When ComboFix finishes, just before it closes, it says "log will be at C:/ComboFix.txt" (which I didn't see before), but when it is done, it opens up a file log.txt from the desktop. So I will post ComboFix.txt:
ComboFix 10-01-26.01 - Kate the Great 26/01/2010 12:26:10.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.3002.1611 [GMT -5:00]
Running from: c:\users\Kate the Great\Desktop\ComboFix.exe
Command switches used :: c:\users\Kate the Great\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 17:33 . 2010-01-26 17:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-26 17:33 . 2010-01-26 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-25 00:55 . 2010-01-25 00:55 -------- d-----w- c:\windows\Sun
2010-01-20 17:49 . 2010-01-25 16:10 -------- d-----w- c:\users\Kate the Great\AppData\Local\Adobe
2010-01-20 17:40 . 2010-01-20 17:40 -------- d-----w- c:\program files\Lame for Audacity
2010-01-20 17:38 . 2010-01-20 17:38 -------- d-----w- c:\program files\Audacity
2010-01-19 01:16 . 2010-01-19 01:17 -------- d-----w- c:\windows\system32\ca-ES
2010-01-19 01:16 . 2010-01-19 01:17 -------- d-----w- c:\windows\system32\eu-ES
2010-01-19 01:16 . 2010-01-19 01:17 -------- d-----w- c:\windows\system32\vi-VN
2010-01-19 00:43 . 2010-01-19 00:43 -------- d-----w- c:\windows\system32\EventProviders
2010-01-19 00:39 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-01-19 00:36 . 2009-04-11 06:28 1671680 ----a-w- c:\windows\system32\wlanpref.dll
2010-01-19 00:35 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-01-19 00:35 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-01-19 00:35 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-01-17 21:44 . 2010-01-17 21:44 -------- d-----w- c:\program files\CCleaner
2010-01-17 21:38 . 2010-01-19 09:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-17 21:38 . 2010-01-17 22:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-17 21:34 . 2005-08-26 00:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-01-17 21:34 . 2010-01-17 21:36 -------- d-----w- c:\program files\SpywareBlaster
2010-01-13 13:13 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 13:13 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 00:32 . 2008-12-26 17:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
2010-01-11 20:31 . 2010-01-11 23:41 -------- d-----w- c:\programdata\Screaming Bee
2010-01-11 02:21 . 2010-01-11 02:26 -------- d-----w- C:\vcs5BGEffects
2010-01-11 02:21 . 2010-01-12 00:36 -------- d-----w- C:\AV_LOGS
2010-01-11 02:21 . 2010-01-11 02:28 -------- d-----w- C:\vcs5core
2010-01-11 02:20 . 2010-01-11 02:38 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-01-06 17:25 . 2010-01-11 16:27 -------- d-----w- c:\users\Kate the Great\AppData\Local\CutePDF Writer
2010-01-06 17:24 . 2010-01-06 17:24 -------- d-----w- c:\program files\gs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 17:32 . 2009-12-01 00:15 -------- d-----w- c:\programdata\BOINC
2010-01-26 14:10 . 2010-01-26 14:10 97 ----a-w- c:\programdata\BOINC\slots\3\metropolis_3.12_windows_intelx86.exe
2010-01-26 05:59 . 2010-01-26 05:59 76 ----a-w- c:\programdata\BOINC\slots\2\msvcr71.dll
2010-01-26 05:59 . 2010-01-26 05:59 76 ----a-w- c:\programdata\BOINC\slots\2\msvcp71.dll
2010-01-26 01:43 . 2009-12-22 03:47 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\Skype
2010-01-26 01:42 . 2009-12-22 03:48 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\skypePM
2010-01-26 01:42 . 2009-12-03 19:41 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\Dropbox
2010-01-25 19:05 . 2009-12-01 00:28 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\uTorrent
2010-01-25 19:01 . 2009-12-09 01:10 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\vlc
2010-01-25 17:05 . 2009-12-07 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-24 18:10 . 2010-01-24 18:10 88 ----a-w- c:\programdata\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2010-01-24 18:10 . 2010-01-24 18:10 100 ----a-w- c:\programdata\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2010-01-23 16:57 . 2010-01-23 16:57 111 ----a-w- c:\programdata\BOINC\slots\1\einstein_S5R6_3.01_windows_intelx86__S5R6sse2.exe
