Jump to content

SolidRonin

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral
  1. SolidRonin
    Thanks for the help, and sorry for the delay. ...Civ 5.. ComboFix 11-04-27.02 - Eric 04/27/2011 21:54:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1521 [GMT -5:00] Running from: c:\documents and settings\Eric\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FW: NVIDIA Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Eric\Application Data\FFSJ c:\documents and settings\Eric\Application Data\FFSJ\FFSJ.cfg c:\documents and settings\Eric\Application Data\PriceGong c:\documents and settings\Eric\Application Data\PriceGong\Data\1.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\a.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\b.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\c.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\d.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\e.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\f.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\g.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\h.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\i.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\J.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\k.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\l.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\m.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\n.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\o.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\p.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\q.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\r.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\s.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\t.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\u.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\v.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\w.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\x.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\y.xml c:\documents and settings\Eric\Application Data\PriceGong\Data\z.xml c:\program files\Steam\Steam.exe C:\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 ))))))))))))))))))))))))))))))) . . 2011-04-23 03:47 . 2011-04-23 03:49 -------- d-----w- c:\program files\Registry Cleaner 2011-04-22 21:19 . 2011-04-22 21:19 -------- d-----w- c:\program files\Common Files\Steam 2011-04-22 21:19 . 2011-04-28 03:01 -------- d-----w- c:\program files\Steam 2011-04-22 05:32 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-04-22 05:26 . 2011-04-22 05:26 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2011-04-22 05:25 . 2007-12-28 05:43 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-04-22 05:25 . 2007-12-28 05:43 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-04-22 05:25 . 2007-12-27 23:49 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-04-22 05:25 . 2007-12-27 23:49 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-04-22 05:20 . 2011-04-22 05:20 -------- d-----w- c:\windows\system32\wbem\Repository 2011-04-22 05:17 . 2011-04-22 05:32 -------- d-----w- c:\program files\UnHackMe 2011-04-22 05:09 . 2011-04-22 05:09 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Procaster 2011-04-22 05:05 . 2011-04-22 05:07 -------- d-s---w- c:\documents and settings\Administrator 2011-04-03 02:12 . 2011-04-03 02:12 -------- d-----w- c:\program files\Sophos . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-18 17:25 . 2010-11-26 22:58 40112 ----a-w- c:\windows\avastSS.scr 2011-04-18 17:25 . 2010-11-26 22:58 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-04-18 17:17 . 2010-11-26 22:58 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-04-18 17:16 . 2010-11-26 22:58 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-04-18 17:16 . 2010-11-26 22:58 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-04-18 17:16 . 2010-11-26 22:58 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-04-18 17:13 . 2010-11-26 22:58 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-04-18 17:13 . 2010-11-26 22:58 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-04-18 17:12 . 2010-11-26 22:58 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-03-07 05:33 . 2010-11-25 01:58 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2007-12-27 21:43 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2007-12-27 16:41 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-03-02 23:19 . 2011-03-02 23:19 37600 ----a-w- c:\windows\system32\Partizan.exe 2011-03-02 23:19 . 2011-03-02 23:19 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2011-03-02 23:19 . 2011-03-02 23:19 2 --shatr- c:\windows\winstart.bat 2011-02-17 13:18 . 2007-12-27 16:29 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2007-12-27 16:27 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2010-11-25 02:22 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2007-12-27 21:40 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2007-12-27 21:43 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2007-12-27 21:43 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2007-12-27 21:43 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2007-04-03 05:44 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58 . 2010-11-25 01:57 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-29 03:17 . 2010-09-11 05:41 285480 ----a-w- c:\windows\system32\guard32.dll 2011-01-29 03:17 . 2010-09-11 05:40 94784 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-01-29 03:17 . 2010-09-11 05:40 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-01-29 03:17 . 2010-09-11 05:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-01-29 03:17 . 2010-09-11 05:40 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-02-20 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 18:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-02-20 21:59 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-02-20 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-02-20 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2011-01-18 594200] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848] "nwiz"="nwiz.exe" [2006-08-12 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-12 86016] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-30 266240] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912] "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-04-18 3460784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59038:TCP"= 59038:TCP:Pando Media Booster "59038:UDP"= 59038:UDP:Pando Media Booster . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/22/2011 12:32 AM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/26/2010 5:58 PM 307288] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/11/2010 12:40 AM 239368] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/11/2010 12:40 AM 27576] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/26/2010 5:58 PM 19544] S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [3/2/2011 6:19 PM 35816] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [4/22/2011 12:26 AM 24416] . --- Other Services/Drivers In Memory --- . *Deregistered* - UnHackMeDrv . Contents of the 'Scheduled Tasks' folder . 2010-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157 LSP: %SYSTEMROOT%\system32\nvappfilter.dll FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\o7ph09ff.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Steam - c:\program files\Steam\steam.exe HKCU-Run-ares - c:\program files\Ares\Ares.exe AddRemove-Steam App 8930 - c:\program files\Steam\steam.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-27 22:03 Windows 5.1.2600 Service Pack 3, v.6055 NTFS . detected NTDLL code modification: ZwClose, ZwOpenFile . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(836) c:\windows\system32\guard32.dll c:\windows\system32\nvappfilter.dll . Completion time: 2011-04-27 22:07:28 ComboFix-quarantined-files.txt 2011-04-28 03:07 . Pre-Run: 28,319,895,552 bytes free Post-Run: 28,301,103,104 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - 70AFC57029A6D345305CB6894360F925
  2. SolidRonin
    as you can guess my problem is with "winstart.bat". Just doing what I was told, If I'm missing a step I'm very sorry. DDS (Ver_11-03-05.01) - NTFSx86 Run by Eric at 23:30:04.46 on Fri 04/22/2011 Internet Explorer: 6.0.2900.3282 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1227 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: NVIDIA Firewall *Disabled* FW: COMODO Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\vVX1000.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Steam\Steam.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Eric\My Documents\Downloads\Defogger.exe C:\Documents and Settings\Eric\My Documents\Downloads\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157 uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo0.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo0.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll uRun: [unHackMe Monitor] c:\program files\unhackme\hackmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [steam] "c:\program files\steam\steam.exe" -silent mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [VX1000] c:\windows\vVX1000.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\o7ph09ff.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-22 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-26 307288] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 239368] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-11 27576] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-26 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-26 42184] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-11 1803224] S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-3-2 35816] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-4-22 24416] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-04-18 17:25:12 40112 ----a-w- c:\windows\avastSS.scr 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-03-02 23:19:05 37600 ----a-w- c:\windows\system32\Partizan.exe 2011-03-02 23:19:05 2 --shatr- c:\windows\winstart.bat 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-29 03:17:46 285480 ----a-w- c:\windows\system32\guard32.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe . ============= FINISH: 23:41:14.64 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.