andrew4336
Solid State Member
- Messages
- 11
combo fix part 2
Here is my malwarebytes log
Code:
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2/16/2008 2:13 PM 9344]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2/26/2008 3:45 AM 204800]
S2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 10:09 PM 11032]
S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2/16/2008 2:11 PM 812544]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2/26/2008 4:16 AM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2/26/2008 4:16 AM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2/26/2008 4:16 AM 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2/16/2008 3:18 PM 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2/16/2008 3:19 PM 79136]
S4 Kwanzy Service;Kwanzy Service;c:\programdata\Kwanzy\kwanzy133.exe [12/29/2009 7:22 PM 58720]
--- Other Services/Drivers In Memory ---
*Deregistered* - dpfljhoj
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2010-01-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
2010-01-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-23 17:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mwsu.edu/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Compare Prices with &Dealio - c:\users\G-ROD\AppData\LocalLow\Dealio\kb124\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\G-ROD\AppData\Roaming\Mozilla\Firefox\Profiles\rc86znq7.default\
FF - prefs.js: browser.startup.homepage - www.mwsu.edu
FF - component: c:\program files\Mozilla Firefox\components\ed5eb34c-89fe-bc32-a5a7-c145ed89c99a.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\G-ROD\AppData\Roaming\Mozilla\Firefox\Profiles\rc86znq7.default\extensions\{e45a0de0-b4de-11de-8a39-0800200c9a66}\components\wsff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 21:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpfljhoj]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-01 21:46:16
ComboFix-quarantined-files.txt 2010-01-02 03:46
ComboFix2.txt 2010-01-01 21:10
Pre-Run: 91,105,480,704 bytes free
Post-Run: 90,979,508,224 bytes free
- - End Of File - - 3D508B9DF77BB6511167A46992CCD721
Here is my malwarebytes log
Code:
Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000
1/1/2010 9:52:47 PM
mbam-log-2010-01-01 (21-52-41).txt
Scan type: Quick Scan
Objects scanned: 101882
Time elapsed: 4 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 38
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c22d9b1-6b13-42d9-b48e-7409dfe557bc} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c22d9b1-6b13-42d9-b48e-7409dfe557bc} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{fa8edcdd-efa2-477b-b00a-7f28f02cd37e} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c22d9b1-6b13-42d9-b48e-7409dfe557bc} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kwanzy (Adware.Kwanzy) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Kwanzy (Adware.Kwanzy) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kwanzy Service (Adware.Kwanzy) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Kwanzy (Adware.Kwanzy) -> No action taken.
C:\ProgramData\Kwanzy (Adware.Kwanzy) -> No action taken.
C:\Windows\System32\SysWoW32 (Worm.Archive) -> No action taken.
Files Infected:
C:\Windows\System32\d3d10_132.dll (Trojan.BHO.H) -> No action taken.
C:\Windows\System32\17C8.tmp (Trojan.Tracur) -> No action taken.
C:\Windows\System32\17E.tmp (Worm.P2P) -> No action taken.
C:\Windows\System32\8D9E.tmp (Trojan.Tracur) -> No action taken.
C:\Windows\System32\DBDD.tmp (Trojan.Agent) -> No action taken.
C:\Windows\System32\ddraw32.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\E33A.tmp (Trojan.Tracur) -> No action taken.
C:\Program Files\Kwanzy\kwanzy.dll (Adware.Kwanzy) -> No action taken.
C:\Program Files\Kwanzy\kwanzy.exe (Adware.Kwanzy) -> No action taken.
C:\Program Files\Kwanzy\uninstall.exe (Adware.Kwanzy) -> No action taken.
C:\ProgramData\Kwanzy\kwanzy133.exe (Adware.Kwanzy) -> No action taken.
C:\Windows\System32\SysWoW32\mi1186864659v4 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\mi1186864659v4.kwd (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\mi1186864659v6 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\mi1186864659v6.kwd (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\mi1186864659v7 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\mi1186864659v7.kwd (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\mu1186864659v5 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\mu1186864659v5.kwd (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\wu1186864659v0 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\wu1186864659v0.kwd (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\wu1186864659v1 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\wu1186864659v1.kwd (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\wu1186864659v2 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\wu1186864659v2.kwd (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\wu1186864659v3 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\wu1186864659v3.kwd (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\_i1186864659v5 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\_u1186864659v0 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\_u1186864659v1 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\_u1186864659v2 (Worm.Archive) -> No action taken.
C:\Windows\System32\SysWoW32\_u1186864659v3 (Worm.Archive) -> No action taken.
C:\Program Files\mozilla firefox\searchPlugins\kwanzy115.xml (Adware.Kwanzy) -> No action taken.
C:\Program Files\mozilla firefox\searchPlugins\kwanzy121.xml (Adware.Kwanzy) -> No action taken.
C:\Program Files\mozilla firefox\searchPlugins\kwanzy125.xml (Adware.Kwanzy) -> No action taken.
C:\Program Files\mozilla firefox\searchPlugins\kwanzy133.xml (Adware.Kwanzy) -> No action taken.
C:\Program Files\Mozilla Firefox\components\ed5eb34c-89fe-bc32-a5a7-c145ed89c99a.dll (Adware.Yoog) -> No action taken.
C:\Users\G-ROD\AppData\Roaming\fvgqad.dat (Malware.Trace) -> No action taken.