Hi Mark,
Here is the log.txt from Combofix.
===================================
ComboFix 09-07-04.09 - kenric1 07/05/2009 11:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1287 [GMT -7:00]
Running from: c:\documents and settings\kenric1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\46927_2006-05-05_16.42.15.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-05_17.22.15.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-06_09.19.55.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-07_09.42.26.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-08_09.25.25.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-08_13.43.07.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-09_17.22.48.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-10_16.18.28.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-11_08.25.54.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-11_19.26.17.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-12_08.44.16.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-12_09.52.11.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-12_13.29.48.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-12_17.18.01.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-12_23.42.55.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-14_13.15.15.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-14_17.11.02.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-15_13.29.46.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-16_08.24.39.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-19_09.48.44.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-19_13.31.05.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-19_17.02.28.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-20_09.51.37.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-21_14.53.59.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-21_16.54.33.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-21_17.36.53.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-23_07.43.03.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-23_17.15.26.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-24_14.30.03.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-25_22.29.44.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-26_23.57.28.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-27_00.53.31.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-27_07.52.34.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-29_07.24.58.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-29_14.34.58.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-30_17.17.40.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-31_09.13.40.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-31_16.48.12.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-05-31_21.34.04.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-02_09.26.57.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-03_10.09.29.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-06_08.36.26.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-06_16.56.10.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-06_23.46.25.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-07_09.01.36.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-08_10.07.28.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-08_15.18.54.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-09_01.19.42.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-09_21.13.38.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-10_10.26.51.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-12_10.50.01.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-13_00.59.08.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-13_11.27.38.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-15_01.32.01.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-16_09.46.09.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-16_17.19.18.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-16_23.19.35.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-17_10.58.26.hl
c:\documents and settings\All Users.\documents\settings\46927_2006-06-17_11.59.20.hl
c:\documents and settings\All Users.\documents\settings\desktop.ini
c:\documents and settings\All Users.\documents\settings\rvnkey_a.dat
c:\documents and settings\All Users.\documents\settings\rvnkey_b.dat
c:\documents and settings\All Users.\documents\settings\rvnkey_f.dat
c:\documents and settings\All Users.\documents\settings\rvnkey_v.dat
c:\documents and settings\All Users.\documents\settings\rvnkeylogh
c:\recycler\S-1-5-21-2369461160-35945199-3371764974-1003
c:\windows\Fonts\acrsec.fon
c:\windows\system32\lsp.dll
c:\windows\system32\mlfcache.dat
C:\WS-SET.EXE
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.
2009-07-05 18:22 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-05 18:22 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-04 10:11 . 2009-07-04 10:11 -------- d-----w- c:\program files\Alwil Software
2009-07-04 03:57 . 2009-07-04 03:57 -------- d-----w- c:\documents and settings\kenric1\Application Data\Malwarebytes
2009-07-04 03:57 . 2009-07-04 03:57 -------- d-----w- c:\docume~1\kenric1\APPLIC~1\Malwarebytes
2009-07-04 03:57 . 2009-07-04 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 20:26 . 2005-02-23 21:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-06-05 18:26 . 2009-06-05 18:26 -------- d-----w- c:\windows\system32\IOSUBSYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 18:06 . 2006-01-17 00:16 88880 ----a-w- c:\documents and settings\kenric1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 19:08 . 2006-06-20 03:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-04 19:05 . 2005-11-05 04:09 -------- d-----w- c:\program files\Common Files\AOL
2009-07-04 18:58 . 2005-11-05 04:10 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-07-04 18:57 . 2007-01-16 07:17 -------- d-----w- c:\program files\LimeWire
2009-07-04 18:53 . 2006-01-17 06:11 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-04 18:49 . 2008-01-05 21:44 -------- d-----w- c:\program files\Poker Grapher
2009-07-04 18:48 . 2006-08-10 21:38 -------- d-----w- c:\program files\Poker Tracker V2
2009-07-04 18:45 . 2009-03-20 22:04 -------- d-----w- c:\program files\Vuze
2009-07-04 18:41 . 2006-06-20 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-04 18:37 . 2006-10-06 07:16 -------- d-----w- c:\program files\PokerStars
2009-07-04 18:36 . 2008-02-04 04:55 -------- d-----w- c:\documents and settings\kenric1\Application Data\Move Networks
2009-07-04 18:36 . 2008-02-04 04:55 -------- d-----w- c:\docume~1\kenric1\APPLIC~1\Move Networks
2009-07-04 18:33 . 2005-11-05 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 18:32 . 2005-11-07 17:42 -------- d-----w- c:\program files\Google
2009-07-04 18:29 . 2006-10-20 04:17 -------- d-----w- c:\program files\Full Tilt Poker
2009-07-04 18:27 . 2007-08-08 18:29 -------- d-----w- c:\program files\CAM350_8.6
2009-07-04 18:27 . 2008-03-11 19:15 -------- d-----w- c:\program files\Cake Poker
2009-07-04 18:22 . 2008-10-25 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-04 18:22 . 2006-06-20 02:57 -------- d-----w- c:\program files\Lavasoft
2009-07-04 18:21 . 2007-10-24 15:50 -------- d-----w- c:\program files\1&1
2009-07-04 10:07 . 2007-12-10 01:37 -------- d-----w- c:\documents and settings\kenric1\Application Data\FileZilla
2009-07-04 10:07 . 2007-12-10 01:37 -------- d-----w- c:\docume~1\kenric1\APPLIC~1\FileZilla
2009-07-04 03:21 . 2009-03-20 22:05 -------- d-----w- c:\documents and settings\kenric1\Application Data\Azureus
2009-07-04 03:21 . 2009-03-20 22:05 -------- d-----w- c:\docume~1\kenric1\APPLIC~1\Azureus
2009-06-24 18:31 . 2009-03-19 18:12 -------- d-----w- c:\program files\Equis
2009-06-24 15:09 . 2006-01-29 22:44 -------- d-----w- c:\documents and settings\kenric1\Application Data\ArcSoft
2009-06-24 15:09 . 2006-01-29 22:44 -------- d-----w- c:\docume~1\kenric1\APPLIC~1\ArcSoft
2009-06-23 07:10 . 2008-08-11 23:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-18 15:42 . 2007-02-15 07:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-12 06:34 . 2009-03-27 06:15 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-06 07:50 . 2005-11-05 04:13 -------- d-----w- c:\program files\Yahoo!
