hjt log 05/10

Status
Not open for further replies.
here is the updated mbam
also i saw the combo fix log.
would you still like me to repost?
 

Attachments

  • mbam-log-2010-05-20 (02-41-41).txt
    2 KB · Views: 38
ComboFix 10-05-10.03 - cypher 05/20/2010 21:31:38.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1456 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-18 19:25 . 2010-05-18 19:25 6185 ----a-w- C:\ComboFix.zip
2010-05-11 14:51 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-11 14:51 . 2010-05-20 08:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 14:51 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-11 09:40 . 2010-05-11 09:40 3839 ----a-w- c:\windows\system32\launchhh.bat
2010-05-11 09:38 . 2010-05-11 09:38 142 ----a-w- c:\windows\system32\launchhh.vbs
2010-05-10 06:12 . 2010-05-10 06:12 388096 ----a-r- c:\documents and settings\Alex Aiken\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 23:34 . 2007-04-24 19:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-20 23:34 . 2007-04-11 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-18 22:12 . 2009-03-25 05:45 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\DC++
2010-05-18 15:00 . 2007-01-17 21:22 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-18 06:37 . 2007-01-17 21:11 -------- d-----w- c:\program files\Google
2010-05-17 07:52 . 2010-03-11 05:06 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\vlc
2010-05-09 04:00 . 2008-04-21 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-07 09:24 . 2007-08-01 07:47 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\LimeWire
2010-05-07 09:19 . 2007-10-03 03:17 -------- d-----w- c:\program files\Incomplete
2010-05-07 09:19 . 2007-08-01 07:47 -------- d-----w- c:\program files\LimeWire
2010-05-06 15:36 . 2009-10-03 06:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 04:09 . 2008-04-21 19:13 -------- d-----w- c:\program files\CCleaner
2010-04-26 03:44 . 2007-11-11 05:31 181096 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Mozilla\Firefox\Profiles\fjm71paq.default\FlashGot.exe
2010-04-21 05:36 . 2008-07-31 22:01 -------- d-----w- c:\program files\Defraggler
2010-04-07 05:56 . 2010-04-07 05:56 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\Unity
2010-04-05 05:18 . 2010-01-08 00:58 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\dvdcss
2010-04-01 05:31 . 2008-06-05 07:35 -------- d-----w- c:\program files\DC++
2010-03-26 07:15 . 2006-09-17 14:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 07:15 . 2010-03-26 07:15 503808 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e48ee5-n\msvcp71.dll
2010-03-26 07:15 . 2010-03-26 07:15 499712 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e48ee5-n\jmc.dll
2010-03-26 07:15 . 2010-03-26 07:15 348160 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e48ee5-n\msvcr71.dll
2010-03-26 07:15 . 2010-03-26 07:15 61440 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-73667d68-n\decora-sse.dll
2010-03-26 07:15 . 2010-03-26 07:15 12800 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-73667d68-n\decora-d3d.dll
2010-03-26 07:14 . 2010-03-26 07:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-26 07:14 . 2006-09-17 14:16 -------- d-----w- c:\program files\Java
2010-03-22 08:31 . 2010-03-11 04:21 -------- d-----w- c:\program files\World of Warcraft Trial
2010-03-11 12:38 . 2006-03-16 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-03-16 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-03-16 04:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 07:14 . 2010-02-25 07:14 10134 ----a-r- c:\documents and settings\Alex Aiken\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-02-24 13:11 . 2005-01-19 12:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 21:06 . 2010-02-21 21:02 60696384 ----a-w- c:\documents and settings\All Users\Application Data\Sony Corporation\AutoUpdateClient\CT\ContentTransferSetup.exe
2007-09-17 17:28 . 2007-09-17 17:27 2293712 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-09-17 17:22 . 2007-09-17 17:22 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-11_10.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-20 23:22 . 2010-05-20 23:22 16384 c:\windows\temp\Perflib_Perfdata_a28.dat
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ARPPRODUCTICON.exe
+ 2006-03-16 04:00 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2006-03-16 04:00 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2008-08-14 00:19 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-14 00:19 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2009-08-12 04:35 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-12 04:35 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-05-18 06:38 . 2010-05-18 06:38 1235968 c:\windows\Installer\34ce12.msi
+ 2007-01-19 20:23 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 18:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-21 2046816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-02-03 54536]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 04:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Vongo Service"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"SPTISRV"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6346:UDP"= 6346:UDP:shareaza
"17804:TCP"= 17804:TCP:BitComet 17804 TCP
"17804:UDP"= 17804:UDP:BitComet 17804 UDP
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/21/2008 3:53 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/21/2008 3:53 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/21/2008 3:53 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/11/2009 10:45 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [5/1/2009 10:52 AM 1370488]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [12/9/2007 9:05 PM 16400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/31/2008 12:50 PM 29208]
R3 bcm;Beceem Communications Inc. Tarang3;c:\windows\system32\drivers\drxvi314.sys [1/31/2010 2:16 AM 233472]
R3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\system32\drivers\BcmBusCtr.sys [1/31/2010 2:16 AM 54784]
S2 EraserThread;Eraser Service; [x]
S2 gupdate1c9d9048fcab394;Google Update Service (gupdate1c9d9048fcab394);c:\program files\Google\Update\GoogleUpdate.exe [5/19/2009 11:36 PM 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/31/2008 12:50 PM 29208]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [1/27/2009 2:40 PM 111880]
S3 Mupudisk;Mupudisk; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 04:36]

