ComboFix log:
ComboFix 10-04-03.01 - Lori 04/05/2010 18:03:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2563 [GMT -4:00]
Running from: c:\documents and settings\Lori\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lori\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\Internet Logs\xDB2.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB2.tmp
.
((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.
2010-04-05 02:17 . 2010-04-05 02:17 -------- d-----w- c:\documents and settings\Lori\Application Data\LegacyInteractive
2010-04-04 02:19 . 2010-04-05 01:14 -------- d-----w- C:\Crystal Portal
2010-04-03 01:40 . 2010-04-03 01:40 -------- d-----w- C:\Sysprot
2010-03-31 03:39 . 2010-03-31 03:39 -------- d-----w- c:\documents and settings\Lori\Application Data\HSA
2010-03-31 02:35 . 2010-03-31 02:35 -------- d-----w- c:\documents and settings\Lori\Local Settings\Application Data\Windows Live Writer
2010-03-31 02:35 . 2010-03-31 02:35 -------- d-----w- c:\documents and settings\Lori\Application Data\Windows Live Writer
2010-03-29 11:39 . 2010-03-29 11:39 -------- d-----w- c:\documents and settings\Lori\Application Data\Malwarebytes
2010-03-29 11:39 . 2009-04-06 20:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 11:39 . 2009-04-06 20:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 11:39 . 2010-03-29 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 11:37 . 2010-03-29 11:40 -------- d-----w- C:\Malwarebytes.1.32
2010-03-29 04:47 . 2010-03-29 04:48 6509608 ----a-w- C:\RUBotted.exe
2010-03-29 04:45 . 2010-03-29 16:14 -------- d-----w- C:\TMRBLog
2010-03-29 04:45 . 2010-03-29 04:45 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-29 04:45 . 2010-03-29 04:45 -------- d-----w- C:\log
2010-03-29 04:44 . 2010-03-29 04:44 1074232 ----a-w- C:\RootkitBuster_2.80.1077.zip
2010-03-29 04:39 . 2010-03-29 04:39 -------- d-----w- C:\TrendMicro
2010-03-29 04:30 . 2010-03-29 04:30 1840232 ----a-w- C:\HousecallLauncher.exe
2010-03-28 19:21 . 2010-03-28 19:21 -------- d-----w- C:\Firefox3point6
2010-03-28 18:53 . 2010-03-28 18:53 4592 ----a-w- C:\b4-firefox-removal.reg
2010-03-28 15:18 . 2010-03-28 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-03-28 14:38 . 2010-03-28 14:41 -------- d-----w- C:\Defrag Registry
2010-03-26 23:27 . 2010-03-26 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2010-03-26 14:35 . 2010-03-26 14:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-26 14:34 . 2010-03-26 14:35 -------- d-----w- C:\Firefox 3-6-2(2)
2010-03-24 23:05 . 2010-03-24 23:05 -------- d-----w- c:\documents and settings\Lori\Application Data\Jetdogs Studios
2010-03-24 22:17 . 2010-03-18 17:55 1811456 ----a-w- c:\windows\NetworkCfg.exe
2010-03-24 19:50 . 2010-03-24 19:50 15015 ----a-w- C:\Just_Checking_v3.15_by_FFF.zip
2010-03-24 16:20 . 2010-03-24 22:06 -------- dc----w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2010-03-24 14:12 . 2010-03-24 22:15 -------- d-----w- c:\documents and settings\All Users\Anyplace Control 4
2010-03-24 14:06 . 2010-03-26 18:18 -------- d-----w- C:\Anyplace Control
2010-03-23 23:57 . 2010-03-23 23:57 -------- d-----w- c:\documents and settings\Lori\Application Data\Artifex Mundi
2010-03-22 21:03 . 2010-03-22 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare
2010-03-22 03:48 . 2010-03-22 03:50 -------- d-----w- C:\BadCopy_Pro_v4.10__Jufsoft_Build_1215
2010-03-22 01:23 . 2010-03-22 01:23 2584093 ----a-w- C:\Weather Forecaster.zip
2010-03-21 03:58 . 2010-03-21 14:30 -------- d-----w- C:\Viewsat
2010-03-20 21:27 . 2010-03-20 21:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-20 21:27 . 2010-03-20 21:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-20 19:15 . 2010-03-29 19:43 97364760 ----a-w- C:\Ad-AwareInstaller.exe
2010-03-19 13:26 . 2010-03-19 13:26 -------- d-----w- c:\documents and settings\Lori\Application Data\EBookSys
2010-03-18 14:22 . 2010-03-18 14:22 6876688 ----a-w- C:\Thunderbird Setup 2.0.0.24.exe
2010-03-18 13:47 . 2010-03-18 13:47 9009352 ----a-w- C:\Thunderbird Setup 3.0.3.exe
2010-03-17 03:35 . 2010-03-17 03:35 -------- d-----w- c:\documents and settings\Lori\Application Data\AzuazGames
