Hi, I did everything you said in the instructions, the scan finished on combofix, then it restarted the computer, it took me to the log-in screen, I put my password on the username and then it came up with a big blue screen saying something about a Fatal Error(the same as last time). I turned it off and on again and it worked and opened up the log:
ComboFix 10-09-06.02 - Owner 09/06/2010 15:16:19.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.639 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.
2010-09-06 20:08 . 2004-08-04 05:56 502272 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2010-09-06 19:58 . 2010-09-06 20:03 -------- d-----w- C:\sp2
2010-09-06 15:26 . 2010-09-06 15:26 -------- d-----w- C:\_OTL
2010-09-06 11:44 . 2010-09-06 11:44 -------- d-----w- c:\program files\Common Files\Java
2010-09-06 11:44 . 2010-09-06 11:44 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b9c3cad-n\msvcp71.dll
2010-09-06 11:44 . 2010-09-06 11:44 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b9c3cad-n\jmc.dll
2010-09-06 11:44 . 2010-09-06 11:44 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b9c3cad-n\msvcr71.dll
2010-09-06 11:44 . 2010-09-06 11:44 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3660a6f6-n\decora-sse.dll
2010-09-06 11:44 . 2010-09-06 11:44 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3660a6f6-n\decora-d3d.dll
2010-09-06 11:44 . 2010-09-06 11:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-03 23:08 . 2010-09-03 23:08 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-03 23:08 . 2010-09-03 23:08 -------- d-----w- c:\program files\Trend Micro
2010-09-03 21:23 . 2004-08-04 05:56 23552 -c--a-w- c:\windows\system32\dllcache\wdmaud.drv
2010-09-03 21:23 . 2004-08-04 05:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-09-03 21:16 . 2010-09-03 21:16 -------- d-----w- C:\_OTM
2010-09-01 14:37 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-09-01 14:37 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-09-01 14:37 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-09-01 14:37 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-09-01 14:37 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-09-01 14:37 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-09-01 14:37 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-09-01 14:37 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-09-01 14:37 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-09-01 14:37 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-09-01 14:37 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-09-01 14:37 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-08-28 22:40 . 2010-08-28 22:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-28 20:06 . 2009-11-11 12:26 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2010-08-28 20:06 . 2009-11-11 12:26 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2010-08-28 20:03 . 2010-08-28 20:03 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-28 20:03 . 2010-08-28 20:03 84480 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-08-28 20:03 . 2010-08-28 20:03 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab
2010-08-20 19:34 . 2010-08-20 19:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-08-19 21:31 . 2010-08-19 21:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-12 15:59 . 2010-09-06 10:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-12 15:59 . 2010-09-06 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-10 21:40 . 2010-08-10 21:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-08-10 21:40 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 21:40 . 2010-08-10 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 21:40 . 2010-08-10 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-10 21:40 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 21:20 . 2010-08-10 21:20 -------- d-----w- C:\39a3b5f57eeccf5fabfa
2010-08-10 21:18 . 2010-08-10 21:18 -------- d-----w- C:\0c2e2e01440008a243ceb5adf9
2010-08-10 20:05 . 2010-08-10 22:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-10 19:12 . 2010-08-25 21:05 120 ----a-w- c:\windows\Khebirewapanuvaz.dat
2010-08-10 19:12 . 2010-08-25 12:07 0 ----a-w- c:\windows\Ymigobel.bin
2010-08-10 18:49 . 2010-08-10 22:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\iiahuxpfn
2010-08-10 18:49 . 2010-08-10 22:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\xgjjttnaa
2010-08-10 18:48 . 2010-08-10 22:19 -------- d-----w- c:\documents and settings\Owner\Application Data\1EB04BB0A0261C3CCE50398692309223
2010-08-10 17:45 . 2010-08-10 17:45 -------- d-----w- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 11:43 . 2006-05-09 04:48 -------- d-----w- c:\program files\Java
2010-09-06 10:21 . 2005-06-22 12:07 40320 ----a-w- c:\windows\system32\drivers\ql1080.sys
2010-09-04 10:45 . 2006-05-09 04:45 -------- d-----w- c:\program files\Google
2010-09-03 23:10 . 2006-07-25 08:09 36816 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-31 13:48 . 2009-08-24 17:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-24 17:01 . 2005-10-28 02:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Isyvq
2010-08-24 08:47 . 2009-05-22 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-19 21:35 . 2005-08-14 10:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Sydu
2010-08-19 21:35 . 2010-08-19 21:35 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\pnmfzy.dat
2010-08-17 21:42 . 2007-10-10 21:54 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-08-12 16:12 . 2009-02-03 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Kyuh
2010-08-11 17:58 . 2010-07-12 08:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Pyku
2010-08-02 21:38 . 2009-03-01 12:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-07-09 16:47 . 2009-03-01 12:08 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-06-25 07:37 . 2010-06-25 07:37 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-06-14 14:30 . 2005-06-22 10:29 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
.
------- Sigcheck -------
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 496903C2892759B902EE0DC7C56B805F . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 6B7DA0EBB2C439AEB4AD21D87F774A2C . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . C59C3671DE1D07F89429D7B2848C94FF . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-30 68856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 05:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 18:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2006-11-01 14:18 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-29 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 18:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
2005-02-25 20:20 68296 ----a-w- c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-11-05 14:47 688218 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-11-05 14:47 98394 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2004-08-04 12:00 16384 ----a-w- c:\windows\Help\splshwrp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2009 5:34 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2009 5:34 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/25/2009 10:20 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/25/2009 10:20 AM 297752]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [5/8/2006 11:40 PM 17280]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [5/8/2006 11:40 PM 9600]
S0 psffw;psffw; [x]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/21/2005 10:25 PM 69692]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [8/5/2006 12:37 PM 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [8/5/2006 12:37 PM 44928]
.
Contents of the 'Scheduled Tasks' folder
2010-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://my.yahoo.com/uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} -
hxxp://download.signgate.com/download/c ... taller.cabDPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g3letwqi.default\
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-06 15:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(1624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\system32\npkcmsvc.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\tabbtnu.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-06 15:31:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 20:31
ComboFix2.txt 2010-09-06 16:57
Pre-Run: 50,412,916,736 bytes free
Post-Run: 50,399,309,824 bytes free
- - End Of File - - 56FB67E93D0AFA788E327E5C19E605E4