Google has been working correctly for the last couple of days, and I haven't noticed any advertising pop-ups.
ComboFix 10-06-07.03 - Owner 06/07/2010 18:38:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.197 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\meta4.exe"
"c:\windows\MOTA113.exe"
"c:\windows\S62356CEC.tmp"
"c:\windows\system32\2052s.exe"
"c:\windows\system32\tmp.txt"
"c:\windows\tasks\Ad-Aware Update (Weekly).job"
"c:\windows\tasks\GlaryInitialize.job"
"c:\windows\x2.64.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Local Settings\Application Data\cmtkrdabc
c:\documents and settings\Owner\Local Settings\Application Data\vrgchobrk
c:\windows\meta4.exe
c:\windows\MOTA113.exe
c:\windows\x2.64.exe
c:\windows\S62356CEC.tmp . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.
2010-06-06 01:00 . 2010-06-06 01:00 -------- d-----w- c:\program files\XviD
2010-06-06 01:00 . 2010-06-06 01:00 -------- d-----w- c:\program files\Gabest
2010-06-06 00:59 . 2010-06-06 01:00 -------- d-----w- c:\program files\AutoGK
2010-06-06 00:52 . 2010-06-06 00:58 -------- d-----w- c:\program files\FairUse Wizard 2
2010-06-06 00:17 . 2010-06-06 00:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\HandBrake
2010-06-06 00:17 . 2010-06-06 00:17 -------- d-----w- c:\documents and settings\Owner\Application Data\HandBrake
2010-06-06 00:15 . 2010-06-06 00:41 -------- d-----w- c:\program files\Handbrake
2010-06-05 19:46 . 2010-06-05 19:46 -------- d-----w- C:\_OTM
2010-06-05 19:43 . 2010-06-05 19:43 -------- d-----w- c:\program files\ERUNT
2010-06-04 16:36 . 2010-06-04 16:37 -------- d-----w- C:\rsit
2010-05-30 22:01 . 2010-05-30 22:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-05-30 22:01 . 2010-05-30 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-30 22:01 . 2010-05-30 22:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-28 18:02 . 2010-05-28 18:01 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-28 16:57 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-28 16:56 . 2010-05-28 16:56 -------- d-----w- c:\program files\Panda Security
2010-05-28 16:26 . 2010-06-04 16:36 -------- d-----w- c:\program files\Trend Micro
2010-05-23 19:36 . 2010-05-23 19:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Songbird2
2010-05-23 19:36 . 2010-05-23 19:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Songbird2
2010-05-23 19:29 . 2010-06-07 03:09 -------- d-----w- c:\program files\Songbird
2010-05-18 20:22 . 2010-05-18 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Freeze Tag
2010-05-17 04:20 . 2010-05-17 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-05-16 23:06 . 2010-05-16 23:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Namco
2010-05-16 23:04 . 2010-05-20 03:32 -------- d-----w- c:\program files\Journalist Journey The Eye of Odin
2010-05-15 17:22 . 2010-05-15 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-13 17:48 . 2010-05-13 17:48 -------- d-----w- c:\documents and settings\Owner\Application Data\VendelGAMES
2010-05-12 18:52 . 2010-05-12 18:52 -------- d-----w- c:\documents and settings\Owner\Application Data\HorizonWimba
2010-05-10 23:11 . 2010-05-10 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-05-10 23:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 23:11 . 2010-05-10 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-10 23:11 . 2010-05-10 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 23:11 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 22:53 . 2010-06-07 22:53 0 ----a-w- c:\windows\S62356CEC.tmp
2010-06-07 22:29 . 2008-06-20 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-06 01:00 . 2008-08-05 22:43 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-05 19:35 . 2005-07-22 02:04 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-06-04 03:13 . 2005-07-22 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-02 16:37 . 2009-05-23 03:03 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 16:37 . 2009-05-23 03:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:34 . 2009-06-30 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2010-06-01 23:28 . 2005-07-28 04:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-01 23:28 . 2005-07-28 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-01 23:26 . 2004-01-21 01:53 -------- d-----w- c:\program files\Java
2010-06-01 23:15 . 2005-07-28 04:05 -------- d-----w- c:\program files\Lavasoft
2010-06-01 23:15 . 2008-04-12 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-01 15:48 . 2005-09-30 04:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-01 01:54 . 2005-07-22 00:26 165824 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 22:43 . 2009-02-08 21:07 -------- d-----w- c:\program files\Final Draft 7
2010-05-31 22:32 . 2005-07-27 08:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-31 22:31 . 2009-02-08 21:07 -------- d-----w- c:\program files\Final Draft Tagger
2010-05-16 23:05 . 2010-04-16 19:57 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2010-05-16 23:05 . 2009-07-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-05-16 05:29 . 2008-04-10 21:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-15 17:24 . 2006-05-24 01:57 -------- d-----w- c:\program files\iTunes
2010-05-15 17:22 . 2008-02-23 19:46 -------- d-----w- c:\program files\iPod
2010-05-15 17:22 . 2007-07-11 04:05 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 17:08 . 2005-11-04 06:52 -------- d-----w- c:\program files\QuickTime
2010-05-15 17:05 . 2006-10-03 01:42 -------- d-----w- c:\program files\Apple Software Update
2010-05-15 16:58 . 2008-04-12 07:38 -------- d-----w- c:\program files\Bonjour
2010-05-14 03:06 . 2005-08-25 00:18 -------- d-----w- c:\program files\Google
2010-05-11 19:28 . 2009-11-21 04:11 -------- d-----w- c:\program files\Season of Mystery - The Cherry Blossom Murders
2010-05-11 19:26 . 2009-07-08 00:48 -------- d-----w- c:\program files\Games
2010-05-10 16:45 . 2007-04-27 00:30 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-05-10 01:01 . 2009-09-01 03:59 -------- d-----r- c:\program files\Skype
2010-05-07 18:42 . 2010-05-07 18:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Lazy Turtle Games
2010-05-06 00:24 . 2009-05-23 03:03 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-06 00:24 . 2009-05-23 03:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-06 00:22 . 2010-05-06 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-06 00:22 . 2008-05-28 21:38 -------- d-----w- c:\program files\AVG
2010-05-01 17:56 . 2010-05-01 17:56 -------- d-----w- c:\documents and settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Lavasoft
2010-05-01 17:54 . 2010-05-01 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Deadtime Stories
2010-04-21 14:50 . 2010-04-21 14:50 -------- d-----w- c:\documents and settings\Owner\Application Data\ERS G-Studio
2010-04-18 06:27 . 2008-08-05 12:50 116920 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-11 20:55 . 2010-04-11 19:36 -------- d-----w- c:\program files\BackStreet Browser 3.1
2010-04-11 03:09 . 2008-07-28 22:08 11114 ----a-w- c:\documents and settings\All Users\Application Data\MainApp.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-11 12:38 . 2005-07-22 01:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-12 07:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-07-22 02:03 17408 ------w- c:\windows\system32\corpol.dll
2006-07-06 22:20 . 2006-07-06 22:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-01-23 18:07 . 2007-08-09 22:26 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2005-08-01 23:09 . 2005-08-01 20:09 0 --sha-w- c:\windows\SMINST\HPCD.sys
2006-05-03 09:06 . 2009-09-15 17:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-15 17:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-15 17:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 74202EB1BD67E8BE9509E38C8D2234B0 . 561152 . . [5.1.2600.1634] . . c:\windows\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp1qfe\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\documents and settings\Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-10-27 718232]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-12-06 3022848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-16 149280]
c:\documents and settings\Administrator.YOUR-AT5QGAAC3Z\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 32768]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-06 00:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"RecordNow!"=
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe"
"BackupNotify"=c:\program files\HP\Digital Imaging\bin\backupnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/28/2010 12:57 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2009 11:03 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2009 11:03 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/5/2010 8:23 PM 308064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/30/2009 1:30 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 4:40 PM 135664]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [9/5/2006 3:16 AM 217600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/12/2008 3:47 AM 717296]
.
Contents of the 'Scheduled Tasks' folder
2010-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 11:51]
2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6348b368ccc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 20:40]
2010-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3659986384-410713596-3707131593-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-28 00:46]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv9vfib1.default\
FF - prefs.js: keyword.URL -
hxxp://slirsredirect.search.aol.com/sli ... 706&query=FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv9vfib1.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv9vfib1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-07 18:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3659986384-410713596-3707131593-1003\Software\MainConcept (iuLab)*%*s* *M*P*E*G* *S*p*l*i*t*t*e*r*\DirectShow\MPEGSplitter]
"FastSeeking"=dword:00000000
"IndexModeOptions"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1796)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\LTMSG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-06-07 19:12:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-07 23:12
ComboFix2.txt 2010-06-05 20:52
Pre-Run: 38,758,649,856 bytes free
Post-Run: 38,728,585,216 bytes free
- - End Of File - - 91799ADE09325C7DB35F024EAF17B2AF
Jotti Scan
Filename: user32.dll
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sun 30 May 2010 00:13:46 (CET) Permalink
File size: 578560 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 48fdbbe0e55b15e1886fcf5d8563b19f
SHA1: 5d8fe20fbab205dfe8ccec93852fbdd65dcaaef2