2010-03-16 15:15 . 2010-03-16 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nevosoft
2010-03-16 04:37 . 2010-03-16 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2010-03-15 21:39 . 2010-03-15 21:39 -------- d-----w- c:\documents and settings\Lori\Application Data\Silverback Productions
2010-03-15 17:19 . 2010-03-15 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Vampireville
2010-03-14 22:48 . 2010-03-14 22:48 -------- d-----w- c:\documents and settings\Lori\Application Data\QB9
2010-03-14 17:37 . 2010-03-14 17:37 -------- d-----w- c:\documents and settings\Lori\Application Data\Frogwares
2010-03-14 15:32 . 2010-03-14 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-14 15:32 . 2010-03-14 15:32 -------- d-----w- c:\program files\NOS
2010-03-14 15:23 . 2008-08-06 20:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-14 04:20 . 2010-03-14 04:21 -------- d-----w- c:\documents and settings\Lori\Application Data\DarkParablesBriarRose_BFG
2010-03-14 02:17 . 2010-03-14 02:17 -------- d-----w- c:\documents and settings\Lori\Application Data\DarkParablesRose_BFG_Survey
2010-03-13 16:06 . 2010-03-13 16:06 127 ----a-w- c:\documents and settings\Lori\Local Settings\Application Data\fusioncache.dat
2010-03-13 15:56 . 2010-03-13 15:57 11629915 ----a-w- C:\Shozam_download.exe
2010-03-13 15:22 . 2010-03-13 15:22 -------- d-----w- C:\Applets
2010-03-13 13:38 . 2010-03-28 18:50 -------- d-----w- C:\Firefox 3-6
2010-03-12 22:22 . 2010-04-04 02:21 -------- d-----w- c:\documents and settings\Lori\Application Data\Artogon
2010-03-12 19:14 . 2010-03-12 19:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 20:50 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-11 20:50 . 2010-02-25 16:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-11 20:50 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-11 20:50 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-11 20:50 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-11 20:50 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-11 20:50 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-11 20:49 . 2010-03-11 20:50 -------- dc-h--w- c:\windows\ie8
2010-03-11 19:06 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-11 19:05 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-11 19:05 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-11 19:05 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-11 19:05 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-11 16:54 . 2008-04-13 23:00 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-03-11 16:45 . 2008-04-13 23:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-11 16:45 . 2008-04-13 23:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-11 16:45 . 2008-04-13 23:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-11 16:45 . 2008-04-13 23:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-11 11:36 . 2010-03-11 11:36 -------- d-----w- c:\windows\Dell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 12:02 . 2009-11-29 20:35 12530852 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-04 13:16 . 2010-04-04 13:16 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-04 13:16 . 2010-04-04 13:16 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-02 23:00 . 2010-04-02 23:09 2538496 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-03-29 20:33 . 2010-01-08 17:53 4031608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-29 11:40 . 2010-03-29 11:40 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 04:39 . 2010-03-29 04:39 388096 ----a-r- c:\documents and settings\Lori\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-27 01:50 . 2010-01-16 22:22 -------- d-----w- c:\documents and settings\Lori\Application Data\Meridian93
2010-03-24 22:06 . 2010-01-08 17:38 -------- d-----w- c:\program files\Linksys
2010-03-23 16:13 . 2009-12-20 23:17 -------- d-----w- c:\documents and settings\Lori\Application Data\ERS G-Studio
2010-03-22 17:10 . 2009-08-15 01:12 354384 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-21 13:47 . 2010-01-12 00:12 -------- d-----w- c:\documents and settings\Lori\Application Data\U3
