mt\30a.pal
    c:\windows\system32\mt\30a.sid
    c:\windows\system32\mt\30a.spr
    c:\windows\system32\mt\30as.spr
    c:\windows\system32\mt\30b.pal
    c:\windows\system32\mt\30b.sid
    c:\windows\system32\mt\30b.spr
    c:\windows\system32\mt\30bs.spr
    c:\windows\system32\mt\30c.pal
    c:\windows\system32\mt\30c.sid
    c:\windows\system32\mt\30c.spr
    c:\windows\system32\mt\30cs.spr
    c:\windows\system32\mt\30d.pal
    c:\windows\system32\mt\30d.sid
    c:\windows\system32\mt\30d.spr
    c:\windows\system32\mt\30ds.spr
    c:\windows\system32\mt\30e.pal
    c:\windows\system32\mt\30e.sid
    c:\windows\system32\mt\30e.spr
    c:\windows\system32\mt\30es.spr
    c:\windows\system32\mt\30f.pal
    c:\windows\system32\mt\30f.sid
    c:\windows\system32\mt\30f.spr
    c:\windows\system32\mt\30fs.spr
    c:\windows\system32\mt\30g.pal
    c:\windows\system32\mt\30g.sid
    c:\windows\system32\mt\30g.spr
    c:\windows\system32\mt\30gs.spr
    c:\windows\system32\mt\40a.pal
    c:\windows\system32\mt\40a.sid
    c:\windows\system32\mt\40a.spr
    c:\windows\system32\mt\40as.spr
    c:\windows\system32\mt\40b.pal
    c:\windows\system32\mt\40b.sid
    c:\windows\system32\mt\40b.spr
    c:\windows\system32\mt\40bs.spr
    c:\windows\system32\mt\40c.pal
    c:\windows\system32\mt\40c.sid
    c:\windows\system32\mt\40c.spr
    c:\windows\system32\mt\40cs.spr
    c:\windows\system32\mt\40d.pal
    c:\windows\system32\mt\40d.sid
    c:\windows\system32\mt\40d.spr
    c:\windows\system32\mt\40ds.spr
    c:\windows\system32\mt\40e.pal
    c:\windows\system32\mt\40e.sid
    c:\windows\system32\mt\40e.spr
    c:\windows\system32\mt\40es.spr
    c:\windows\system32\mt\40f.pal
    c:\windows\system32\mt\40f.sid
    c:\windows\system32\mt\40f.spr
    c:\windows\system32\mt\40fs.spr
    c:\windows\system32\mt\50a.pal
    c:\windows\system32\mt\50a.sid
    c:\windows\system32\mt\50a.spr
    c:\windows\system32\mt\50as.spr
    c:\windows\system32\mt\50b.pal
    c:\windows\system32\mt\50b.sid
    c:\windows\system32\mt\50b.spr
    c:\windows\system32\mt\50bs.spr
    c:\windows\system32\mt\50c.pal
    c:\windows\system32\mt\50c.sid
    c:\windows\system32\mt\50c.spr
    c:\windows\system32\mt\50cs.spr
    c:\windows\system32\mt\50d.pal
    c:\windows\system32\mt\50d.sid
    c:\windows\system32\mt\50d.spr
    c:\windows\system32\mt\50ds.spr
    c:\windows\system32\mt\50e.pal
    c:\windows\system32\mt\50e.sid
    c:\windows\system32\mt\50e.spr
    c:\windows\system32\mt\50es.spr
    c:\windows\system32\mt\60b.pal
    c:\windows\system32\mt\60b.sid
    c:\windows\system32\mt\60b.spr
    c:\windows\system32\mt\60bs.spr
    c:\windows\system32\mt\70a.pal
    c:\windows\system32\mt\70a.sid
    c:\windows\system32\mt\70a.spr
    c:\windows\system32\mt\70as.spr
    c:\windows\system32\mt\bow.pal
    c:\windows\system32\mt\bow.sid
    c:\windows\system32\mt\bow.spr
    c:\windows\system32\mt\bows.spr
    c:\windows\system32\mt\droptree1.pal
    c:\windows\system32\mt\droptree1.spr
    c:\windows\system32\mt\droptree1s.pal
    c:\windows\system32\mt\droptree1s.spr
    c:\windows\system32\mt\droptree2.pal
    c:\windows\system32\mt\droptree2.spr
    c:\windows\system32\mt\droptree2s.pal
    c:\windows\system32\mt\droptree2s.spr
    c:\windows\system32\mt\h40a.pal
    c:\windows\system32\mt\h40a.sid
    c:\windows\system32\mt\h40a.spr
    c:\windows\system32\mt\h40as.spr
    c:\windows\system32\mt\m001.pal
    c:\windows\system32\mt\m001.sid
    c:\windows\system32\mt\m001.spr
    c:\windows\system32\mt\m001s.spr
    c:\windows\system32\mt\m002.pal
    c:\windows\system32\mt\m002.sid
    c:\windows\system32\mt\m002.spr
    c:\windows\system32\mt\m002s.spr
    c:\windows\system32\mt\m003.pal
    c:\windows\system32\mt\m003.sid
    c:\windows\system32\mt\m003.spr
    c:\windows\system32\mt\m003s.spr
    c:\windows\system32\mt\m004.pal
    c:\windows\system32\mt\m004.sid
    c:\windows\system32\mt\m004.spr
    c:\windows\system32\mt\m004s.spr
    c:\windows\system32\mt\m005.pal
    c:\windows\system32\mt\m005.sid
    c:\windows\system32\mt\m005.spr
    c:\windows\system32\mt\m005s.spr
    c:\windows\system32\mt\m006.pal
    c:\windows\system32\mt\m006.sid
    c:\windows\system32\mt\m006.spr
    c:\windows\system32\mt\m006s.spr
    c:\windows\system32\mt\m007.pal
    c:\windows\system32\mt\m007.sid
    c:\windows\system32\mt\m007.spr
    c:\windows\system32\mt\m007s.spr
    c:\windows\system32\mt\m008.pal
    c:\windows\system32\mt\m008.sid
    c:\windows\system32\mt\m008.spr
    c:\windows\system32\mt\m008s.spr
    c:\windows\system32\mt\m009.pal
    c:\windows\system32\mt\m009.sid
    c:\windows\system32\mt\m009.spr
    c:\windows\system32\mt\m009s.spr
    c:\windows\system32\mt\m010.pal
    c:\windows\system32\mt\m010.sid
    c:\windows\system32\mt\m010.spr
    c:\windows\system32\mt\m010s.spr
    c:\windows\system32\mt\m011.pal
    c:\windows\system32\mt\m011.sid
    c:\windows\system32\mt\m011.spr
    c:\windows\system32\mt\m011s.spr
    c:\windows\system32\mt\m012.pal
    c:\windows\system32\mt\m012.sid
    c:\windows\system32\mt\m012.spr
    c:\windows\system32\mt\m012s.spr
    c:\windows\system32\mt\m013.pal
    c:\windows\system32\mt\m013.sid
    c:\windows\system32\mt\m013.spr
    c:\windows\system32\mt\m013s.spr
    c:\windows\system32\mt\m014.pal
    c:\windows\system32\mt\m014.sid
    c:\windows\system32\mt\m014.spr
    c:\windows\system32\mt\m014s.spr
    c:\windows\system32\mt\s001.pal
    c:\windows\system32\mt\s001.sid
    c:\windows\system32\mt\s001.spr
    c:\windows\system32\mt\s001h.pal
    c:\windows\system32\mt\s001h.sid
    c:\windows\system32\mt\s001h.spr
    c:\windows\system32\mt\s001hs.spr
    c:\windows\system32\mt\s001s.spr
    c:\windows\system32\mt\s002.pal
    c:\windows\system32\mt\s002.sid
    c:\windows\system32\mt\s002.spr
    c:\windows\system32\mt\s002s.spr
    c:\windows\system32\mt\s003.pal
    c:\windows\system32\mt\s003.sid
    c:\windows\system32\mt\s003.spr
    c:\windows\system32\mt\s003s.spr
    c:\windows\system32\mt\s004.pal
    c:\windows\system32\mt\s004.sid
    c:\windows\system32\mt\s004.spr
    c:\windows\system32\mt\s004s.spr
    c:\windows\system32\mt\s005.pal
    c:\windows\system32\mt\s005.sid
    c:\windows\system32\mt\s005.spr
    c:\windows\system32\mt\s005s.spr
    c:\windows\system32\mt\s006.pal
    c:\windows\system32\mt\s006.sid
    c:\windows\system32\mt\s006.spr
    c:\windows\system32\mt\s006s.spr
    c:\windows\system32\mt\s007.pal
    c:\windows\system32\mt\s007.sid
    c:\windows\system32\mt\s007.spr
    c:\windows\system32\mt\s007s.spr
    c:\windows\system32\mt\s010.pal
    c:\windows\system32\mt\s010.sid
    c:\windows\system32\mt\s010.spr
    c:\windows\system32\mt\s010_1.pal
    c:\windows\system32\mt\s010_1.sid
    c:\windows\system32\mt\s010_1.spr
    c:\windows\system32\mt\s010s.spr
    c:\windows\system32\mt\s011.pal
    c:\windows\system32\mt\s011.sid
    c:\windows\system32\mt\s011.spr
    c:\windows\system32\mt\s011s.spr
    c:\windows\system32\mt\sh001.pal
    c:\windows\system32\mt\sh001.sid
    c:\windows\system32\mt\sh001.spr
    c:\windows\system32\mt\sh001s.spr
    c:\windows\system32\mt\sm000.pal
    c:\windows\system32\mt\sm000.sid
    c:\windows\system32\mt\sm000.spr
    c:\windows\system32\mt\sm000s.spr
    c:\windows\system32\mt\sm001.pal
    c:\windows\system32\mt\sm001.sid
    c:\windows\system32\mt\sm001.spr
    c:\windows\system32\mt\sm001s.spr
    c:\windows\system32\mt\sm003.pal
    c:\windows\system32\mt\sm003.sid
    c:\windows\system32\mt\sm003.spr
    c:\windows\system32\mt\sm003s.spr
    c:\windows\system32\mt\sm032.pal
    c:\windows\system32\mt\sm042.pal
    c:\windows\system32\mt\ssan.pal
    c:\windows\system32\mt\ssan.sid
    c:\windows\system32\mt\ssan.spr
    c:\windows\system32\mt\ssans.spr
    c:\windows\tempf.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-20 01:05 . 2011-03-20 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-03-19 01:38 . 2011-03-19 01:39 -------- d-----w- c:\program files\ERUNT
    2011-03-16 11:24 . 2011-03-16 11:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2011-03-16 11:13 . 2011-03-16 11:13 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-03-16 11:13 . 2011-03-16 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-03-16 04:48 . 2011-03-16 04:48 -------- d-----w- c:\documents and settings\Atleen\Application Data\Malwarebytes
    2011-03-16 04:47 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-16 04:47 . 2011-03-16 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-03-16 04:47 . 2011-03-16 04:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-16 04:47 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-15 01:29 . 2011-03-15 01:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-03-14 04:50 . 2011-03-14 04:51 -------- d-----w- c:\documents and settings\Atleen\Application Data\DivX
    2011-03-14 04:46 . 2011-03-17 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2011-03-11 02:53 . 2011-03-11 02:53 -------- d-----w- C:\83a029cfbab080c80b6da8b7
    2011-03-08 11:39 . 2011-03-08 11:40 -------- d-----w- c:\windows\system32\Adobe
