Hi Dave..
I downloaded a exe registry fix from the net. and it fixed the problem, now i can run exe files. I run the GMER but theres an error halfway on the scan.. While in ComboFix
it runned perfectly but the avg antivirus was still detected running "even i already turned it off"
Thanks
Here is the log of CF
ComboFix 09-09-18.02 - Michael T. Jadie 09/21/2009 9:06.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.63.1033.18.1014.361 [GMT -10:00]
Running from: c:\users\Michael T. Jadie\Desktop\cf.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-2383898078-223146835-1332443675-500
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\MICHAE~1.JAD\FAVORI~1\Download programs.url
c:\users\MICHAE~1.JAD\FAVORI~1\EscapeRosecliffIslandSetup.exe
c:\users\MICHAE~1.JAD\FAVORI~1\Translator.url
c:\users\MICHAE~1.JAD\FAVORI~1\Videos.url
c:\users\Michael T. Jadie\AppData\Roaming\.#
c:\users\Michael T. Jadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\Michael T. Jadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\Michael T. Jadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Michael T. Jadie\Favorites\Download programs.url
c:\users\Michael T. Jadie\Favorites\EscapeRosecliffIslandSetup.exe
c:\users\Michael T. Jadie\Favorites\Translator.url
c:\users\Michael T. Jadie\Favorites\Videos.url
.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.
2009-09-17 21:49 . 2009-09-17 21:49 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-09-16 18:34 . 2009-09-16 18:34 -------- d-----w- c:\program files\IAHGames
2009-09-10 00:23 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 00:23 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 00:23 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 00:23 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 00:23 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 00:23 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 00:23 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 00:23 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 00:23 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 00:23 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 00:19 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 00:19 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 00:19 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 00:18 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 00:18 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-07 02:30 . 2009-09-07 02:30 -------- d-----w- c:\users\Michael T. Jadie\tom
2009-09-06 02:01 . 2009-09-06 02:01 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\Many Years Ago
2009-09-05 03:15 . 2009-09-05 03:15 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\ERS G-Studio
2009-09-03 17:14 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 17:14 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-31 21:33 . 2009-08-31 21:33 -------- d-----w- c:\program files\Tumblebugs 2
2009-08-30 17:10 . 2009-08-30 17:10 -------- d-----w- c:\programdata\Total Gameplay
2009-08-29 23:31 . 2009-08-29 23:31 -------- d-----w- c:\program files\Conduit
2009-08-29 23:31 . 2009-08-29 23:31 -------- d-----w- c:\program files\MyPlayCity
2009-08-29 06:21 . 2009-08-29 06:21 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-08-29 06:20 . 2009-08-29 06:20 -------- d-----w- c:\users\Michael T. Jadie\AppData\Local\Downloaded Installations
2009-08-29 06:20 . 2009-08-29 06:20 -------- d-----w- c:\program files\Sony
2009-08-29 06:20 . 2009-08-29 06:20 -------- d-----w- c:\programdata\Sony Corporation
2009-08-27 18:10 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 20:01 . 2009-08-25 20:01 -------- d-----w- c:\users\Michael T. Jadie\AppData\Local\Apple Computer
2009-08-25 08:30 . 2009-08-25 08:30 -------- d-----w- C:\Patriot Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 18:42 . 2008-08-02 07:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-17 18:28 . 2008-08-09 05:40 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-17 16:58 . 2009-08-06 00:58 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\DMCache
2009-09-15 21:31 . 2009-05-08 21:59 -------- d-----w- c:\program files\Warcraft III
2009-09-15 19:25 . 2009-05-08 20:06 -------- d-----w- c:\program files\Garena
2009-09-14 08:59 . 2008-05-20 01:44 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\LimeWire
2009-09-10 18:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-06 08:13 . 2008-04-03 01:32 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\mIRC
2009-09-02 08:52 . 2009-07-15 11:24 -------- d-----w- c:\program files\Yahoo!
2009-09-02 07:31 . 2008-08-08 08:45 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\Yahoo!
2009-09-02 07:31 . 2008-01-24 22:59 -------- d-----w- c:\programdata\Yahoo!