2010-03-20 03:55 . 2010-01-03 20:47 -------- d-----w- c:\documents and settings\Lori\Application Data\Big Fish Games
2010-03-18 14:02 . 2009-11-18 19:26 -------- d-----w- c:\documents and settings\Lori\Application Data\Thunderbird
2010-03-17 02:04 . 2009-11-30 16:01 -------- d-----w- c:\documents and settings\Lori\Application Data\AdobeUM
2010-03-14 14:44 . 2009-12-05 02:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-12 19:14 . 2010-03-12 19:14 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-12 19:14 . 2010-03-12 19:14 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-12 19:14 . 2010-03-12 19:14 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-12 19:14 . 2010-03-12 19:14 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-12 19:14 . 2009-11-18 21:38 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 19:14 . 2009-11-18 21:38 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 19:13 . 2009-11-18 21:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 19:13 . 2009-11-18 21:38 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-11 21:46 . 2009-11-18 21:44 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-03-11 16:52 . 2008-04-25 21:27 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-25 06:24 . 2008-04-13 23:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-07 19:34 . 2010-02-07 19:27 -------- d-----w- c:\documents and settings\Lori\Application Data\RobinsonCrusoe
2010-02-07 04:17 . 2010-02-07 04:17 -------- d-----w- c:\documents and settings\Lori\Application Data\TheFixerUpper
2010-02-07 00:47 . 2010-02-04 21:42 -------- d-----w- c:\documents and settings\Lori\Application Data\Gamers Digital
2010-02-07 00:47 . 2010-02-04 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Gamers Digital
2010-02-06 14:12 . 2010-02-06 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS
2010-02-06 04:02 . 2010-01-20 04:26 -------- d-----w- c:\documents and settings\Lori\Application Data\PlayFirst
2010-02-06 04:02 . 2010-01-20 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-02-05 20:23 . 2010-02-05 20:22 -------- d-----w- c:\documents and settings\Lori\Application Data\HiT-MM
2010-02-04 21:46 . 2009-11-18 21:44 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 15:46 . 2009-11-18 21:45 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 15:46 . 2009-11-18 21:44 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 19:55 . 2009-11-18 22:40 968184 ----a-w- c:\documents and settings\Lori\Local Settings\Application Data\prvlcl.dat
2010-01-31 02:25 . 2010-01-31 02:25 21504 ----a-w- c:\documents and settings\All Users\Application Data\3rd Eye Solutions\jestertb.dll
2010-01-27 15:48 . 2009-11-18 21:46 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 15:48 . 2009-11-18 21:58 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 15:48 . 2009-11-18 21:46 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 15:48 . 2009-11-18 21:46 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 15:48 . 2009-11-18 21:46 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 15:48 . 2009-11-18 21:46 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 15:48 . 2009-11-18 21:45 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 15:48 . 2009-11-18 21:45 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 15:48 . 2009-11-18 21:45 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 15:47 . 2009-11-18 21:45 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 15:47 . 2009-11-18 21:45 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 15:47 . 2009-11-18 21:45 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 15:47 . 2009-11-18 21:44 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 15:46 . 2009-11-18 21:44 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 15:46 . 2009-11-18 21:44 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-14 21:59 . 2010-01-14 21:59 4592 ----a-w- C:\reg-b4-acrobat8.reg
2010-01-08 18:43 . 2010-01-08 18:43 79488 ----a-w- c:\documents and settings\Lori\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-08 17:59 . 2010-01-08 17:59 21135514 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2010_01_08_12_18_10_full.dmp.zip
.
