Combofix Log HELP
ComboFix log
Hello everyone,
Can someone please, help me with instructions on what I have to do next to clean my computer, because I don't understand much in the log generated by ComboFix and what to do if anything
Also, I only found the thread "WARNING: Do NOT run ComboFix" after I had already run the program.
ComboFix 11-12-12.02 - Victor Markiewicz 12/12/2011 16:37:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.243 [GMT -5:00]
Running from: c:\documents and settings\Victor Markiewicz\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Victor Markiewicz\WINDOWS
c:\windows\isRS-000.tmp
c:\windows\iun6002.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 18:38 . 2011-12-12 18:38
d
w- C:\Assist.temp
2011-12-12 18:32 . 2011-12-12 18:32
d
w- c:\program files\VS Revo Group
2011-12-12 17:36 . 2011-12-12 17:46
d
w- C:\Power.temp
2011-12-12 17:33 . 2011-12-12 19:32
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-12 17:33 . 2011-12-12 18:16
d
w- c:\program files\Spybot - Search & Destroy
2011-12-12 05:18 . 2011-12-12 05:18
d
w- c:\program files\Microsoft.NET
2011-12-09 00:29 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-12-09 00:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-08 23:56 . 2011-12-12 07:46
d
w- c:\program files\uTorrent
2011-12-05 08:25 . 2011-12-04 23:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-04 23:34 . 2011-12-04 23:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-04 23:31 . 2011-12-04 23:31
d
w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-12-04 23:31 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-04 23:30 . 2011-12-04 23:30
d
w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-12-04 23:30 . 2011-12-04 23:30
d
w- c:\program files\Lavasoft
2011-12-04 16:32 . 2011-12-04 16:32
d
w- C:\DVD-RAM.temp
2011-12-04 16:21 . 2011-12-04 16:21
d
w- C:\Hotkey.temp
2011-12-04 05:17 . 2011-12-04 05:17
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-04 05:16 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 05:16 . 2011-12-04 05:17
d
w- c:\program files\Malwarebytes' Anti-Malware
2011-12-01 02:42 . 2011-12-03 19:23
d
w- c:\program files\Unlocker
2011-11-27 17:50 . 2011-11-27 17:50
d
w- c:\windows\Hewlett-Packard
2011-11-26 07:09 . 2011-11-26 07:09
d
w- c:\program files\MSBuild
2011-11-26 07:07 . 2011-11-26 07:07
d
w- c:\program files\Microsoft Sync Framework
2011-11-26 07:07 . 2011-11-26 07:07
d
w- c:\documents and settings\All Users\Microsoft
2011-11-26 07:03 . 2011-11-26 07:03
d
w- c:\program files\Microsoft Analysis Services
2011-11-26 07:03 . 2011-11-26 07:08
d
w- c:\windows\SHELLNEW
2011-11-26 07:01 . 2011-11-26 18:08
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-11-26 07:00 . 2011-11-26 07:00
d
r- C:\MSOCache
2011-11-25 20:26 . 2011-11-25 20:26
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-25 20:20 . 2011-12-12 04:29
d
w- c:\program files\SpywareBlaster
2011-11-25 20:07 . 2011-12-07 19:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 19:58 . 2011-12-04 16:29
d
w- C:\Temp
2011-11-25 19:45 . 2011-11-25 19:45
d
w- c:\program files\Common Files\Nikon
2011-11-25 19:33 . 2011-11-25 19:33
d
w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-11-25 19:31 . 2011-11-25 19:33
d
w- c:\documents and settings\All Users\Application Data\HP
2011-11-25 19:29 . 2011-11-25 19:29
d
w- c:\program files\Common Files\HP
2011-11-25 19:29 . 2011-11-25 19:29
d
w- c:\program files\Common Files\Hewlett-Packard
2011-11-25 19:29 . 2011-11-25 19:29
d
w- c:\program files\Hewlett-Packard
2011-11-25 19:28 . 2007-01-17 16:37 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-11-25 19:28 . 2007-01-17 16:37 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-11-25 19:28 . 2011-11-25 19:28
d
w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2011-11-25 19:28 . 2007-11-06 00:06 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2011-11-25 19:28 . 2007-11-06 00:07 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2011-11-25 19:28 . 2007-11-07 02:10 271704 ----a-r- c:\windows\system32\hpzids01.dll
2011-11-25 19:27 . 2007-01-17 16:37 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-11-25 19:27 . 2007-10-31 10:35 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2011-11-25 19:27 . 2007-10-31 10:35 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2011-11-25 19:27 . 2007-01-17 16:37 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2011-11-25 19:27 . 2007-01-17 16:37 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-11-25 19:27 . 2007-01-17 16:31 294912 ----a-r- c:\windows\system32\hpovst11.dll
