Yeah, I'll have to thank my mother for this later Unfortunately a fresh install is not an option for me at this time (not sure where my OS disk is), so I'll have to just go with the cleanup for the time being. I do have a question though: Do I have to worry about my files being corrupt, or can I back them up and save them, then transfer them to a new computer without worry? I'm hoping to get a laptop by the end of the year, and I really don't want to loose the information I have on this computer if I don't have to. Anyways, here is the new log from ComboFix: (Keeping fingers crossed it'll actually allow it to post this time) ComboFix 10-11-23.05 - Crim_2 24/11/2010 9:42.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.240 [GMT -7:00] Running from: c:\documents and settings\Crim_2\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADS - WINDOWS: deleted 128 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mike\Application Data\inst.exe c:\program files\winvi c:\program files\winvi\dsktp\AC_RunActiveContent.js c:\program files\winvi\dsktp\desktop.html c:\program files\winvi\dsktp\internetDetection.swf c:\program files\winvi\dsktp\settings.sol c:\temp\1cb c:\temp\1cb\syscheck.log c:\temp\tmpvc14 c:\temp\tmpvc14\dllvc.log c:\windows\jestertb.dll c:\windows\mainms.vpi c:\windows\megavid.cdt c:\windows\muotr.so c:\windows\system32\gfedNXyb.ini c:\windows\system32\gfedNXyb.ini2 c:\windows\system32\i c:\windows\Tasks\At49.job c:\windows\Tasks\At50.job c:\windows\Tasks\At51.job c:\windows\Tasks\At52.job c:\windows\Tasks\At53.job c:\windows\Tasks\At54.job c:\windows\Tasks\At55.job c:\windows\Tasks\At56.job c:\windows\Tasks\At57.job c:\windows\Tasks\At58.job c:\windows\Tasks\At59.job c:\windows\Tasks\At60.job c:\windows\Tasks\At61.job c:\windows\Tasks\At62.job c:\windows\Tasks\At63.job c:\windows\Tasks\At64.job c:\windows\Tasks\At65.job c:\windows\Tasks\At66.job c:\windows\Tasks\At67.job c:\windows\Tasks\At68.job c:\windows\Tasks\At69.job c:\windows\Tasks\At70.job c:\windows\Tasks\At71.job c:\windows\Tasks\At72.job c:\windows\Tasks\avwnsket.job . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE ((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 ))))))))))))))))))))))))))))))) . 2010-11-19 22:07 . 2010-11-24 17:06 -------- d-----w- c:\windows\system32\CatRoot2 2010-11-19 20:35 . 2008-04-14 12:42 10752 ------w- c:\windows\system32\smtpapi.dll 2010-11-19 20:35 . 2008-04-14 12:42 9728 ------w- c:\windows\system32\rwnh.dll 2010-11-19 20:35 . 2008-04-14 12:41 81920 ------w- c:\windows\system32\ieencode.dll 2010-11-19 20:35 . 2007-04-03 07:12 1327320 ------w- c:\program files\MSN\msncorefiles\install\msnsusii.exe 2010-11-19 20:35 . 2007-04-03 07:04 884712 ------w- c:\program files\MSN\msncorefiles\install\msn9components\digcore.exe 2010-11-19 20:35 . 2007-04-03 07:09 11053008 ------w- c:\program files\MSN\msncorefiles\install\msn9components\msncli.exe 2010-11-19 20:35 . 2008-04-14 12:40 229376 ------w- c:\program files\MSN\msncorefiles\oobe\obelog.dll 2010-11-19 20:35 . 2008-04-14 12:40 966656 ------w- c:\program files\MSN\msncorefiles\oobe\obemetal.dll 2010-11-19 20:35 . 2008-04-14 12:40 86016 ------w- c:\program files\MSN\msncorefiles\oobe\obepopc.dll 2010-11-19 20:35 . 2007-04-03 07:14 77824 ------w- c:\program files\MSN\msncorefiles\oobe\obemtllc.dll 2010-11-19 20:32 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000001_.tmp 2010-11-19 19:42 . 2010-11-19 19:42 -------- d-sh--w- c:\documents and settings\Crim_2\IECompatCache 2010-11-19 07:00 . 2010-11-19 07:00 -------- d-----w- c:\program files\Defraggler 2010-11-08 07:35 . 2010-11-08 07:35 -------- d-----w- c:\program files\yWriter5 2010-11-08 06:24 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-11-08 06:24 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-11-08 06:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-11-08 05:34 . 2010-11-08 05:38 -------- dc-h--w- c:\windows\ie8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2004-01-08 22:23 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2001-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2001-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-07 15:12 . 2010-07-15 22:10 38848 ----a-w- c:\windows\avastSS.scr 2010-09-07 15:11 . 2009-09-04 22:26 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2009-09-04 22:27 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:52 . 2009-09-04 22:27 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 14:47 . 2009-09-04 22:27 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 14:47 . 2009-09-04 22:27 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-09-07 14:47 . 2009-09-04 22:27 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-09-07 14:47 . 2009-09-04 22:27 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-07 14:46 . 2009-09-04 22:27 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-09-01 11:51 . 2001-08-18 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2001-08-18 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2001-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Crim_2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-09 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Mike\Start Menu\Programs\Startup\ YouTube Uploader.lnk - c:\documents and settings\Mike\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-9 71152] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Button Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Button Manager.lnk backup=c:\windows\pss\HP Button Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Crim_2^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Crim_2\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 17:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-05-16 16:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] 2008-03-22 02:55 16384 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] 2003-11-07 09:50 19968 ------w- c:\windows\LOGI_MWX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-04-29 21:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 21:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax] 2004-03-26 20:40 794624 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-04-01 16:52 