((((((((((((((((((((((((((((( SnapShot@2010-04-05_12.02.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-05 22:10 . 2010-04-05 22:10 16384 c:\windows\temp\Perflib_Perfdata_1e4.dat
+ 2009-11-18 17:43 . 2010-04-05 22:03 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-18 17:43 . 2010-04-04 22:51 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-18 17:43 . 2010-04-05 22:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-18 17:43 . 2010-04-04 22:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-04-05 12:22 . 2010-04-05 22:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\zonealarm\zlclient.exe" [2009-02-16 981384]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 19:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Registration.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Registration.lnk
backup=c:\windows\pss\Corel Registration.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-01-13 03:00 33546240 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 20:50 54576 ----a-w- c:\hp\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-12-12 23:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-05-14 21:08 49152 ----a-w- c:\textbridge11\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\quicktime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-15 01:10 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherPulse]
2009-12-13 20:24 4066816 ----a-w- c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.4\weatherpulse.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WS-FTP\\WS_FTP32.EXE"=
"c:\\AVG9\\avgam.exe"=
"c:\\AVG9\\avgdiagex.exe"=
"c:\\AVG9\\avgnsx.exe"=
"c:\\AVG9\\avgupd.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Anyplace Control\\apc_host.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [10/13/2008 3:14 AM 184848]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/18/2009 5:38 PM 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/18/2009 5:46 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/18/2009 5:38 PM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/18/2009 5:38 PM 242696]
R2 APC-Host;APC-Host;c:\anyplace control\apc_host.exe [3/18/2010 2:01 PM 498688]
R2 avg9wd;AVG WatchDog;c:\avg9\avgwdsvc.exe [3/12/2010 3:14 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/14/2009 11:59 PM 992256]
S0 cerc6;cerc6; [x]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/3/2009 12:16 AM 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-04-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:46]
2010-04-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:46]
2010-04-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:46]
2010-04-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:46]
2010-04-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:46]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\micros~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lori\Application Data\Mozilla\Firefox\Profiles\cmstxy32.default\
FF - prefs.js: browser.search.selectedEngine - AltaVista
FF - prefs.js: browser.startup.homepage - loricase.com
FF - plugin: c:\documents and settings\Lori\Application Data\Mozilla\Firefox\Profiles\cmstxy32.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin7.dll
---- FIREFOX POLICIES ----
c:\firefox3point6\greprefs\all.js - pref("ui.use_native_colors", true);
c:\firefox3point6\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\firefox3point6\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\firefox3point6\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\firefox3point6\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\firefox3point6\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\firefox3point6\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\firefox3point6\greprefs\all.js - pref("svg.smil.enabled", false);
c:\firefox3point6\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.debug", false);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\firefox3point6\greprefs\all.js - pref("html5.enable", false);
c:\firefox3point6\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\firefox3point6\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\firefox3point6\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\firefox3point6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\firefox3point6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\firefox3point6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\firefox3point6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\firefox3point6\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\firefox3point6\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\firefox3point6\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-05 18:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,4b,18,cb,ca,13,a6,4a,80,6d,6a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,4b,18,cb,ca,13,a6,4a,80,6d,6a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\avg9\avgchsvx.exe
c:\avg9\avgrsx.exe
c:\avg9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\avg9\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-04-05 18:15:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-05 22:15
ComboFix2.txt 2010-04-05 12:07
Pre-Run: 678,018,686,976 bytes free
Post-Run: 677,985,341,440 bytes free
- - End Of File - - 9D459C7A3BD077DA766648E1117B1EB1
DDS log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Lori at 18:50:02.79 on Mon 04/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2716 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\AVG9\avgchsvx.exe
C:\AVG9\avgrsx.exe
svchost.exe
C:\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Anyplace Control\apc_host.exe
C:\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\AVG9\avgnsx.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\AVG9\avgupd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lori\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\acrobat 6\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\acrobat 6\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\acrobat 6\acrobat\AcroIEFavClient.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [ZoneAlarm Client] "c:\zonealarm\zlclient.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\micros~1\office11\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\lori\applic~1\mozilla\firefox\profiles\cmstxy32.default\
FF - prefs.js: browser.search.selectedEngine - AltaVista
FF - prefs.js: browser.startup.homepage - loricase.com
FF - plugin: c:\documents and settings\lori\application data\mozilla\firefox\profiles\cmstxy32.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\quicktime\plugins\npqtplugin7.dll
---- FIREFOX POLICIES ----
c:\firefox3point6\greprefs\all.js - pref("ui.use_native_colors", true);
c:\firefox3point6\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\firefox3point6\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\firefox3point6\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\firefox3point6\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\firefox3point6\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\firefox3point6\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\firefox3point6\greprefs\all.js - pref("svg.smil.enabled", false);
c:\firefox3point6\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.debug", false);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\firefox3point6\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\firefox3point6\greprefs\all.js - pref("html5.enable", false);
c:\firefox3point6\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\firefox3point6\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\firefox3point6\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\firefox3point6\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\firefox3point6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\firefox3point6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\firefox3point6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\firefox3point6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\firefox3point6\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\firefox3point6\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\firefox3point6\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\firefox3point6\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-10-13 184848]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-18 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-18 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-18 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-18 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-18 242696]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-11-19 353672]
R2 APC-Host;APC-Host;c:\anyplace control\apc_host.exe [2010-3-18 498688]
R2 avg9wd;AVG WatchDog;c:\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-14 992256]
S0 cerc6;cerc6; [x]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
============== File Associations ===============
