I have been trying to clean some annoying malware off one of my computer for the last week. Any and all help is much appreciated. Here is the ComboFix Log.
ComboFix 10-04-08.06 - ahs 04/09/2010 12:46:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1458 [GMT -4:00]
Running from: c:\documents and settings\ahs\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: Webroot® Client Security *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-3424103056-2704896269-1602444226-500
c:\windows\Downloaded Program Files\t1fonts
c:\windows\Downloaded Program Files\t1fonts\Adobe-GB1.cidToUnicode
c:\windows\Downloaded Program Files\t1fonts\Adobe-Japan1.cidToUnicode
c:\windows\Downloaded Program Files\t1fonts\CMap\78-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\78-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\78-H
c:\windows\Downloaded Program Files\t1fonts\CMap\78-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\78-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\78-V
c:\windows\Downloaded Program Files\t1fonts\CMap\78ms-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\78ms-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\83pv-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\90ms-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\90ms-RKSJ-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\90ms-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\90msp-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\90msp-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\90pv-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\90pv-RKSJ-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\90pv-RKSJ-UCS2C
c:\windows\Downloaded Program Files\t1fonts\CMap\90pv-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Add-H
c:\windows\Downloaded Program Files\t1fonts\CMap\Add-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\Add-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Add-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-0
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-1
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-2
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-3
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-4
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-GB1-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-0
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-1
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-2
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-3
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-4
c:\windows\Downloaded Program Files\t1fonts\CMap\Adobe-Japan1-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Ext-H
c:\windows\Downloaded Program Files\t1fonts\CMap\Ext-RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\Ext-RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Ext-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GB-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GB-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GB-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GB-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK-EUC-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK2K-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBK2K-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBKp-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBKp-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBpc-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBpc-EUC-UCS2
c:\windows\Downloaded Program Files\t1fonts\CMap\GBpc-EUC-UCS2C
c:\windows\Downloaded Program Files\t1fonts\CMap\GBpc-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBT-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBT-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBT-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBT-V
c:\windows\Downloaded Program Files\t1fonts\CMap\GBTpc-EUC-H
c:\windows\Downloaded Program Files\t1fonts\CMap\GBTpc-EUC-V
c:\windows\Downloaded Program Files\t1fonts\CMap\H
c:\windows\Downloaded Program Files\t1fonts\CMap\Hankaku
c:\windows\Downloaded Program Files\t1fonts\CMap\Hiragana
c:\windows\Downloaded Program Files\t1fonts\CMap\Katakana
c:\windows\Downloaded Program Files\t1fonts\CMap\NWP-H
c:\windows\Downloaded Program Files\t1fonts\CMap\NWP-V
c:\windows\Downloaded Program Files\t1fonts\CMap\RKSJ-H
c:\windows\Downloaded Program Files\t1fonts\CMap\RKSJ-V
c:\windows\Downloaded Program Files\t1fonts\CMap\Roman
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UCS2-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UCS2-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UTF16-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UTF16-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UTF8-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniGB-UTF8-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UCS2-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UCS2-HW-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UCS2-HW-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UCS2-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UTF16-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UTF16-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UTF8-H
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJIS-UTF8-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJISPro-UCS2-HW-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJISPro-UCS2-V
c:\windows\Downloaded Program Files\t1fonts\CMap\UniJISPro-UTF8-V
c:\windows\Downloaded Program Files\t1fonts\CMap\V
c:\windows\Downloaded Program Files\t1fonts\CMap\WP-Symbol
c:\windows\Downloaded Program Files\t1fonts\d050000l.pfb
c:\windows\Downloaded Program Files\t1fonts\EUC-CN.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\EUC-JP.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\GBK.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\ISO-2022-CN.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\ISO-2022-JP.unicodeMap
c:\windows\Downloaded Program Files\t1fonts\n019003l.pfb
c:\windows\Downloaded Program Files\t1fonts\n019004l.pfb
c:\windows\Downloaded Program Files\t1fonts\n019023l.pfb
c:\windows\Downloaded Program Files\t1fonts\n019024l.pfb
c:\windows\Downloaded Program Files\t1fonts\n021003l.pfb
c:\windows\Downloaded Program Files\t1fonts\n021004l.pfb
c:\windows\Downloaded Program Files\t1fonts\n021023l.pfb
c:\windows\Downloaded Program Files\t1fonts\n021024l.pfb
c:\windows\Downloaded Program Files\t1fonts\n022003l.pfb
c:\windows\Downloaded Program Files\t1fonts\n022004l.pfb
c:\windows\Downloaded Program Files\t1fonts\n022023l.pfb
c:\windows\Downloaded Program Files\t1fonts\n022024l.pfb
c:\windows\Downloaded Program Files\t1fonts\s050000l.pfb
c:\windows\Downloaded Program Files\t1fonts\Shift-JIS.unicodeMap
c:\windows\system32\ddabbb.dll
c:\windows\system32\img_utils.dll
c:\windows\system32\imgscaler.dll
c:\windows\system32\opqqpq.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\Temp\tmp3.tmp
----- BITS: Possible infected sites -----
hxxp://liveupdate.symantec.com
.