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-12 06:22 . 2010-06-02 02:00 285480 ----a-w- c:\windows\system32\guard32.dll
    2011-01-12 06:22 . 2010-06-02 02:00 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-12 06:22 . 2010-06-02 02:00 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-12 06:22 . 2010-06-04 18:55 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-12 06:22 . 2010-06-02 02:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
    "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-20 2548552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2004-08-04 53760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Atleen^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Atleen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Atleen^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
    path=c:\documents and settings\Atleen\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
    backup=c:\windows\pss\ViiKiiDesktopPlugin.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-07-22 20:38 88361 ----a-w- c:\windows\AGRSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
    2003-09-29 06:22 36352 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
    2004-03-06 00:32 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2004-08-04 07:56 50176 ----a-w- c:\windows\eHome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2005-01-12 21:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 20:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2006-06-26 18:33 243248 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2004-05-25 00:21 4841472 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sHotKey]
    2003-08-22 17:22 45056 ----a-w- c:\program files\Sony\sHotKey\SHOTKEY.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
    2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
    2003-11-03 19:55 1052672 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZZZ]
    2004-03-24 17:40 147456 ----a-w- c:\windows\SONYSYS\Eflyer\EFlyer_Popup.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)
    "YahooAUService"=2 (0x2)
    "SonicStageMonitoring"=2 (0x2)
    "aawservice"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\PLDTPlay\\ServerScout\\ServerScout.exe"=
    "c:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe"=
    "c:\\Program Files\\Sony\\vaio media 3.0\\Vc.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\Sierra\\Counter-Strike\\svchost.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 27576]
    R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [1/10/2007 10:39 PM 243584]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 11:28 AM 204800]
    R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [6/8/2004 2:54 PM 86098]
    S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [4/3/2005 6:08 PM 95232]
    S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2004-07-11 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
    .
    2004-07-16 c:\windows\Tasks\Registration reminder 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
    .
    2004-07-26 c:\windows\Tasks\Registration reminder 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Atleen\Application Data\Mozilla\Firefox\Profiles\j3uzqc9c.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-avgrsstarter - avgrsstx.dll
    MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-20 12:15
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    detected NTDLL code modification:
    ZwClose, ZwOpenFile
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3710816040-3839843654-1662050968-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @DACL=(02 0010)
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(800)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'explorer.exe'(2392)
    c:\windows\system32\WININET.dll
    c:\windows\system32\guard32.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\ehome\ehRec.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\System32\HPZipm12.exe
    c:\windows\system32\java.exe
    c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-20 12:24:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-20 19:23
    ComboFix2.txt 2010-06-12 04:32
    .
    Pre-Run: 96,088,223,744 bytes free
    Post-Run: 94,411,616,256 bytes free
    .
    - - End Of File - - 557109B5D597B583E6D646DB0C822D2E

  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    no problem, your welcome. Try running combofix now in "normal" mode. Also check malwarebytes for updates and scan with it to see if it digs up anything after you try combofix first.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •