Combofix had asked to restart as part of it's process, saying it had found rootkit activity, but hung up after it restarted. I killed it and let windows load. Ran it again. It didn't ask to reboot this time and finished normally.
ComboFix 10-04-20.04 - J....n J.....d 04/21/2010 11:06:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1406 [GMT -5:00]
Running from: c:\documents and settings\J....n J.....d\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-20 17:50 . 2010-04-20 17:50 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 17:49 . 2010-04-20 17:49 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-20 11:49 . 2010-04-20 11:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-18 07:48 . 2010-04-16 05:17 125056 ----a-w- C:\ftdisk.sys.sys
2010-04-17 18:41 . 2010-04-17 18:41 -------- d-----w- C:\_OTM
2010-04-17 18:29 . 2010-04-17 18:29 -------- d-----w- c:\documents and settings\J....n J.....d\Local Settings\Application Data\avG
2010-04-17 18:29 . 2010-04-17 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-13 16:41 . 2010-04-13 16:42 -------- d-----w- c:\program files\trend micro
2010-04-13 16:41 . 2010-04-13 16:42 -------- d-----w- C:\rsit
2010-04-13 00:11 . 2010-04-13 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-04-13 00:11 . 2010-04-13 00:11 -------- d-----w- c:\program files\IObit
2010-04-12 01:00 . 2010-04-12 02:01 -------- d-----w- c:\documents and settings\J....n J.....d\DoctorWeb
2010-04-11 20:38 . 2010-04-11 20:38 52224 ----a-w- c:\documents and settings\J....n J.....d\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-11 20:38 . 2010-04-11 20:38 117760 ----a-w- c:\documents and settings\J....n J.....d\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-11 20:37 . 2010-04-11 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-11 20:36 . 2010-04-11 20:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-11 20:36 . 2010-04-11 20:36 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\SUPERAntiSpyware.com
2010-04-11 16:36 . 2010-04-11 18:31 -------- d-----w- c:\windows\BDOSCAN8
2010-04-09 13:30 . 2010-04-09 13:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-09 03:24 . 2010-04-09 03:24 -------- d-sh--w- c:\documents and settings\J....n J.....d\PrivacIE
2010-04-09 03:21 . 2010-04-09 03:21 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-09 03:21 . 2010-04-09 03:21 -------- d-----w- c:\program files\Reference Assemblies
2010-04-09 03:21 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-09 03:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-09 03:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-09 03:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-09 03:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-09 03:20 . 2010-04-09 03:21 -------- d-----w- C:\13e426ba417ad14154aeffdb
2010-04-09 03:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-09 03:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-09 03:20 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-09 03:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-09 03:08 . 2010-04-09 03:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-09 03:04 . 2010-04-09 03:04 -------- d-sh--w- c:\documents and settings\J....n J.....d\IETldCache
2010-04-09 02:54 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-09 02:54 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-09 02:54 . 2010-04-09 02:54 -------- d-----w- c:\windows\ie8updates
2010-04-09 02:54 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-09 02:53 . 2010-04-09 02:53 -------- dc-h--w- c:\windows\ie8
2010-04-09 02:12 . 2010-04-09 02:12 -------- d-----w- c:\windows\ServicePackFiles
2010-04-09 01:59 . 2010-04-09 01:59 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-09 01:59 . 2010-04-09 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-09 00:57 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-09 00:55 . 2010-04-09 00:55 -------- d-----w- c:\program files\Windows Defender
2010-04-08 22:00 . 2010-04-08 22:01 -------- d-----w- c:\program files\CCleaner
2010-04-08 22:00 . 2010-04-08 22:00 388096 ----a-r- c:\documents and settings\J....n J.....d\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-08 22:00 . 2010-04-08 22:00 -------- d-----w- c:\program files\TrendMicro
2010-03-27 06:31 . 2010-03-27 06:31 67424 ---ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 06:11 . 2009-07-20 22:47 1145 --sha-w- c:\windows\system32\mmf.sys
2010-04-21 05:33 . 2010-02-26 07:20 0 ----a-w- c:\documents and settings\J....n J.....d\Local Settings\Application Data\prvlcl.dat
2010-04-20 21:58 . 2008-11-24 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-20 17:50 . 2009-11-20 20:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 11:49 . 2010-04-08 03:21 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-20 09:44 . 2008-09-18 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-19 19:10 . 2004-08-10 11:00 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-04-16 09:23 . 2008-09-18 01:03 -------- d-----w- c:\program files\Google
2010-04-13 01:43 . 2009-07-22 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-11 20:36 . 2009-03-04 23:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-09 13:24 . 2009-06-12 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-09 03:37 . 2008-09-18 00:41 85072 ----a-w- c:\documents and settings\J....n J.....d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-09 02:19 . 2008-11-24 05:44 -------- d-----w- c:\program files\Microsoft Works
2010-04-09 00:30 . 2008-09-18 03:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 00:30 . 2009-01-06 03:15 -------- d-----w- c:\program files\Logitech
2010-04-09 00:29 . 2009-09-01 04:45 -------- d-----w- c:\program files\Democracy2
2010-04-08 17:11 . 2009-07-22 04:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-08 08:42 . 2010-04-08 08:42 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\Malwarebytes
2010-04-08 08:42 . 2010-04-08 08:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-08 08:42 . 2010-04-08 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-08 02:55 . 2008-09-18 02:11 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\uTorrent
2010-03-30 05:46 . 2010-04-08 08:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2010-04-08 08:42 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 12:02 . 2009-11-30 22:00 79488 ----a-w- c:\documents and settings\J....n J.....d\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-14 13:13 . 2010-03-14 13:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 13:13 . 2008-09-18 04:14 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 13:12 . 2008-09-18 04:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 03:10 . 2010-02-01 06:09 48128 ----a-w- c:\documents and settings\J....n J.....d\fbchathistory.dat
2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 04:13 . 2009-10-04 03:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-26 07:41 . 2010-02-26 07:38 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\wootalyzer
2010-02-26 07:37 . 2010-02-26 07:37 -------- d-----w- c:\program files\Wootalyzer
2010-02-25 06:24 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 04:59 . 2009-02-05 19:55 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\ZoomBrowser EX
2010-02-25 04:58 . 2009-02-05 19:54 -------- d-----w- c:\documents and settings\J....n J.....d\Application Data\CameraWindowDC
2010-02-24 12:31 . 2004-08-10 11:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 17:35 . 2005-03-30 01:21 2143744 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 16:57 . 2005-03-30 01:01 2021888 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-10 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-10 11:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Google Update"="c:\documents and settings\J....n J.....d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-05 198160]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
c:\documents and settings\J....n J.....d\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlackBerry Desktop Redirector.lnk - c:\program files\Research In Motion\BlackBerry\Redirector.exe [2008-5-30 1319024]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 13:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^J....n J.....d^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\J....n J.....d\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 21:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\J....n J.....d\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/21/2009 10:38 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/17/2008 11:14 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/20/2009 3:31 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 8:13 AM 308064]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/12/2010 7:11 PM 311568]
S2 gupdate1c9ad70bf1e8c19;Google Update Service (gupdate1c9ad70bf1e8c19);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2009 12:40 PM 133104]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/20/2009 5:47 PM 2560]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [1/5/2009 10:17 PM 44544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-18 08:58]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 17:40]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 17:40]
2010-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2139871995-1801674531-1003Core.job
- c:\documents and settings\J....n J.....d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 07:15]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2139871995-1801674531-1003UA.job
- c:\documents and settings\J....n J.....d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 07:15]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {B6CC1067-4963-42B5-8030-E47DCB9EA05D} = 192.168.1.254,192.168.1.1
FF - ProfilePath - c:\documents and settings\J....n J.....d\Application Data\Mozilla\Firefox\Profiles\0nuudx8y.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.drudgereport.comFF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\J....n J.....d\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\J....n J.....d\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\J....n J.....d\Application Data\Mozilla\Firefox\Profiles\0nuudx8y.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\J....n J.....d\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-21 11:18:35
ComboFix-quarantined-files.txt 2010-04-21 16:18
ComboFix2.txt 2010-04-16 03:11
Pre-Run: 85,509,521,408 bytes free
Post-Run: 85,694,156,800 bytes free
- - End Of File - - 3EA806716A5DB7E9AAE5FF93874DF13C