txtfile=c:\notebook3\notebook.exe %1
=============== Created Last 30 ================
2010-04-05 11:52:08 0 d-sha-r- C:\cmdcons
2010-04-05 02:17:59 0 d-----w- c:\docume~1\lori\applic~1\LegacyInteractive
2010-04-05 01:24:13 38336 ----a-w- C:\fran4.jpg
2010-04-05 01:24:00 36777 ----a-w- C:\fran3.jpg
2010-04-05 01:23:04 47725 ----a-w- C:\fran2.jpg
2010-04-05 01:21:57 134102 ----a-w- C:\fran1.jpg
2010-04-04 02:19:45 0 d-----w- C:\Crystal Portal
2010-04-04 00:01:05 28637 ----a-w- C:\max-or-austin.jpg
2010-04-03 19:22:03 77312 ----a-w- c:\windows\MBR.exe
2010-04-03 19:22:02 98816 ----a-w- c:\windows\sed.exe
2010-04-03 19:22:02 261632 ----a-w- c:\windows\PEV.exe
2010-04-03 19:22:02 161792 ----a-w- c:\windows\SWREG.exe
2010-04-03 03:36:52 29420 ----a-w- C:\baby-jap-snail-4-2-10.jpg
2010-04-03 01:40:20 0 d-----w- C:\Sysprot
2010-04-02 13:40:12 299120 ----a-w- C:\isaac-malin-marriage-record.jpg
2010-04-02 13:31:44 1277656 ----a-w- C:\isaac-malin-constable-pa-1710.jpg
2010-04-02 03:10:16 70807 ----a-w- C:\max-yawn-pattison.jpg
2010-04-01 21:38:51 116528 ----a-w- C:\Mollyowlettes-ringtone.mp3
2010-04-01 21:38:41 156652 ----a-w- C:\Molly-ringtone.mp3
2010-04-01 21:38:30 221853 ----a-w- C:\Max-ringtone.mp3
2010-03-31 18:51:45 98752 ----a-w- C:\owlets.jpg
2010-03-31 18:49:05 102899 ----a-w- C:\max-molly.jpg
2010-03-31 03:39:12 0 d-----w- c:\docume~1\lori\applic~1\HSA
2010-03-31 02:35:14 0 d-----w- c:\docume~1\lori\applic~1\Windows Live Writer
2010-03-31 00:06:11 332641 ----a-w- C:\MollyYoga.jpg
2010-03-31 00:05:39 153673 ----a-w- C:\wesley-owlet2.jpg
2010-03-30 14:26:00 32249 ----a-w- C:\eliza-lott-2.jpg
2010-03-30 14:25:51 27883 ----a-w- C:\eliza-lott.jpg
2010-03-30 14:25:41 32180 ----a-w- C:\mary-lott.jpg
2010-03-30 14:25:32 17874 ----a-w- C:\ann-lott.jpg
2010-03-30 14:24:47 27024 ----a-w- C:\martha-lemen-tomlinson.jpg
2010-03-30 14:24:29 31579 ----a-w- C:\mary-lemen.jpg
2010-03-30 14:24:15 32836 ----a-w- C:\gabriel-lemen.jpg
2010-03-30 14:09:17 89211 ----a-w- C:\jeffcrthouse_01.jpg
2010-03-29 21:08:09 91470 ----a-w- C:\food!.jpg
2010-03-29 21:03:32 101516 ----a-w- C:\who's-there.jpg
2010-03-29 16:57:40 103270 ----a-w- C:\molly-and-4.jpg
2010-03-29 16:57:24 96498 ----a-w- C:\molly2.jpg
2010-03-29 16:57:08 95612 ----a-w- C:\molly3.jpg
2010-03-29 16:56:52 95612 ----a-w- C:\Image1.jpg
2010-03-29 11:39:25 0 d-----w- c:\docume~1\lori\applic~1\Malwarebytes
2010-03-29 11:39:24 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 11:39:22 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 11:39:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-29 11:37:52 0 d-----w- C:\Malwarebytes.1.32
2010-03-29 11:30:42 68273 ----a-w- C:\win-net-security-error.jpg
2010-03-29 04:47:55 6509608 ----a-w- C:\RUBotted.exe
2010-03-29 04:45:15 0 d-----w- C:\TMRBLog
2010-03-29 04:45:09 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-29 04:45:09 0 d-----w- C:\log
2010-03-29 04:44:12 1074232 ----a-w- C:\RootkitBuster_2.80.1077.zip
2010-03-29 04:39:15 0 d-----w- C:\TrendMicro
2010-03-29 04:34:13 71963 ----a-w- C:\crack-me-up.gif
2010-03-29 04:30:59 1840232 ----a-w- C:\HousecallLauncher.exe
2010-03-29 03:44:50 66396 ----a-w- C:\4-owlets.jpg
2010-03-28 20:13:22 107015 ----a-w- C:\wesley-owlet.jpg
2010-03-28 19:21:05 0 d-----w- C:\Firefox3point6
2010-03-28 18:53:28 4592 ----a-w- C:\b4-firefox-removal.reg
2010-03-28 16:32:16 108862 ----a-w- C:\AustinM.jpg
2010-03-28 15:18:49 0 d-----w- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2010-03-28 14:38:11 0 d-----w- C:\Defrag Registry
2010-03-28 02:10:30 223891 ----a-w- C:\egg-pip.jpg
2010-03-27 00:53:42 144100482 ----a-w- C:\C.W.Pro.2010.v10.0.5.163.Multilingual.Incl.Keymaker-CORE.rar
2010-03-26 23:27:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Gogii
2010-03-26 18:54:09 56337 ----a-w- C:\kb-acct.jpg
2010-03-26 17:45:06 224706 ----a-w- C:\flat-stanley.jpg
2010-03-26 17:20:54 66672 ----a-w- C:\h-w-secondary-ins.pdf
2010-03-26 17:13:22 15772 ----a-w- C:\cd-2-burn-3-26.roxio
2010-03-26 16:01:48 16384 ----a-w- C:\wayne-invest-payment.xls
2010-03-26 14:35:57 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-26 14:34:12 0 d-----w- C:\Firefox 3-6-2(2)
2010-03-25 13:06:11 153584 ----a-w- C:\max-pattison.jpg
2010-03-25 05:47:53 52432 ----a-w- C:\mcghee.jpg
2010-03-24 23:05:05 0 d-----w- c:\docume~1\lori\applic~1\Jetdogs Studios
2010-03-24 22:17:37 1811456 ----a-w- c:\windows\NetworkCfg.exe
2010-03-24 19:50:40 15015 ----a-w- C:\Just_Checking_v3.15_by_FFF.zip