2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 04:36]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Alex Aiken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-28 01:14]

2010-05-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-04-05 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-01 14:02]

2007-07-30 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-01 14:02]

2008-03-12 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-10-01 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = about:blank
FF - ProfilePath - c:\documents and settings\Alex Aiken\Application Data\Mozilla\Firefox\Profiles\fjm71paq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - fastdial
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.http_port - 6588
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Alex Aiken\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\Alex Aiken\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-20 21:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1244573018-187535642-320283950-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-20 21:37:14
ComboFix-quarantined-files.txt 2010-05-21 02:37
ComboFix2.txt 2010-05-18 19:18
ComboFix3.txt 2010-05-11 10:57
ComboFix4.txt 2010-05-11 10:14

Pre-Run: 32,537,743,360 bytes free
Post-Run: 32,494,653,440 bytes free

- - End Of File - - 6E4ED7BC16A019BAD69376F4924BD7FD
 
ComboFix 10-05-21.04 - cypher 05/21/2010 23:39:39.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1367 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.

2010-05-22 04:17 . 2010-05-22 04:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-22 04:17 . 2010-05-22 04:17 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\skypePM
2010-05-22 04:17 . 2010-05-22 04:20 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\Skype
2010-05-22 04:17 . 2010-05-22 04:17 -------- d-----w- c:\program files\Common Files\Skype
2010-05-22 04:17 . 2010-05-22 04:17 -------- d-----r- c:\program files\Skype
2010-05-22 04:16 . 2010-05-22 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-18 19:25 . 2010-05-18 19:25 6185 ----a-w- C:\ComboFix.zip
2010-05-11 14:51 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-11 14:51 . 2010-05-20 08:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 14:51 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-11 09:40 . 2010-05-11 09:40 3839 ----a-w- c:\windows\system32\launchhh.bat
2010-05-11 09:38 . 2010-05-11 09:38 142 ----a-w- c:\windows\system32\launchhh.vbs
2010-05-10 06:12 . 2010-05-10 06:12 388096 ----a-r- c:\documents and settings\Alex Aiken\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 04:31 . 2009-10-06 22:33 -------- d-----w- c:\program files\Recuva
2010-05-22 04:17 . 2007-04-24 19:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-21 04:18 . 2009-03-25 05:45 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\DC++
2010-05-21 03:44 . 2010-03-11 05:06 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\vlc
2010-05-20 23:34 . 2007-04-11 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-18 15:00 . 2007-01-17 21:22 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-18 06:37 . 2007-01-17 21:11 -------- d-----w- c:\program files\Google
2010-05-12 16:21 . 2009-10-03 06:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-09 04:00 . 2008-04-21 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-07 09:24 . 2007-08-01 07:47 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\LimeWire
2010-05-07 09:19 . 2007-10-03 03:17 -------- d-----w- c:\program files\Incomplete
2010-05-07 09:19 . 2007-08-01 07:47 -------- d-----w- c:\program files\LimeWire
2010-05-03 04:09 . 2008-04-21 19:13 -------- d-----w- c:\program files\CCleaner
2010-04-26 03:44 . 2007-11-11 05:31 181096 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Mozilla\Firefox\Profiles\fjm71paq.default\FlashGot.exe
2010-04-21 05:36 . 2008-07-31 22:01 -------- d-----w- c:\program files\Defraggler
2010-04-07 05:56 . 2010-04-07 05:56 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\Unity
2010-04-05 05:18 . 2010-01-08 00:58 -------- d-----w- c:\documents and settings\Alex Aiken\Application Data\dvdcss
2010-04-01 05:31 . 2008-06-05 07:35 -------- d-----w- c:\program files\DC++
2010-03-26 07:15 . 2006-09-17 14:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 07:15 . 2010-03-26 07:15 503808 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e48ee5-n\msvcp71.dll
2010-03-26 07:15 . 2010-03-26 07:15 499712 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e48ee5-n\jmc.dll
2010-03-26 07:15 . 2010-03-26 07:15 348160 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e48ee5-n\msvcr71.dll
2010-03-26 07:15 . 2010-03-26 07:15 61440 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-73667d68-n\decora-sse.dll
2010-03-26 07:15 . 2010-03-26 07:15 12800 ----a-w- c:\documents and settings\Alex Aiken\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-73667d68-n\decora-d3d.dll
2010-03-26 07:14 . 2010-03-26 07:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-26 07:14 . 2006-09-17 14:16 -------- d-----w- c:\program files\Java
