View Full Version : URGENT: no windows update & very slow PC
I am vising relatives and of course they asked me to fix their computer while I am here. It was loaded with virus and malware, and I got most of it off, but there must be some left, because Windows Update tells me i need IE5 and i had 7 and then went to 8 and still does the same thing and it is still running slow as hell with an occasional pop-up.
I am only here for another 2 days, so if someone can help me ASAP, it would be GREATLY appreciated.
TIA!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:14 PM, on 7/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1139400588\ee\AOLSoftware.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1139400588\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139400588\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139400588\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://orlie.myphotoalbum.com/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8827 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Thank you!
Attached and posted. (wasnt sure what you wanted)
DDS (Ver_09-06-26.01) - NTFSx86
Run by Eli Kohananoo at 23:42:25.07 on Tue 07/14/2009
Internet Explorer: 8.0.6001.18702
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [msctrl.exe] c:\program files\microsoft security adviser\msctrl.exe
uRun: [msavsc.exe] c:\program files\microsoft security adviser\msavsc.exe
uRun: [msscan.exe] c:\program files\microsoft security adviser\msscan.exe
uRun: [msiemon.exe] c:\program files\microsoft security adviser\msiemon.exe
uRun: [msfw.exe] c:\program files\microsoft security adviser\msfw.exe
uRun: [mssadv.exe]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [HostManager] c:\program files\common files\aol\1139400588\ee\AOLSoftware.exe
mRun: [CnxDslTaskBar] "c:\program files\conexant\accessrunner adsl\CnxDslTb.exe"
mRun: [msfw.exe] c:\program files\microsoft security adviser\msfw.exe
mRun: [mssadv.exe]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [msavsc.exe] c:\program files\microsoft security adviser\msavsc.exe
mRun: [msscan.exe] c:\program files\microsoft security adviser\msscan.exe
mRun: [msiemon.exe] c:\program files\microsoft security adviser\msiemon.exe
mRun: [msctrl.exe] c:\program files\microsoft security adviser\msctrl.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} - hxxp://orlie.myphotoalbum.com/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\elikoh~1\applic~1\mozilla\firefox\profiles\cei1zvij.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-07-13 13:05 <DIR> --d----- c:\program files\Trend Micro
2009-07-13 12:47 <DIR> --dsh--- c:\documents and settings\eli kohananoo\PrivacIE
2009-07-13 12:44 <DIR> --dsh--- c:\documents and settings\eli kohananoo\IETldCache
2009-07-13 06:16 <DIR> --d----- c:\windows\ie8updates
2009-07-13 05:56 <DIR> -cd-h--- c:\windows\ie8
2009-07-13 05:47 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 05:47 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 05:47 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-11 17:03 <DIR> --d----- c:\program files\CCleaner
2009-07-10 00:10 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-09 23:52 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-09 23:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-09 23:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-09 23:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-09 23:51 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 23:50 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-09 23:49 <DIR> --d----- c:\program files\AVG
2009-07-09 23:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-09 17:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-09 17:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
==================== Find3M ====================
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 14:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 14:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 04:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 21:55 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2008-10-26 02:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat
============= FINISH: 11:59:06.75 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/17/2006 7:30:31 AM
System Uptime: 7/15/2009 11:39:54 AM (0 hours ago)
Motherboard: Quanta | | 3093
Processor: AMD Turion(tm) 64 Mobile Technology ML-32 | U23 | 787/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 75 GiB total, 57.762 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP378: 11/27/2008 11:02:03 PM - Software Distribution Service 3.0
RP379: 12/13/2008 10:58:31 PM - Software Distribution Service 3.0
RP380: 12/24/2008 11:53:18 PM - Software Distribution Service 3.0
RP381: 1/22/2009 11:49:15 PM - Software Distribution Service 3.0
RP382: 2/17/2009 11:44:53 AM - Software Distribution Service 3.0
RP383: 2/18/2009 12:44:00 PM - Software Distribution Service 3.0
RP384: 2/19/2009 9:35:34 PM - Software Distribution Service 3.0
RP385: 3/5/2009 4:16:10 AM - Software Distribution Service 3.0
RP386: 3/15/2009 11:19:59 PM - Software Distribution Service 3.0
RP387: 3/22/2009 11:31:54 AM - System Checkpoint
RP388: 6/13/2009 10:23:44 PM - Software Distribution Service 3.0
RP389: 6/13/2009 11:13:13 PM - Software Distribution Service 3.0
RP390: 6/14/2009 1:46:14 PM - Software Distribution Service 3.0
RP391: 6/14/2009 2:30:55 PM - Software Distribution Service 3.0
RP392: 7/9/2009 2:53:13 PM - Installed Windows XP WgaNotify.
RP393: 7/9/2009 7:11:24 PM - Removed Adobe Reader 7.0
RP394: 7/9/2009 7:13:40 PM - Configured easy Internet sign-up
RP395: 7/9/2009 7:27:10 PM - Removed Norton Security Center
RP396: 7/9/2009 11:38:14 PM - Installed Adobe Reader 9.1.
RP397: 7/9/2009 11:49:36 PM - Installed AVG Free 8.5
RP398: 7/9/2009 11:49:54 PM - Installed Java(TM) 6 Update 13
RP399: 7/10/2009 12:11:27 AM - Avg8 Update
RP400: 7/11/2009 3:38:25 PM - System Checkpoint
RP401: 7/13/2009 6:02:03 AM - Installed Windows Internet Explorer 8.
RP402: 7/13/2009 6:11:32 AM - Software Distribution Service 3.0
RP403: 7/15/2009 11:56:21 AM - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 8.5
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Collapse! Deluxe
Conexant AC-Link Audio
Conexant AccessRunner USB ADSL WAN Adapter
Critical Update for Windows Media Player 11 (KB959772)
Cubis Deluxe
Data Fax SoftModem with SmartCP
ERUNT 1.1j
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Help and Support
HP Software Update
HP User Guides 0001
HP Wireless Assistant 1.01 A2
HpSdpAppCoreApp
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 13
Learn2 Player (Uninstall Only)
LS_HSI
Mah Jong Tiles Deluxe
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.0 - SE
Pure Networks Port Magic
Quick Launch Buttons 5.10 B2
QuickTime
RealPlayer Basic
SD Viewer for DSC
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TextTwist Deluxe
TIxx21
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Word Mojo Deluxe
Yahoo! Messenger
Zone Deluxe Games
==== Event Viewer Messages From Past Week ========
7/9/2009 3:29:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0014A5641778 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/9/2009 1:39:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service hpqwmi with arguments "-Service" in order to run the server: {7DC5B2D7-CACC-47F2-836E-4DF85F026072}
7/9/2009 1:39:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP WMI Interface service to connect.
7/9/2009 1:39:50 PM, error: Service Control Manager [7000] - The HP WMI Interface service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/13/2009 1:59:11 PM, error: Dhcp [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 0014A5641778 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/13/2009 1:27:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 AvgLdx86 AvgMfx86 eabfiltr Fips
7/11/2009 4:55:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX eabfiltr Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/11/2009 4:55:45 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2009 4:55:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2009 4:55:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2009 4:55:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2009 4:55:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/11/2009 4:55:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/11/2009 2:58:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor service to connect.
7/11/2009 2:58:04 PM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 0014A5641778 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Hi again,
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Logs are attached and pasted below.
In the future, do you want logs attached or pasted in?
Thanks so much, I will be leaving the computer in less 24 hours and wont be back anymore, so the next time please give as much info as you can and i will do my best to clean as well as possible given the time constraint.
Thanks!