2011-11-25 19:25 . 2011-12-04 23:31
dc----w- c:\windows\system32\DRVSTORE
2011-11-25 19:25 . 2007-11-07 02:04 1373528 ----a-r- c:\windows\hpzshl01.exe
2011-11-25 19:25 . 2007-11-07 02:15 1140056 ----a-r- c:\windows\hpzmsi01.exe
2011-11-25 19:25 . 2011-11-25 19:25
d
w- c:\windows\yellowtail
2011-11-25 19:24 . 2011-11-25 19:39
d
w- c:\program files\HP
2011-11-25 19:24 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-11-25 19:24 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-11-25 19:24 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-25 19:24 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-25 19:24 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-11-25 19:24 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-11-25 17:39 . 2011-11-25 17:39
d
w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-11-25 17:27 . 2011-11-25 17:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-25 17:27 . 2011-11-25 17:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-25 17:25 . 2011-11-25 17:25
d
w- c:\program files\Adobe Media Player
2011-11-25 17:22 . 2011-11-25 17:22
d
w- c:\program files\Common Files\Adobe AIR
2011-11-25 17:11 . 2011-11-25 17:12
d
w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-11-25 17:10 . 2011-11-25 17:11
d
w- c:\program files\Yahoo!
2011-11-25 17:09 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-11-25 17:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-11-25 17:07 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-11-25 17:06 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-11-25 17:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-25 17:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-11-25 17:02 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-25 17:01 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-11-25 04:39 . 2011-11-25 04:39
d
w- c:\windows\system32\scripting
2011-11-25 04:39 . 2011-11-25 04:39
d
w- c:\windows\l2schemas
2011-11-25 04:39 . 2011-11-25 04:39
d
w- c:\windows\system32\en
2011-11-25 04:39 . 2011-11-25 04:39
d
w- c:\windows\system32\bits
2011-11-25 04:15 . 2011-11-25 04:15
d
w- c:\windows\EHome
2011-11-24 18:49 . 2011-08-17 21:32 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-24 18:49 . 2011-08-17 21:32 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-11-24 18:49 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-11-24 18:49 . 2011-08-17 21:32 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-11-24 18:49 . 2011-08-17 21:32 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-11-24 18:49 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-11-24 18:49 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-11-24 18:49 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-11-24 18:43 . 2007-08-13 23:54 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll
2011-11-24 16:22 . 2011-11-25 04:30
d
w- c:\windows\ServicePackFiles
2011-11-24 16:20 . 2011-11-24 16:20
d
w- c:\program files\MSXML 4.0
2011-11-24 02:20 . 2004-08-04 03:29 73216
w- c:\windows\system32\drivers\atintuxx.sys
2011-11-24 01:46 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-24 01:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-11-24 01:44 . 2009-06-10 14:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-11-24 01:44 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-11-24 01:43 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-11-24 01:43 . 2008-06-13 11:05 272128
w- c:\windows\system32\drivers\bthport.sys
2011-11-24 01:43 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-11-24 01:43 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-11-24 01:43 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-11-24 01:43 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-11-24 01:42 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-11-24 01:42 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-11-24 01:41 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-11-24 01:40 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-11-24 01:39 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-11-23 23:25 . 2011-11-23 23:25
d
w- c:\program files\Xiph.Org
2011-11-23 23:25 . 2011-11-23 23:26
d
w- c:\program files\TVersity Codec Pack
2011-11-23 23:25 . 2011-11-23 23:25
d
w- c:\program files\TVersity