((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.
2010-04-09 16:14 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 16:14 . 2010-04-09 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-09 16:14 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 15:51 . 2010-04-09 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 15:07 . 2010-04-09 15:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-09 15:07 . 2010-04-09 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-04-09 15:07 . 2010-04-09 15:11 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-09 11:58 . 2010-04-09 11:58 94720 ---ha-w- c:\windows\system32\efcccb.dll
2010-04-09 05:15 . 2010-04-09 14:11 -------- d-----w- c:\windows\system32\drivers\NIS
2010-04-09 05:15 . 2010-04-09 05:15 -------- d-----w- c:\program files\Norton Internet Security
2010-04-09 05:14 . 2010-04-09 05:14 -------- d-----w- c:\program files\NortonInstaller
2010-04-09 00:15 . 2010-04-09 00:15 94720 ---ha-w- c:\windows\system32\ljiged.dll
2010-04-08 21:23 . 2010-04-08 21:23 -------- d-----w- c:\documents and settings\ahs\Local Settings\Application Data\Identities
2010-04-08 18:13 . 2010-04-09 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-08 16:19 . 2010-04-08 16:19 -------- d-----w- c:\program files\Windows Sidebar
2010-04-08 12:30 . 2010-04-08 17:24 -------- d-----w- c:\program files\VS Revo Group
2010-04-07 18:33 . 2010-04-07 18:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2010-04-06 13:17 . 2010-04-08 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-04 15:59 . 2010-04-04 15:59 -------- d-----w- c:\windows\LMIF8.tmp
2010-04-02 23:49 . 2010-04-02 23:54 -------- d-----w- c:\program files\DivX
2010-04-02 23:48 . 2010-04-02 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-31 02:03 . 2010-03-31 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-31 01:58 . 2010-03-31 01:59 -------- d-----w- c:\program files\QuickTime
2010-03-31 01:52 . 2010-03-31 01:52 -------- d-----w- c:\program files\Bonjour
2010-03-27 15:07 . 2010-03-29 02:12 -------- d-----w- c:\documents and settings\ahs\Local Settings\Application Data\Tific
2010-03-27 15:07 . 2010-04-09 05:21 -------- d-----w- c:\documents and settings\ahs\Application Data\Tific
2010-03-27 15:06 . 2010-04-09 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-27 15:00 . 2010-03-27 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-27 14:37 . 2010-03-27 14:37 -------- d-----w- c:\documents and settings\ahs\Local Settings\Application Data\Nero
2010-03-18 18:46 . 2010-03-19 16:17 -------- d-----w- c:\documents and settings\ahs\Application Data\skypePM
2010-03-18 18:46 . 2010-03-18 18:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-18 18:38 . 2010-03-19 19:00 -------- d-----w- c:\documents and settings\ahs\Application Data\Skype
2010-03-18 18:37 . 2010-03-18 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 16:59 . 2010-01-19 19:12 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-09 15:40 . 2009-03-18 19:50 -------- d-----w- c:\documents and settings\ahs\Application Data\mjusbsp
2010-04-09 15:32 . 2007-07-16 14:30 -------- d-----w- c:\program files\Common Files\Apple
2010-04-09 15:09 . 2007-04-24 22:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-09 15:07 . 2010-04-09 15:07 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-09 05:21 . 2010-04-09 05:16 968560 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
2010-04-09 05:20 . 2007-02-22 01:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-09 05:20 . 2010-04-09 07:41 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\NAVENG.SYS
2010-04-09 05:20 . 2010-04-09 07:41 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\NAVENG32.DLL
2010-04-09 05:20 . 2010-04-09 07:41 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\NAVEX32A.DLL
2010-04-09 05:20 . 2010-04-09 07:41 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\NAVEX15.SYS
2010-04-09 05:20 . 2010-04-09 07:41 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\EECTRL.SYS
2010-04-09 05:20 . 2010-04-09 07:41 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\CCERASER.DLL
2010-04-09 05:20 . 2010-04-09 07:41 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\ECMSVR32.DLL
2010-04-09 05:20 . 2010-04-09 07:41 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100408.039\ERASER.SYS
2010-04-09 05:18 . 2007-02-22 00:58 -------- d-----w- c:\program files\Google
2010-04-09 05:16 . 2007-02-22 01:08 -------- d-----w- c:\program files\Symantec
2010-04-09 05:16 . 2008-09-04 19:20 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-09 05:16 . 2008-09-04 19:20 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-22 15:36 . 2010-04-02 23:51 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-22 01:08 . 2007-04-28 16:38 -------- d-----w- c:\program files\dl_cats
2010-03-19 16:17 . 2009-08-18 15:07 -------- d-----w- c:\program files\Common Files\logishrd
2010-03-01 16:50 . 2009-10-30 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-02-28 15:53 . 2010-02-28 15:53 5514304 ----a-w- c:\documents and settings\ahs\Application Data\TVU networks\AutoUpgrade\TVUPlayer2.5.2.2.exe
2010-02-26 23:51 . 2010-02-26 23:51 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\ug00000\magicJack.dll
2010-02-26 23:51 . 2010-04-09 15:39 6870864 ---ha-w- c:\documents and settings\ahs\Application Data\mjusbsp\in00000\setup.exe
2010-02-26 23:51 . 2010-03-02 15:41 6870864 ---ha-w- c:\documents and settings\ahs\Application Data\mjusbsp\Upgrade\setup2.exe
2010-02-26 23:51 . 2010-02-26 23:51 6870864 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\ug00000\setup.exe
2010-02-26 23:51 . 2010-02-26 23:51 705936 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\magicJackLoader.exe
2010-02-26 23:51 . 2010-02-26 23:51 480608 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\octvqe1_apiw.dll
2010-02-26 23:51 . 2010-02-26 23:51 214360 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\TjVista.dll
2010-02-26 23:50 . 2010-02-26 23:50 324952 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\TjIpSys.dll
2010-02-26 23:50 . 2010-02-26 23:50 615792 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\SJHandsetMagicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 87384 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\st00000\mjsetup.exe
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\st00000\magicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\magicJack.dll
2010-02-26 23:46 . 2010-02-26 23:46 12526424 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\magicJack.exe
2010-02-26 23:45 . 2010-04-09 15:39 743872 ---ha-w- c:\documents and settings\ahs\Application Data\mjusbsp\ar00000\install.exe
2010-02-26 23:45 . 2010-03-02 15:41 743872 ---ha-w- c:\documents and settings\ahs\Application Data\mjusbsp\Upgrade\install2.exe
2010-02-26 23:45 . 2010-02-26 23:45 743872 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\ug00000\install.exe
2010-02-26 23:45 . 2010-02-26 23:45 87384 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\in00000\mjsetup.exe
2010-02-26 23:45 . 2010-02-26 23:45 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\in00000\magicJack.dll
2010-02-26 23:44 . 2010-02-26 23:44 138584 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\lr00000\magicJack.dll
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\ahs\Application Data\mjusbsp\cdloader2.exe
2010-02-25 06:24 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 22:20 . 2010-02-20 22:20 50354 ----a-w- c:\documents and settings\ahs\Application Data\Facebook\uninstall.exe
2010-02-20 22:20 . 2010-02-20 22:20 -------- d-----w- c:\documents and settings\ahs\Application Data\Facebook
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-09 19:13 . 2007-04-24 22:19 24892 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-08 19:52 . 2010-01-27 01:02 -------- d-----w- c:\documents and settings\ahs\Application Data\vlc
2010-02-05 15:39 . 2010-02-05 15:39 251376 ----a-w- c:\documents and settings\ahs\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\ahs\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\ahs\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-02-01 01:45 . 2010-04-08 18:16 38784 ----a-w- c:\documents and settings\ahs\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-27 14:36 . 2010-01-27 14:36 503808 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589313e3-n\msvcp71.dll
2010-01-27 14:36 . 2010-01-27 14:36 499712 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589313e3-n\jmc.dll
2010-01-27 14:36 . 2010-01-27 14:36 348160 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589313e3-n\msvcr71.dll
2010-01-27 14:36 . 2010-01-27 14:36 61440 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c9688d0-n\decora-sse.dll
2010-01-27 14:36 . 2010-01-27 14:36 12800 ----a-w- c:\documents and settings\ahs\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c9688d0-n\decora-d3d.dll
2010-01-21 14:11 . 2007-04-26 18:40 24160 ----a-w- c:\documents and settings\ahs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2000-06-05 22:47 . 2000-06-05 22:47 32768 ------w- c:\program files\mozilla firefox\plugins\AppSub32.dll
2007-05-18 17:31 . 2007-04-28 16:50 56 --sh--r- c:\windows\system32\77A004A622.sys
2007-05-18 17:31 . 2007-04-28 16:50 3974 --sh--w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\ahs\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"kheddadrv"="ljiged.dll" [2010-04-09 94720]
"effcbcdrv"="efcccb.dll" [2010-04-09 94720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\program files\Common Files\Installshield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"ScanSoft PDF Converter 4-reminder"="c:\program files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" [2006-11-16 35368]
"WebrootClientUI"="c:\program files\Webroot\Client\SpySweeperUI.EXE" [2007-10-25 414064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"sstqrodrv"="ljiged.dll" [2010-04-09 94720]
"gebxwxdrv"="efcccb.dll" [2010-04-09 94720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"pmlkijdrv"="ljiged.dll" [2010-04-09 94720]
"xxvvtudrv"="efcccb.dll" [2010-04-09 94720]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-21 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20 40448 ------w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-443285892-922157800-1361943892-6203\Scripts\Logon\0\0]
"Script"=printer.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 06:08 483328 ------w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2006-06-14 12:51 286720 ------w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-06-15 10:03 307200 ------w- c:\program files\Dell PC Fax\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-13 19:16 133104 ----atw- c:\documents and settings\ahs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-06-02 12:59 5451536 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 14:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-06-27 11:34 299008 ------w- c:\program files\Dell Photo AIO Printer 926\memcard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
2006-12-19 06:12 46632 ------w- c:\program files\ScanSoft\PDF Converter 4\RegistryController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 23:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [4/9/2010 3:40 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [4/9/2010 3:40 AM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 4:38 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [4/9/2010 3:40 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [4/9/2010 3:40 AM 116784]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 11:00 PM 3456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/9/2010 3:41 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100402.001\IDSXpx86.sys [4/9/2010 1:20 AM 329592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61550F6B-DAE3-4CF7-86C1-E823273AB166}]
2009-08-03 14:15 87424 ----a-w- c:\program files\Capital IQ\Excel Plug-in\CIQControlUtilityCLI.exe
.
Contents of the 'Scheduled Tasks' folder
2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 17:29]
2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 17:29]
2010-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443285892-922157800-1361943892-6203Core.job
- c:\documents and settings\ahs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-13 19:16]
2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443285892-922157800-1361943892-6203UA.job
- c:\documents and settings\ahs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-13 19:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {8DA26812-F2DD-498F-90EA-F22C22049FFF} - hxxps://bdr125107.bmcgroup.com/BMCViewer.CAB
FF - ProfilePath - c:\documents and settings\ahs\Application Data\Mozilla\Firefox\Profiles\ab40gs33.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\ahs\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\ahs\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ahs\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpIpx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-xxvstudrv - opqqpq.dll
HKLM-Run-fcyaxysys - ddabbb.dll
HKLM-Run-khiggddrv - opqqpq.dll
HKU-Default-Run-qommlmsys - ddabbb.dll
HKU-Default-Run-tuspqqdrv - opqqpq.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 13:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\WRLogonNtf.DLL
c:\windows\system32\ljiged.dll
c:\windows\system32\wininet.dll
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ljiged.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Sling Media\SlingAgent\SlingAgentService.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Webroot\Client\commagent.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\imapi.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Webroot\Client\spysweeper.exe
.
**************************************************************************
.
Completion time: 2010-04-09 13:05:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-09 17:05
Pre-Run: 17,798,725,632 bytes free
Post-Run: 17,985,777,664 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 38CA213BD990FCC0B7E9F1DCCAF024A2