the task manager and regedit are back. thank you.
here is the new log
ComboFix 13-06-03.06 - phani 04-06-2013 20:11:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.91.1033.18.3070.1229 [GMT 5.5:30]
Running from: c:\users\phani\Desktop\ComboFix.exe
Command switches used :: c:\users\phani\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
F:\autorun.inf
F:\fmkw.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-04 to 2013-06-04 )))))))))))))))))))))))))))))))
.
.
2013-06-04 14:48 . 2013-06-04 14:53 -------- d-----w- c:\users\phani\AppData\Local\temp
2013-06-04 14:48 . 2013-06-04 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-04 10:05 . 2013-05-13 20:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDA47BDB-0686-4EE9-82EC-E578CAB9D300}\mpengine.dll
2013-06-03 13:59 . 2013-06-04 03:27 -------- d-----w- c:\programdata\MCShield
2013-06-03 13:59 . 2013-06-03 13:59 -------- d-----w- c:\program files\MCShield
2013-06-03 04:45 . 2013-06-03 04:45 -------- d-----w- C:\_OTL
2013-06-02 07:30 . 2013-06-02 07:30 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2013-05-31 07:51 . 2013-05-31 07:51 -------- d-----w- c:\program files\Dropbox
2013-05-31 07:50 . 2013-06-02 08:43 -------- d-----w- c:\users\phani\AppData\Roaming\Dropbox
2013-05-31 04:40 . 2013-05-31 04:40 -------- d-----w- c:\users\phani\AppData\Local\Scrivener
2013-05-31 04:39 . 2013-06-02 16:17 -------- d-----w- c:\program files\Scrivener
2013-05-30 09:49 . 2013-05-30 09:49 -------- d-----w- c:\programdata\StarApp
2013-05-26 08:12 . 2013-05-26 08:12 323856 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-25 17:01 . 2013-05-25 17:11 -------- d-----w- c:\program files\Google
2013-05-25 16:39 . 2013-05-25 16:39 -------- d-----w- c:\users\phani\AppData\Local\4kdownload.com
2013-05-25 15:46 . 2013-05-25 15:46 -------- d-----w- c:\program files\4KDownload
2013-05-25 13:28 . 2013-06-01 04:02 -------- d-----w- c:\users\phani\workspace
2013-05-25 12:36 . 2013-06-03 11:37 -------- d-----w- c:\users\phani\AppData\Roaming\Skype
2013-05-25 12:36 . 2013-05-25 12:36 -------- d-----w- c:\program files\Common Files\Skype
2013-05-25 12:36 . 2013-05-25 12:36 -------- d-----r- c:\program files\Skype
2013-05-25 12:36 . 2013-05-25 12:36 -------- d-----w- c:\programdata\Skype
2013-05-24 05:58 . 2013-05-24 05:58 -------- d-----w- c:\programdata\Western Digital
2013-05-24 05:47 . 2013-05-24 07:40 -------- d-----w- c:\users\phani\AppData\Roaming\Dev-Cpp
2013-05-24 05:46 . 2013-06-02 16:22 -------- d-----w- C:\Dev-Cpp
2013-05-22 04:12 . 2013-05-22 04:12 -------- d-----w- c:\users\phani\AppData\Roaming\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-01 20:36 . 2010-07-19 21:32 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2013-04-04 607744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
.
c:\users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2010-5-20 42168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-6 727592]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 12:04 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-25 17:11 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 17:01]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 17:01]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: DhcpNameServer = 123.176.37.38 123.176.37.36
FF - ProfilePath - c:\users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.university-world.com/Europe-Universities.html
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: IDM CC:
[email protected] - c:\users\phani\AppData\Roaming\IDM\idmmzcc3
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>
[email protected]:
[email protected] - %profile%\extensions\
[email protected]
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-06-04 20:23
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\sys_drv.dat 7028 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 10752 bytes executable
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(3724)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Completion time: 2013-06-04 20:28:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-04 14:58
ComboFix2.txt 2013-06-03 17:28
.
Pre-Run: 161,383,542,784 bytes free
Post-Run: 161,954,394,112 bytes free
.
- - End Of File - - 8A0937A52389B46B8EC1B452B80D5BCA