ComboFix 09-07-14.08 - Eli Kohananoo 07/16/2009 4:19.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.101 [GMT -7:00]
Running from: c:\documents and settings\Eli Kohananoo\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\recycler\S-1-5-21-3403113249-1826735100-932201801-500
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 08:28 . 2009-07-16 08:28 -------- d-----w- c:\documents and settings\Eli Kohananoo\Application Data\Malwarebytes
2009-07-16 08:25 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 08:25 . 2009-07-16 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-16 08:25 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 08:25 . 2009-07-16 08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 21:49 . 2009-07-13 21:49 -------- d-----w- c:\documents and settings\Eli Kohananoo\Local Settings\Application Data\Mozilla
2009-07-13 20:16 . 2009-07-13 20:16 -------- d-----w- c:\program files\ERUNT
2009-07-13 20:05 . 2009-07-13 20:05 -------- d-----w- c:\program files\Trend Micro
2009-07-13 19:47 . 2009-07-13 19:47 -------- d-sh--w- c:\documents and settings\Eli Kohananoo\PrivacIE
2009-07-13 19:44 . 2009-07-13 19:44 -------- d-sh--w- c:\documents and settings\Eli Kohananoo\IETldCache
2009-07-13 13:16 . 2009-07-13 13:16 -------- d-----w- c:\windows\ie8updates
2009-07-13 12:56 . 2009-07-13 13:08 -------- dc-h--w- c:\windows\ie8
2009-07-13 12:47 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 12:47 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 12:47 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-12 00:03 . 2009-07-12 00:03 -------- d-----w- c:\program files\CCleaner
2009-07-10 07:10 . 2009-07-16 10:10 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-10 06:52 . 2009-07-10 06:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-10 06:52 . 2009-07-10 06:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-10 06:52 . 2009-07-10 06:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-10 06:51 . 2009-07-10 06:51 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-10 06:51 . 2009-07-10 06:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-10 06:50 . 2009-07-16 08:22 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-10 06:49 . 2009-07-10 06:49 -------- d-----w- c:\program files\AVG
2009-07-10 06:49 . 2009-07-11 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-10 06:49 . 2009-07-10 06:49 152576 ----a-w- c:\documents and settings\Eli Kohananoo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-10 00:47 . 2009-07-12 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-10 00:47 . 2009-07-10 00:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-16 14:36 . 2009-06-16 14:36 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 06:50 . 2005-04-29 08:52 -------- d-----w- c:\program files\Java
2009-07-10 06:39 . 2006-05-13 02:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-10 02:31 . 2005-04-29 09:29 -------- d-----w- c:\program files\Symantec
2009-07-10 02:31 . 2005-04-29 09:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-10 02:31 . 2005-04-29 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-10 02:08 . 2006-01-17 17:06 -------- d-----w- c:\program files\Common Files\aolshare
2009-07-10 01:06 . 2006-01-17 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:15 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 08:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-04 08:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 13:26 . 2009-07-13 21:44 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2004-08-04 08:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 08:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[-] 2004-08-04 08:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-04 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-04 08:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[-] 2004-08-04 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 08:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 08:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[-] 2004-08-04 08:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 08:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[-] 2004-08-04 08:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[-] 2004-08-04 08:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2004-08-04 08:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[-] 2004-08-04 08:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[-] 2004-08-04 08:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 08:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 08:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\kbdclass.sys
[-] 2004-08-04 08:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\system32\comres.dll
[-] 2004-08-04 08:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\system32\lpk.dll
[-] 2004-08-04 08:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys
[-] 2004-08-04 08:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 08:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\system32\mfc40u.dll
[-] 2004-08-04 08:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\system32\msgsvc.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 08:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\system32\comctl32.dll
[-] 2004-08-04 08:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 08:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-04 08:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys
[-] 2004-08-04 08:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\system32\sfc.dll
[-] 2004-08-04 08:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 08:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\system32\rasauto.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-17 26112]
"HostManager"="c:\program files\Common Files\AOL\1139400588\ee\AOLSoftware.exe" [2006-09-26 50736]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-10 1948440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-10 06:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139400588\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\Program Files\\America Online 9.0d\\waol.exe"=
