Hello Noviciate: I ran the ComboFix. It took about an hour. It ran into a problem in the first try - "combofix has detected the presence of rootkit activity and needs to reboot the computer." It also showed something about rootkit TLD3. After it rebotted, it didn't go to the desktop but was preparing to run and then finally completed about an hour later. The computer is still having the same problem as before with the slow running and taking a couple of minutes to respond. I am posting the log:
ComboFix 11-01-31.02 - Hemphill 02/04/2011 23:08:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.594 [GMT -5:00]
Running from: c:\documents and settings\Hemphill\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hemphill\g2mdlhlpx.exe
c:\documents and settings\Hemphill\My Documents\My Documents.url
C:\Microsoft
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\PlaySushi\PSTExt.dll
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\Thumbs.db
c:\windows\XSxS
Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.
2011-01-31 22:58 . 2011-01-31 22:58 -------- d-----w- c:\program files\Alex Feinman
2011-01-29 21:50 . 2011-01-29 21:50 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-01-28 20:29 . 2011-01-28 20:29 -------- d-----w- c:\documents and settings\Hemphill\Application Data\Avira
2011-01-28 19:44 . 2010-12-13 13:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-28 19:44 . 2010-12-13 13:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-28 19:44 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-28 19:44 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-28 19:42 . 2011-01-28 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-28 19:42 . 2011-01-28 19:42 -------- d-----w- c:\program files\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-20 17:30 . 2010-09-20 17:30 7292104 ----a-w- c:\program files\Install_AIM.exe
2010-09-08 03:39 . 2010-02-11 01:57 511968 ----a-w- c:\program files\sdsetup.exe
2010-09-08 00:30 . 2010-10-01 15:36 350715595 ----a-w- c:\program files\Smokin_Guns_1.0.exe
2010-08-10 20:46 . 2010-10-01 15:36 136768 ----a-w- c:\program files\Retrogamer.exe
2010-02-09 23:00 . 2010-02-09 23:00 448040 ----a-w- c:\program files\CouponActivator.exe
2009-09-03 18:06 . 2009-09-03 18:06 8302304 ------w- c:\program files\yahoo_firefox_3.5.2_setup_us.exe
2009-07-04 13:57 . 2009-07-04 13:48 1045536 -c----w- c:\program files\DriverDetective.exe
2009-07-04 13:40 . 2009-07-04 13:39 39640024 -c----w- c:\program files\A140509_enu_xp.exe
2009-06-26 10:19 . 2009-06-26 10:18 39242464 -c----w- c:\program files\AVSVideoConverter.exe
2009-05-28 11:17 . 2009-05-28 11:17 2959376 -c----w- c:\program files\dotnetfx35setup.exe
2009-05-22 00:35 . 2009-05-22 00:35 74302760 -c----w- c:\program files\iTunesSetup.exe
2009-05-21 01:54 . 2009-05-21 01:54 16509288 -c----w- c:\program files\LimeWireWin.exe
2009-05-12 00:07 . 2009-05-12 00:07 25740144 -c----w- c:\program files\wmp11-windowsxp-x86-enu.exe
2009-04-13 05:12 . 2009-04-13 05:12 6641432 -c----w- c:\program files\rminstall.exe
2009-04-13 05:07 . 2009-04-05 17:13 7796200 -c----w- c:\program files\asc-setup.exe
2009-04-11 03:59 . 2009-04-11 03:59 7002350 -c----w- c:\program files\documentbackupsetup.exe
2009-04-06 22:08 . 2009-04-06 22:08 702806 -c----w- c:\program files\bmkbuddy.exe
2009-04-06 03:12 . 2009-04-06 03:12 91160 -c----w- c:\program files\ReimageRepair.exe
2009-04-02 18:44 . 2009-04-02 18:45 3496632 -c----w- c:\program files\Shockwave_Installer_Slim.exe
2009-03-31 06:13 . 2009-03-31 06:13 11018168 -c----w- c:\program files\ASAPUtilities_setup_4-2-10.exe
2009-03-31 05:58 . 2009-03-31 05:58 4909440 -c----w- c:\program files\Silverlight.2.0.exe
2009-03-31 05:57 . 2009-03-31 05:57 480816 -c----w- c:\program files\Sounds.EXE
2009-03-31 05:07 . 2009-03-31 05:07 318904 -c----w- c:\program files\wmpfirefoxplugin.exe
2009-03-23 05:17 . 2009-03-23 05:17 774744 -c----w- c:\program files\SetupGamevance.exe
2009-03-23 04:54 . 2009-03-23 04:54 3184816 -c----w- c:\program files\ccsetup217.exe
2009-03-21 06:53 . 2009-03-21 06:53 8726528 -c----w- c:\program files\Scorch525NetscapeInstaller.msi
2009-03-20 03:05 . 2009-03-20 03:05 476696 -c----w- c:\program files\RealPlayer11GOLD.exe
2009-03-18 03:02 . 2009-03-18 02:59 228852088 -c----w- c:\program files\office2007sp1-kb936982-fullfile-en-us.exe
2009-03-16 21:50 . 2009-03-16 21:50 21878064 -c----w- c:\program files\QuickTimeInstaller.exe
2009-03-16 21:43 . 2009-03-16 21:43 3145608 -c----w- c:\program files\rcsetup124.exe
2009-03-15 03:06 . 2009-03-15 03:06 1878888 -c----w- c:\program files\install_flash_player.exe
2009-03-10 14:30 . 2009-03-10 14:30 5817072 -c----w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-15 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet k series) - 1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet k series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet k series) - 1.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 19:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2009-02-11 16:25 50472 ------w- c:\program files\AOL 9.5\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
2003-05-08 16:34 69632 ------w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
2010-04-13 20:09 39816 ----a-w- c:\program files\Citrix\GoToMeeting\456\g2mstart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-11-06 17:33 41264 ----a-w- c:\program files\Common Files\aol\1237493549\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-07-15 13:42 2943896 -c--a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 13:57 143360 ------w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-15 03:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-20 03:07 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"Bonjour Service"=2 (0x2)