2011-11-23 20:56 . 2011-10-25 18:44 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-11-23 20:56 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-11-23 20:56 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-11-23 20:56 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-11-23 20:55 . 2011-10-25 18:44 1392600 ----a-w- c:\windows\system32\is-LT382.tmp
2011-11-23 20:55 . 2011-11-23 20:55
d
w- c:\program files\Common Files\PC Tools
2011-11-23 20:55 . 2011-12-12 07:53
d
w- c:\program files\PC Tools Registry Mechanic
2011-11-23 20:32 . 2011-11-23 20:32
d
w- c:\windows\Sun
2011-11-23 20:31 . 2011-12-12 17:22
d
w- c:\program files\Glary Utilities
2011-11-23 20:28 . 2011-11-28 20:13
d
w- c:\program files\CCleaner
2011-11-23 20:17 . 2011-11-23 20:17
d
w- c:\program files\VideoLAN
2011-11-23 20:05 . 2011-08-12 18:51 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-11-23 19:08 . 2011-11-23 19:08
d--h--w- c:\documents and settings\All Users\Application Data\Common Files
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-11-16 02:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2004-11-15 23:32 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2011-09-26 16:41 611328
w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-11-15 23:32 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-11-15 23:32 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-21 04:04 . 2011-11-24 18:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"NDSTray.exe"="NDSTray.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 135168]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2004-11-03 147456]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Victor Markiewicz\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Victor Markiewicz\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-8-30 2620416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-03 18:32 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232
w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Victor Markiewicz\\My Documents\\Downloads\\utorrent.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/4/2011 6:31 PM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/23/2011 3:55 PM 793048]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 5:51 PM 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-12-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-23 14:50]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://toolbar.google.com/done
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Victor Markiewicz\Application Data\Mozilla\Firefox\Profiles\w9oeh659.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Notebook_Maximizer - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 16:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'winlogon.exe'(1280)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-12-12 16:58:09
ComboFix-quarantined-files.txt 2011-12-12 21:58
.
Pre-Run: 53,075,488,768 bytes free
Post-Run: 53,049,970,688 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0DC77F4C8733ADCA73190DF833148E79
Hello everyone,
Can someone please, help me with instructions on what I have to do next to clean my computer, because I don't understand much in the log generated by ComboFix and what to do if anything
Also, I only found the thread "WARNING: Do NOT run ComboFix" after I had already run the program.
ComboFix 11-12-12.02 - Victor Markiewicz 12/12/2011 16:37:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.243 [GMT -5:00]
Running from: c:\documents and settings\Victor Markiewicz\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Victor Markiewicz\WINDOWS
c:\windows\isRS-000.tmp
c:\windows\iun6002.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 18:38 . 2011-12-12 18:38
d
w- C:\Assist.temp
2011-12-12 18:32 . 2011-12-12 18:32
d
w- c:\program files\VS Revo Group
2011-12-12 17:36 . 2011-12-12 17:46
d
w- C:\Power.temp
2011-12-12 17:33 . 2011-12-12 19:32
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-12 17:33 . 2011-12-12 18:16
d
w- c:\program files\Spybot - Search & Destroy
2011-12-12 05:18 . 2011-12-12 05:18
d
w- c:\program files\Microsoft.NET
2011-12-09 00:29 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-12-09 00:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-08 23:56 . 2011-12-12 07:46
d
w- c:\program files\uTorrent
2011-12-05 08:25 . 2011-12-04 23:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-04 23:34 . 2011-12-04 23:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-04 23:31 . 2011-12-04 23:31