"c:\\Program Files\\America Online 9.0e\\waol.exe"=
"c:\\Program Files\\America Online 9.0f\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/9/2009 11:51 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/9/2009 11:52 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/9/2009 11:49 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/9/2009 11:49 PM 298776]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 1:00 AM 14336]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 8:18 AM 200192]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [5/12/2006 7:41 PM 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [5/12/2006 7:40 PM 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [5/12/2006 7:41 PM 108675]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} - hxxp://orlie.myphotoalbum.com/ImageUploader4.cab
FF - ProfilePath - c:\documents and settings\Eli Kohananoo\Application Data\Mozilla\Firefox\Profiles\cei1zvij.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 04:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?2?3?0??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-16 4:31
ComboFix-quarantined-files.txt 2009-07-16 11:31
Pre-Run: 62,417,477,632 bytes free
Post-Run: 62,389,231,616 bytes free
320 --- E O F --- 2009-07-15 19:06
DDS (Ver_09-06-26.01) - NTFSx86
Run by Eli Kohananoo at 5:56:27.68 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.66 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1139400588\ee\AOLSoftware.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1139400588\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139400588\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eli Kohananoo\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [HostManager] c:\program files\common files\aol\1139400588\ee\AOLSoftware.exe
mRun: [CnxDslTaskBar] "c:\program files\conexant\accessrunner adsl\CnxDslTb.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} - hxxp://orlie.myphotoalbum.com/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\elikoh~1\applic~1\mozilla\firefox\profiles\cei1zvij.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-9 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-9 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-9 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-9 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-9 298776]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2006-5-12 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2006-5-12 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2006-5-12 108675]
=============== Created Last 30 ================
2009-07-16 04:03 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-16 03:53 <DIR> a-dshr-- C:\cmdcons
2009-07-16 03:50 219,648 a------- c:\windows\PEV.exe
2009-07-16 03:50 161,792 a------- c:\windows\SWREG.exe
2009-07-16 03:50 98,816 a------- c:\windows\sed.exe
2009-07-16 01:28 <DIR> --d----- c:\docume~1\elikoh~1\applic~1\Malwarebytes
2009-07-16 01:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 01:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-16 01:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-16 01:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 13:05 <DIR> --d----- c:\program files\Trend Micro
2009-07-13 12:47 <DIR> --dsh--- c:\documents and settings\eli kohananoo\PrivacIE
2009-07-13 12:44 <DIR> --dsh--- c:\documents and settings\eli kohananoo\IETldCache
2009-07-13 06:16 <DIR> --d----- c:\windows\ie8updates
2009-07-13 05:56 <DIR> -cd-h--- c:\windows\ie8
2009-07-13 05:47 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 05:47 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 05:47 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-11 17:03 <DIR> --d----- c:\program files\CCleaner
2009-07-10 00:10 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-09 23:52 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-09 23:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-09 23:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-09 23:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-09 23:51 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 23:50 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-09 23:49 <DIR> --d----- c:\program files\AVG
2009-07-09 23:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-09 17:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-09 17:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
==================== Find3M ====================
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-12 22:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 14:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 14:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 04:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 21:55 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-26 02:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat
============= FINISH: 5:57:12.09 ===============
forgot the Malwarebytes log:
Malwarebytes' Anti-Malware 1.39
Database version: 2438
Windows 5.1.2600 Service Pack 3
7/16/2009 3:36:58 AM
mbam-log-2009-07-16 (03-36-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 163400
Time elapsed: 1 hour(s), 25 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP398\A0088567.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP399\A0088589.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP400\A0089655.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP400\A0089656.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Hi,
In the future, do you want logs attached or pasted in?
Pasted. Sorry for not answering that in previous post :oops:
Uninstall following vulnerable Java:
J2SE Runtime Environment 5.0 Update 2
Get update 9.1.2 for Adobe Reader here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Will be leaving this computer for good in less than 12 hours, so this will probably be my last log post. Give me as much info as you can on what to do this time.
Also, the AOL spyware protection is finding someting called "Bifrost" and is blcoking it. just FYI.
Thanks again!
