I tried to delete Fast Browser Search (My Web Tattoo) through control panel and it wouldn't do it. I also had a lot of issues getting IE to open again after the ComboFix. AVG anti-virus couldn't be disabled, the user interface was not accessible due to the license not being recognized and I couldn't get it to uninstall because of an error. What do I do now? (thanks for your help by the way!)
HJT Log - Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:36 PM, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6294047468O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - Unknown owner - C:\Program Files\AVG\AVG9\avgemc.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4828 bytes
ComboFix Log - ComboFix 09-12-11.01 - Owner 12/11/2009 16:15:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.556 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\Messenger
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst84.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst841.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst8411.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst84111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst841111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst8411111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst84111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst841111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst8411111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst84111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst841111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst8411111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst84111111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst841111111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst8411111111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil84.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil841.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil8411.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil84111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil841111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil8411111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil84111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil841111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil8411111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil84111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil841111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil8411111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil84111111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil841111111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil8411111111111111.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\conf.sys
c:\documents and settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\MsgUpdate.dll
c:\documents and settings\Owner\Application Data\Messenger\Drivers\pub.dll
c:\documents and settings\Owner\Application Data\Messenger\Sys\mu.dll
c:\windows\system32\mdskmxfsdaicfv.exe
.
((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.
2009-12-11 02:54 . 2009-12-11 02:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-11 02:02 . 2009-12-11 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-04 22:39 . 2009-12-04 22:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 21:04 . 2009-12-04 21:04 -------- d-----w- c:\program files\Trend Micro
2009-12-04 20:34 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-04 20:34 . 2009-12-04 20:34 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-04 20:33 . 2009-12-04 20:33 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-04 20:33 . 2009-12-04 20:33 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-04 20:33 . 2009-12-04 20:33 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-04 20:33 . 2009-12-04 20:33 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-04 20:33 . 2009-12-04 20:33 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-04 20:33 . 2009-12-04 20:33 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-04 20:33 . 2009-12-04 20:33 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-04 20:33 . 2009-12-04 20:33 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-04 20:33 . 2009-12-04 20:33 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-04 20:33 . 2009-12-04 20:33 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-04 20:33 . 2009-12-04 20:33 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-04 20:33 . 2009-12-04 20:33 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-04 20:32 . 2009-12-04 20:32 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-04 20:32 . 2009-12-04 20:32 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-04 20:32 . 2009-12-04 20:32 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-04 20:32 . 2009-12-04 20:32 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-04 20:32 . 2009-12-04 20:32 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-04 20:32 . 2009-12-04 20:32 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-04 20:26 . 2009-12-04 20:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2009-12-04 20:26 . 2009-12-04 20:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-04 20:26 . 2009-12-04 22:44 -------- d-----w- c:\program files\Google
2009-12-04 20:26 . 2009-12-04 20:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-04 20:26 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-04 20:25 . 2009-12-04 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-04 20:25 . 2009-12-04 20:25 -------- d-----w- c:\program files\Lavasoft
2009-12-02 15:59 . 2009-12-01 21:08 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-02 15:59 . 2009-12-01 21:08 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-12-02 15:58 . 2009-12-01 21:08 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-02 15:58 . 2009-12-01 21:08 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-01 21:08 . 2009-12-02 18:01 -------- d-----w- C:\$AVG
2009-12-01 21:08 . 2009-12-01 21:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 21:08 . 2009-12-01 21:08 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-01 21:08 . 2009-12-01 21:08 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-01 21:08 . 2009-12-11 22:05 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-01 21:08 . 2009-12-01 21:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-01 21:07 . 2009-12-01 21:07 -------- d-----w- c:\program files\AVG
2009-12-01 21:07 . 2009-12-11 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-29 17:47 . 2009-12-01 02:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 17:47 . 2009-12-01 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-28 20:42 . 2009-11-28 20:42 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 20:41 . 2009-11-28 20:41 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 00:56 . 2009-11-27 00:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Smart-Ads-Solutions
2009-11-27 00:56 . 2009-12-04 20:49 -------- d-----w- c:\documents and settings\Owner\Application Data\ezLife
2009-11-27 00:56 . 2009-11-27 00:56 -------- d-----w- c:\program files\ezLife
2009-11-24 01:38 . 2009-11-24 01:38 -------- d-----w- c:\windows\Logs
2009-11-22 15:18 . 2009-11-22 15:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\assembly
2009-11-22 15:18 . 2009-12-04 20:51 -------- d-----w- c:\program files\NCSoft
2009-11-22 15:17 . 2009-11-22 15:17 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-11-16 08:42 . 2009-11-16 08:42 290304 ----a-w- c:\windows\system32\ojxyvhmg.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-04 20:58 . 2009-03-05 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 20:56 . 2009-06-07 21:44 -------- d-----w- c:\program files\The Witcher
2009-12-04 20:49 . 2009-10-11 23:33 -------- d-----w- c:\program files\LimeWire
2009-12-04 20:41 . 2009-10-11 23:33 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-01 21:42 . 2009-05-01 21:07 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-22 15:18 . 2009-03-28 17:08 15056 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-18 19:55 . 2009-09-30 12:41 391168 ----a-w- c:\windows\system32\musmceuhgn.dll
2009-11-05 05:44 . 2009-03-07 17:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-01 20:17 . 2009-10-14 00:51 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-10-29 23:42 . 2009-03-05 23:38 -------- d-----w- c:\program files\DivX
2009-10-29 23:41 . 2009-09-23 00:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-29 07:45 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 23:52 . 2009-03-05 16:32 -------- d-----w- c:\program files\Java
2009-10-21 23:51 . 2009-10-21 23:51 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-21 05:38 . 2008-04-15 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-15 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-15 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 00:44 . 2009-10-12 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-10-14 00:48 . 2009-10-14 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-13 10:30 . 2008-04-15 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-15 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-15 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 20:57 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2008-04-15 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2008-04-15 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2008-06-27 19456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-01 21:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/4/2009 2:34 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2009 3:08 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2009 3:08 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/1/2009 3:08 PM 285392]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 7:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1184912]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [3/5/2009 9:16 AM 20160]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 7:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vx1tjvwq.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe
AddRemove-mdskmxfsdaicfv - c:\windows\system32\mdskmxfsdaicfv.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2009-12-11 16:21:06
ComboFix-quarantined-files.txt 2009-12-11 22:21
Pre-Run: 54,815,952,896 bytes free
Post-Run: 54,880,903,168 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 629A3AB0FF8C66ADC79E11A05C5A812B