Steenberg
2009-09-04, 12:24
I have been having a continuous problem when surfing the net and more browser with adverts stay opening up in seperate tab i have run combofix and my log is below can someone pls assist me with this thank you
ComboFix 09-09-03.02 - User 2009/09/04 10:43.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.27.1033.18.2939.1458 [GMT 2:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\PlayMP3z
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\program files\ValueableShoppingTips
c:\program files\ValueableShoppingTips\uninstall.exe
c:\program files\ValueableShoppingTips\ValueableShoppingTips.dll
c:\users\User\AppData\Roaming\.#
c:\users\User\AppData\Roaming\.#\MBX@1154@1FC2950.###
c:\users\User\AppData\Roaming\.#\MBX@1154@1FC2980.###
c:\users\User\AppData\Roaming\.#\MBX@1154@1FC29A0.###
c:\users\User\AppData\Roaming\.#\MBX@1154@1FC29B0.###
c:\users\User\AppData\Roaming\.#\MBX@12C8@D92950.###
c:\users\User\AppData\Roaming\.#\MBX@12C8@D92980.###
c:\users\User\AppData\Roaming\.#\MBX@12C8@D929A0.###
c:\users\User\AppData\Roaming\.#\MBX@12C8@D929B0.###
c:\users\User\AppData\Roaming\.#\MBX@12D8@BB2950.###
c:\users\User\AppData\Roaming\.#\MBX@12D8@BB2980.###
c:\users\User\AppData\Roaming\.#\MBX@12D8@BB29A0.###
c:\users\User\AppData\Roaming\.#\MBX@12D8@BB29B0.###
c:\users\User\AppData\Roaming\.#\MBX@14C8@CB2950.###
c:\users\User\AppData\Roaming\.#\MBX@14C8@CB2980.###
c:\users\User\AppData\Roaming\.#\MBX@14C8@CB29A0.###
c:\users\User\AppData\Roaming\.#\MBX@14C8@CB29B0.###
c:\users\User\AppData\Roaming\.#\MBX@17B0@C82950.###
c:\users\User\AppData\Roaming\.#\MBX@17B0@C82980.###
c:\users\User\AppData\Roaming\.#\MBX@17B0@C829A0.###
c:\users\User\AppData\Roaming\.#\MBX@17B0@C829B0.###
c:\users\User\AppData\Roaming\.#\MBX@197C@1E52950.###
c:\users\User\AppData\Roaming\.#\MBX@197C@1E52980.###
c:\users\User\AppData\Roaming\.#\MBX@197C@1E529A0.###
c:\users\User\AppData\Roaming\.#\MBX@197C@1E529B0.###
c:\users\User\AppData\Roaming\.#\MBX@1BC0@A72950.###
c:\users\User\AppData\Roaming\.#\MBX@1BC0@A72980.###
c:\users\User\AppData\Roaming\.#\MBX@1BC0@A729A0.###
c:\users\User\AppData\Roaming\.#\MBX@1BC0@A729B0.###
c:\users\User\AppData\Roaming\.#\MBX@1F08@19D2950.###
c:\users\User\AppData\Roaming\.#\MBX@1F08@19D2980.###
c:\users\User\AppData\Roaming\.#\MBX@1F08@19D29A0.###
c:\users\User\AppData\Roaming\.#\MBX@1F08@19D29B0.###
c:\users\User\AppData\Roaming\.#\MBX@68C@B92950.###
c:\users\User\AppData\Roaming\.#\MBX@68C@B92980.###
c:\users\User\AppData\Roaming\.#\MBX@68C@B929A0.###
c:\users\User\AppData\Roaming\.#\MBX@68C@B929B0.###
c:\users\User\AppData\Roaming\.#\MBX@7C0@D62950.###
c:\users\User\AppData\Roaming\.#\MBX@7C0@D62980.###
c:\users\User\AppData\Roaming\.#\MBX@7C0@D629A0.###
c:\users\User\AppData\Roaming\.#\MBX@7C0@D629B0.###
c:\users\User\AppData\Roaming\.#\MBX@C74@BC2950.###
c:\users\User\AppData\Roaming\.#\MBX@C74@BC2980.###
c:\users\User\AppData\Roaming\.#\MBX@C74@BC29A0.###
c:\users\User\AppData\Roaming\.#\MBX@C74@BC29B0.###
c:\users\User\AppData\Roaming\.#\MBX@F34@E72950.###
c:\users\User\AppData\Roaming\.#\MBX@F34@E72980.###
c:\users\User\AppData\Roaming\.#\MBX@F34@E729A0.###
c:\users\User\AppData\Roaming\.#\MBX@F34@E729B0.###
c:\windows\icon.ico
c:\windows\Installer\412678.msi
c:\windows\Installer\412679.msp
c:\windows\Installer\7b658.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.
2009-09-04 08:56 . 2009-09-04 08:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-04 08:40 . 2009-09-04 08:40 318976 ----a-w- c:\windows\system32\CF29519.exe
2009-09-03 17:08 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-03 17:08 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-03 17:08 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-03 17:08 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-03 17:08 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-03 17:08 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-03 17:08 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-03 17:08 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-03 17:08 . 2009-09-03 17:08 -------- d-----w- c:\program files\Alwil Software
2009-09-02 20:12 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 20:12 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 18:26 . 2009-09-01 18:26 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-01 18:23 . 2009-09-01 18:23 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-01 18:23 . 2009-09-01 18:23 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-01 18:12 . 2009-09-01 18:12 -------- d-----w- c:\users\User\AppData\Roaming\HP
2009-09-01 18:12 . 2009-09-01 18:12 -------- d-----w- c:\programdata\WEBREG
2009-09-01 18:09 . 2009-09-01 18:09 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-30 10:51 . 2009-08-30 10:51 -------- d-----w- c:\program files\Folding@home
2009-08-28 12:10 . 2009-08-28 12:10 -------- d-----w- c:\users\User\AppData\Roaming\HpUpdate
2009-08-28 12:09 . 2009-08-28 12:09 -------- d-----w- c:\windows\Hewlett-Packard
2009-08-27 07:13 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 10:28 . 2009-09-03 14:10 -------- d-----w- c:\users\User\AppData\Local\Deployment
2009-08-26 10:28 . 2009-08-26 10:28 -------- d-----w- c:\users\User\AppData\Local\Apps
2009-08-25 14:50 . 2009-08-25 14:50 -------- d-----w- c:\programdata\HPSSUPPLY
2009-08-25 14:48 . 2009-08-25 14:48 -------- d-----w- c:\programdata\HP Product Assistant
2009-08-25 14:45 . 2009-08-25 14:45 -------- d-----w- c:\program files\Common Files\HP
2009-08-25 14:43 . 2007-03-30 15:11 267864 ----a-w- c:\windows\system32\hpzids01.dll
2009-08-25 14:43 . 2007-03-28 12:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2009-08-25 14:41 . 2009-08-25 14:50 -------- d-----w- c:\program files\HP
2009-08-25 14:40 . 2009-09-01 18:12 137655 ----a-w- c:\windows\HPHins15.dat
2009-08-25 14:39 . 2009-09-01 18:10 -------- d-----w- c:\programdata\HP
2009-08-23 16:00 . 2009-08-23 16:00 -------- d-----w- c:\program files\EA Games
2009-08-13 07:32 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-13 07:32 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-13 07:32 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-13 07:32 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-13 07:32 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 07:32 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-13 07:32 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-13 07:32 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 05:10 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 05:10 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 05:10 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 05:10 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 05:10 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 05:09 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 05:09 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 05:09 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-10 05:45 . 2009-08-10 05:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-08 09:54 . 2009-08-08 09:54 -------- d-----w- c:\windows\Applian FLV Player
2009-08-08 09:54 . 2009-08-08 09:54 -------- d-----w- c:\program files\FLV Player
2009-08-07 19:28 . 2009-08-07 19:29 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-07 18:34 . 2009-08-07 18:34 -------- d-----w- c:\users\User\AppData\Local\Seven Zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 08:43 . 2009-07-25 23:32 -------- d-----w- c:\users\User\AppData\Roaming\Folding@home-x86
2009-09-03 17:24 . 2009-03-10 18:49 -------- d-----w- c:\programdata\Kaspersky Lab
2009-09-03 17:21 . 2009-06-02 14:24 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-03 16:59 . 2009-03-13 17:39 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2009-09-01 18:03 . 2009-05-10 17:45 -------- d-----w- c:\programdata\Lx_cats