"SvcOnlineArmor"=3 (0x3)
"PnkBstrA"=2 (0x2)
"OAcat"=2 (0x2)
"gupdate"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"WTouchService"=2 (0x2)
"TabletServicePen"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Panda Security\\Panda ID Protect\\Panda ID Protect.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Smokin' Guns\\smokinguns.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58352:TCP"= 58352:TCP:*:Disabled:Pando Media Booster
"58352:UDP"= 58352:UDP:*:Disabled:Pando Media Booster
"56608:TCP"= 56608:TCP:*:Disabled:Pando Media Booster
"56608:UDP"= 56608:UDP:*:Disabled:Pando Media Booster
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/29/2010 2:23 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/29/2010 2:23 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/29/2010 2:23 PM 29776]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 7:36 AM 129928]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [10/9/2010 11:17 AM 74624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/28/2011 2:44 PM 135336]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 10:36 AM 176408]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 12:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 5:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 12:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 12:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 9:58 AM 110920]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS --> c:\windows\system32\DRIVERS\MOSUMAC.SYS [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/5/2010 5:48 AM 16168]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 3:48 PM 133104]
S4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [1/29/2010 2:23 PM 1282248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/8/2010 6:17 PM 691696]
S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [1/29/2010 2:23 PM 3431112]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [10/5/2010 5:48 AM 4497704]
S4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [10/5/2010 5:50 AM 113448]
.
Contents of the 'Scheduled Tasks' folder
2011-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 20:48]
2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 20:48]
2011-02-04 c:\windows\Tasks\WinUtilities Disk Cleaner.job
- c:\program files\WinUtilities\ToolDiskCleaner.exe [2009-11-06 05:17]
2011-02-04 c:\windows\Tasks\WinUtilities History Cleaner.job
- c:\program files\WinUtilities\ToolHistoryCleaner.exe [2009-11-06 05:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Hemphill\Application Data\Mozilla\Firefox\Profiles\0vt7xrpm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2866295&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: AOL Toolbar: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} - %profile%\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - Ext: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: Manage Folders: firefox-managefolders@googlecode.com - %profile%\extensions\firefox-managefolders@googlecode.com
FF - Ext: Unsorted Bookmarks Folder Menu: UnsortedBookmarksMenu@alice - %profile%\extensions\UnsortedBookmarksMenu@alice
FF - Ext: Shareaholic: firefox-extension@shareaholic.com - %profile%\extensions\firefox-extension@shareaholic.com
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Vivox Voice Plugin: {ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07} - %profile%\extensions\{ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07}
FF - Ext: Vivox Web Voice Plugin: {ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07} - %profile%\extensions\{ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - %profile%\extensions\runtime@panda3d.org
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - Ext: PlaySushi TextLinks : textlinks@playsushi.com - %profile%\extensions\textlinks@playsushi.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Elf 1.15 Community Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - %profile%\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - c:\program files\iWin Games\firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Hemphill\Application Data\Move Networks
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{19A0F032-27D7-4227-BBB5-51AA9E5904F5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
MSConfigStartUp-cfhrllyf - c:\documents and settings\Hemphill\Local Settings\Application Data\qmamsb\vufqsftav.exe
MSConfigStartUp-DoubleSafety - c:\program files\Backup Programs\DoubleSafety\DoubleSafety.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-Software Informer - c:\program files\Software Informer\softinfo.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-Folder Marker_is1 - c:\program files\Folder MarkerHome\unins000.exe
AddRemove-Pen Tablet Driver - c:\program files\Tablet\Pen\Remove.exe
AddRemove-phonics2 - D:\setup.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-Wacom WebTabletPlugin for IE - c:\program files\TabletPlugins\ieUninstall.exe
AddRemove-Wacom WebTabletPlugin for Netscape - c:\program files\TabletPlugins\npUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-02-04 23:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2972)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
.
**************************************************************************
.
Completion time: 2011-02-04 23:59:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-05 04:59
Pre-Run: 4,759,441,408 bytes free
Post-Run: 5,294,473,216 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - A383DC6B30B8154EB166A6D8C7A756B3