ComboFix 10-11-21.01 - Jenny 22/11/2010 21:38:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.262 [GMT -3.5:30]
Running from: c:\users\Jenny\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.
2010-11-23 01:19 . 2010-11-23 01:19 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2010-11-23 01:19 . 2010-11-23 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-20 20:29 . 2010-11-20 21:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-20 20:29 . 2010-11-20 20:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-20 14:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B76FC96-87B0-4128-B5A4-8AF7384DD5BB}\mpengine.dll
2010-11-19 23:37 . 2010-11-21 23:58 -------- d-----w- c:\programdata\PrevxCSI
2010-11-19 23:11 . 2010-11-19 23:11 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-19 23:11 . 2010-11-19 23:11 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-19 22:47 . 2010-11-19 22:47 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes
2010-11-19 22:47 . 2010-04-29 19:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-19 22:47 . 2010-11-19 22:47 -------- d-----w- c:\programdata\Malwarebytes
2010-11-19 22:47 . 2010-04-29 19:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 22:47 . 2010-11-19 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-19 18:26 . 2010-11-21 20:47 1461 ----a-w- c:\windows\system\viewed.dll
2010-11-19 01:36 . 2010-11-19 05:18 0 ----a-w- c:\users\Jenny\AppData\Local\Kcujub.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 14:11 . 2009-10-03 15:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-23 03:17 . 2010-09-23 03:17 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-13 13:56 . 2010-10-14 15:43 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23 . 2010-10-14 15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-14 15:26 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23 . 2010-10-14 15:26 389632 ----a-w- c:\windows\system32\html.iec
2010-09-06 16:20 . 2010-10-14 15:41 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 15:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 15:41 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 15:41 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 15:41 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 15:28 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 15:28 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 15:27 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 15:44 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 15:29 157184 ----a-w- c:\windows\system32\t2embed.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"TOSCDSPD"="TOSCDSPD.EXE" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"NDSTray.exe"="NDSTray.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-11-17 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-11-16 5120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-11-23 c:\windows\Tasks\User_Feed_Synchronization-{C4473F5B-4EB1-44FC-93B5-A7508BE532E0}.job
- c:\windows\system32\msfeedssync.exe [2008-10-01 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\j4uzfzmr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UT ... f-divxb&p=
FF - component: c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\j4uzfzmr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LvehhfngMx0cny\AppData\Local\Temp\1405116560.exe - c:\users\Jenny\AppData\Local\Temp\1405116560.exe
HKCU-Run-LvehhfngM01cny\AppData\Local\Temp\2469039806.exe - c:\users\Jenny\AppData\Local\Temp\2469039806.exe
HKCU-Run-LvehhfngLzzcny\AppData\Local\Temp\3042600366.exe - c:\users\Jenny\AppData\Local\Temp\3042600366.exe
HKCU-Run-LvehhfngN0ycny\AppData\Local\Temp\3756323070.exe - c:\users\Jenny\AppData\Local\Temp\3756323070.exe
HKCU-Run-LvehhfngN1zcny\AppData\Local\Temp\2790932416.exe - c:\users\Jenny\AppData\Local\Temp\2790932416.exe
HKCU-Run-LvehhfngNzycny\AppData\Local\Temp\3533245120.exe - c:\users\Jenny\AppData\Local\Temp\3533245120.exe
HKCU-Run-LvehhfngM22cny\AppData\Local\Temp\3362882976.exe - c:\users\Jenny\AppData\Local\Temp\3362882976.exe
HKCU-Run-LvehhfngMzzcny\AppData\Local\Temp\4072607530.exe - c:\users\Jenny\AppData\Local\Temp\4072607530.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-22 21:53:30
ComboFix-quarantined-files.txt 2010-11-23 01:23
ComboFix2.txt 2010-11-23 00:58
Pre-Run: 90,623,737,856 bytes free
Post-Run: 90,593,837,056 bytes free
- - End Of File - - 1DACA61D0E01EB464B46462A83952FCE