2009-09-01 14:37 . 2009-06-02 20:07 -------- d-----w- c:\users\User\AppData\Roaming\FrostWire
2009-08-31 13:02 . 2009-04-21 17:09 1356 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2009-08-26 10:28 . 2009-03-05 13:13 115520 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-23 16:00 . 2008-08-07 16:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 01:01 . 2008-08-07 16:58 -------- d-----w- c:\programdata\Microsoft Help
2009-08-16 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 05:52 . 2009-07-17 12:50 -------- d-----w- c:\users\User\AppData\Roaming\SoundSpectrum
2009-08-10 05:52 . 2009-07-17 12:49 -------- d-----w- c:\program files\SoundSpectrum
2009-08-07 20:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-08-07 18:34 . 2009-03-14 10:47 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2009-07-25 07:29 . 2009-07-25 07:29 -------- d-----w- c:\users\User\AppData\Roaming\CoSoSys
2009-07-21 21:52 . 2009-07-29 15:01 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 15:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 15:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 15:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 16:06 . 2009-07-21 15:19 -------- d-----w- c:\users\User\AppData\Roaming\SecondLife
2009-07-20 16:11 . 2009-07-20 16:11 -------- d-----w- c:\program files\Microsoft
2009-07-20 16:11 . 2009-07-20 16:11 -------- d-----w- c:\program files\Windows Live
2009-07-20 16:11 . 2009-07-20 16:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-20 15:55 . 2009-07-20 15:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-18 09:13 . 2009-07-18 09:13 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-18 09:13 . 2009-07-18 09:13 -------- d-----w- c:\program files\DoubleD
2009-07-16 18:06 . 2009-07-16 17:57 -------- d-----w- c:\program files\FrostWire
2009-07-16 17:46 . 2006-11-02 07:26 15819776 ----a-w- c:\windows\system32\imageres.dll
2009-07-07 17:58 . 2009-07-07 16:56 -------- d-----w- c:\program files\Cheat Engine
2009-06-15 15:24 . 2009-07-15 19:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 19:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 19:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 19:27 289792 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-07 68856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-16 251264]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{535175C5-BBC8-494F-9E9B-D5E1AA64C584}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{81E636B4-8207-4C99-B472-D0CF98218006}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"{E8824DFC-D0CD-4FA2-870E-68EE70CA2830}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D40D1A83-53D1-4F40-89F5-F5D78DF12CEB}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{5B42D908-9039-435C-8680-A288A5527BDD}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{D81B080A-1145-4C6B-A150-2FAB4747FB77}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{AA57133E-CC9E-43B0-8961-09B3AB986CBD}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{305B9E5E-0564-40B6-8BB8-41FB074E5EFD}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{68DF2F90-906C-4E1B-B8A7-30D2B2068AA5}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{0B92FD6F-40AA-43E1-AC18-F2604F9071BA}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{D8D89E99-A928-4AEE-B941-12147E2BF091}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{8DB78070-8E07-4D87-AAFB-64211521B6F2}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{F35318FD-9DD3-4FBD-AA6E-9E23F2F45CDD}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{EC3EBF0F-7610-4BEA-8DDD-257875AFDDED}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{276CA7B1-932B-4F4F-A0ED-99591D559532}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"TCP Query User{8E294498-62F2-4439-817A-71844792C2FB}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"UDP Query User{1542A4B6-D5D4-4DEB-9E31-E43899FC4B27}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{4C57015B-5076-445E-96B7-A51D054E15CD}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{FDB6A588-B07E-467F-BFBC-6AB847961490}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5EB0ED56-C706-4218-9BAB-18B44A65508D}"= Disabled:UDP:c:\users\User\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe:IncrediMail Installer
"{420BF2DC-9C5D-4B6D-935E-A3B23C966922}"= Disabled:TCP:c:\users\User\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe:IncrediMail Installer
