-
PC might be infected..
When I search on google and click the search results, at first it will go to the website I want and then it will be redirect me to another website.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Atleen at 18:41:36.71 on Fri 03/18/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.744 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Atleen\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094927713312
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143345146468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38173.7355208333
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\atleen\applic~1\mozilla\firefox\profiles\j3uzqc9c.default\
FF - component: c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}\components\Kym-ta.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Mignet Assistant Service: {b03c18ba-d7b2-6ac5-0be5-7d014d274183} - c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-19 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 27576]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2007-1-10 243584]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1803224]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-6-8 86098]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2005-4-3 95232]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
.
=============== Created Last 30 ================
.
2011-03-16 11:24:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-16 11:13:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-16 11:13:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-03-16 04:48:07 -------- d-----w- c:\docume~1\atleen\applic~1\Malwarebytes
2011-03-16 04:47:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 04:47:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-16 04:47:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-16 04:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 01:29:56 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-14 04:46:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-13 01:07:48 127190 ----a-w- c:\windows\system32\foEtCk58k.exe
2011-03-13 01:07:47 2064384 ----a-w- c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}\components\Kym-ta.dll
2011-03-11 02:53:11 -------- d-----w- C:\83a029cfbab080c80b6da8b7
2011-03-08 11:39:46 -------- d-----w- c:\windows\system32\Adobe
.
==================== Find3M ====================
.
2011-01-12 06:22:12 285480 ----a-w- c:\windows\system32\guard32.dll
.
============= FINISH: 18:43:40.84 ===============
-
hi parasiteangel,
We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the log in your reply:
Guide to using Combofix
-
Hi shelf life,
Thank you so much for the quick reply.
I tried running combofix, with AVG and Comodo disabled,but it says that the installation failed.
-
I tried to disable the comodo by disabling the defense+ and firewall and combofix seemed to run but it it wants me to uninstall avg.
Please advise.
Thank you so much.
-
go ahead and uninstall AVG via the add/remove programs panel and restart your computer then run combofix.
-
I am not sure but I have a feeling that the combofix is stuck. In case combofix stopped working in the middle, what do you recommend I do?
thanks
-
Unfortunately my desktop froze so I had to restart it.
Combofix was not able to finish and there was no log created.
I'm sorry if there is too much problem.
Do I just run it again?
-
Try running combofix in safe mode for now. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option on the list; safe mode. Once at the safe mode desktop run combofix.
-
Thank you so much again for helping me.
Here is my combofix result:
ComboFix 11-03-15.02 - Atleen 03/20/2011 11:57:13.5.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1241 [GMT -7:00]
