ComboFix 11-03-16.06 - Austin 03/17/2011 20:22:57.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1279.559 [GMT -4:00] Running from: d:\downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Austin\My Documents\cc_20110315_221730.reg c:\windows\struct~.ini c:\windows\system32\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 ))))))))))))))))))))))))))))))) . . 2011-03-17 23:35 . 2011-03-17 23:55 -------- d-----w- c:\program files\Toolbar Uninstaller 2011-03-17 13:46 . 2011-03-17 13:46 -------- d-----w- c:\program files\OO Software 2011-03-16 05:07 . 2011-03-16 05:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit 2011-03-16 02:27 . 2011-03-16 02:59 -------- d-----w- c:\documents and settings\Austin\Application Data\IObit 2011-03-16 02:27 . 2011-03-16 02:27 -------- d-----w- c:\program files\IObit 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-03-16 01:54 . 2011-03-16 01:54 -------- d-----w- c:\program files\Common Files\Apple 2011-03-16 01:54 . 2011-03-16 01:54 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Apple 2011-03-16 01:54 . 2011-03-16 01:54 -------- d-----w- c:\program files\Apple Software Update 2011-03-16 01:54 . 2011-03-16 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-03-15 23:54 . 2011-03-15 23:54 -------- d-----w- c:\documents and settings\Austin\Application Data\U3 2011-03-15 14:23 . 2011-03-15 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2011-03-14 03:48 . 2011-03-14 03:48 -------- d-----w- c:\documents and settings\Austin\Application Data\Malwarebytes 2011-03-14 03:48 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-14 03:48 . 2011-03-14 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-14 03:48 . 2011-03-14 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-14 03:48 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-13 13:52 . 2011-03-13 13:52 -------- d-----w- c:\program files\ESET 2011-03-13 06:44 . 2011-03-13 06:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2011-03-12 20:00 . 2011-03-12 20:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-03-11 11:07 . 2011-03-11 11:07 -------- d-----w- c:\documents and settings\Austin\Application Data\f-secure 2011-03-11 11:07 . 2011-03-11 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2011-03-11 10:52 . 2011-03-11 10:52 -------- d-----w- c:\program files\Panda Security 2011-03-11 05:21 . 2011-03-11 05:21 155648 --sha-r- c:\windows\system32\ipv6Z.dll 2011-03-10 06:52 . 2011-03-10 06:52 -------- d-----w- C:\T2 2011-02-26 06:53 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-02-25 16:01 . 2011-02-25 16:01 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Sunbelt Software 2011-02-18 18:29 . 2011-02-18 18:29 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Temp . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-25 16:02 . 2010-03-10 01:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-02-23 15:04 . 2010-06-29 04:42 40648 ----a-w- c:\windows\avastSS.scr 2011-02-23 15:04 . 2009-05-02 06:16 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-23 14:56 . 2009-05-02 06:17 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-23 14:55 . 2009-05-02 06:17 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-23 14:55 . 2009-05-02 06:17 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-02-23 14:55 . 2009-05-02 06:17 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-02-23 14:55 . 2009-05-02 06:17 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-23 14:54 . 2009-05-02 06:17 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-02-23 14:54 . 2009-05-02 06:17 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-09 13:53 . 2004-08-04 12:00 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-02-03 02:40 . 2010-04-18 13:54 472808 -c--a-w- c:\windows\system32\deployJava1.dll 2011-02-03 00:19 . 2007-06-01 22:40 73728 -c--a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2007-05-30 23:55 2067456 ------w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2007-05-30 23:55 677888 ------w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 12:00 439296 ------w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 12:00 1854976 ------w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 22:15 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 22:15 . 2004-08-04 12:00 61952 -c----w- c:\windows\system32\tdc.ocx 2010-12-20 22:15 . 2004-08-04 12:00 81920 -c----w- c:\windows\system32\ieencode.dll 2010-12-20 17:26 . 2004-08-04 12:00 730112 ------w- c:\windows\system32\lsasrv.dll 2010-12-20 15:30 . 2004-08-04 12:00 369664 -c----w- c:\windows\system32\html.iec 2004-10-01 19:00 . 2008-07-22 23:51 40960 -c----w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480] "nwiz"="nwiz.exe" [2006-11-17 1622016] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-06-28 557056] "SoundMan"="SOUNDMAN.EXE" [2008-07-25 577536] "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016] "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496] "etLiveClk"="c:\windows\etLiveClk.exe" [2007-11-25 57344] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] "ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-8-28 221247] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] yac.lnk - c:\program files\YAC\yac.exe [2002-9-26 134656] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk backup=c:\windows\pss\APC UPS Status.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk backup=c:\windows\pss\Office Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk backup=c:\windows\pss\Quicken Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Austin^Start Menu^Programs^Startup^BounceBack Launcher.lnk] path=c:\documents and settings\Austin\Start Menu\Programs\Startup\BounceBack Launcher.lnk backup=c:\windows\pss\BounceBack Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Austin^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\documents and settings\Austin\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2008-04-23 06:08 483328 -c----w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager] 2009-08-23 04:00 91432 ------w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2003-07-25 15:15 536576 -c----w- c:\program files\Eraser\eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2006-03-14 02:06 1397760 -c----w- c:\program files\Ahead\InCD\InCD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "InCDsrv"=2 (0x2) "Stuffit Archive Name Service"=2 (0x2) "Adobe LM Service"=3 (0x3) "Pml Driver HPZ12"=3 (0x3) "Nero BackItUp Scheduler 4.0"=2 (0x2) "idsvc"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\system32\\SUPDSvc.exe"= "c:\\Program Files\\YAC\\yac.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/26/2011 2:53 AM 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/02/2009 2:17 AM 301528] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05/30/2007 8:07 PM 13696] R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [12/09/2009 4:42 AM 16768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/02/2009 2:17 AM 19544] R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [08/18/2008 5:54 PM 289880] R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [08/18/2008 5:42 PM 21412] R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [08/18/2008 5:42 PM 12632] R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [08/23/2009 29992] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 BS_Flash;BS_Flash;\??\c:\program files\Tseries BIOS Update\Award\BS_Flash.sys --> c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [?] S3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\drivers\etDevice.sys [08/03/2010 9:26 PM 131712] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [04/15/2009 9:22 AM 8704] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [04/15/2009 9:22 AM 3072] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Austin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Austin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?] S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [08/03/2010 9:26 PM 241408] S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [08/03/2010 9:26 PM 6656] S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [06/10/2010 42312] S3 V90drv;v90drv;c:\windows\system32\DRIVERS\v90drv.sys --> c:\windows\system32\DRIVERS\v90drv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html FF - ProfilePath - c:\documents and settings\Austin\Application Data\Mozilla\Firefox\Profiles\wx8pbla4.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.1&locale=en-US&sl=ub&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46} FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe AddRemove-2005 T1Plus with EFILE - f:\finance\cantax\2005t1w\Uninst.isu AddRemove-2005 T2 - f:\finance\cantax\2005T2\Uninst.isu AddRemove-Common Components 1.00 - c:\windows\system32\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-17 20:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2820) c:\windows\system32\nview.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\nvwddi.dll c:\program files\Iomega\DriveIcons\IMGHOOK.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\rundll32.exe c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\progra~1\Iomega\System32\AppServices.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Iomega\AutoDisk\ADService.exe c:\windows\system32\rundll32.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\slrundll.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-03-17 20:40:12 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-18 00:40 . Pre-Run: 74,912,960,512 bytes free Post-Run: 74,702,049,280 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" rem /noexecute=optin /fastdetect . - - End Of File - - B5DB2ECD00DD5135CCDCD3C6BC378F9A