Neither of the 09 entries were shown in hijackthis.
ComboFix 10-07-15.01 - David 07/15/2010 18:15:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1211 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\David\Application Data\996cb2e5.exe
C:\Tmp3C.tmp
c:\windows\desktop
c:\windows\system32\gotomon.log
.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.
2010-07-15 16:41 . 2010-07-15 16:41 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-15 16:41 . 2010-07-15 16:41 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 16:41 . 2010-07-15 16:41 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 16:41 . 2010-07-15 16:41 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-14 23:05 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 15:38 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 15:38 . 2010-07-14 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 15:38 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 04:37 . 2010-07-14 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock
2010-07-13 23:08 . 2010-07-13 23:08 388096 ----a-r- c:\documents and settings\David\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-13 23:05 . 2010-07-13 23:05 -------- d-----w- c:\program files\Common Files\Java
2010-07-13 23:00 . 2010-07-13 23:00 503808 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bf4aee4-n\msvcp71.dll
2010-07-13 23:00 . 2010-07-13 23:00 61440 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45efd0f3-n\decora-sse.dll
2010-07-13 23:00 . 2010-07-13 23:00 499712 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bf4aee4-n\jmc.dll
2010-07-13 23:00 . 2010-07-13 23:00 348160 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bf4aee4-n\msvcr71.dll
2010-07-13 23:00 . 2010-07-13 23:00 12800 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45efd0f3-n\decora-d3d.dll
2010-07-13 22:59 . 2010-07-13 22:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 22:59 . 2010-07-13 22:59 -------- d-----w- c:\program files\Java
2010-07-13 20:39 . 2010-07-13 20:39 61752 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-07-13 20:39 . 2010-07-13 20:39 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-07-10 17:01 . 2010-07-10 17:01 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Identity Finder
2010-07-10 16:59 . 2010-07-10 17:01 -------- d-----w- c:\program files\Identity Finder 4
2010-07-02 19:58 . 2010-07-02 19:58 -------- d-----w- c:\temp\MotoConnectTemp
2010-07-02 19:11 . 2010-07-02 19:11 -------- d-----w- c:\documents and settings\David\Application Data\CheckPoint
2010-07-02 19:11 . 2010-06-09 06:00 52224 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
2010-07-02 19:11 . 2010-06-09 06:00 101376 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
2010-07-02 19:10 . 2010-07-02 19:10 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Conduit
2010-07-02 19:10 . 2010-07-02 19:10 -------- d-----w- c:\program files\Conduit
2010-07-02 19:10 . 2010-07-02 19:10 -------- d-----w- c:\program files\ZoneAlarm
2010-07-02 19:10 . 2010-07-02 19:10 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\ZoneAlarm
2010-07-02 19:10 . 2010-07-02 19:10 -------- d-----w- c:\program files\CheckPoint
2010-07-02 19:10 . 2010-06-23 20:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-07-02 19:10 . 2010-06-23 20:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-27 14:27 . 2010-06-27 14:27 -------- d-----w- c:\program files\Smilebox
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 01:06 . 2009-02-07 20:11 -------- d-----w- c:\program files\Trend Micro
2010-07-16 01:03 . 2008-06-24 03:38 5013 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2010-07-16 00:51 . 2010-02-26 21:13 0 ----a-w- c:\documents and settings\David\Local Settings\Application Data\prvlcl.dat
2010-07-16 00:27 . 2008-11-26 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-07-15 23:41 . 2008-06-26 04:59 -------- d-----w- c:\documents and settings\David\Application Data\Canon
2010-07-15 11:32 . 2008-05-21 22:31 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-13 20:07 . 2008-06-27 02:27 -------- d-----w- c:\documents and settings\David\Application Data\uTorrent
2010-07-13 19:39 . 2010-01-08 05:55 52224 ----a-w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-13 19:39 . 2009-04-01 02:30 117760 ----a-w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-13 19:39 . 2009-02-07 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-08 12:43 . 2008-05-21 23:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 12:40 . 2008-10-01 13:44 9032188 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-06-23 20:51 . 2009-01-30 02:02 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-14 14:31 . 2008-05-21 13:53 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 16:20 . 2010-06-06 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\CitrixLogs
2010-06-06 16:19 . 2008-12-15 05:47 7046096 ----a-w- c:\documents and settings\David\gosetup.exe
2010-06-06 12:37 . 2008-08-08 14:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 16:33 . 2008-05-21 22:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 16:33 . 2008-05-21 22:48 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 14:20 . 2009-02-05 16:50 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-05-31 14:19 . 2009-02-05 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-05-23 19:26 . 2009-02-12 18:53 -------- d-----w- c:\program files\Defraggler
2010-05-06 10:41 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-03 23:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 20:39 . 2010-04-30 23:49 557056 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\extensions\
[email protected]\plugins\np_fastbid.dll
2010-04-20 05:30 . 2004-08-04 00:56 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 18:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-09-19 04:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-09-19 04:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-09-19 04:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="g:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"WinPatrol"="g:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864]
"AVG9_TRAY"="g:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"ZoneAlarm Client"="g:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "g:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 17:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03 916240 ----a-w- g:\program files\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 18:29 729088 ----a-r- g:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 20:00 49152 ----a-w- g:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 22:28 577536 ----a-w- c:\windows\soundman.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"g:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"g:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2212:TCP"= 2212:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/21/2008 3:48 PM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/21/2008 3:48 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 avg9wd;AVG Free WatchDog;g:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 10:32 AM 308064]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 6:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 6:35 AM 493032]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [1/27/2009 6:36 PM 72672]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [12/4/2009 8:18 PM 91392]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
S2 gupdate1c9b885aa1caf1c;Google Update Service (gupdate1c9b885aa1caf1c);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 1:07 PM 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/5/2009 9:50 AM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/5/2009 9:50 AM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/4/2009 8:18 PM 23936]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 XE103Sp50;XE103Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\XE103Sp50.sys [11/28/2006 10:46 PM 27072]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/3/2004 5:56 PM 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-07-15 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2010-05-17 19:13]
2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 20:10]
2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 20:10]
2010-07-12 c:\windows\Tasks\Groundhog to Flash.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]
2010-07-02 c:\windows\Tasks\Media.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]
2010-07-11 c:\windows\Tasks\Pictures.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]
2010-07-15 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- g:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-02-09 23:31]
2010-07-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- g:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-02-09 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {F40CF67E-BB36-4052-BE6F-CB36E4254311} = 208.67.220.220,208.67.222.222
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q=
FF - component: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: g:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\David\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\extensions\
[email protected]\plugins\np_fastbid.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com
http://www.google.com');user_pref('capability.policy.localfilelinks.checkl
oaduri.enabled', 'allAccess');FF - user.js: yahoo.homepage.dontask - trueg:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
MSConfigStartUp-GoToMyPC - c:\program files\Citrix\GoToMyPC\g2svc.exe
MSConfigStartUp-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
MSConfigStartUp-P2kAutostart - c:\p2kcommander\P2kAutostart.exe
MSConfigStartUp-SunJavaUpdateSched - g:\program files\Java\jre6\bin\jusched.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-15 18:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3648.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3648.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(476)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
- - - - - - - > 'lsass.exe'(532)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-07-15 18:23:49
ComboFix-quarantined-files.txt 2010-07-16 01:23
Pre-Run: 5,847,277,568 bytes free
Post-Run: 5,827,342,336 bytes free
- - End Of File - - 58960F1FEC9F7E70EA02431E7B548114