1368064 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2005-03-08 19:33 53248 ----a-r- c:\windows\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] 2005-03-12 09:33 147456 ----a-r- c:\windows\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] 2003-12-01 17:38 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WudfSvc"=2 (0x2) "WTouchService"=2 (0x2) "wscsvc"=2 (0x2) "WPFFontCache_v0400"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "WmiApSrv"=3 (0x3) "Wmi"=3 (0x3) "WinRM"=3 (0x3) "winmgmt"=2 (0x2) "WebClient"=2 (0x2) "W32Time"=2 (0x2) "VSS"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "UTSCSI"=2 (0x2) "UPS"=3 (0x3) "uCamMonitor"=2 (0x2) "TermService"=3 (0x3) "TapiSrv"=3 (0x3) "TabletServicePen"=2 (0x2) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "stisvc"=2 (0x2) "SSDPSRV"=3 (0x3) "srservice"=2 (0x2) "Spooler"=2 (0x2) "SoundMAX Agent Service (default)"=2 (0x2) "ShellHWDetection"=2 (0x2) "SharedAccess"=2 (0x2) "SENS"=2 (0x2) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "SamSs"=2 (0x2) "RSVP"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "ProtectedStorage"=2 (0x2) "PolicyAgent"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "PlugPlay"=2 (0x2) "Pixar Maitre-D Server 1.0.1"=2 (0x2) "Pixar License Server 5.0.2"=2 (0x2) "Pixar Alfred Server 13.5.2"=2 (0x2) "ose"=3 (0x3) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "NMIndexingService"=3 (0x3) "nlsX86cc"=2 (0x2) "Nla"=3 (0x3) "Netman"=3 (0x3) "Netlogon"=3 (0x3) "Net Driver HPZ12"=2 (0x2) "NBService"=3 (0x3) "napagent"=3 (0x3) "MSIServer"=3 (0x3) "MSDTC"=3 (0x3) "MDM"=2 (0x2) "MBAMService"=2 (0x2) "maya70docserver"=2 (0x2) "lanmanworkstation"=2 (0x2) "lanmanserver"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "ImapiService"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "HTTPFilter"=3 (0x3) "hpqddsvc"=2 (0x2) "hpqcxs08"=3 (0x3) "hkmsvc"=3 (0x3) "helpsvc"=2 (0x2) "FontCache3.0.0.0"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "EventSystem"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "EapHost"=3 (0x3) "Dot3svc"=3 (0x3) "Dnscache"=2 (0x2) "dmserver"=2 (0x2) "dmadmin"=3 (0x3) "Dhcp"=2 (0x2) "CryptSvc"=2 (0x2) "COMSysApp"=3 (0x3) "clr_optimization_v4.0.30319_32"=2 (0x2) "cisvc"=3 (0x3) "CCALib8"=2 (0x2) "Browser"=2 (0x2) "Bonjour Service"=2 (0x2) "BITS"=3 (0x3) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "AudioSrv"=2 (0x2) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "aspnet_state"=3 (0x3) "AppMgmt"=3 (0x3) "aliasdocserver"=2 (0x2) "ALG"=3 (0x3) "Akamai"=2 (0x2) "ACDaemon"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Alias\\Maya6.0\\bin\\maya.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Kids Web Menu\\kidsmenu.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:Windows Remote Management "1039:TCP"= 1039:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [24/02/2006 1:20 AM 21632] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/09/2009 3:27 PM 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/09/2009 3:27 PM 17744] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24/01/2009 10:40 PM 304464] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [04/08/2010 10:50 AM 14336] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24/01/2009 10:40 PM 20952] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [08/07/2010 5:52 PM 16168] S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [15/02/2007 8:13 PM 45696] S3 GAGPDrv;GAGPDrv; [x] S3 hercspud;Hercules ® WDM Audio Driver; [x] S3 hercwdm;Hercules ® WDM Interface Driver; [x] S3 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [08/07/2010 5:52 PM 4497704] S3 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [04/08/2010 10:50 AM 104960] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [28/02/2008 8:17 PM 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [28/02/2008 8:15 PM 85696] S3 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [08/07/2010 5:54 PM 113448] S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [18/08/2001 5:00 AM 14336] S4 aliasdocserver;Alias Documentation Server;c:\program files\Alias\Maya6.0\docs\Wrapper.exe [04/09/2009 11:21 PM 110592] S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 PM 130384] S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [19/07/2010 2:48 PM 57344] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [18/12/2007 9:43 PM 24652] S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18/08/2001 5:00 AM 14336] S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 PM 753504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2010-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-823518204-725345543-1008Core.job - c:\documents and settings\Crim_2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-09 01:53] 2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-823518204-725345543-1008UA.job - c:\documents and settings\Crim_2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-09 01:53] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local;localhost Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: windowsupdate.com\download DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Crim_2\Application Data\Mozilla\Firefox\Profiles\ydlni633.default\ FF - prefs.js: browser.startup.homepage - hxxp://s14.invisionfree.com/tripmydaisy/index.php FF - component: c:\documents and settings\Crim_2\Application Data\Mozilla\Firefox\Profiles\ydlni633.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll FF - plugin: c:\documents and settings\Crim_2\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Crim_2\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\TabletPlugins\npwacom.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) MSConfigStartUp-Cognac - c:\docume~1\Crim_2\LOCALS~1\Temp\~tmpa.exe MSConfigStartUp-MS AntiSpyware 2009 - c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe MSConfigStartUp-MSFox - c:\docume~1\Crim_2\LOCALS~1\Temp\a.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-Campaign Cartographer 2 - c:\documents and settings\mike\desktop\ad&d - campaign cartographer 2\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-24 10:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\