2010-01-23 09:06 . 2010-01-23 06:46 19724316 ----a-w- c:\programdata\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_ABP2_3.03_graphics_windows_intelx86.exe
2010-01-23 07:10 . 2010-01-23 06:46 17273203 ----a-w- c:\programdata\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_ABP2_3.06_windows_intelx86.exe
2010-01-21 00:17 . 2009-12-01 00:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 00:00 . 2009-12-01 03:00 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-19 23:47 . 2009-12-01 00:58 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-19 01:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-19 01:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-19 01:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-19 01:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-19 01:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-19 01:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-19 01:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-19 01:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-18 18:38 . 2009-12-07 01:12 1 ----a-w- c:\users\Kate the Great\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-14 16:12 . 2009-12-01 07:14 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 12:07 . 2010-01-12 12:06 11293390 ----a-w- c:\programdata\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R6_3.01_windows_intelx86__S5R6sse2.exe
2010-01-08 22:01 . 2009-12-05 23:41 -------- d-----w- c:\programdata\NOS
2010-01-02 06:38 . 2010-01-21 20:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 20:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 20:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 06:52 . 2009-12-31 06:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-24 17:18 . 2009-12-24 17:18 -------- d-----w- c:\program files\SmartSoftVideoConverterPro
2009-12-24 17:06 . 2009-12-24 17:06 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\Roxio
2009-12-22 03:49 . 2009-12-22 03:49 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-22 03:46 . 2009-12-22 03:45 -------- d-----r- c:\program files\Skype
2009-12-22 03:45 . 2009-12-22 03:45 -------- d-----w- c:\program files\Common Files\Skype
2009-12-22 03:45 . 2009-12-22 03:45 -------- d-----w- c:\programdata\Skype
2009-12-20 05:13 . 2009-12-20 05:12 624640 ----a-w- c:\windows\Twittearth.scr
2009-12-20 05:11 . 2009-12-20 05:11 29926 ----a-r- c:\users\Kate the Great\AppData\Roaming\Microsoft\Installer\{EB711BC7-0FDF-460C-A00C-DF8E5E996037}\_6FEFF9B68218417F98F549.exe
2009-12-20 05:11 . 2009-12-20 05:11 -------- d-----w- c:\program files\Primelabs
2009-12-20 05:08 . 2009-12-20 05:08 -------- d-----w- c:\program files\UselessCreations
2009-12-19 00:01 . 2009-12-18 19:32 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\Winamp
2009-12-18 19:34 . 2009-12-01 00:31 -------- d-----w- c:\program files\Winamp
2009-12-18 19:32 . 2009-12-18 19:18 -------- d-----w- c:\program files\Winamp Detect
2009-12-17 14:34 . 2009-12-17 14:34 -------- d-----w- c:\programdata\WindowsSearch
2009-12-16 21:07 . 2009-12-16 21:06 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\acccore
2009-12-16 21:03 . 2009-12-16 21:03 -------- d-----w- c:\programdata\AIM
2009-12-16 21:02 . 2009-12-16 21:02 -------- d-----w- c:\program files\AIM
2009-12-16 21:02 . 2009-12-16 21:02 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-12-16 21:02 . 2009-12-16 21:02 -------- d-----w- c:\program files\Common Files\AOL
2009-12-16 18:03 . 2009-12-16 18:03 -------- d-----w- c:\program files\YouTube Downloader
2009-12-16 17:18 . 2009-12-16 17:17 -------- d-----w- c:\program files\Common Files\Real
2009-12-16 17:18 . 2009-12-16 17:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-16 17:17 . 2009-12-16 17:17 -------- d-----w- c:\program files\Real