ComboFix log:
ComboFix 09-07-14.08 - Eli Kohananoo 07/16/2009 16:28.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.107 [GMT -7:00]
Running from: c:\documents and settings\Eli Kohananoo\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Eli Kohananoo\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 13:11 . 2009-07-16 13:15 -------- d-----w- c:\windows\system32\Adobe
2009-07-16 08:28 . 2009-07-16 08:28 -------- d-----w- c:\documents and settings\Eli Kohananoo\Application Data\Malwarebytes
2009-07-16 08:25 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 08:25 . 2009-07-16 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-16 08:25 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 08:25 . 2009-07-16 08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 21:49 . 2009-07-13 21:49 -------- d-----w- c:\documents and settings\Eli Kohananoo\Local Settings\Application Data\Mozilla
2009-07-13 20:16 . 2009-07-13 20:16 -------- d-----w- c:\program files\ERUNT
2009-07-13 20:05 . 2009-07-13 20:05 -------- d-----w- c:\program files\Trend Micro
2009-07-13 19:47 . 2009-07-13 19:47 -------- d-sh--w- c:\documents and settings\Eli Kohananoo\PrivacIE
2009-07-13 19:44 . 2009-07-13 19:44 -------- d-sh--w- c:\documents and settings\Eli Kohananoo\IETldCache
2009-07-13 13:16 . 2009-07-13 13:16 -------- d-----w- c:\windows\ie8updates
2009-07-13 12:56 . 2009-07-13 13:08 -------- dc-h--w- c:\windows\ie8
2009-07-13 12:47 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 12:47 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 12:47 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-12 00:03 . 2009-07-12 00:03 -------- d-----w- c:\program files\CCleaner
2009-07-10 07:10 . 2009-07-16 10:10 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-10 06:52 . 2009-07-10 06:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-10 06:52 . 2009-07-10 06:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-10 06:52 . 2009-07-10 06:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-10 06:51 . 2009-07-10 06:51 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-10 06:51 . 2009-07-10 06:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-10 06:50 . 2009-07-16 22:50 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-10 06:49 . 2009-07-10 06:49 -------- d-----w- c:\program files\AVG
2009-07-10 06:49 . 2009-07-11 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-10 06:49 . 2009-07-10 06:49 152576 ----a-w- c:\documents and settings\Eli Kohananoo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-10 00:47 . 2009-07-12 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-10 00:47 . 2009-07-10 00:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 23:17 . 2005-04-29 08:52 -------- d-----w- c:\program files\Java
2009-07-10 06:39 . 2006-05-13 02:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-10 02:31 . 2005-04-29 09:29 -------- d-----w- c:\program files\Symantec
2009-07-10 02:31 . 2005-04-29 09:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-10 02:31 . 2005-04-29 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-10 02:08 . 2006-01-17 17:06 -------- d-----w- c:\program files\Common Files\aolshare
2009-07-10 01:06 . 2006-01-17 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:15 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 08:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-24 13:26 . 2009-07-13 21:44 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2004-08-04 08:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 08:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[-] 2004-08-04 08:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-04 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-04 08:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[-] 2004-08-04 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 08:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 08:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[-] 2004-08-04 08:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 08:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[-] 2004-08-04 08:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[-] 2004-08-04 08:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2004-08-04 08:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[-] 2004-08-04 08:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[-] 2004-08-04 08:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 08:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 08:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\kbdclass.sys
[-] 2004-08-04 08:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\system32\comres.dll
[-] 2004-08-04 08:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\system32\lpk.dll
[-] 2004-08-04 08:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys
[-] 2004-08-04 08:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 08:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\system32\mfc40u.dll
[-] 2004-08-04 08:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\system32\msgsvc.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 08:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\system32\comctl32.dll
[-] 2004-08-04 08:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 08:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-04 08:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys
[-] 2004-08-04 08:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\system32\sfc.dll
[-] 2004-08-04 08:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 08:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\system32\rasauto.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-16_11.27.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-16 23:22 . 2009-07-16 23:22 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
+ 2009-07-13 20:59 . 2009-07-16 13:03 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-07-13 20:59 . 2009-07-13 20:59 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-16 13:11 . 2009-07-16 13:11 78566 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-06-04 12:15 . 2009-06-04 12:15 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-06-04 12:17 . 2009-06-04 12:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-06-04 12:15 . 2009-06-04 12:15 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-06-05 11:38 . 2009-06-05 11:38 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
+ 2009-06-04 12:17 . 2009-06-04 12:17 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-06-04 12:16 . 2009-06-04 12:16 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-06-05 11:34 . 2009-06-05 11:34 714752 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-06-04 12:15 . 2009-06-04 12:15 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-06-05 11:38 . 2009-06-05 11:38 202168 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-06-04 12:17 . 2009-06-04 12:17 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-01-18 23:05 . 2009-01-18 23:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-06-04 11:51 . 2009-06-04 11:51 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-06-04 11:55 . 2009-06-04 11:55 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-07-16 22:53 . 2009-07-16 22:53 6653952 c:\windows\Installer\283756b.msp
+ 2008-12-18 23:48 . 2008-12-18 23:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 23:37 . 2009-02-27 23:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-17 26112]
"HostManager"="c:\program files\Common Files\AOL\1139400588\ee\AOLSoftware.exe" [2006-09-26 50736]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-10 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-10 06:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139400588\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\Program Files\\America Online 9.0d\\waol.exe"=
"c:\\Program Files\\America Online 9.0e\\waol.exe"=
"c:\\Program Files\\America Online 9.0f\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/9/2009 11:51 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/9/2009 11:52 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/9/2009 11:49 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/9/2009 11:49 PM 298776]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 1:00 AM 14336]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 8:18 AM 200192]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [5/12/2006 7:41 PM 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [5/12/2006 7:40 PM 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [5/12/2006 7:41 PM 108675]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} - hxxp://orlie.myphotoalbum.com/ImageUploader4.cab
FF - ProfilePath - c:\documents and settings\Eli Kohananoo\Application Data\Mozilla\Firefox\Profiles\cei1zvij.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 16:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?2?3?0??p???? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-16 16:39
ComboFix-quarantined-files.txt 2009-07-16 23:39
ComboFix2.txt 2009-07-16 11:31
Pre-Run: 62,351,532,032 bytes free
Post-Run: 62,326,116,352 bytes free
336 --- E O F --- 2009-07-15 19:06
DDS Log:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Eli Kohananoo at 16:43:26.95 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.52 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1139400588\ee\AOLSoftware.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
c:\program files\common files\aol\1139400588\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139400588\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eli Kohananoo\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [HostManager] c:\program files\common files\aol\1139400588\ee\AOLSoftware.exe
mRun: [CnxDslTaskBar] "c:\program files\conexant\accessrunner adsl\CnxDslTb.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_13.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} - hxxp://orlie.myphotoalbum.com/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\elikoh~1\applic~1\mozilla\firefox\profiles\cei1zvij.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-9 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-9 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-9 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-9 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-9 298776]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2006-5-12 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2006-5-12 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2006-5-12 108675]
=============== Created Last 30 ================
2009-07-16 06:11 <DIR> --d----- c:\windows\system32\Adobe
2009-07-16 04:03 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-16 03:53 <DIR> a-dshr-- C:\cmdcons
2009-07-16 03:50 219,648 a------- c:\windows\PEV.exe
2009-07-16 03:50 161,792 a------- c:\windows\SWREG.exe
2009-07-16 03:50 98,816 a------- c:\windows\sed.exe
2009-07-16 01:28 <DIR> --d----- c:\docume~1\elikoh~1\applic~1\Malwarebytes
2009-07-16 01:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 01:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-16 01:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-16 01:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 13:05 <DIR> --d----- c:\program files\Trend Micro
2009-07-13 12:47 <DIR> --dsh--- c:\documents and settings\eli kohananoo\PrivacIE
2009-07-13 12:44 <DIR> --dsh--- c:\documents and settings\eli kohananoo\IETldCache
2009-07-13 06:16 <DIR> --d----- c:\windows\ie8updates
2009-07-13 05:56 <DIR> -cd-h--- c:\windows\ie8
2009-07-13 05:47 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 05:47 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 05:47 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-11 17:03 <DIR> --d----- c:\program files\CCleaner
2009-07-10 00:10 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-09 23:52 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-09 23:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-09 23:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-09 23:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-09 23:51 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 23:50 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-09 23:49 <DIR> --d----- c:\program files\AVG
2009-07-09 23:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-09 17:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-09 17:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
==================== Find3M ====================
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-12 22:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 14:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 14:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 04:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 21:55 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-26 02:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat
============= FINISH: 16:44:02.54 ===============
Hi,
Still waiting for that Kaspersky online scanner report ;)
Also, the AOL spyware protection is finding someting called "Bifrost" and is blcoking it. just FYI.
Where it is located in?
i already left the computer. it was not perfect, but in much better shape then when we started so...thank you.
i wish we could have finished it, but time did not allow.
Thanks again for all your help!
Too bad. I'd liked to make sure system is totally clean.
Glad I could help anyway.