2009-06-05 23:14 . 2006-12-15 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-05 23:13 . 2006-02-08 03:41 -------- d-----w- c:\documents and settings\kenric1\Application Data\Yahoo!
2009-06-05 23:13 . 2006-02-08 03:41 -------- d-----w- c:\docume~1\kenric1\APPLIC~1\Yahoo!
2009-06-04 07:51 . 2005-11-05 04:05 -------- d-----w- c:\program files\Quicken
2009-06-04 06:27 . 2009-06-04 06:15 -------- d-----w- c:\program files\WinMerge
2009-05-31 18:53 . 2009-05-31 18:53 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-05-31 18:34 . 2009-05-31 18:34 -------- d-----w- c:\documents and settings\kenric1\Application Data\GARMIN
2009-05-31 18:34 . 2009-05-31 18:34 -------- d-----w- c:\docume~1\kenric1\APPLIC~1\GARMIN
2009-05-31 18:34 . 2009-05-31 18:34 -------- d-----w- c:\program files\DIFX
2009-05-31 18:34 . 2009-05-31 18:34 -------- d-----w- c:\program files\Garmin
2009-05-29 05:33 . 2009-05-29 05:33 262144 ----a-w- C:\ntuser.dat
2009-05-18 06:41 . 2009-05-18 06:41 -------- d-----w- c:\documents and settings\kenric1\Application Data\Bullzip
2009-05-18 06:41 . 2009-05-18 06:41 -------- d-----w- c:\docume~1\kenric1\APPLIC~1\Bullzip
2009-05-18 06:36 . 2009-05-18 06:36 -------- d-----w- c:\program files\Bullzip
2009-05-07 15:32 . 2005-11-05 00:52 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 16:31 . 2009-03-27 06:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-03 16:31 . 2009-03-27 06:15 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:56 . 2005-11-05 00:53 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-11-05 00:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 02:53 . 2009-05-18 06:36 194560 ----a-w- c:\windows\system32\bzpdf.dll
2009-04-17 12:26 . 2005-11-05 00:53 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-11-05 00:53 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"Google Update"="c:\documents and settings\kenric1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-06-10 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"TFncKy"="TFncKy.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-11-10 15473664]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-2 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 16:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 0e3e
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 11:15 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 11:15 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 11:15 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/31/2008 9:33 PM 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe --> c:\windows\system32\\AstSrv.exe [?]
S3 FTD2XX;FTD2XX_ADRF.SYS Repeater;c:\windows\system32\drivers\FTD2XX_ADRF.sys [8/7/2006 12:56 PM 34639]
S3 iscFlash;iscFlash;\??\c:\docume~1\kenric1\LOCALS~1\Temp\isc1Ctmp\iscflash.sys --> c:\docume~1\kenric1\LOCALS~1\Temp\isc1Ctmp\iscflash.sys [?]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776574225-2921150394-3902323158-1006Core.job
- c:\documents and settings\kenric1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 06:38]
2009-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776574225-2921150394-3902323158-1006UA.job
- c:\documents and settings\kenric1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 06:38]
2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{6790CF5C-B080-4ABF-9D4F-529B83151E12}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about
:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
http://www.yahoo.com
FF - ProfilePath - c:\docume~1\kenric1\APPLIC~1\Mozilla\Firefox\Profiles\j1hm255j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL -
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\kenric1\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-05 11:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3628)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-07-05 11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-05 18:30
Pre-Run: 21,569,576,960 bytes free
Post-Run: 23,639,523,328 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
301 --- E O F --- 2009-06-10 10:12