2009-12-16 17:08 . 2009-12-16 17:08 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\Zabersoft
2009-12-16 17:08 . 2009-12-16 16:59 -------- d-----w- c:\programdata\Zabersoft
2009-12-16 17:08 . 2009-12-16 16:59 -------- d-----w- c:\program files\PimpFish
2009-12-16 00:23 . 2009-12-16 00:23 294912 ----a-w- c:\programdata\BOINC\projects\setiathome.berkeley.edu\ap_graphics_5.05_windows_intelx86.exe
2009-12-16 00:23 . 2009-12-16 00:23 479232 ----a-w- c:\programdata\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
2009-12-15 01:50 . 2009-12-08 00:52 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\HpUpdate
2009-12-13 22:20 . 2009-12-13 22:18 -------- d-----w- c:\programdata\WinZip
2009-12-12 03:01 . 2009-12-12 03:01 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\Research In Motion
2009-12-11 15:44 . 2009-12-07 00:49 -------- d-----w- c:\program files\Java
2009-12-11 03:16 . 2009-12-11 03:16 -------- d-----w- c:\program files\MSXML 4.0
2009-12-11 03:01 . 2009-11-30 23:02 72568 ----a-w- c:\users\Kate the Great\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 19:25 . 2009-12-10 19:01 -------- d-----w- c:\program files\ViRC
2009-12-10 00:00 . 2009-11-30 23:42 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\InstallShield
2009-12-10 00:00 . 2009-12-10 00:00 -------- d-----w- c:\programdata\InstallShield
2009-12-09 23:59 . 2009-12-09 23:59 -------- d-----w- c:\programdata\Sonic
2009-12-09 23:58 . 2009-12-09 23:52 -------- d-----w- c:\programdata\Roxio
2009-12-09 23:54 . 2009-12-09 23:40 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-12-09 23:54 . 2009-12-01 00:19 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-09 23:53 . 2009-12-09 23:52 -------- d-----w- c:\program files\Roxio
2009-12-09 23:52 . 2009-12-09 23:52 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-12-09 23:52 . 2009-12-09 23:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 23:40 . 2009-12-02 20:38 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-12-09 23:40 . 2009-12-09 23:40 -------- d-----w- c:\programdata\Research In Motion
2009-12-09 09:00 . 2010-01-26 10:25 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100125.051\CCERASER.DLL
2009-12-08 00:55 . 2009-12-08 00:55 -------- d-----w- c:\program files\Hp
2009-12-07 15:43 . 2009-12-07 15:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-07 15:42 . 2009-12-07 15:42 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-12-07 01:12 . 2009-12-07 01:12 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\OpenOffice.org
2009-12-07 00:53 . 2009-12-07 00:53 -------- d-----w- c:\program files\JRE
2009-12-07 00:53 . 2009-12-07 00:52 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-05 04:23 . 2009-12-05 04:23 499712 ----a-w- c:\programdata\BOINC\projects\szdg.lpds.sztaki.hu_szdg\msvcp71.dll
2009-12-05 04:23 . 2009-12-05 04:23 348160 ----a-w- c:\programdata\BOINC\projects\szdg.lpds.sztaki.hu_szdg\msvcr71.dll
2009-12-04 19:38 . 2009-12-04 19:38 -------- d-----w- c:\program files\Tweet Play List
2009-12-03 23:58 . 2009-11-30 23:36 -------- d-----w- c:\program files\CONEXANT
2009-12-03 20:57 . 2009-12-03 20:57 -------- d-----w- c:\users\Kate the Great\AppData\Roaming\DivX
2009-12-03 19:42 . 2009-12-03 19:42 89962 ----a-w- c:\users\Kate the Great\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-12-02 20:38 . 2009-12-02 20:38 -------- d-----w- c:\program files\Research In Motion
2009-12-02 20:05 . 2009-12-02 19:50 20190183 ----a-w- c:\programdata\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_ABP1_3.12_windows_intelx86.exe
2009-12-02 20:05 . 2009-12-02 19:50 19724316 ----a-w- c:\programdata\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_ABP1_3.12_graphics_windows_intelx86.exe
2009-12-02 01:09 . 2009-12-01 01:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-01 13:02 . 2009-12-01 13:02 -------- d-----w- c:\programdata\Symantec
2009-12-01 03:28 . 2009-12-01 00:15 -------- d-----w- c:\program files\BOINC
.
