Morning Gringo
"let me know of any problems you may have had"
None really. Something strange went on with a download out of I.E. last night.
But it was late and it could have been my fault.
"How is the computer doing now?"
Much better thank you. I have been slowly pressing the machine harder and harder.
Doing things that before would have guaranteed a lock up....
and I haven't had it lock up once yet. Start up and shut down are much smoother now.
Back to where the was machine was before all of this happened.
Still have not opened up FF to see how it is doing.....on the to do list
Notes:
All these entries are from TinyWatcher post ComboFix run.
I figured they where all created by ComboFix so I confirmed(allowed)them all:
All: "File was created"Directory c:\Qoobox :
Directory c:\ComboFix :
File C:\WINDOWS\swreg.exe
File C:\WINDOWS\sed.exe :
File C:\WINDOWS\zip.exe :
File C:\WINDOWS\SWXCACLS.exe
File C:\WINDOWS\SWSC.exe
File C:\WINDOWS\NIRCMD.exe
File C:\WINDOWS\grep.exe
and.....
Registry entry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme\ImagePath" (created) :
New entry was set to <\??\C:\DOCUME~1\Rigel\LOCALS~1\Temp\catchme.sys>
(man I don't like the name of that one)
parsec
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ComboFix 10-04-10.02 - Rigel 04/11/2010 9:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.629 [GMT -4:00]
Running from: c:\documents and settings\Rigel\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.
2010-04-11 03:27 . 2010-04-11 03:27 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-04-11 03:24 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Rigel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-11 03:24 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-11 03:24 . 2010-04-11 03:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-11 03:22 . 2010-04-11 03:22 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-11 03:22 . 2010-04-11 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-11 03:16 . 2010-04-11 03:16 -------- d-----w- c:\program files\Common Files\Java
2010-04-11 03:16 . 2010-04-11 03:16 503808 ----a-w- c:\documents and settings\Rigel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b33a873-n\msvcp71.dll
2010-04-11 03:16 . 2010-04-11 03:16 499712 ----a-w- c:\documents and settings\Rigel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b33a873-n\jmc.dll
2010-04-11 03:16 . 2010-04-11 03:16 348160 ----a-w- c:\documents and settings\Rigel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b33a873-n\msvcr71.dll
2010-04-11 03:16 . 2010-04-11 03:16 61440 ----a-w- c:\documents and settings\Rigel\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7cbd33ba-n\decora-sse.dll
2010-04-11 03:16 . 2010-04-11 03:16 12800 ----a-w- c:\documents and settings\Rigel\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7cbd33ba-n\decora-d3d.dll
2010-04-07 01:58 . 2010-04-07 01:58 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
2010-03-31 02:49 . 2010-04-08 00:22 -------- d-----w- C:\HelpAsst_backup
2010-03-30 23:38 . 2010-03-30 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-29 09:12 . 2010-03-29 09:12 488240 ----a-w- C:\HelpAsst_mebroot_fix.exe
2010-03-20 03:38 . 2010-03-20 03:44 -------- d-----w- c:\documents and settings\Rigel\Application Data\PersBackup
2010-03-20 03:31 . 2010-03-20 03:31 -------- d-----w- c:\program files\Personal Backup 4
2010-03-19 02:32 . 2010-03-19 02:32 -------- d-----w- c:\documents and settings\Rigel\Local Settings\Application Data\Western_Digital
2010-03-19 02:27 . 2010-03-19 02:27 -------- d-----w- c:\documents and settings\Rigel\Application Data\Western Digital
2010-03-19 02:27 . 2010-03-19 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-03-19 02:27 . 2010-03-19 02:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-03-19 02:27 . 2010-03-19 02:27 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-19 02:27 . 2009-02-13 16:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-03-19 02:27 . 2010-03-19 02:27 -------- d-----w- c:\program files\Western Digital
2010-03-19 02:25 . 2010-03-19 02:25 -------- d-----w- c:\documents and settings\Rigel\Local Settings\Application Data\Western Digital
2010-03-15 02:19 . 2010-03-07 14:45 89600 ----a-w- c:\documents and settings\Rigel\Application Data\Mozilla\Firefox\Profiles\3i8wvl94.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll
2010-03-15 02:19 . 2010-03-07 14:45 89088 ----a-w- c:\documents and settings\Rigel\Application Data\Mozilla\Firefox\Profiles\3i8wvl94.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll
2010-03-15 02:19 . 2010-03-07 14:45 89088 ----a-w- c:\documents and settings\Rigel\Application Data\Mozilla\Firefox\Profiles\3i8wvl94.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll
2010-03-13 17:14 . 2010-03-13 17:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-13 17:14 . 2010-03-13 17:14 84480 ----a-w- c:\documents and settings\Rigel\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-03-13 17:14 . 2010-03-13 17:14 -------- d-----w- c:\documents and settings\Rigel\Application Data\SystemRequirementsLab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 03:54 . 2007-01-20 11:44 -------- d-----w- c:\program files\Security
2010-04-11 03:27 . 2006-07-28 21:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 03:15 . 2007-01-20 03:00 -------- d-----w- c:\program files\Java
2010-04-11 02:56 . 2009-11-30 00:51 -------- d-----w- c:\program files\ABC Amber EPS Converter
2010-04-11 02:45 . 2006-07-29 12:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 23:30 . 2008-04-13 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-31 15:44 . 2007-01-19 06:58 -------- d-----w- c:\program files\Zip Exe
2010-03-31 01:33 . 2010-02-16 04:35 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 23:20 . 2006-07-29 11:41 56584 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-30 09:08 . 2009-11-24 11:24 79488 ----a-w- c:\documents and settings\Rigel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-30 04:46 . 2010-01-01 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-01-01 22:09 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 12:57 . 2007-09-19 04:52 59 ----a-w- c:\windows\wpd99.drv
2010-03-27 12:57 . 2007-09-19 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-03-24 02:25 . 2007-05-06 04:22 -------- d-----w- c:\program files\Tweak
2010-03-23 21:38 . 2007-01-22 21:48 -------- d-----w- c:\program files\AcqURL
2010-03-17 23:28 . 2007-03-28 03:01 -------- d-----w- c:\program files\MultiStage Recovery
2010-03-09 23:35 . 2006-07-29 11:29 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-09 08:28 . 2009-06-03 02:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 04:18 . 2010-03-04 04:18 -------- d-----w- c:\documents and settings\Rigel\Application Data\ATI
2010-03-04 04:18 . 2010-03-04 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-03-04 04:15 . 2010-03-04 04:12 -------- d-----w- c:\program files\ATI Technologies
2010-02-28 16:38 . 2010-02-28 16:38 -------- d-----w- c:\program files\Common Files\xara
2010-02-28 16:38 . 2010-02-28 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-02-28 16:38 . 2010-02-28 16:38 -------- d-----w- c:\program files\MAGIX
2010-02-26 01:19 . 2010-02-26 01:19 3584 ----a-r- c:\documents and settings\Rigel\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-02-26 01:19 . 2010-02-26 01:19 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-02-26 01:18 . 2010-02-26 01:18 -------- d-----w- c:\program files\MSECACHE
2010-02-25 03:48 . 2010-02-25 03:48 -------- d-----w- c:\program files\Avira
2010-02-25 03:48 . 2010-02-25 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-24 00:43 . 2010-02-24 00:43 -------- d-----w- c:\program files\Adaptec
2010-02-24 00:43 . 2010-02-24 00:43 -------- d-----w- c:\program files\Common Files\ADAPTEC
2010-02-22 23:44 . 2010-02-22 23:44 -------- d-----w- c:\documents and settings\Rigel\Application Data\Auslogics
2010-02-11 07:38 . 2007-01-12 19:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-02-11 05:17 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-02-11 05:07 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2010-02-11 04:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2007-01-12 19:38 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:37 . 2010-02-11 04:37 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-02-11 04:36 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-02-11 04:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-02-11 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-02-11 04:33 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-02-11 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2007-01-12 19:38 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-02-11 04:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2007-01-12 19:38 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-02-11 03:55 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-02-11 03:53 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2007-01-12 19:38 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-11 02:20 . 2010-03-04 04:13 593920 ------w- c:\windows\system32\ati2sgag.exe
2008-05-19 23:32 . 2008-05-19 23:29 499 ----a-w- c:\program files\Setup.log
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-19 630784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-01-15 8744960]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2009-06-22 368706]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InstallWatch Pro.lnk - c:\program files\security\installwatch 2.5\InstallWatch.exe [2008-5-18 584195]
Tiny Watcher Logon Time.lnk - c:\program files\Security\Watcher\Watcher.exe [2006-11-19 319488]
YzToolBar.exe.lnk - c:\program files\Tweak\YzToolbar\yztbr103\YzToolBar.exe [2002-9-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD]
2000-06-30 06:38 262144 ----a-w- c:\progra~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-03-19 12:58 82864 ----a-w- c:\program files\Lexmark 5400 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2007-03-19 12:59 304048 ----a-w- c:\program files\Lexmark 5400 Series\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2007-03-19 12:58 291760 ----a-w- c:\program files\Lexmark 5400 Series\lxctmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 04:46 1086856 ----a-w- c:\program files\Security\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 04:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-13 03:57 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2003-09-15 01:44 1277952 ----a-w- c:\program files\Support.com\BellSouth\hcenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WZCSVC"=2 (0x2)
"gusvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"WDSmartWareBackgroundService"=2 (0x2)
"WDDMService"=2 (0x2)
"gupdate1c9c85ba029b0ed"=2 (0x2)
"CiSvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LXCTCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"LXCTCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\Rise of Nations\\thrones.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/24/2010 11:48 PM 108289]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Rigel\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Rigel\LOCALS~1\Temp\ALSysIO.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/18/2010 10:27 PM 11520]
S4 gupdate1c9c85ba029b0ed;Google Update Service (gupdate1c9c85ba029b0ed);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 7:46 PM 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/13/2008 7:03 PM 717296]
S4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 2:31 PM 98304]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
.
Contents of the 'Scheduled Tasks' folder
2010-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-13 12:13]
2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 23:46]
2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 23:46]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save Page As PDF ... -
file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SWF Capture tool
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} -
hxxp://www.digitalwebbooks.com/reader/dbplugin.cabDPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} -
hxxp://www.sonypictures.com/games/tumblebugs/axhost.cabFF - ProfilePath - c:\documents and settings\Rigel\Application Data\Mozilla\Firefox\Profiles\3i8wvl94.default\
FF - prefs.js: browser.startup.homepage -
hxxp://hometab.bellsouth.net/FF - component: c:\documents and settings\Rigel\Application Data\Mozilla\Firefox\Profiles\3i8wvl94.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll
FF - component: c:\documents and settings\Rigel\Application Data\Mozilla\Firefox\Profiles\3i8wvl94.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll
FF - component: c:\documents and settings\Rigel\Application Data\Mozilla\Firefox\Profiles\3i8wvl94.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1579027358-493119766-4160484051-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2010-04-11 10:04:24
ComboFix-quarantined-files.txt 2010-04-11 14:04
Pre-Run: 171,698,532,352 bytes free
Post-Run: 171,738,996,736 bytes free
- - End Of File - - E65A042324E9E27453BB6FDA950BA390