2009-08-31 21:52 . 2009-03-09 00:46 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\Wildfire
2009-08-30 05:04 . 2009-07-21 07:35 -------- d-----w- c:\program files\Camfrog
2009-08-29 19:31 . 2009-06-28 19:04 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-08-29 06:21 . 2009-07-11 20:42 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\Sony
2009-08-29 06:18 . 2009-07-11 19:52 -------- d-----w- c:\program files\Sony Setup
2009-08-27 05:05 . 2008-05-17 02:24 -------- d-----w- c:\program files\LimeWire
2009-08-25 08:09 . 2008-07-08 23:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 08:08 . 2009-08-07 00:18 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\My Games
2009-08-15 23:53 . 2009-08-15 23:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-08-15 23:45 . 2009-08-15 23:45 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-08-15 23:45 . 2009-08-15 23:45 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-08-15 23:45 . 2009-08-15 23:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-08-15 19:21 . 2009-01-29 19:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 19:21 . 2008-06-12 19:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 19:21 . 2008-06-12 19:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 06:47 . 2009-08-14 06:47 -------- d-----w- c:\programdata\BVRP Software
2009-08-10 23:48 . 2009-07-21 07:36 -------- d-----w- c:\users\Michael T. Jadie\AppData\Roaming\Camfrog
2009-08-06 21:00 . 2008-01-04 06:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\AVG7
2009-08-06 03:14 . 2008-05-17 02:53 -------- d-----w- c:\program files\Java
2009-08-06 03:02 . 2009-06-29 02:52 -------- d-----w- c:\program files\Virtual Villagers Halloween Edition
2009-08-06 02:58 . 2009-08-06 02:58 -------- d-----w- c:\program files\VS Revo Group
2009-07-26 14:49 . 2009-07-26 14:49 -------- d-----w- c:\program files\Virtual Villagers - The Secret City
2009-07-21 21:52 . 2009-07-29 23:13 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 23:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 23:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 23:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 05:10 . 2009-07-18 05:10 213 ----a-w- C:\UnInstall.dat
2009-07-17 14:35 . 2009-08-13 14:47 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-13 14:47 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 14:47 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-13 14:47 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-13 14:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2000-06-09 01:00 . 2007-02-23 01:07 93040 --sha-r- c:\windows\ConfigSetRoot\COMMAND.COM
2001-05-16 02:57 . 2007-02-23 01:07 116736 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
2001-04-07 21:40 . 2007-02-23 01:07 9 --sha-r- c:\windows\ConfigSetRoot\MSDOS.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-01-21 1881112]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-01-21 01:11 1881112 ----a-w- c:\program files\MyPlayCity\tbMyPl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 19:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-01-21 1881112]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-01-21 1881112]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-15 2007832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8D0DE677-5B47-41C5-9878-439A0D7DE49C}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{4A673F88-F751-468B-9239-D30FC2BDD045}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{343ED1C9-1C76-4FCC-AC37-E0BA4F856E35}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{924DEB12-3ABD-486D-AADD-44D508E7BC67}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{E8149655-7407-4C17-8419-AD8BCC21830F}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{EEF38018-1FD3-4951-B7F0-050FB8EF9FD2}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{3052AD80-A660-42C5-AB89-9DB56B3BD985}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"TCP Query User{8BBBBFBD-1124-46B5-A852-01FDBCF3AA8C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{79E7E64E-BDEA-4463-BDE5-E126BD576031}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{F1FE3A91-4168-422B-A5A4-5D653E6AE076}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{2B7C3E0D-412B-4EAC-BBA2-E673F85AE7B8}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{857FA409-0EC7-4D35-B151-BACDE219FD50}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{94A34731-B30E-476C-8E04-F48C2884007A}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{A4529135-6277-4B7E-AE45-CE11430BBD72}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{81B03AE9-091A-4830-88C3-59E5032A1E0D}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{D574B8F5-035A-40A8-819F-AD2501FF6AC6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{370B4AF8-5767-4E46-B868-4F31CA12AAB6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{FAFBB08C-C33B-47F1-8A6D-34CE257382FF}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{BD5C76C8-BF13-48DC-BDCE-AD7AFD7C61BD}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{676D51C9-47E7-421E-8ECB-362E9878F57F}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{743087BA-5FAB-4629-B7A1-FEC19F6D9078}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{91CEC756-839A-480F-A0EA-870D5F166756}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{EFF8D234-29D8-4C77-B013-B11A6D1D310B}c:\\users\\michael t. jadie\\appdata\\local\\temp\\rar$ex00.444\\bookwormdeluxe(trymediafix)\\bookwormdeluxe(trymediafix)\\bwd-kfgd63.exe"= UDP:c:\users\michael t. jadie\appdata\local\temp\rar$ex00.444\bookwormdeluxe(trymediafix)\bookwormdeluxe(trymediafix)\bwd-kfgd63.exe:bwd-kfgd63.exe
"UDP Query User{52E3E398-9920-4BEC-83A0-E6D2E08F4012}c:\\users\\michael t. jadie\\appdata\\local\\temp\\rar$ex00.444\\bookwormdeluxe(trymediafix)\\bookwormdeluxe(trymediafix)\\bwd-kfgd63.exe"= TCP:c:\users\michael t. jadie\appdata\local\temp\rar$ex00.444\bookwormdeluxe(trymediafix)\bookwormdeluxe(trymediafix)\bwd-kfgd63.exe:bwd-kfgd63.exe
"TCP Query User{ABFABA4B-2366-4919-9EB4-9FEFA2E6EB16}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{E3EC9099-AD60-4F41-86D1-48C1F61BD44C}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{151BB86F-0FC1-44E4-9A5A-2909A87E0D52}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{0AB17D3B-64E5-4290-8E9C-6991DDA48216}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{57933F45-E9FF-4E23-90A4-BE9D8256505F}c:\\users\\michael t. jadie\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\michael t. jadie\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{748D0A76-2F06-450E-BD00-0EFDD3D66B80}c:\\users\\michael t. jadie\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\michael t. jadie\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{7116C929-8084-4F11-995B-D784EC441EC1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{077289F9-2935-4643-B42D-C413EF7B5D05}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{329DFCDD-072B-4FB0-B7E4-2FAE836B9B34}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5116BEE2-DA1A-4D84-AB28-92D27B0580BE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1ACD39B1-BDE0-4441-8F75-F4B7EBAC9930}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{7A92826D-234D-4415-B73E-DA20974DBB25}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"TCP Query User{2E2C262A-F679-466F-8501-91068ECCDD7B}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{1588836F-AB76-4C09-A468-6E32CA40BA06}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{541E546D-4C3F-467E-858D-492CAC143622}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{B8F62570-B5F9-4F6C-8B92-F253A69F650A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{23167526-B477-497E-9192-3FE540CC4200}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{11880AAB-7591-46D8-B19F-2D63AAF7457E}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{CDF64906-C0DC-4E01-8AE5-CC0786C9DBB2}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{3C30317A-B1A3-4517-A9D6-17543F5D2D59}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"TCP Query User{0F1A7053-4B62-4ACB-84B9-10A2F6C2DA48}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{D90FFA9A-A188-4E90-BE68-A654D2A84883}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{21AF8B5E-ED36-411A-9A6B-7A6E355A4FDE}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary
"UDP Query User{1D9CE6C1-0DDB-476A-BF18-238457B6E5E0}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/12/2008 9:31 AM 335240]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/29/2009 9:16 AM 297752]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 12:25 AM 2589184]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [8/15/2009 1:45 PM 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [8/13/2009 8:27 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [8/13/2009 8:27 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [8/13/2009 8:27 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [8/13/2009 8:27 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [8/13/2009 8:27 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [8/13/2009 8:27 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [8/13/2009 8:27 PM 115752]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [4/23/2007 1:54 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [4/23/2007 1:54 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [4/23/2007 1:54 PM 108680]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [4/23/2007 1:54 PM 98568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-21 c:\windows\Tasks\User_Feed_Synchronization-{C64B20C9-D506-48EF-8F31-DC6F5476DCBB}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ph.yahoo.com
mStart Page = hxxp://ph.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to AMV Converter... - f:\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - f:\mediamanager\grab.html
TCP: {E8699370-86D2-4BBE-A73D-3979843737BD} = 202.138.128.50,202.138.128.2
FF - ProfilePath - c:\users\Michael T. Jadie\AppData\Roaming\Mozilla\Firefox\Profiles\ffk3fa9p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ph.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\MICHAE~1.JAD\AppData\Local\Temp\WJDF6FB.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3969667037-2662496139-1359730812-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):2a,03,35,fb,c2,ec,a5,de,71,2f,4c,92,eb,17,40,ab,c3,03,d7,ad,74,
11,01,20,c9,62,25,78,cc,4f,ab,be,f1,51,87,d7,45,64,e8,72,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-3969667037-2662496139-1359730812-1000_Classes\CLSID\{ac82a3c7-1e13-407e-b77d-65616477c76b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000f6
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,44,8c,5f,f2,7f,3b,b5,cc,f0,c7,5f,3b,1d,12,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-21 9:18
ComboFix-quarantined-files.txt 2009-09-21 19:18
Pre-Run: 24,047,943,680 bytes free
Post-Run: 23,861,293,056 bytes free
328 --- E O F --- 2009-09-18 16:44