"TCP Query User{8E08C13C-30F9-41D5-AE9B-5B6655530056}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{8B0E4EFE-2864-47D4-B63E-64972DB3AE28}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{D85881EF-FAAA-4FD7-8A69-4136CFE18D36}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CB6C466B-6C0E-49AC-9C10-9D1E5D94F565}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B258806E-EC36-4E82-A6ED-85A80313C0DC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E948C6AB-82BA-40BD-A81F-252DC3DC12AC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{59DA9FAC-0A73-4EEA-9265-0B5766E328FB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{09FD8EA4-A8C0-42C8-A417-BD20C0EE4646}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer renegade(tm)\\renegade\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer renegade(tm)\renegade\game.exe:Renegade
"UDP Query User{7CACA564-8A84-4D62-8135-8600944E1407}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer renegade(tm)\\renegade\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer renegade(tm)\renegade\game.exe:Renegade
"{9BA6992A-21EE-4DE5-B834-7B1023878BF3}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{DD88159F-E7D1-4BAE-9323-3EA5CC700DAA}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{2357421F-F4A7-47EF-9DDF-A48E44A438E4}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{50CCD186-406D-4B3F-9ADB-730326B687DF}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009/09/03 07:08 PM 114768]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2009/03/05 03:19 PM 25896]
R1 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\System32\drivers\tcpz-x86d.sys [2009/06/13 03:26 PM 12136]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009/09/03 07:08 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009/09/03 07:08 PM 53328]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008/04/17 01:19 AM 40960]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008/04/24 11:21 AM 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008/02/06 04:12 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2008/08/07 06:24 PM 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [2008/08/07 06:23 PM 290304]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008/04/24 06:35 PM 73728]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008/08/07 06:54 PM 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} - hxxps://www.polimerchant.co.za/ewcustomer/POLiPayOnline.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fncxc0r0.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=IMFSJUL09FFAB&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fncxc0r0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fncxc0r0.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fncxc0r0.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 10:56
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-09-04 11:00
ComboFix-quarantined-files.txt 2009-09-04 09:00
Pre-Run: 26*248*581*120 bytes free
Post-Run: 26*332*766*208 bytes free
354 --- E O F --- 2009-09-03 04:25
ComboFix 09-09-03.02 - User 2009/09/04 10:43.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.27.1033.18.2939.1458 [GMT 2:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\PlayMP3z
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\program files\ValueableShoppingTips
c:\program files\ValueableShoppingTips\uninstall.exe
c:\program files\ValueableShoppingTips\ValueableShoppingTips.dll
c:\users\User\AppData\Roaming\.#
c:\users\User\AppData\Roaming\.#\MBX@1154@1FC2950.###
c:\users\User\AppData\Roaming\.#\MBX@1154@1FC2980.###
c:\users\User\AppData\Roaming\.#\MBX@1154@1FC29A0.###
c:\users\User\AppData\Roaming\.#\MBX@1154@1FC29B0.###
c:\users\User\AppData\Roaming\.#\MBX@12C8@D92950.###
c:\users\User\AppData\Roaming\.#\MBX@12C8@D92980.###
c:\users\User\AppData\Roaming\.#\MBX@12C8@D929A0.###
c:\users\User\AppData\Roaming\.#\MBX@12C8@D929B0.###
c:\users\User\AppData\Roaming\.#\MBX@12D8@BB2950.###
c:\users\User\AppData\Roaming\.#\MBX@12D8@BB2980.###
c:\users\User\AppData\Roaming\.#\MBX@12D8@BB29A0.###
c:\users\User\AppData\Roaming\.#\MBX@12D8@BB29B0.###
c:\users\User\AppData\Roaming\.#\MBX@14C8@CB2950.###
c:\users\User\AppData\Roaming\.#\MBX@14C8@CB2980.###
c:\users\User\AppData\Roaming\.#\MBX@14C8@CB29A0.###
c:\users\User\AppData\Roaming\.#\MBX@14C8@CB29B0.###
c:\users\User\AppData\Roaming\.#\MBX@17B0@C82950.###
c:\users\User\AppData\Roaming\.#\MBX@17B0@C82980.###
c:\users\User\AppData\Roaming\.#\MBX@17B0@C829A0.###
c:\users\User\AppData\Roaming\.#\MBX@17B0@C829B0.###
c:\users\User\AppData\Roaming\.#\MBX@197C@1E52950.###
c:\users\User\AppData\Roaming\.#\MBX@197C@1E52980.###
c:\users\User\AppData\Roaming\.#\MBX@197C@1E529A0.###
c:\users\User\AppData\Roaming\.#\MBX@197C@1E529B0.###
c:\users\User\AppData\Roaming\.#\MBX@1BC0@A72950.###
c:\users\User\AppData\Roaming\.#\MBX@1BC0@A72980.###
c:\users\User\AppData\Roaming\.#\MBX@1BC0@A729A0.###
c:\users\User\AppData\Roaming\.#\MBX@1BC0@A729B0.###
c:\users\User\AppData\Roaming\.#\MBX@1F08@19D2950.###
c:\users\User\AppData\Roaming\.#\MBX@1F08@19D2980.###
c:\users\User\AppData\Roaming\.#\MBX@1F08@19D29A0.###
c:\users\User\AppData\Roaming\.#\MBX@1F08@19D29B0.###
c:\users\User\AppData\Roaming\.#\MBX@68C@B92950.###
c:\users\User\AppData\Roaming\.#\MBX@68C@B92980.###
c:\users\User\AppData\Roaming\.#\MBX@68C@B929A0.###
c:\users\User\AppData\Roaming\.#\MBX@68C@B929B0.###
c:\users\User\AppData\Roaming\.#\MBX@7C0@D62950.###
c:\users\User\AppData\Roaming\.#\MBX@7C0@D62980.###
c:\users\User\AppData\Roaming\.#\MBX@7C0@D629A0.###
c:\users\User\AppData\Roaming\.#\MBX@7C0@D629B0.###
c:\users\User\AppData\Roaming\.#\MBX@C74@BC2950.###
c:\users\User\AppData\Roaming\.#\MBX@C74@BC2980.###
c:\users\User\AppData\Roaming\.#\MBX@C74@BC29A0.###
c:\users\User\AppData\Roaming\.#\MBX@C74@BC29B0.###
c:\users\User\AppData\Roaming\.#\MBX@F34@E72950.###
c:\users\User\AppData\Roaming\.#\MBX@F34@E72980.###
c:\users\User\AppData\Roaming\.#\MBX@F34@E729A0.###
c:\users\User\AppData\Roaming\.#\MBX@F34@E729B0.###
c:\windows\icon.ico
c:\windows\Installer\412678.msi
c:\windows\Installer\412679.msp
c:\windows\Installer\7b658.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.
2009-09-04 08:56 . 2009-09-04 08:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-04 08:40 . 2009-09-04 08:40 318976 ----a-w- c:\windows\system32\CF29519.exe
2009-09-03 17:08 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-03 17:08 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-03 17:08 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-03 17:08 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-03 17:08 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-03 17:08 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-03 17:08 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-03 17:08 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-03 17:08 . 2009-09-03 17:08 -------- d-----w- c:\program files\Alwil Software
2009-09-02 20:12 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 20:12 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 18:26 . 2009-09-01 18:26 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-01 18:23 . 2009-09-01 18:23 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-01 18:23 . 2009-09-01 18:23 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-01 18:12 . 2009-09-01 18:12 -------- d-----w- c:\users\User\AppData\Roaming\HP
2009-09-01 18:12 . 2009-09-01 18:12 -------- d-----w- c:\programdata\WEBREG
2009-09-01 18:09 . 2009-09-01 18:09 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-30 10:51 . 2009-08-30 10:51 -------- d-----w- c:\program files\Folding@home
2009-08-28 12:10 . 2009-08-28 12:10 -------- d-----w- c:\users\User\AppData\Roaming\HpUpdate
2009-08-28 12:09 . 2009-08-28 12:09 -------- d-----w- c:\windows\Hewlett-Packard
2009-08-27 07:13 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 10:28 . 2009-09-03 14:10 -------- d-----w- c:\users\User\AppData\Local\Deployment
2009-08-26 10:28 . 2009-08-26 10:28 -------- d-----w- c:\users\User\AppData\Local\Apps
2009-08-25 14:50 . 2009-08-25 14:50 -------- d-----w- c:\programdata\HPSSUPPLY
2009-08-25 14:48 . 2009-08-25 14:48 -------- d-----w- c:\programdata\HP Product Assistant
2009-08-25 14:45 . 2009-08-25 14:45 -------- d-----w- c:\program files\Common Files\HP
2009-08-25 14:43 . 2007-03-30 15:11 267864 ----a-w- c:\windows\system32\hpzids01.dll
2009-08-25 14:43 . 2007-03-28 12:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2009-08-25 14:41 . 2009-08-25 14:50 -------- d-----w- c:\program files\HP
2009-08-25 14:40 . 2009-09-01 18:12 137655 ----a-w- c:\windows\HPHins15.dat
2009-08-25 14:39 . 2009-09-01 18:10 -------- d-----w- c:\programdata\HP
2009-08-23 16:00 . 2009-08-23 16:00 -------- d-----w- c:\program files\EA Games
2009-08-13 07:32 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-13 07:32 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-13 07:32 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-13 07:32 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-13 07:32 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 07:32 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-13 07:32 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-13 07:32 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 05:10 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 05:10 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 05:10 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 05:10 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 05:10 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 05:09 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 05:09 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 05:09 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-10 05:45 . 2009-08-10 05:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-08 09:54 . 2009-08-08 09:54 -------- d-----w- c:\windows\Applian FLV Player
2009-08-08 09:54 . 2009-08-08 09:54 -------- d-----w- c:\program files\FLV Player
2009-08-07 19:28 . 2009-08-07 19:29 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-07 18:34 . 2009-08-07 18:34 -------- d-----w- c:\users\User\AppData\Local\Seven Zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 08:43 . 2009-07-25 23:32 -------- d-----w- c:\users\User\AppData\Roaming\Folding@home-x86
2009-09-03 17:24 . 2009-03-10 18:49 -------- d-----w- c:\programdata\Kaspersky Lab
2009-09-03 17:21 . 2009-06-02 14:24 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-03 16:59 . 2009-03-13 17:39 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2009-09-01 18:03 . 2009-05-10 17:45 -------- d-----w- c:\programdata\Lx_cats
2009-09-01 14:37 . 2009-06-02 20:07 -------- d-----w- c:\users\User\AppData\Roaming\FrostWire
2009-08-31 13:02 . 2009-04-21 17:09 1356 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2009-08-26 10:28 . 2009-03-05 13:13 115520 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-23 16:00 . 2008-08-07 16:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 01:01 . 2008-08-07 16:58 -------- d-----w- c:\programdata\Microsoft Help
2009-08-16 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 05:52 . 2009-07-17 12:50 -------- d-----w- c:\users\User\AppData\Roaming\SoundSpectrum
2009-08-10 05:52 . 2009-07-17 12:49 -------- d-----w- c:\program files\SoundSpectrum
2009-08-07 20:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-08-07 18:34 . 2009-03-14 10:47 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2009-07-25 07:29 . 2009-07-25 07:29 -------- d-----w- c:\users\User\AppData\Roaming\CoSoSys
2009-07-21 21:52 . 2009-07-29 15:01 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 15:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 15:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 15:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 16:06 . 2009-07-21 15:19 -------- d-----w- c:\users\User\AppData\Roaming\SecondLife
2009-07-20 16:11 . 2009-07-20 16:11 -------- d-----w- c:\program files\Microsoft
2009-07-20 16:11 . 2009-07-20 16:11 -------- d-----w- c:\program files\Windows Live
2009-07-20 16:11 . 2009-07-20 16:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-20 15:55 . 2009-07-20 15:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-18 09:13 . 2009-07-18 09:13 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-18 09:13 . 2009-07-18 09:13 -------- d-----w- c:\program files\DoubleD
2009-07-16 18:06 . 2009-07-16 17:57 -------- d-----w- c:\program files\FrostWire
2009-07-16 17:46 . 2006-11-02 07:26 15819776 ----a-w- c:\windows\system32\imageres.dll
2009-07-07 17:58 . 2009-07-07 16:56 -------- d-----w- c:\program files\Cheat Engine
2009-06-15 15:24 . 2009-07-15 19:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 19:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 19:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 19:27 289792 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-07 68856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-16 251264]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{535175C5-BBC8-494F-9E9B-D5E1AA64C584}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{81E636B4-8207-4C99-B472-D0CF98218006}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"{E8824DFC-D0CD-4FA2-870E-68EE70CA2830}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D40D1A83-53D1-4F40-89F5-F5D78DF12CEB}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{5B42D908-9039-435C-8680-A288A5527BDD}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{D81B080A-1145-4C6B-A150-2FAB4747FB77}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{AA57133E-CC9E-43B0-8961-09B3AB986CBD}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{305B9E5E-0564-40B6-8BB8-41FB074E5EFD}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{68DF2F90-906C-4E1B-B8A7-30D2B2068AA5}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{0B92FD6F-40AA-43E1-AC18-F2604F9071BA}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{D8D89E99-A928-4AEE-B941-12147E2BF091}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{8DB78070-8E07-4D87-AAFB-64211521B6F2}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{F35318FD-9DD3-4FBD-AA6E-9E23F2F45CDD}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{EC3EBF0F-7610-4BEA-8DDD-257875AFDDED}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{276CA7B1-932B-4F4F-A0ED-99591D559532}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"TCP Query User{8E294498-62F2-4439-817A-71844792C2FB}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"UDP Query User{1542A4B6-D5D4-4DEB-9E31-E43899FC4B27}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{4C57015B-5076-445E-96B7-A51D054E15CD}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{FDB6A588-B07E-467F-BFBC-6AB847961490}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5EB0ED56-C706-4218-9BAB-18B44A65508D}"= Disabled:UDP:c:\users\User\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe:IncrediMail Installer
"{420BF2DC-9C5D-4B6D-935E-A3B23C966922}"= Disabled:TCP:c:\users\User\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe:IncrediMail Installer
"TCP Query User{8E08C13C-30F9-41D5-AE9B-5B6655530056}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{8B0E4EFE-2864-47D4-B63E-64972DB3AE28}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{D85881EF-FAAA-4FD7-8A69-4136CFE18D36}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CB6C466B-6C0E-49AC-9C10-9D1E5D94F565}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B258806E-EC36-4E82-A6ED-85A80313C0DC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E948C6AB-82BA-40BD-A81F-252DC3DC12AC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{59DA9FAC-0A73-4EEA-9265-0B5766E328FB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{09FD8EA4-A8C0-42C8-A417-BD20C0EE4646}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer renegade(tm)\\renegade\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer renegade(tm)\renegade\game.exe:Renegade
"UDP Query User{7CACA564-8A84-4D62-8135-8600944E1407}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer renegade(tm)\\renegade\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer renegade(tm)\renegade\game.exe:Renegade
"{9BA6992A-21EE-4DE5-B834-7B1023878BF3}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{DD88159F-E7D1-4BAE-9323-3EA5CC700DAA}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{2357421F-F4A7-47EF-9DDF-A48E44A438E4}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{50CCD186-406D-4B3F-9ADB-730326B687DF}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009/09/03 07:08 PM 114768]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2009/03/05 03:19 PM 25896]
R1 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\System32\drivers\tcpz-x86d.sys [2009/06/13 03:26 PM 12136]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009/09/03 07:08 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009/09/03 07:08 PM 53328]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008/04/17 01:19 AM 40960]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008/04/24 11:21 AM 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008/02/06 04:12 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2008/08/07 06:24 PM 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [2008/08/07 06:23 PM 290304]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008/04/24 06:35 PM 73728]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008/08/07 06:54 PM 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} - hxxps://www.polimerchant.co.za/ewcustomer/POLiPayOnline.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fncxc0r0.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=IMFSJUL09FFAB&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fncxc0r0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fncxc0r0.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fncxc0r0.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 10:56
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-09-04 11:00
ComboFix-quarantined-files.txt 2009-09-04 09:00
Pre-Run: 26*248*581*120 bytes free
Post-Run: 26*332*766*208 bytes free
354 --- E O F --- 2009-09-03 04:25