2010-03-24 16:20:08 0 dc----w- c:\docume~1\alluse~1\applic~1\{35ACA973-70F0-495F-9092-74A130711865}
2010-03-24 14:17:41 44736 ----a-w- C:\anyplace-control-info.jpg
2010-03-24 14:12:43 0 d-----w- c:\documents and settings\all users\Anyplace Control 4
2010-03-24 14:06:39 0 d-----w- C:\Anyplace Control
2010-03-23 23:57:37 0 d-----w- c:\docume~1\lori\applic~1\Artifex Mundi
2010-03-23 16:09:59 295616 ----a-w- C:\Molly-FamilyMonday.jpg
2010-03-23 00:43:06 9855 ----a-w- C:\giant-caterpiller.jpg
2010-03-22 21:03:50 0 d-----w- c:\docume~1\alluse~1\applic~1\HiddenSecretsNightmare
2010-03-22 03:48:27 0 d-----w- C:\BadCopy_Pro_v4.10__Jufsoft_Build_1215
2010-03-22 01:23:00 2584093 ----a-w- C:\Weather Forecaster.zip
2010-03-21 15:24:49 23906 ----a-w- C:\frogsmiley.gif
2010-03-21 03:58:12 0 d-----w- C:\Viewsat
2010-03-20 19:15:55 97364760 ----a-w- C:\Ad-AwareInstaller.exe
2010-03-19 22:15:18 1916670 ----a-w- C:\brains.gif
2010-03-19 13:26:35 0 d-----w- c:\docume~1\lori\applic~1\EBookSys
2010-03-19 01:19:23 66710 ----a-w- C:\spring-is-coming.gif
2010-03-18 14:22:09 6876688 ----a-w- C:\Thunderbird Setup 2.0.0.24.exe
2010-03-18 13:47:13 9009352 ----a-w- C:\Thunderbird Setup 3.0.3.exe
2010-03-18 02:08:46 12764 ----a-w- C:\check-your-eggs.jpg
2010-03-17 03:35:31 0 d-----w- c:\docume~1\lori\applic~1\AzuazGames
2010-03-17 03:10:05 1960 ----a-w- C:\wells-fargo-refinance-fax-3-10.wpd
2010-03-16 15:15:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Nevosoft
2010-03-16 04:37:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Big Fish Games
2010-03-15 21:39:12 0 d-----w- c:\docume~1\lori\applic~1\Silverback Productions
2010-03-15 17:19:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Vampireville
2010-03-14 22:48:00 0 d-----w- c:\docume~1\lori\applic~1\QB9
2010-03-14 19:31:53 38904 ----a-w- C:\winver.jpg
2010-03-14 17:37:13 0 d-----w- c:\docume~1\lori\applic~1\Frogwares
2010-03-14 15:23:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-14 04:20:20 0 d-----w- c:\docume~1\lori\applic~1\DarkParablesBriarRose_BFG
2010-03-14 02:17:51 0 d-----w- c:\docume~1\lori\applic~1\DarkParablesRose_BFG_Survey
2010-03-13 15:56:34 11629915 ----a-w- C:\Shozam_download.exe
2010-03-13 15:22:59 0 d-----w- C:\Applets
2010-03-13 13:38:22 0 d-----w- C:\Firefox 3-6
2010-03-13 13:37:37 194086 ----a-w- C:\trojan.jpg
2010-03-12 22:22:03 0 d-----w- c:\docume~1\lori\applic~1\Artogon
2010-03-12 19:14:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 20:50:49 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-11 20:50:33 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-11 20:50:33 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-11 20:50:33 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-11 20:50:33 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-11 20:50:33 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-11 20:50:33 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-11 20:49:38 0 dc-h--w- c:\windows\ie8
2010-03-11 19:06:27 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-11 19:05:27 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-11 19:05:26 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-11 19:05:26 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-11 19:05:13 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-11 16:56:04 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-03-11 16:56:00 156672 -c--a-w- c:\windows\system32\dllcache\winzm.ime
2010-03-11 16:54:56 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-03-11 16:53:09 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-03-11 16:53:04 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-03-11 16:53:04 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-03-11 16:53:04 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-03-11 16:53:04 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-03-11 16:53:04 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-03-11 11:36:50 0 d-----w- c:\windows\Dell
2010-03-11 11:36:49 2145386496 ----a-w- c:\windows\MEMORY.DMP
==================== Find3M ====================
2010-03-12 19:14:08 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 19:13:46 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 19:13:45 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-11 16:52:12 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll
2010-01-27 15:48:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-14 21:59:51 4592 ----a-w- C:\reg-b4-acrobat8.reg
============= FINISH: 18:50:17.06 ===============