d
w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-12-04 23:31 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-04 23:30 . 2011-12-04 23:30
d
w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-12-04 23:30 . 2011-12-04 23:30
d
w- c:\program files\Lavasoft
2011-12-04 16:32 . 2011-12-04 16:32
d
w- C:\DVD-RAM.temp
2011-12-04 16:21 . 2011-12-04 16:21
d
w- C:\Hotkey.temp
2011-12-04 05:17 . 2011-12-04 05:17
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-04 05:16 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 05:16 . 2011-12-04 05:17
d
w- c:\program files\Malwarebytes' Anti-Malware
2011-12-01 02:42 . 2011-12-03 19:23
d
w- c:\program files\Unlocker
2011-11-27 17:50 . 2011-11-27 17:50
d
w- c:\windows\Hewlett-Packard
2011-11-26 07:09 . 2011-11-26 07:09
d
w- c:\program files\MSBuild
2011-11-26 07:07 . 2011-11-26 07:07
d
w- c:\program files\Microsoft Sync Framework
2011-11-26 07:07 . 2011-11-26 07:07
d
w- c:\documents and settings\All Users\Microsoft
2011-11-26 07:03 . 2011-11-26 07:03
d
w- c:\program files\Microsoft Analysis Services
2011-11-26 07:03 . 2011-11-26 07:08
d
w- c:\windows\SHELLNEW
2011-11-26 07:01 . 2011-11-26 18:08
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-11-26 07:00 . 2011-11-26 07:00
d
r- C:\MSOCache
2011-11-25 20:26 . 2011-11-25 20:26
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-25 20:20 . 2011-12-12 04:29
d
w- c:\program files\SpywareBlaster
2011-11-25 20:07 . 2011-12-07 19:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 19:58 . 2011-12-04 16:29
d
w- C:\Temp
2011-11-25 19:45 . 2011-11-25 19:45
d
w- c:\program files\Common Files\Nikon
2011-11-25 19:33 . 2011-11-25 19:33
d
w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-11-25 19:31 . 2011-11-25 19:33
d
w- c:\documents and settings\All Users\Application Data\HP
2011-11-25 19:29 . 2011-11-25 19:29
d
w- c:\program files\Common Files\HP
2011-11-25 19:29 . 2011-11-25 19:29
d
w- c:\program files\Common Files\Hewlett-Packard
2011-11-25 19:29 . 2011-11-25 19:29
d
w- c:\program files\Hewlett-Packard
2011-11-25 19:28 . 2007-01-17 16:37 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-11-25 19:28 . 2007-01-17 16:37 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-11-25 19:28 . 2011-11-25 19:28
d
w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2011-11-25 19:28 . 2007-11-06 00:06 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2011-11-25 19:28 . 2007-11-06 00:07 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2011-11-25 19:28 . 2007-11-07 02:10 271704 ----a-r- c:\windows\system32\hpzids01.dll
2011-11-25 19:27 . 2007-01-17 16:37 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-11-25 19:27 . 2007-10-31 10:35 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2011-11-25 19:27 . 2007-10-31 10:35 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2011-11-25 19:27 . 2007-01-17 16:37 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2011-11-25 19:27 . 2007-01-17 16:37 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-11-25 19:27 . 2007-01-17 16:31 294912 ----a-r- c:\windows\system32\hpovst11.dll
2011-11-25 19:25 . 2011-12-04 23:31
dc----w- c:\windows\system32\DRVSTORE
2011-11-25 19:25 . 2007-11-07 02:04 1373528 ----a-r- c:\windows\hpzshl01.exe
2011-11-25 19:25 . 2007-11-07 02:15 1140056 ----a-r- c:\windows\hpzmsi01.exe
2011-11-25 19:25 . 2011-11-25 19:25
d
w- c:\windows\yellowtail
2011-11-25 19:24 . 2011-11-25 19:39
d
w- c:\program files\HP
2011-11-25 19:24 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-11-25 19:24 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-11-25 19:24 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-25 19:24 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-25 19:24 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-11-25 19:24 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-11-25 17:39 . 2011-11-25 17:39
d
w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-11-25 17:27 . 2011-11-25 17:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-25 17:27 . 2011-11-25 17:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-25 17:25 . 2011-11-25 17:25
d
w- c:\program files\Adobe Media Player
2011-11-25 17:22 . 2011-11-25 17:22
d
w- c:\program files\Common Files\Adobe AIR
2011-11-25 17:11 . 2011-11-25 17:12
d
w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-11-25 17:10 . 2011-11-25 17:11
d
w- c:\program files\Yahoo!
