baluba
New Member
Combo fix log:
ComboFix 10-03-18.01 - Diarmaid 03/18/2010 18:57:41.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1024.256 [GMT -7:00]
Running from: c:\users\Diarmaid\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf
c:\users\Diarmaid\AppData\Roaming\Microsoft\~DFK36ea0b.tmp
c:\users\Diarmaid\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\bass.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\system32\Connect.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.
2010-03-19 02:13 . 2010-03-19 02:14 -------- d-----w- c:\users\Diarmaid\AppData\Local\temp
2010-03-19 02:13 . 2010-03-19 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-19 02:13 . 2010-03-19 02:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-19 01:48 . 2010-03-19 01:48 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\Malwarebytes
2010-03-19 01:48 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 01:48 . 2010-03-19 01:48 -------- d-----w- c:\programdata\Malwarebytes
2010-03-19 01:48 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 01:47 . 2010-03-19 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 23:35 . 2010-03-19 01:47 -------- d-----w- c:\program files\Ask.com
2010-03-17 23:55 . 2010-03-17 23:55 -------- d-----w- c:\program files\EA GAMES
2010-03-17 23:24 . 2010-03-18 21:36 -------- d-----w- c:\users\Diarmaid\AppData\Local\Ahead
2010-03-17 23:23 . 2010-03-18 21:31 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\Ahead
2010-03-17 23:20 . 2010-03-19 00:32 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-28 19:03 . 2010-02-28 19:03 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-28 19:01 . 2010-02-28 19:01 -------- d-----w- c:\program files\LucasArts
2010-02-27 20:15 . 2010-02-27 20:15 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-02-24 21:41 . 2010-02-24 21:41 -------- d-----w- c:\program files\WordWeb
2010-02-24 21:41 . 2010-02-18 05:34 1192128 ------w- c:\windows\system32\wweb32.dll
2010-02-24 04:07 . 2010-02-24 04:07 65720 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 04:00 . 2010-02-24 04:00 -------- d-----r- c:\users\Guest\Podcasts
2010-02-22 04:59 . 2010-02-22 04:59 -------- d-----w- c:\program files\PuTTY
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 01:54 . 2009-11-03 01:47 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\uTorrent
2010-03-19 01:47 . 2009-11-03 01:32 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\Nero
2010-03-19 01:47 . 2009-11-03 01:19 -------- d-----w- c:\programdata\Nero
2010-03-19 01:47 . 2009-11-08 04:39 -------- d-----w- c:\program files\Nero
2010-03-19 01:47 . 2009-11-03 01:47 -------- d-----w- c:\program files\uTorrent
2010-03-19 01:47 . 2009-11-08 04:39 -------- d-----w- c:\program files\Common Files\Nero
2010-03-19 01:44 . 2010-02-14 19:53 -------- d-----w- c:\programdata\Comodo
2010-03-17 21:04 . 2009-11-04 01:52 1 ----a-w- c:\users\Diarmaid\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 03:08 . 2009-11-07 04:43 -------- d-----w- c:\program files\Foxit Software
2010-03-11 05:34 . 2009-11-03 04:40 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\gtk-2.0
2010-02-28 19:01 . 2009-11-03 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-28 19:00 . 2009-11-03 01:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 00:15 . 2010-02-15 00:15 -------- d-----w- c:\program files\avsysinfo
2010-02-15 00:15 . 2010-02-15 00:15 -------- d-----w- c:\program files\Cucusoft
2010-02-15 00:15 . 2010-02-15 00:14 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\GetRightToGo
2010-02-14 22:16 . 2010-02-14 22:16 -------- d-----w- c:\programdata\IObit
2010-02-14 22:16 . 2010-02-14 22:16 -------- d-----w- c:\program files\IObit
2010-02-14 19:53 . 2010-02-14 19:53 -------- d-----w- c:\program files\COMODO
2010-02-14 19:53 . 2010-02-14 19:53 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-14 19:53 . 2010-02-14 19:53 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-14 19:53 . 2010-02-14 19:53 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-14 19:53 . 2010-02-14 19:53 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-12 00:43 . 2010-02-12 00:43 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\AnvSoft
2010-02-12 00:43 . 2010-02-12 00:43 -------- d-----w- c:\program files\AnvSoft
2010-02-04 00:43 . 2010-02-04 00:42 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\DiskAid
2010-02-01 21:41 . 2010-02-01 01:48 -------- d-----r- c:\program files\Skype
2010-02-01 04:49 . 2010-02-01 01:49 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\Skype
2010-02-01 01:52 . 2010-02-01 01:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-01 01:52 . 2010-02-01 01:52 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\skypePM
2010-02-01 01:48 . 2010-02-01 01:48 -------- d-----w- c:\program files\Common Files\Skype
2010-02-01 01:48 . 2010-02-01 01:48 -------- d-----w- c:\programdata\Skype
2010-02-01 01:34 . 2010-02-01 01:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-01-26 13:42 . 2009-11-03 02:04 -------- d-----w- c:\program files\Zune
2010-01-24 17:53 . 2009-11-30 04:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 20:03 . 2010-01-23 20:03 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\DivX
2010-01-19 22:58 . 2010-01-19 22:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-19 01:54 . 2010-01-19 01:53 -------- d-----w- c:\program files\DivX
