Thanks. Here are some logs of the fixes I've been able to run successfully... ComboFix 09-08-19.0C - Dickie 08/20/2009 17:34.1.1 - NTFSx86 Running from: c:\documents and settings\Dickie\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Carise\Application Data\alot c:\documents and settings\Darien\Application Data\alot c:\windows\Installer\24234c.msi c:\windows\Installer\24234d.msp c:\windows\Installer\24234e.msp c:\windows\Installer\24234f.msp c:\windows\Installer\242350.msp c:\windows\Installer\242351.msp c:\windows\Installer\242352.msp c:\windows\Installer\242353.msp c:\windows\Installer\242354.msp c:\windows\Installer\242355.msp c:\windows\Installer\5144c.msp c:\windows\Installer\5144d.msp c:\windows\Installer\5144e.msp c:\windows\Installer\5144f.msp c:\windows\Installer\51450.msp c:\windows\Installer\51451.msp c:\windows\Installer\51452.msp c:\windows\Installer\51453.msp c:\windows\Installer\51454.msp c:\windows\Installer\51455.msp c:\windows\ppp3.dat c:\windows\ppp4.dat c:\windows\system32\sysnet.dat Infected copy of c:\windows\system32\scecli.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\scecli.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))))) . 2009-08-20 11:47 . 2009-08-20 11:47 -------- d--h--w- C:\$AVG8.VAULT$ 2009-08-18 18:00 . 2009-08-18 18:00 -------- d-----w- c:\documents and settings\todd\Application Data\Malwarebytes 2009-08-18 04:09 . 2009-08-18 04:10 94701 ----a-w- C:\MGlogs.zip 2009-08-17 21:33 . 2009-08-18 04:10 -------- d-----w- C:\MGtools 2009-08-17 20:23 . 2009-08-18 03:55 117760 ----a-w- c:\documents and settings\Dickie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-17 20:23 . 2009-08-17 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-17 20:22 . 2009-08-17 20:22 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-17 20:22 . 2009-08-17 20:22 -------- d-----w- c:\documents and settings\Dickie\Application Data\SUPERAntiSpyware.com 2009-08-17 20:22 . 2009-08-17 20:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-17 18:23 . 2009-08-17 18:23 -------- d--h--w- c:\windows\PIF 2009-08-16 20:22 . 2009-08-16 20:22 -------- d-----w- c:\documents and settings\Carise\Application Data\Malwarebytes 2009-08-16 20:22 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-16 20:22 . 2009-08-18 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-16 20:22 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-16 20:20 . 2009-08-16 20:20 -------- d-----w- c:\program files\Windows Defender 2009-08-16 20:18 . 2009-08-16 20:18 -------- d-----w- c:\documents and settings\Carise\Application Data\Canneverbe_Limited 2009-08-16 20:18 . 2009-08-16 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2009-08-16 20:17 . 2009-08-16 20:17 -------- d-----w- c:\program files\CDBurnerXP 2009-08-16 20:13 . 2009-08-16 20:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-16 20:13 . 2009-08-16 20:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-08-16 20:13 . 2009-08-16 20:13 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-16 20:13 . 2009-08-16 20:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-16 20:13 . 2009-08-18 17:42 -------- d-----w- c:\windows\system32\drivers\Avg 2009-08-16 20:13 . 2009-08-16 20:13 -------- d-----w- c:\program files\AVG 2009-08-16 20:13 . 2009-08-16 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-16 19:01 . 2009-08-16 19:02 -------- d-----w- c:\program files\QuickTime 2009-08-16 19:00 . 2009-08-16 19:00 -------- d-----w- c:\program files\IrfanView 2009-08-16 18:59 . 2009-08-16 18:59 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-16 18:58 . 2009-08-16 18:58 -------- d-----w- c:\documents and settings\Carise\Application Data\vlc 2009-08-16 18:57 . 2009-08-16 18:57 -------- d-----w- c:\program files\VideoLAN 2009-08-16 18:57 . 2009-08-16 18:57 -------- d-----w- c:\documents and settings\Carise\Application Data\ImgBurn 2009-08-16 18:57 . 2009-08-16 18:57 -------- d-----w- c:\program files\ImgBurn 2009-08-16 18:56 . 2009-08-16 18:56 -------- d-----w- c:\program files\Defraggler 2009-08-16 18:45 . 2009-08-16 18:45 -------- d-----w- c:\program files\CCleaner 2009-08-16 05:40 . 2009-08-16 05:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-16 00:28 . 2009-08-16 18:21 -------- d-----w- C:\sysclean 2009-08-12 21:55 . 2009-08-12 21:55 -------- d-----w- c:\windows\Recent 2009-08-11 02:39 . 2009-08-11 02:39 19857 ----a-w- c:\documents and settings\Dickie\Application Data\omehara.scr 2009-08-11 02:39 . 2009-08-11 02:39 17505 ----a-w- c:\windows\system32\yvovinos.pif 2009-08-11 02:39 . 2009-08-11 02:39 15373 ----a-w- c:\windows\kisofibed.sys 2009-08-11 02:39 . 2009-08-11 02:39 13998 ----a-w- c:\documents and settings\Dickie\Local Settings\Application Data\akujoty.bin 2009-08-11 02:39 . 2009-08-11 02:39 13989 ----a-w- c:\windows\guvi.exe 2009-08-11 02:39 . 2009-08-11 02:39 13873 ----a-w- c:\windows\iqejuhap.bin 2009-08-11 02:39 . 2009-08-11 02:39 12676 ----a-w- c:\program files\Common Files\irasetak.bin 2009-08-11 02:39 . 2009-08-11 02:39 12331 ----a-w- c:\windows\yqiqy.com 2009-08-11 02:13 . 2009-08-11 02:13 19499 ----a-w- c:\windows\qodyw.bin 2009-08-11 02:13 . 2009-08-11 02:13 19022 ----a-w- c:\documents and settings\Dickie\Local Settings\Application Data\ibyvemaly.vbs 2009-08-11 02:13 . 2009-08-11 02:13 18001 ----a-w- c:\documents and settings\Dickie\Local Settings\Application Data\idac.com 2009-08-11 02:13 . 2009-08-11 02:13 17083 ----a-w- c:\windows\ebirixora.com 2009-08-11 02:13 . 2009-08-11 02:13 16295 ----a-w- c:\documents and settings\All Users\Application Data\iveceneq.com 2009-08-11 02:13 . 2009-08-11 02:13 15222 ----a-w- c:\windows\tegitaked.scr 2009-08-11 02:13 . 2009-08-11 02:13 15163 ----a-w- c:\windows\ymuqenoxej.bin 2009-08-11 02:13 . 2009-08-11 02:13 15059 ----a-w- c:\windows\system32\emapot.sys 2009-08-11 02:13 . 2009-08-11 02:13 12560 ----a-w- c:\windows\system32\roganylyz.dat 2009-08-11 02:13 . 2009-08-11 02:13 11485 ----a-w- c:\program files\Common Files\fowosydoge.com 2009-08-03 00:10 . 2009-08-03 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware 2009-08-03 00:06 . 2009-08-03 00:07 -------- d-----w- c:\documents and settings\Dickie\Application Data\DriverCure 2009-08-03 00:06 . 2009-08-03 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure 2009-08-03 00:06 . 2009-08-03 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-16 20:16 . 2007-01-06 20:34 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-16 18:59 . 2007-01-06 20:33 -------- d-----w- c:\program files\Java 2009-08-16 18:37 . 2007-01-06 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-08-11 04:08 . 2008-07-13 22:45 0 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat 2009-08-11 02:39 . 2009-08-11 02:39 15609 ----a-w- c:\program files\Common Files\ahuqykebav._sy 2009-08-09 13:19 . 2007-01-06 20:33 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-01 17:31 . 2008-11-14 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2009-07-20 18:59 . 2007-06-24 00:09 -------- d-----w- c:\documents and settings\Darien\Application Data\LimeWire 2009-07-14 03:43 . 2004-08-04 04:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-04 04:56 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:36 . 2004-08-04 04:56 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-03 19:09 . 2004-08-04 04:56 1291264 ----a-w- c:\windows\system32\quartz.dll 2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-02-27 135168] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2007-01-06 53248] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-16 20:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R1 df88fa6f;df88fa6f;c:\windows\System32\drivers\df88fa6f.sys [x] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-16 908056] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\SiriusUSB.sys [2005-09-03 7552] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408] R3 utexnjq5;AVZ Kernel Driver;c:\windows\system32\Drivers\utexnjq5.sys [x] S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-16 335240] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-16 108552] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-16 297752] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Dickie\Application Data\Mozilla\Firefox\Profiles\t6mf1e5h.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 17:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(600) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3056) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Canon\IJPLM\ijplmsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-08-20 17:43 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-20 21:43 Pre-Run: 135,463,813,120 bytes free Post-Run: 135,388,782,592 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect [spybotsd] timeout.old=5 330 --- E O F --- 2009-08-20 17:38 Win32kDiag.txt RootRepeal_report_08_20_09__18_34_43_.txt ComboFix.txt mbam_log_2009_08_20__19_22_59_.txt