2011-11-25 17:09 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-11-25 17:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-11-25 17:07 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-11-25 17:06 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-11-25 17:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-25 17:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-11-25 17:02 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-25 17:01 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-11-25 04:39 . 2011-11-25 04:39
d
w- c:\windows\system32\scripting
2011-11-25 04:39 . 2011-11-25 04:39
d
w- c:\windows\l2schemas
2011-11-25 04:39 . 2011-11-25 04:39
d
w- c:\windows\system32\en
2011-11-25 04:39 . 2011-11-25 04:39
d
w- c:\windows\system32\bits
2011-11-25 04:15 . 2011-11-25 04:15
d
w- c:\windows\EHome
2011-11-24 18:49 . 2011-08-17 21:32 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-24 18:49 . 2011-08-17 21:32 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-11-24 18:49 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-11-24 18:49 . 2011-08-17 21:32 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-11-24 18:49 . 2011-08-17 21:32 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-11-24 18:49 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-11-24 18:49 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-11-24 18:49 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-11-24 18:43 . 2007-08-13 23:54 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll
2011-11-24 16:22 . 2011-11-25 04:30
d
w- c:\windows\ServicePackFiles
2011-11-24 16:20 . 2011-11-24 16:20
d
w- c:\program files\MSXML 4.0
2011-11-24 02:20 . 2004-08-04 03:29 73216
w- c:\windows\system32\drivers\atintuxx.sys
2011-11-24 01:46 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-24 01:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-11-24 01:44 . 2009-06-10 14:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-11-24 01:44 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-11-24 01:43 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-11-24 01:43 . 2008-06-13 11:05 272128
w- c:\windows\system32\drivers\bthport.sys
2011-11-24 01:43 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-11-24 01:43 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-11-24 01:43 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-11-24 01:43 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-11-24 01:42 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-11-24 01:42 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-11-24 01:41 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-11-24 01:40 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-11-24 01:39 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-11-23 23:25 . 2011-11-23 23:25
d
w- c:\program files\Xiph.Org
2011-11-23 23:25 . 2011-11-23 23:26
d
w- c:\program files\TVersity Codec Pack
2011-11-23 23:25 . 2011-11-23 23:25
d
w- c:\program files\TVersity
2011-11-23 20:56 . 2011-10-25 18:44 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-11-23 20:56 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-11-23 20:56 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-11-23 20:56 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-11-23 20:55 . 2011-10-25 18:44 1392600 ----a-w- c:\windows\system32\is-LT382.tmp
2011-11-23 20:55 . 2011-11-23 20:55
d
w- c:\program files\Common Files\PC Tools
2011-11-23 20:55 . 2011-12-12 07:53
d
w- c:\program files\PC Tools Registry Mechanic
2011-11-23 20:32 . 2011-11-23 20:32
d
w- c:\windows\Sun
2011-11-23 20:31 . 2011-12-12 17:22
d
w- c:\program files\Glary Utilities
2011-11-23 20:28 . 2011-11-28 20:13
d
w- c:\program files\CCleaner
2011-11-23 20:17 . 2011-11-23 20:17
d
w- c:\program files\VideoLAN
2011-11-23 20:05 . 2011-08-12 18:51 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-11-23 19:08 . 2011-11-23 19:08
d--h--w- c:\documents and settings\All Users\Application Data\Common Files
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-11-16 02:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2004-11-15 23:32 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2011-09-26 16:41 611328
w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-11-15 23:32 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-11-15 23:32 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-21 04:04 . 2011-11-24 18:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"NDSTray.exe"="NDSTray.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 135168]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2004-11-03 147456]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Victor Markiewicz\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Victor Markiewicz\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-8-30 2620416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-03 18:32 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232
w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Victor Markiewicz\\My Documents\\Downloads\\utorrent.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/4/2011 6:31 PM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/23/2011 3:55 PM 793048]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 5:51 PM 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-12-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-23 14:50]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://toolbar.google.com/done
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Victor Markiewicz\Application Data\Mozilla\Firefox\Profiles\w9oeh659.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Notebook_Maximizer - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 16:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'winlogon.exe'(1280)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-12-12 16:58:09
ComboFix-quarantined-files.txt 2011-12-12 21:58
.
Pre-Run: 53,075,488,768 bytes free
Post-Run: 53,049,970,688 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0DC77F4C8733ADCA73190DF833148E79
0
Comments
For you, there were several virus programs/folders removed (see the first section "other deletions") and most of the rest is just information. I would do the following: