[RESOLVED] Recurring (and Harmful??) Malware and Spyware infections ?

**slickcondo** · June 21st, 2012, 08:48 PM

Here is the ComboFix text log. Does this mean the system is now free from any infection ? Thanks.

ComboFix 12-06-21.02 - Richard 06/22/2012 1:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1165 [GMT 1:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Richard\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Richard\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\Richard\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Richard\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Richard\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Richard\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Richard\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Richard\Application Data\PriceGong
c:\documents and settings\Richard\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Richard\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Richard\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Richard\Application Data\Toolbar4
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0b64ffa009d9e3d1236fb2b575bd953d
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0d53f0a9a42a5167b78657f1fc9488f1
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1df1df47b49e8b3090bc211048795c5a
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2f51f062108c7f20a67770bbdf546004
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\31dca3ca44f44956ffde9959067d1093
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\521788680d3595d05d274f3713057765
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\593abe4ad021a7ca3002ccb2dca1969d
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7afabe4e3af1a66103f629a38d90558a
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\Richard\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9fc2051aee76f9ef060973477300788d
c:\windows\ST6UNST.000
c:\windows\system32\Thumbs.db
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIAGNOSTICSCAN
-------\Legacy_RKHIT
-------\Legacy_START1DRIVER
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-21 21:07 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-21 21:07 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-21 21:07 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-21 21:07 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-21 21:07 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-21 21:07 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-21 21:07 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-21 20:55 . 2012-06-21 21:00 -------- d-----w- c:\program files\Google
2012-06-21 20:55 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-21 20:55 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-21 20:55 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-21 20:54 . 2012-06-21 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-06-21 20:54 . 2012-06-21 20:54 -------- d-----w- c:\program files\AVAST Software
2012-06-20 21:01 . 2012-06-20 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-06-20 18:31 . 2012-06-20 18:31 -------- d-----w- c:\program files\MSXML 4.0
2012-06-20 15:18 . 2012-06-20 15:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-06-18 17:20 . 2005-09-23 07:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-06-18 16:31 . 2012-06-18 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-06-18 14:11 . 2012-06-18 14:11 -------- d-----w- c:\documents and settings\Richard\AppData
2012-06-17 15:09 . 2012-06-20 15:07 -------- d-----w- c:\documents and settings\Richard\Application Data\AVG LiveKive
2012-06-17 15:09 . 2012-06-17 15:09 -------- d-----w- c:\program files\AVG LiveKive
2012-06-17 12:29 . 2012-06-21 10:12 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-17 12:29 . 2012-06-20 08:21 -------- d-----w- c:\program files\AVG
2012-06-17 10:33 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-16 12:42 . 2012-06-17 09:58 -------- d-----w- c:\program files\CamStudio
2012-06-13 20:37 . 2012-06-13 20:37 -------- d-----w- C:\$AVG
2012-06-13 17:31 . 2012-06-13 17:31 4608 ----a-w- c:\windows\system32\bbchlp.dll
2012-06-13 17:31 . 2012-06-13 17:31 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2012-06-13 17:31 . 2012-06-13 17:31 30720 ----a-w- c:\windows\system32\bbcap.dll
2012-06-13 17:30 . 2012-06-13 17:30 -------- d-----w- c:\program files\Common Files\Blueberry Software
2012-06-13 17:30 . 2012-06-13 17:30 -------- d-----w- c:\program files\Blueberry Software
2012-06-13 17:05 . 2012-06-13 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-13 12:02 . 2012-06-13 12:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-13 12:02 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 12:50 . 2012-06-12 12:50 -------- d-----w- c:\program files\NoVirusThanks
2012-06-12 12:40 . 2012-06-12 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-06-10 21:19 . 2012-06-10 21:19 -------- d-----w- c:\program files\BBC iPlayer Desktop
2012-06-07 11:30 . 2012-06-07 11:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-07 11:30 . 2012-06-07 11:30 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-06-07 11:30 . 2012-06-07 11:30 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-06-07 11:30 . 2012-06-07 11:30 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-07 11:30 . 2012-06-07 11:30 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-07 11:30 . 2012-06-07 11:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-06-07 11:30 . 2012-06-07 11:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-06-07 11:30 . 2012-06-07 11:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-06-06 15:02 . 2009-08-11 20:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2012-06-06 15:02 . 2012-06-06 15:43 -------- d-----w- c:\program files\AC3Filter
2012-06-06 14:20 . 2012-06-06 14:20 -------- d-----w- c:\documents and settings\Richard\Application Data\ElevatedDiagnostics
2012-06-06 13:23 . 2012-06-06 13:23 -------- d-----w- c:\program files\Apple Software Update
2012-06-06 13:13 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-06 13:13 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-06 13:13 . 2012-06-06 13:13 -------- d-----w- c:\program files\iPod
2012-06-06 13:12 . 2012-06-06 13:13 -------- d-----w- c:\program files\iTunes
2012-06-06 13:12 . 2012-06-06 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2012-06-06 13:11 . 2012-06-06 13:12 -------- d-----w- c:\program files\Common Files\Apple
2012-06-05 18:02 . 2012-06-05 18:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-06-05 12:12 . 2012-06-06 02:24 -------- d-----w- c:\program files\DivX
2012-06-05 12:06 . 2012-06-16 16:37 -------- d-----w- c:\program files\CamStudio 2.6b
2012-06-05 11:59 . 2011-09-25 10:33 216064 ----a-w- c:\windows\system32\lagarith.dll
2012-06-05 11:59 . 2011-07-16 15:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-06-05 11:59 . 2011-06-24 15:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-05 11:59 . 2011-06-24 15:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-05 11:59 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-06-05 11:59 . 2006-04-02 13:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2012-06-05 11:59 . 2011-11-23 18:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2012-06-05 11:59 . 2012-06-06 15:42 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-05-30 12:59 . 2012-05-30 12:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-29 15:23 . 2012-05-29 15:23 -------- d-----w- c:\program files\Qmax Webcam
2012-05-29 15:23 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-05-29 15:23 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-05-29 15:23 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-05-29 15:23 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-05-29 15:23 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-05-29 15:23 . 2012-05-29 15:23 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-05-29 15:23 . 2012-05-29 15:23 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-05-28 11:42 . 2012-05-28 11:42 -------- d-----w- c:\program files\7-Zip
2012-05-27 17:24 . 2010-10-23 23:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-05-23 18:20 . 2012-05-23 18:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\Fighters
2012-05-23 18:19 . 2012-05-23 18:20 -------- d-----w- c:\program files\Common Files\Common Toolkit Suite
2012-05-23 18:19 . 2012-05-23 18:19 -------- d-----w- c:\program files\Fighters
2012-05-23 18:19 . 2012-05-23 18:20 -------- d-----w- c:\documents and settings\Richard\Application Data\Fighters
2012-05-23 18:18 . 2012-05-23 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 21:51 . 2012-03-31 03:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 21:51 . 2011-07-12 11:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 14:19 . 2011-07-09 03:28 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2011-07-09 03:28 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2011-07-08 22:30 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2011-07-08 22:30 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2011-07-08 22:30 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2011-07-09 03:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2011-07-09 03:28 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2011-07-08 22:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2011-07-08 22:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2011-07-09 03:28 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2011-07-08 22:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2011-07-08 22:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2011-07-10 08:12 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2011-07-10 08:12 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:18 . 2011-07-10 08:12 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-19 23:09 . 2011-07-09 02:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-19 23:09 . 2011-07-09 02:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-15 15:39 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-07-08 22:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46 . 2012-05-19 21:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-07 11:30 . 2011-07-09 16:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2011-05-09 08:49 176936 ----a-w- c:\program files\ZoneAlarm\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-05 22:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-05 22:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-19 73360]
"Magitime"="c:\program files\Magitime\magitime.exe" [2011-07-09 659456]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-08-31 503808]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
"s***ent"="c:\program files\Fighters\SPAMfighter\s***ent.exe" [2012-03-15 1197704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-08 8491008]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-19 296056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\documents and settings\Richard\Start Menu\Programs\Startup\
FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2007-2-13 1111552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SysRestorePoint.exe [2002-11-10 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-05 22:03 90112 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-05-16 19:50 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe"
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"ISBMgr.exe"=c:\program files\Sony\ISB Utility\ISBMgr.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IFXSPMGT"=c:\windows\system32\ifxspmgt.exe /NotifyLogon
"CommonToolkitTray"=c:\program files\Fighters\Tray\FightersTray.exe
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"IgfxTray"=c:\windows\system32\igfxtray.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe"
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [7/1/2011 12:55 PM 16024]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/9/2011 12:45 AM 9216]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [7/31/2011 2:58 PM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [7/31/2011 2:58 PM 83392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/21/2012 10:07 PM 337880]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [9/19/2007 4:57 PM 38816]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 3:44 PM 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 3:44 PM 497280]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 10:23 PM 35088]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5/30/2012 1:56 PM 3048136]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [3/15/2012 11:43 AM 215688]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [1/23/2012 1:40 PM 1324680]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [3/25/2011 11:27 PM 70768]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [3/25/2011 10:27 PM 539248]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 10:41 AM 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/8/2010 10:45 AM 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/8/2010 10:44 AM 484352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [6/13/2012 6:31 PM 4096]
R3 DCamUSBTP10;Qmax Webcam;c:\windows\system32\drivers\TP6810.SYS [7/9/2011 9:12 AM 241704]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/30/2008 12:05 AM 31896]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/9/2011 12:47 AM 41216]
R3 Ndisusb;GeneLink Network Driver;c:\windows\system32\drivers\genelan.sys [7/9/2011 10:43 AM 11328]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [9/19/2007 1:53 AM 31104]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/9/2011 12:21 AM 71961]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [7/9/2011 9:04 AM 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [7/9/2011 9:04 AM 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [7/9/2011 9:04 AM 40320]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/9/2011 12:18 AM 812544]
R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [12/27/2006 3:47 PM 9006]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/2/2011 9:27 PM 11520]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/21/2012 10:07 PM 612184]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 2:30 PM 158856]
S3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870UVCx86.sys [7/9/2011 12:48 AM 70144]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [12/28/2011 11:47 AM 16640]
S3 cpuz134;cpuz134;\??\c:\docume~1\Richard\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Richard\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [12/24/2011 2:50 AM 23608]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [12/24/2011 2:50 AM 5688]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [12/25/2011 11:25 AM 23608]
S3 DrmRVideo;DrmRVideo;c:\windows\system32\drivers\DrmRVideo.sys [12/25/2011 11:25 AM 5688]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/7/2012 12:30 PM 129976]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 1:00 PM 14336]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [7/1/2011 12:55 PM 45208]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [7/1/2011 12:56 PM 12952]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/2/2011 5:31 PM 27064]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [12/16/2011 5:59 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [12/16/2011 5:59 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [12/16/2011 5:59 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [12/16/2011 5:59 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [12/16/2011 5:59 PM 25704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1682526488-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-06-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1682526488-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{7837375B-6BC4-4847-A79A-1EC6553041BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.piriform.com/recuva/update?v=1.39.509&l=1033
uInternet Settings,ProxyOverride = *.local
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 87.194.255.155
DPF: {C0F454A0-6020-488D-A48E-84B92E60DEE8} - hxxp://www.keepandshare.com/imageuploader7.0.28/ImageUploader7.cab
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\fmlox6ue.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=2&q=
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm_i.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN22813516850814-1001&toolbarId=base&affiliateId=1603&Lan=en&utid=1c563e96000000000000003ed8c4d01c
FF - user.js: extensions.zonealarm.hpOld -
FF - user.js: extensions.zonealarm.hpNew - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN22813516850814-1001&toolbarId=base&affiliateId=1603&Lan=en&utid=1c563e96000000000000003ed8c4d01c
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN22813516850814-1001&toolbarId=base&affiliateId=1603&Lan=en&utid=1c563e96000000000000003ed8c4d01c
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN22813516850814-1001&toolbarId=base&affiliateId=1603&Lan={dfltLng}&utid=1c563e96000000000000003ed8c4d01c&q=
FF - user.js: extensions.zonealarm.id - 1c563e96000000000000003ed8c4d01c
FF - user.js: extensions.zonealarm.instlDay - 15466
FF - user.js: extensions.zonealarm.vrsn - 1.5.23.8
FF - user.js: extensions.zonealarm.vrsni - 1.5.23.8
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.23.810:35
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1603
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN22813516850814-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - true
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.id - 1c563e96000000000000003ed8c4d01c
FF - user.js: extensions.BabylonToolbar_i.hardId - 1c563e96000000000000003ed8c4d01c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15478
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:29
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=100512_2_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 01:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-1682526488-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1320)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1376)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Protector Suite QL\remote.dll
.
- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Thomson\ST330\service\st330service.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ifxspmgt.exe
c:\windows\system32\IFXTCS.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-22 01:33:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 00:33
.
Pre-Run: 85,326,434,304 bytes free
Post-Run: 85,393,498,112 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 474175B99AE4A20C42BD833899ECA0E6

Thread: [RESOLVED] Recurring (and Harmful??) Malware and Spyware infections ?

Thread Tools

Search Thread

Display

Threaded View

Thread Information

Users Browsing this Thread

Posting Permissions