((((((((((((((((((((((((((((( SnapShot@2010-01-24_22.43.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-01-26 01:44 37784 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-26 01:44 74182 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-30 22:59 . 2010-01-25 15:54 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-30 22:59 . 2010-01-24 03:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-30 22:59 . 2010-01-25 15:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-30 22:59 . 2010-01-24 03:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-30 22:59 . 2010-01-25 15:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-30 22:59 . 2010-01-24 03:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-06 03:24 . 2010-01-23 23:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-06 03:24 . 2010-01-26 02:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-06 03:24 . 2010-01-26 02:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-06 03:24 . 2010-01-23 23:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-06 03:24 . 2010-01-23 23:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-06 03:24 . 2010-01-26 02:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-06 03:24 . 2010-01-23 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-06 03:24 . 2010-01-26 01:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-06 03:24 . 2010-01-23 23:29 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-06 03:24 . 2010-01-26 01:41 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-06 03:24 . 2010-01-26 01:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-06 03:24 . 2010-01-23 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-30 23:03 . 2010-01-26 01:44 5372 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3134423536-883019792-496773664-1000_UserData.bin
- 2010-01-23 23:29 . 2010-01-23 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-26 01:41 . 2010-01-26 01:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-23 23:29 . 2010-01-23 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-26 01:41 . 2010-01-26 01:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-01-26 02:05 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-01-23 23:37 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-01-23 23:37 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-01-26 02:05 105852 c:\windows\System32\perfc009.dat
+ 2009-12-11 03:42 . 2010-01-25 15:54 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-12-11 03:42 . 2010-01-22 22:43 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-25 17:05 . 2010-01-25 17:05 3940352 c:\windows\Installer\409b0a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Kate the Great\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Kate the Great\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Kate the Great\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-11 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-11 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-11 145944]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-16 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\users\Kate the Great\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kate the Great\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-10-8 26805255]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Caledos Wallpaper (startup).lnk - c:\windows\Installer\{04FEBC27-D0C2-408C-818F-232367CBF48E}\_B4DEF8A0EADF742B6C2287.exe [2009-11-30 82726]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a6,78,55,eb,a5,98,ca,01
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [30/11/2009 8:01 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [30/11/2009 8:01 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [30/11/2009 8:01 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys [19/01/2010 9:28 PM 343088]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [30/11/2009 8:01 PM 117640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [17/01/2010 4:38 PM 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03/12/2009 3:37 PM 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [30/06/2008 5:52 AM 112128]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [30/11/2009 8:01 PM 48688]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [11/01/2010 7:32 PM 17792]
S2 gupdate1ca721c322e7448;Google Update Service (gupdate1ca721c322e7448);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2009 7:21 PM 133104]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [26/11/2009 12:06 AM 34384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 00:20]
2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 00:20]
2010-01-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-17 20:31]
2010-01-26 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-01-17 20:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Kate the Great\AppData\Roaming\Mozilla\Firefox\Profiles\acsler5x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-01-26 12:33
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4224)
c:\users\Kate the Great\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
c:\windows\System32\NLSData0009.dll
.
Completion time: 2010-01-26 12:40:38
ComboFix-quarantined-files.txt 2010-01-26 17:40
ComboFix2.txt 2010-01-25 19:22
ComboFix3.txt 2010-01-24 22:50
ComboFix4.txt 2010-01-23 23:25
Pre-Run: 64,514,134,016 bytes free
Post-Run: 64,460,034,048 bytes free
- - End Of File - - BF489F62F2A044EEF5B977986E230332
Hopefully it's the correct one this time. I made sure to follow the instructions carefully.
34 34384 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
-> Run -> copy/paste in the following single line command & click OK
Chevy Camaro Forum
Ford Mustang Forum
Jeep Wrangler Forum
Volkswagen Touareg Forum
Land Rover Defender Forum