2010-01-19 01:54 . 2010-01-19 01:54 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-19 01:54 . 2010-01-19 01:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-14 19:12 . 2009-11-03 01:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 22:38 . 2010-01-07 22:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 22:22 . 2010-01-07 22:22 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-01-07 22:22 . 2010-01-07 22:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-01-07 22:22 . 2010-01-07 22:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-01-07 22:22 . 2010-01-07 22:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-01-07 22:22 . 2010-01-07 22:22 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-01-07 22:22 . 2010-01-07 22:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-12-28 23:48 . 2009-12-28 23:48 10134 ----a-r- c:\users\Diarmaid\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2009-12-19 09:02 . 2010-01-23 18:33 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-06-23 2211352]
[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
2009-06-23 16:53 2211352 ----a-w- c:\program files\Torrents-Search-Engine\tbTorr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-06-23 2211352]
[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3B419EE1-1FA8-47B9-9AEC-6B60AC2E3FCA}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-06-23 2211352]
[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-17 319792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-14 1800464]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-25 1280272]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-09 65216]
c:\users\Diarmaid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideActionCenter"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-19 691696]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-14 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-14 29520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-12-25 311568]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 23:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Diarmaid\AppData\Roaming\Mozilla\Firefox\Profiles\yv1ih76u.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - component: c:\program files\FlashCatch\firefox\components\FlashCatch.dll
FF - component: c:\program files\FlashCatch\firefox\components\FlashCatch191.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\guard32.dll
.
Completion time: 2010-03-18 19:18:13
ComboFix-quarantined-files.txt 2010-03-19 02:18
Pre-Run: 241,943,814,144 bytes free
Post-Run: 246,428,536,832 bytes free
- - End Of File - - 4F8DBCBE351EFC37CDA5F3211133791B
How do i zap this thing
ComboFix 10-03-18.01 - Diarmaid 03/18/2010 18:57:41.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1024.256 [GMT -7:00]
Running from: c:\users\Diarmaid\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf
c:\users\Diarmaid\AppData\Roaming\Microsoft\~DFK36ea0b.tmp
c:\users\Diarmaid\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\bass.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Diarmaid\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\system32\Connect.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.
2010-03-19 02:13 . 2010-03-19 02:14 -------- d-----w- c:\users\Diarmaid\AppData\Local\temp
2010-03-19 02:13 . 2010-03-19 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-19 02:13 . 2010-03-19 02:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-19 01:48 . 2010-03-19 01:48 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\Malwarebytes
2010-03-19 01:48 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 01:48 . 2010-03-19 01:48 -------- d-----w- c:\programdata\Malwarebytes
2010-03-19 01:48 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 01:47 . 2010-03-19 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 23:35 . 2010-03-19 01:47 -------- d-----w- c:\program files\Ask.com
2010-03-17 23:55 . 2010-03-17 23:55 -------- d-----w- c:\program files\EA GAMES
2010-03-17 23:24 . 2010-03-18 21:36 -------- d-----w- c:\users\Diarmaid\AppData\Local\Ahead
2010-03-17 23:23 . 2010-03-18 21:31 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\Ahead
2010-03-17 23:20 . 2010-03-19 00:32 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-28 19:03 . 2010-02-28 19:03 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-28 19:01 . 2010-02-28 19:01 -------- d-----w- c:\program files\LucasArts
2010-02-27 20:15 . 2010-02-27 20:15 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-02-24 21:41 . 2010-02-24 21:41 -------- d-----w- c:\program files\WordWeb
2010-02-24 21:41 . 2010-02-18 05:34 1192128 ------w- c:\windows\system32\wweb32.dll
2010-02-24 04:07 . 2010-02-24 04:07 65720 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 04:00 . 2010-02-24 04:00 -------- d-----r- c:\users\Guest\Podcasts
2010-02-22 04:59 . 2010-02-22 04:59 -------- d-----w- c:\program files\PuTTY
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 01:54 . 2009-11-03 01:47 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\uTorrent
2010-03-19 01:47 . 2009-11-03 01:32 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\Nero
2010-03-19 01:47 . 2009-11-03 01:19 -------- d-----w- c:\programdata\Nero
2010-03-19 01:47 . 2009-11-08 04:39 -------- d-----w- c:\program files\Nero
2010-03-19 01:47 . 2009-11-03 01:47 -------- d-----w- c:\program files\uTorrent
2010-03-19 01:47 . 2009-11-08 04:39 -------- d-----w- c:\program files\Common Files\Nero
2010-03-19 01:44 . 2010-02-14 19:53 -------- d-----w- c:\programdata\Comodo
2010-03-17 21:04 . 2009-11-04 01:52 1 ----a-w- c:\users\Diarmaid\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 03:08 . 2009-11-07 04:43 -------- d-----w- c:\program files\Foxit Software
2010-03-11 05:34 . 2009-11-03 04:40 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\gtk-2.0
2010-02-28 19:01 . 2009-11-03 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-28 19:00 . 2009-11-03 01:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 00:15 . 2010-02-15 00:15 -------- d-----w- c:\program files\avsysinfo
2010-02-15 00:15 . 2010-02-15 00:15 -------- d-----w- c:\program files\Cucusoft
2010-02-15 00:15 . 2010-02-15 00:14 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\GetRightToGo
2010-02-14 22:16 . 2010-02-14 22:16 -------- d-----w- c:\programdata\IObit
2010-02-14 22:16 . 2010-02-14 22:16 -------- d-----w- c:\program files\IObit
2010-02-14 19:53 . 2010-02-14 19:53 -------- d-----w- c:\program files\COMODO
2010-02-14 19:53 . 2010-02-14 19:53 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-14 19:53 . 2010-02-14 19:53 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-14 19:53 . 2010-02-14 19:53 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-14 19:53 . 2010-02-14 19:53 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-12 00:43 . 2010-02-12 00:43 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\AnvSoft
2010-02-12 00:43 . 2010-02-12 00:43 -------- d-----w- c:\program files\AnvSoft
2010-02-04 00:43 . 2010-02-04 00:42 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\DiskAid
2010-02-01 21:41 . 2010-02-01 01:48 -------- d-----r- c:\program files\Skype
2010-02-01 04:49 . 2010-02-01 01:49 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\Skype
2010-02-01 01:52 . 2010-02-01 01:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-01 01:52 . 2010-02-01 01:52 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\skypePM
2010-02-01 01:48 . 2010-02-01 01:48 -------- d-----w- c:\program files\Common Files\Skype
2010-02-01 01:48 . 2010-02-01 01:48 -------- d-----w- c:\programdata\Skype
2010-02-01 01:34 . 2010-02-01 01:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-01-26 13:42 . 2009-11-03 02:04 -------- d-----w- c:\program files\Zune
2010-01-24 17:53 . 2009-11-30 04:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 20:03 . 2010-01-23 20:03 -------- d-----w- c:\users\Diarmaid\AppData\Roaming\DivX
2010-01-19 22:58 . 2010-01-19 22:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-19 01:54 . 2010-01-19 01:53 -------- d-----w- c:\program files\DivX
2010-01-19 01:54 . 2010-01-19 01:54 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-19 01:54 . 2010-01-19 01:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-14 19:12 . 2009-11-03 01:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 22:38 . 2010-01-07 22:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 22:22 . 2010-01-07 22:22 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-01-07 22:22 . 2010-01-07 22:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-01-07 22:22 . 2010-01-07 22:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-01-07 22:22 . 2010-01-07 22:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-01-07 22:22 . 2010-01-07 22:22 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-01-07 22:22 . 2010-01-07 22:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-12-28 23:48 . 2009-12-28 23:48 10134 ----a-r- c:\users\Diarmaid\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2009-12-19 09:02 . 2010-01-23 18:33 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-06-23 2211352]
[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
2009-06-23 16:53 2211352 ----a-w- c:\program files\Torrents-Search-Engine\tbTorr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-06-23 2211352]
[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3B419EE1-1FA8-47B9-9AEC-6B60AC2E3FCA}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-06-23 2211352]
[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-17 319792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-14 1800464]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-25 1280272]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-09 65216]
c:\users\Diarmaid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideActionCenter"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-19 691696]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-14 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-14 29520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-12-25 311568]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 23:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Diarmaid\AppData\Roaming\Mozilla\Firefox\Profiles\yv1ih76u.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - component: c:\program files\FlashCatch\firefox\components\FlashCatch.dll
FF - component: c:\program files\FlashCatch\firefox\components\FlashCatch191.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\guard32.dll
.
Completion time: 2010-03-18 19:18:13
ComboFix-quarantined-files.txt 2010-03-19 02:18
Pre-Run: 241,943,814,144 bytes free
Post-Run: 246,428,536,832 bytes free
- - End Of File - - 4F8DBCBE351EFC37CDA5F3211133791B
How do i zap this thing