2010-03-11 12:38 . 2006-03-16 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-03-16 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-03-16 04:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 07:14 . 2010-02-25 07:14 10134 ----a-r- c:\documents and settings\Alex Aiken\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-02-24 13:11 . 2005-01-19 12:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 21:06 . 2010-02-21 21:02 60696384 ----a-w- c:\documents and settings\All Users\Application Data\Sony Corporation\AutoUpdateClient\CT\ContentTransferSetup.exe
2007-09-17 17:28 . 2007-09-17 17:27 2293712 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-09-17 17:22 . 2007-09-17 17:22 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-11_10.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-22 03:59 . 2010-05-22 03:59 16384 c:\windows\temp\Perflib_Perfdata_858.dat
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-05-18 06:38 . 2010-05-18 06:38 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ARPPRODUCTICON.exe
+ 2006-03-16 04:00 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2006-03-16 04:00 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
- 2008-08-14 00:19 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-08-14 00:19 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-05-22 04:17 . 2010-05-22 04:17 700416 c:\windows\Installer\119288.msi
+ 2010-05-22 04:17 . 2010-05-22 04:17 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2009-08-12 04:35 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-12 04:35 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-05-18 06:38 . 2010-05-18 06:38 1235968 c:\windows\Installer\34ce12.msi
+ 2010-05-22 04:17 . 2010-05-22 04:17 1575936 c:\windows\Installer\119280.msi
+ 2007-01-19 20:23 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 18:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-21 2046816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-02-03 54536]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 04:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Vongo Service"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"SPTISRV"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6346:UDP"= 6346:UDP:shareaza
"17804:TCP"= 17804:TCP:BitComet 17804 TCP
"17804:UDP"= 17804:UDP:BitComet 17804 UDP
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/21/2008 3:53 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/21/2008 3:53 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/21/2008 3:53 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/11/2009 10:45 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [5/1/2009 10:52 AM 1370488]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [12/9/2007 9:05 PM 16400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/31/2008 12:50 PM 29208]
R3 bcm;Beceem Communications Inc. Tarang3;c:\windows\system32\drivers\drxvi314.sys [1/31/2010 2:16 AM 233472]
R3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\system32\drivers\BcmBusCtr.sys [1/31/2010 2:16 AM 54784]
S2 EraserThread;Eraser Service; [x]
S2 gupdate1c9d9048fcab394;Google Update Service (gupdate1c9d9048fcab394);c:\program files\Google\Update\GoogleUpdate.exe [5/19/2009 11:36 PM 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/31/2008 12:50 PM 29208]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [1/27/2009 2:40 PM 111880]
S3 Mupudisk;Mupudisk; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 04:36]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 04:36]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Alex Aiken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-28 01:14]

2010-05-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-04-05 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-01 14:02]

2007-07-30 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-01 14:02]

2008-03-12 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-10-01 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = about:blank
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Alex Aiken\Application Data\Mozilla\Firefox\Profiles\fjm71paq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - fastdial
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.http_port - 6588
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Alex Aiken\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\Alex Aiken\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1244573018-187535642-320283950-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-21 23:51:50
ComboFix-quarantined-files.txt 2010-05-22 04:51
ComboFix2.txt 2010-05-21 02:37
ComboFix3.txt 2010-05-18 19:18
ComboFix4.txt 2010-05-11 10:57
ComboFix5.txt 2010-05-22 04:37

Pre-Run: 32,233,488,384 bytes free
Post-Run: 32,263,946,240 bytes free

- - End Of File - - C0E11DBCE2146CDB1B3887E49CAF77BA

ill get it right one day haha
 
So it looks like the first time you ran combofix, it removed a lot of garbage. This run it found nothing.

When you run malwarebytes does it find anything?
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
3K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom