Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.522 [GMT -5:00]
Running from: c:\documents and settings\D Frazier\Desktop\c-fixit.exe
Command switches used :: c:\documents and settings\D Frazier\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\program files\Uninstall My Web Search.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Uninstall My Web Search.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.
2009-08-21 20:00 . 2009-08-21 20:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-20 19:25 . 2009-08-20 19:26 -------- d-s---w- C:\david
2009-08-20 12:17 . 2009-08-20 12:17 -------- d-----w- c:\documents and settings\D Frazier\Local Settings\Application Data\PCHealth
2009-08-19 09:58 . 2008-10-16 19:13 202776 ----a-w- c:\windows\system32\wuweb.dll
2009-08-19 09:58 . 2008-10-16 19:13 202776 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-18 19:59 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-18 19:43 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-18 19:42 . 2009-08-18 19:42 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-18 17:41 . 2009-08-18 17:41 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth
2009-08-18 16:59 . 2009-08-18 16:59 -------- d-----w- C:\New Folder
2009-08-18 14:55 . 2009-08-18 14:55 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2009-08-18 14:39 . 2009-08-18 14:39 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\AVG Security Toolbar
2009-08-18 14:39 . 2009-08-18 14:39 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2009-08-18 14:35 . 2009-08-18 14:35 -------- d-----w- c:\documents and settings\Admin\Application Data\comcasttb
2009-08-18 14:35 . 2009-08-18 14:35 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2009-08-18 13:39 . 2009-08-18 13:39 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2009-08-18 13:39 . 2009-08-18 13:39 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2009-08-18 13:35 . 2009-08-18 13:35 114024 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 13:25 . 2009-08-18 13:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\BVRP Software
2009-08-18 12:59 . 2009-08-18 12:59 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AVG Security Toolbar
2009-08-18 12:57 . 2009-08-18 12:57 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2009-08-18 12:42 . 2009-08-18 12:42 -------- d-----w- c:\documents and settings\User\Application Data\comcasttb
2009-08-18 12:41 . 2009-08-18 12:41 -------- d-----w- c:\documents and settings\User\Application Data\ASAP Utilities
2009-08-18 12:32 . 2009-08-18 12:32 -------- d-----w- c:\documents and settings\User\Application Data\HotSync
2009-08-18 12:32 . 2009-08-18 12:32 -------- d-----w- c:\documents and settings\User\Application Data\WinPatrol
2009-08-17 16:06 . 2009-08-17 16:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-17 15:29 . 2009-08-17 15:29 -------- d-----w- c:\docume~1\DFRAZI~1\APPLIC~1\AVG8
2009-08-17 15:27 . 2009-08-18 19:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-08-17 15:05 . 2009-08-17 15:05 -------- d-----w- c:\docume~1\DFRAZI~1\APPLIC~1\Lavasoft
2009-08-17 14:00 . 2009-08-17 14:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-15 08:06 . 2009-08-15 08:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-15 08:05 . 2009-08-15 08:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 08:05 . 2009-08-15 08:05 -------- d-----w- c:\program files\MSBuild
2009-08-15 08:05 . 2009-08-15 08:05 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 08:04 . 2009-08-15 08:05 -------- d-----w- C:\fc15872cf46b9d664a4ad086d3
2009-08-15 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-13 08:02 . 2009-08-13 08:02 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 11:32 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-03 12:34 . 2009-08-03 12:34 -------- d-----w- c:\program files\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 20:29 . 2007-02-26 13:59 -------- d-----w- c:\program files\Password Safe
2009-08-21 19:54 . 2009-01-21 13:29 7304 ----a-w- c:\windows\TMP0001.TMP
2009-08-21 19:50 . 2004-08-04 10:00 577536 ------w- c:\windows\system32\user32.dll
2009-08-18 21:08 . 2008-06-18 12:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-18 19:42 . 2005-06-07 17:09 -------- d-----w- c:\program files\Lavasoft
2009-08-17 21:41 . 2009-06-29 21:01 -------- d-----w- c:\docume~1\DFRAZI~1\APPLIC~1\CallingID
2009-08-17 16:39 . 2009-02-09 17:21 114024 ----a-w- c:\documents and settings\D Frazier\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 16:06 . 2008-06-18 12:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 16:06 . 2008-06-18 12:20 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 16:06 . 2006-11-22 13:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 14:52 . 2005-05-25 13:28 -------- d-----w- c:\program files\Yahoo!
2009-08-17 13:44 . 2009-08-17 13:44 1366097 ----a-w- c:\windows\system32\xa.tmp
2009-08-15 08:18 . 2009-02-02 13:57 -------- d-----w- c:\program files\Everything
2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 12:26 . 2007-09-24 13:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 22:47 . 2009-06-29 21:00 -------- d-----w- c:\docume~1\DFRAZI~1\APPLIC~1\comcasttb
2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 21:19 . 2009-07-15 21:19 -------- d-----w- c:\program files\Microsoft
2009-07-15 21:08 . 2009-07-15 21:08 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-14 14:15 . 2005-06-15 14:38 -------- d--h--r- c:\docume~1\ALLUSE~1\APPLIC~1\yahoo!
2009-07-14 14:15 . 2005-08-31 12:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-13 15:08 . 2004-08-04 10:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 10:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 12:49 . 2009-07-03 12:48 -------- d-----w- c:\program files\QuickTime
2009-07-03 12:48 . 2005-06-03 22:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-03 12:48 . 2009-07-03 12:48 -------- d-----w- c:\program files\Apple Software Update
2009-07-03 12:48 . 2009-07-03 12:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-06-29 21:01 . 2009-06-29 21:00 -------- d-----w- c:\program files\comcasttb
2009-06-29 21:00 . 2005-05-25 13:28 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-29 21:00 . 2009-06-29 21:00 -------- d-----w- c:\program files\CA
2009-06-25 08:44 . 2004-08-04 10:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-04 10:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-04 10:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-04 10:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-04 10:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-04 10:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:34 . 2004-08-04 10:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-04 10:00 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2000-06-05 23:47 . 2000-06-05 23:47 32768 ----a-w- c:\program files\mozilla firefox\plugins\AppSub32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2009-02-06 1170272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
c:\documents and settings\David Frazier\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 16:06 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"SQLWriter"=3 (0x3)
"ose"=3 (0x3)
"NetSvc"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"EdcSvr"=2 (0x2)
"avg8wd"=2 (0x2)
"APC UPS Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\David Frazier\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\RssBandit\\RSSBandit.exe"=
"c:\\Program Files\\Everything\\Everything.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"\\\\Dell-330-js\\tcp\\timesvr.exe"=
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [8/18/2009 2:43 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/18/2008 7:20 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [8/17/2009 11:06 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/18/2008 7:19 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S2 AntiSpywareService;Comcast AntiSpyware; [x]
S4 EdcSvr;EdcSvr;c:\alohaqs\BIN\EdcSvr.exe [9/30/2008 10:54 AM 3715072]
S4 Fipse_l;Fipse_l;c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys [5/19/2005 5:23 PM 453632]
--- Other Services/Drivers In Memory ---
*Deregistered* - IPVNMon
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\docume~1\DFRAZI~1\APPLIC~1\Mozilla\Firefox\Profiles\ffg8er62.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.communitybakery.com/|http://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\documents and settings\D Frazier\Application Data\Mozilla\Firefox\Profiles\ffg8er62.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\D Frazier\Application Data\Mozilla\Firefox\Profiles\ffg8er62.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpIpx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 07:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-08-24 7:40
ComboFix-quarantined-files.txt 2009-08-24 12:40
ComboFix2.txt 2009-08-21 20:08
Pre-Run: 8,499,175,424 bytes free
Post-Run: 8,452,476,928 bytes free
262 --- E O F --- 2009-08-21 20:03
**************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:06 AM, on 8/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Promise Technology, Inc. - (no file)
--
End of file - 2459 bytes