ComboFix 10-05-13.03 - sevilleja 05/13/2010 22:49:56.2.4 - x86
Microsoft
Windows Vista
Home Premium 6.0.6002.2.1252.1.1033.18.3071.1904 [GMT -5:00]
Running from: c:\users\sevilleja\Desktop\ComboFix.exe
Command switches used :: c:\users\sevilleja\Desktop\CFscript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.
2010-05-14 03:57 . 2010-05-14 04:02 -------- d-----w- c:\users\sevilleja\AppData\Local\temp
2010-05-14 03:57 . 2010-05-14 03:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-05-14 03:57 . 2010-05-14 03:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-14 03:57 . 2010-05-14 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 22:46 . 2010-05-12 22:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-12 19:43 . 2010-05-12 20:04 -------- d-----w- c:\users\sevilleja\AppData\Roaming\CBS Interactive
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Malwarebytes
2010-05-12 18:37 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\programdata\Malwarebytes
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 18:37 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 18:32 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-08 03:19 . 2010-05-08 03:19 -------- d-----w- C:\_OTL
2010-05-06 01:54 . 2010-05-06 01:54 -------- d-----w- c:\programdata\Alwil Software
2010-05-06 01:54 . 2010-05-06 01:54 -------- d-----w- c:\program files\Alwil Software
2010-05-03 23:58 . 2010-05-03 23:58 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-03 23:42 . 2010-05-03 23:42 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-03 23:42 . 2010-05-03 23:59 -------- d-----w- c:\programdata\DivX
2010-04-26 00:44 . 2010-04-26 00:44 -------- d-----w- c:\program files\DVD Decrypter
2010-04-19 22:00 . 2010-04-19 22:00 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-19 21:58 . 2010-04-19 21:58 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-14 20:35 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:35 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:35 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:35 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 20:35 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:35 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 20:35 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:35 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:35 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 20:34 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 20:34 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 03:58 . 2008-05-16 18:32 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-14 03:17 . 2007-12-25 20:19 -------- d-----w- c:\program files\Java
2010-05-14 03:16 . 2008-04-05 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-13 21:11 . 2008-07-22 20:58 -------- d-----w- c:\programdata\Google Updater
2010-05-13 16:51 . 2008-11-08 06:52 0 ----a-w- c:\users\sevilleja\AppData\Local\prvlcl.dat
2010-05-12 19:23 . 2009-11-30 04:52 -------- d-----w- c:\program files\Steam
2010-05-12 19:20 . 2009-11-30 04:52 -------- d-----w- c:\program files\Common Files\Steam
2010-05-12 19:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-08 03:19 . 2008-10-13 22:27 -------- d-----w- c:\program files\My.Freeze.com Toolbar with NetAssistant
2010-05-05 03:57 . 2008-03-13 13:06 14742 ----a-w- c:\users\sevilleja\AppData\Roaming\wklnhst.dat
2010-05-03 23:58 . 2009-05-03 18:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-03 23:42 . 2010-05-03 23:59 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-03 23:42 . 2010-05-03 23:59 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-02 20:18 . 2008-05-13 21:53 139327 ----a-w- c:\windows\hpoins15.dat
2010-04-26 20:57 . 2010-04-04 12:56 -------- d-----w- c:\program files\Webcam Video Capture
2010-04-19 22:00 . 2008-10-29 21:43 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 21:20 . 2008-03-18 05:32 -------- d-----w- c:\programdata\Yahoo! Companion
2010-04-02 17:25 . 2008-11-09 02:00 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Any Video Converter
2010-03-28 19:32 . 2010-01-18 04:58 -------- d-----w- c:\program files\Full Tilt Poker
2010-03-24 04:40 . 2010-02-01 02:39 -------- d-----w- c:\program files\Avi2Dvd
2010-03-19 16:38 . 2010-02-22 22:16 50354 ----a-w- c:\users\sevilleja\AppData\Roaming\Facebook\uninstall.exe
2010-03-19 16:38 . 2010-02-22 22:16 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Facebook
2010-03-15 22:28 . 2008-05-19 04:12 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Image Zone Express
2010-03-08 21:00 . 2010-05-03 23:59 530625 ----a-w- c:\programdata\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-03-08 20:59 . 2010-05-03 23:59 530625 ----a-w- c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-05 03:39 . 2010-03-05 03:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 03:39 . 2008-03-14 19:38 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 03:38 . 2008-10-29 21:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 03:38 . 2008-10-29 21:43 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 01:17 . 2008-03-13 03:13 73144 ----a-w- c:\users\sevilleja\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 20:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 20:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 20:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 20:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 14:56 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 14:56 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 14:56 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2007-12-25 19:33 . 2007-12-25 19:28 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-12-26 2935480]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-13 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-23 92704]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
c:\users\sevilleja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-08 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d5,00,e8,61,81,04,ca,01
R2 gupdate1cabf024a0c4494;Google Update Service (gupdate1cabf024a0c4494);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2007-02-06 16512]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-06-07 28672]
R3 LTXMD_VAC;Litex Media Virtual Audio Cabel (WDM);c:\windows\system32\drivers\lmvac.sys [2008-04-29 18912]
R4 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-05 216200]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-19 242896]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\DVDPlay\000.fcl [2007-12-18 39408]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-12-04 1426304]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-20 22:04]
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 20:59]
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 20:59]
2010-05-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-05-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/mStart Page =
hxxp://www.yahoo.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} -
hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cabFF - ProfilePath - c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.comFF - prefs.js: keyword.URL -
hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-13 23:02
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
LVPrcSrv.exe [3732]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spfu.sys hal.dll >>UNKNOWN [0x85D7B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8af9dd24
\Driver\ACPI -> acpi.sys @ 0x807b3d68
\Driver\iaStor -> iastor.sys @ 0x82eb28e0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(6232)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-13 23:09:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-14 04:09
ComboFix2.txt 2010-05-12 23:14
Pre-Run: 174,680,895,488 bytes free
Post-Run: 174,524,006,400 bytes free
- - End Of File - - 48F580C9F9FD7D6996C407ED34EF26E2