Running from: c:\documents and settings\Atleen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\mt
c:\windows\system32\mt\029.spr
c:\windows\system32\mt\029s.spr
c:\windows\system32\mt\030.pal
c:\windows\system32\mt\030.sid
c:\windows\system32\mt\030.spr
c:\windows\system32\mt\030.spr2
c:\windows\system32\mt\030s.spr
c:\windows\system32\mt\030s.spr2
c:\windows\system32\mt\031.pal
c:\windows\system32\mt\031.sid
c:\windows\system32\mt\031.spr
c:\windows\system32\mt\031s.spr
c:\windows\system32\mt\032.pal
c:\windows\system32\mt\032.sid
c:\windows\system32\mt\032.spr
c:\windows\system32\mt\032s.spr
c:\windows\system32\mt\033.pal
c:\windows\system32\mt\033.sid
c:\windows\system32\mt\033.spr
c:\windows\system32\mt\033s.spr
c:\windows\system32\mt\034.pal
c:\windows\system32\mt\034.sid
c:\windows\system32\mt\034.spr
c:\windows\system32\mt\034s.spr
c:\windows\system32\mt\035.pal
c:\windows\system32\mt\035.sid
c:\windows\system32\mt\035.spr
c:\windows\system32\mt\035s.spr
c:\windows\system32\mt\036.pal
c:\windows\system32\mt\036.sid
c:\windows\system32\mt\036.spr
c:\windows\system32\mt\036s.spr
c:\windows\system32\mt\037.pal
c:\windows\system32\mt\037.sid
c:\windows\system32\mt\037.spr
c:\windows\system32\mt\037s.spr
c:\windows\system32\mt\038.pal
c:\windows\system32\mt\038.sid
c:\windows\system32\mt\038.spr
c:\windows\system32\mt\038s.spr
c:\windows\system32\mt\039.pal
c:\windows\system32\mt\039.sid
c:\windows\system32\mt\039.spr
c:\windows\system32\mt\039s.spr
c:\windows\system32\mt\040-.pal
c:\windows\system32\mt\040-.sid
c:\windows\system32\mt\040-.spr
c:\windows\system32\mt\040-s.spr
c:\windows\system32\mt\040.pal
c:\windows\system32\mt\040.sid
c:\windows\system32\mt\040.spr
c:\windows\system32\mt\040s.spr
c:\windows\system32\mt\041.pal
c:\windows\system32\mt\041.sid
c:\windows\system32\mt\041.spr
c:\windows\system32\mt\041s.spr
c:\windows\system32\mt\042.pal
c:\windows\system32\mt\042.sid
c:\windows\system32\mt\042.spr
c:\windows\system32\mt\042s.spr
c:\windows\system32\mt\043.pal
c:\windows\system32\mt\043.sid
c:\windows\system32\mt\043.spr
c:\windows\system32\mt\043s.spr
c:\windows\system32\mt\044.pal
c:\windows\system32\mt\044.sid
c:\windows\system32\mt\044.spr
c:\windows\system32\mt\044s.spr
c:\windows\system32\mt\045.pal
c:\windows\system32\mt\045.sid
c:\windows\system32\mt\045.spr
c:\windows\system32\mt\045s.spr
c:\windows\system32\mt\10a.pal
c:\windows\system32\mt\10a.sid
c:\windows\system32\mt\10a.spr
c:\windows\system32\mt\10as.spr
c:\windows\system32\mt\10b.pal
c:\windows\system32\mt\10b.sid
c:\windows\system32\mt\10b.spr
c:\windows\system32\mt\10bs.spr
c:\windows\system32\mt\10c.pal
c:\windows\system32\mt\10c.sid
c:\windows\system32\mt\10c.spr
c:\windows\system32\mt\10cs.spr
c:\windows\system32\mt\1152.pal
c:\windows\system32\mt\1152.sid
c:\windows\system32\mt\1152.spr
c:\windows\system32\mt\1152s.spr
c:\windows\system32\mt\151.pal
c:\windows\system32\mt\151.sid
c:\windows\system32\mt\151.spr
c:\windows\system32\mt\151s.spr
c:\windows\system32\mt\153.pal
c:\windows\system32\mt\153.sid
c:\windows\system32\mt\153.spr
c:\windows\system32\mt\153s.spr
c:\windows\system32\mt\30a.pal
c:\windows\system32\mt\30a.sid
c:\windows\system32\mt\30a.spr
c:\windows\system32\mt\30as.spr
c:\windows\system32\mt\30b.pal
c:\windows\system32\mt\30b.sid
c:\windows\system32\mt\30b.spr
c:\windows\system32\mt\30bs.spr
c:\windows\system32\mt\30c.pal
c:\windows\system32\mt\30c.sid
c:\windows\system32\mt\30c.spr
c:\windows\system32\mt\30cs.spr
c:\windows\system32\mt\30d.pal
c:\windows\system32\mt\30d.sid
c:\windows\system32\mt\30d.spr
c:\windows\system32\mt\30ds.spr
c:\windows\system32\mt\30e.pal
c:\windows\system32\mt\30e.sid
c:\windows\system32\mt\30e.spr
c:\windows\system32\mt\30es.spr
c:\windows\system32\mt\30f.pal
c:\windows\system32\mt\30f.sid
c:\windows\system32\mt\30f.spr
c:\windows\system32\mt\30fs.spr
c:\windows\system32\mt\30g.pal
c:\windows\system32\mt\30g.sid
c:\windows\system32\mt\30g.spr
c:\windows\system32\mt\30gs.spr
c:\windows\system32\mt\40a.pal
c:\windows\system32\mt\40a.sid
c:\windows\system32\mt\40a.spr
c:\windows\system32\mt\40as.spr
c:\windows\system32\mt\40b.pal
c:\windows\system32\mt\40b.sid
c:\windows\system32\mt\40b.spr
c:\windows\system32\mt\40bs.spr
c:\windows\system32\mt\40c.pal
c:\windows\system32\mt\40c.sid
c:\windows\system32\mt\40c.spr
c:\windows\system32\mt\40cs.spr
c:\windows\system32\mt\40d.pal
c:\windows\system32\mt\40d.sid
c:\windows\system32\mt\40d.spr
c:\windows\system32\mt\40ds.spr
c:\windows\system32\mt\40e.pal
c:\windows\system32\mt\40e.sid
c:\windows\system32\mt\40e.spr
c:\windows\system32\mt\40es.spr
c:\windows\system32\mt\40f.pal
c:\windows\system32\mt\40f.sid
c:\windows\system32\mt\40f.spr
c:\windows\system32\mt\40fs.spr
c:\windows\system32\mt\50a.pal
c:\windows\system32\mt\50a.sid
c:\windows\system32\mt\50a.spr
c:\windows\system32\mt\50as.spr
c:\windows\system32\mt\50b.pal
c:\windows\system32\mt\50b.sid
c:\windows\system32\mt\50b.spr
c:\windows\system32\mt\50bs.spr
c:\windows\system32\mt\50c.pal
c:\windows\system32\mt\50c.sid
c:\windows\system32\mt\50c.spr
c:\windows\system32\mt\50cs.spr
c:\windows\system32\mt\50d.pal
c:\windows\system32\mt\50d.sid
c:\windows\system32\mt\50d.spr
c:\windows\system32\mt\50ds.spr
c:\windows\system32\mt\50e.pal
c:\windows\system32\mt\50e.sid
c:\windows\system32\mt\50e.spr
c:\windows\system32\mt\50es.spr
c:\windows\system32\mt\60b.pal
c:\windows\system32\mt\60b.sid
c:\windows\system32\mt\60b.spr
c:\windows\system32\mt\60bs.spr
c:\windows\system32\mt\70a.pal
c:\windows\system32\mt\70a.sid
c:\windows\system32\mt\70a.spr
c:\windows\system32\mt\70as.spr
c:\windows\system32\mt\bow.pal
c:\windows\system32\mt\bow.sid
c:\windows\system32\mt\bow.spr
c:\windows\system32\mt\bows.spr
c:\windows\system32\mt\droptree1.pal
c:\windows\system32\mt\droptree1.spr
c:\windows\system32\mt\droptree1s.pal
c:\windows\system32\mt\droptree1s.spr
c:\windows\system32\mt\droptree2.pal
c:\windows\system32\mt\droptree2.spr
c:\windows\system32\mt\droptree2s.pal
c:\windows\system32\mt\droptree2s.spr
c:\windows\system32\mt\h40a.pal
c:\windows\system32\mt\h40a.sid
c:\windows\system32\mt\h40a.spr
c:\windows\system32\mt\h40as.spr
c:\windows\system32\mt\m001.pal
c:\windows\system32\mt\m001.sid
c:\windows\system32\mt\m001.spr
c:\windows\system32\mt\m001s.spr
c:\windows\system32\mt\m002.pal
c:\windows\system32\mt\m002.sid
c:\windows\system32\mt\m002.spr
c:\windows\system32\mt\m002s.spr
c:\windows\system32\mt\m003.pal
c:\windows\system32\mt\m003.sid
c:\windows\system32\mt\m003.spr
c:\windows\system32\mt\m003s.spr
c:\windows\system32\mt\m004.pal
c:\windows\system32\mt\m004.sid
c:\windows\system32\mt\m004.spr
c:\windows\system32\mt\m004s.spr
c:\windows\system32\mt\m005.pal
c:\windows\system32\mt\m005.sid
c:\windows\system32\mt\m005.spr
c:\windows\system32\mt\m005s.spr
c:\windows\system32\mt\m006.pal
c:\windows\system32\mt\m006.sid
c:\windows\system32\mt\m006.spr
c:\windows\system32\mt\m006s.spr
c:\windows\system32\mt\m007.pal
c:\windows\system32\mt\m007.sid
c:\windows\system32\mt\m007.spr
c:\windows\system32\mt\m007s.spr
c:\windows\system32\mt\m008.pal
c:\windows\system32\mt\m008.sid
c:\windows\system32\mt\m008.spr
c:\windows\system32\mt\m008s.spr
c:\windows\system32\mt\m009.pal
c:\windows\system32\mt\m009.sid
c:\windows\system32\mt\m009.spr
c:\windows\system32\mt\m009s.spr
c:\windows\system32\mt\m010.pal
c:\windows\system32\mt\m010.sid
c:\windows\system32\mt\m010.spr
c:\windows\system32\mt\m010s.spr
c:\windows\system32\mt\m011.pal
c:\windows\system32\mt\m011.sid
c:\windows\system32\mt\m011.spr
c:\windows\system32\mt\m011s.spr
c:\windows\system32\mt\m012.pal
c:\windows\system32\mt\m012.sid
c:\windows\system32\mt\m012.spr
c:\windows\system32\mt\m012s.spr
c:\windows\system32\mt\m013.pal
c:\windows\system32\mt\m013.sid
c:\windows\system32\mt\m013.spr
c:\windows\system32\mt\m013s.spr
c:\windows\system32\mt\m014.pal
c:\windows\system32\mt\m014.sid
c:\windows\system32\mt\m014.spr
c:\windows\system32\mt\m014s.spr
c:\windows\system32\mt\s001.pal
c:\windows\system32\mt\s001.sid
c:\windows\system32\mt\s001.spr
c:\windows\system32\mt\s001h.pal
c:\windows\system32\mt\s001h.sid
c:\windows\system32\mt\s001h.spr
c:\windows\system32\mt\s001hs.spr
c:\windows\system32\mt\s001s.spr
c:\windows\system32\mt\s002.pal
c:\windows\system32\mt\s002.sid
c:\windows\system32\mt\s002.spr
c:\windows\system32\mt\s002s.spr
c:\windows\system32\mt\s003.pal
c:\windows\system32\mt\s003.sid
c:\windows\system32\mt\s003.spr
c:\windows\system32\mt\s003s.spr
c:\windows\system32\mt\s004.pal
c:\windows\system32\mt\s004.sid
c:\windows\system32\mt\s004.spr
c:\windows\system32\mt\s004s.spr
c:\windows\system32\mt\s005.pal
c:\windows\system32\mt\s005.sid
c:\windows\system32\mt\s005.spr
c:\windows\system32\mt\s005s.spr
c:\windows\system32\mt\s006.pal
c:\windows\system32\mt\s006.sid
c:\windows\system32\mt\s006.spr
c:\windows\system32\mt\s006s.spr
c:\windows\system32\mt\s007.pal
c:\windows\system32\mt\s007.sid
c:\windows\system32\mt\s007.spr
c:\windows\system32\mt\s007s.spr
c:\windows\system32\mt\s010.pal
c:\windows\system32\mt\s010.sid
c:\windows\system32\mt\s010.spr
c:\windows\system32\mt\s010_1.pal
c:\windows\system32\mt\s010_1.sid
c:\windows\system32\mt\s010_1.spr
c:\windows\system32\mt\s010s.spr
c:\windows\system32\mt\s011.pal
c:\windows\system32\mt\s011.sid
c:\windows\system32\mt\s011.spr
c:\windows\system32\mt\s011s.spr
c:\windows\system32\mt\sh001.pal
c:\windows\system32\mt\sh001.sid
c:\windows\system32\mt\sh001.spr
c:\windows\system32\mt\sh001s.spr
c:\windows\system32\mt\sm000.pal
c:\windows\system32\mt\sm000.sid
c:\windows\system32\mt\sm000.spr
c:\windows\system32\mt\sm000s.spr
c:\windows\system32\mt\sm001.pal
c:\windows\system32\mt\sm001.sid
c:\windows\system32\mt\sm001.spr
c:\windows\system32\mt\sm001s.spr
c:\windows\system32\mt\sm003.pal
c:\windows\system32\mt\sm003.sid
c:\windows\system32\mt\sm003.spr
c:\windows\system32\mt\sm003s.spr
c:\windows\system32\mt\sm032.pal
c:\windows\system32\mt\sm042.pal
c:\windows\system32\mt\ssan.pal
c:\windows\system32\mt\ssan.sid
c:\windows\system32\mt\ssan.spr
c:\windows\system32\mt\ssans.spr
c:\windows\tempf.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-20 01:05 . 2011-03-20 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-19 01:38 . 2011-03-19 01:39 -------- d-----w- c:\program files\ERUNT
2011-03-16 11:24 . 2011-03-16 11:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-16 11:13 . 2011-03-16 11:13 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-16 11:13 . 2011-03-16 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-03-16 04:48 . 2011-03-16 04:48 -------- d-----w- c:\documents and settings\Atleen\Application Data\Malwarebytes
2011-03-16 04:47 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 04:47 . 2011-03-16 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-16 04:47 . 2011-03-16 04:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-16 04:47 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 01:29 . 2011-03-15 01:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-03-14 04:50 . 2011-03-14 04:51 -------- d-----w- c:\documents and settings\Atleen\Application Data\DivX
2011-03-14 04:46 . 2011-03-17 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-03-11 02:53 . 2011-03-11 02:53 -------- d-----w- C:\83a029cfbab080c80b6da8b7
2011-03-08 11:39 . 2011-03-08 11:40 -------- d-----w- c:\windows\system32\Adobe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 06:22 . 2010-06-02 02:00 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-12 06:22 . 2010-06-02 02:00 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-12 06:22 . 2010-06-02 02:00 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-12 06:22 . 2010-06-04 18:55 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-12 06:22 . 2010-06-02 02:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-20 2548552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Atleen^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Atleen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Atleen^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
path=c:\documents and settings\Atleen\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-07-22 20:38 88361 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2003-09-29 06:22 36352 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-03-06 00:32 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-04 07:56 50176 ----a-w- c:\windows\eHome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 21:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 20:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-06-26 18:33 243248 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-05-25 00:21 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sHotKey]
2003-08-22 17:22 45056 ----a-w- c:\program files\Sony\sHotKey\SHOTKEY.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-11-03 19:55 1052672 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZZZ]
2004-03-24 17:40 147456 ----a-w- c:\windows\SONYSYS\Eflyer\EFlyer_Popup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"YahooAUService"=2 (0x2)
"SonicStageMonitoring"=2 (0x2)
"aawservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\PLDTPlay\\ServerScout\\ServerScout.exe"=
"c:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe"=
"c:\\Program Files\\Sony\\vaio media 3.0\\Vc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Sierra\\Counter-Strike\\svchost.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 27576]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [1/10/2007 10:39 PM 243584]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 11:28 AM 204800]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [6/8/2004 2:54 PM 86098]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [4/3/2005 6:08 PM 95232]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
.
Contents of the 'Scheduled Tasks' folder
.
2004-07-11 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
2004-07-16 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
2004-07-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Atleen\Application Data\Mozilla\Firefox\Profiles\j3uzqc9c.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 12:15
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3710816040-3839843654-1662050968-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\ehRec.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\HPZipm12.exe
c:\windows\system32\java.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-20 12:24:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-20 19:23
ComboFix2.txt 2010-06-12 04:32
.
Pre-Run: 96,088,223,744 bytes free
Post-Run: 94,411,616,256 bytes free
.
- - End Of File - - 557109B5D597B583E6D646DB0C822D2E
-
no problem, your welcome. Try running combofix now in "normal" mode. Also check malwarebytes for updates and scan with it to see if it digs up anything after you try combofix first.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules