ComboFix 11-05-28.01 - Emily 05/29/2011 11:55:31.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.960 [GMT -5:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
Command switches used :: c:\users\Emily\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 17:05 . 2011-05-29 17:19 -------- d-----w- c:\users\Emily\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05 -------- d-----w- c:\users\Brett\AppData\Local\temp
2011-05-27 18:36 . 2011-05-27 18:36 -------- d-----w- c:\users\Brett\AppData\Roaming\skypePM
2011-05-27 18:32 . 2011-05-27 18:39 -------- d-----w- c:\users\Brett\AppData\Roaming\Skype
2011-05-27 17:17 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2112E809-728B-43DB-A3D1-574A1BD7516D}\mpengine.dll
2011-05-23 00:59 . 2011-05-23 01:00 -------- d-----w- c:\users\test
2011-05-20 13:10 . 2010-11-30 16:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9CE9344-25FB-4A95-9F56-050877A81D7F}\gapaengine.dll
2011-05-11 13:55 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 20:26 . 2011-04-30 20:27 -------- d-----w- c:\users\Brett\AppData\Roaming\HpUpdate
2011-04-29 22:19 . 2011-04-29 22:19 -------- d-----w- c:\users\Emily\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 17:17 . 2009-08-29 01:07 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-05-29 17:17 . 2009-08-29 01:25 56680 ----a-w- c:\windows\system32\rpcnet.dll
2011-05-09 20:46 . 2011-01-19 16:34 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-04 12:39 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-03 17:39 . 2011-04-03 17:39 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-03 17:39 . 2011-04-03 17:39 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-03 17:39 . 2011-04-03 17:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-03 17:39 . 2011-04-03 17:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 17:39 . 2011-04-03 17:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 17:39 . 2011-04-03 17:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-03 17:39 . 2011-04-03 17:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-03 17:39 . 2011-04-03 17:39 367104 ----a-w- c:\windows\system32\html.iec
2011-04-03 17:39 . 2011-04-03 17:39 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-03 17:39 . 2011-04-03 17:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-03 17:39 . 2011-04-03 17:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-03 17:39 . 2011-04-03 17:39 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-03 17:39 . 2011-04-03 17:39 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-03 17:39 . 2011-04-03 17:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-03 17:39 . 2011-04-03 17:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-03 17:39 . 2011-04-03 17:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-03 17:39 . 2011-04-03 17:39 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-03 17:39 . 2011-04-03 17:39 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-03 17:39 . 2011-04-03 17:39 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-03 17:39 . 2011-04-03 17:39 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-03 17:39 . 2011-04-03 17:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-12 21:55 . 2011-04-27 19:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 16:17 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 16:17 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 16:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 19:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 19:34 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 19:34 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 19:34 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 19:34 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 19:34 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-14 16:16 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 16:16 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-26 22:58 . 2011-04-04 18:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-02 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
.
c:\users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [N/A]
Skyscape SmartUpdate.lnk - c:\program files\Common Files\Skyscape\SmartUpdate.exe [N/A]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-20 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-07-07 18:52 6854984 ----a-w- c:\program files\Emsisoft\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 19:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl03424119;MpKsl03424119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BB4EACC-A5A3-4F7F-B797-644282BC17C1}\MpKsl03424119.sys
R1 MpKsl426faf11;MpKsl426faf11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19B3529-1F4D-4A28-A373-E8D5DD345EAC}\MpKsl426faf11.sys
R1 MpKsl9740c8cb;MpKsl9740c8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{035DE9EF-62E7-4BDD-9D5C-BE7A20C09D7F}\MpKsl9740c8cb.sys
R1 MpKsl97cc59aa;MpKsl97cc59aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC0349C-A123-4915-88F6-C5760DABBD64}\MpKsl97cc59aa.sys
R1 MpKsl98d3fb52;MpKsl98d3fb52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D116C21-CBB6-4EC3-B876-83CB4D1F411C}\MpKsl98d3fb52.sys
R1 MpKslc093615b;MpKslc093615b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E8D659-5C96-4CEB-9406-D3E8DEA6CB14}\MpKslc093615b.sys
R1 MpKslc7d03e3e;MpKslc7d03e3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BB1A6F-DF0E-4158-B709-4B88A99C9C3C}\MpKslc7d03e3e.sys
R1 MpKslf4303622;MpKslf4303622;c:\windows\system32\MpEngineStore\MpKslf4303622.sys [2011-03-03 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R4 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
DPF: CabCCT - hxxps://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2011-05-29 12:26:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-29 17:25
ComboFix2.txt 2011-05-26 23:17
ComboFix3.txt 2011-01-20 02:13
.
Pre-Run: 19,847,061,504 bytes free
Post-Run: 19,735,728,128 bytes free
.
- - End Of File - - FF721FF789FD9B453A2EA0669CA10D5A
and I am running MRT now.