ComboFix 09-04-18.05 - Compaq_Owner 04/18/2009 10:00.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.380 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) FW: AVG Firewall *enabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Compaq_Owner\Application Data\inst.exe c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI . ((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-18 08:03 . 2009-04-18 08:03 -------- d-sh--w c:\documents and settings\Default User\IETldCache 2009-04-17 22:21 . 2009-04-17 22:21 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes 2009-04-17 22:20 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-17 22:20 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-17 22:20 . 2009-04-17 22:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-17 22:15 . 2009-04-17 22:15 -------- d-----w C:\_OTListIt 2009-04-17 21:27 . 2009-04-17 21:28 -------- d-----w C:\Rooter$ 2009-04-17 21:25 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 21:25 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 21:25 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-17 21:25 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 21:25 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 21:25 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 21:25 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 21:25 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-14 13:54 . 2009-01-09 19:19 1089593 ------w c:\windows\system32\dllcache\ntprint.cat 2009-04-13 20:18 . 2009-04-13 20:19 -------- d-----w C:\38e9a04d624f5c845b 2009-04-10 04:48 . 2009-04-10 04:48 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-04-10 04:42 . 2009-04-10 04:44 -------- dc-h--w c:\windows\ie8 2009-04-10 04:35 . 2009-04-10 04:35 -------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-04-10 04:33 . 2009-04-10 04:33 50968 ----a-w c:\windows\system32\avgfwdx.dll 2009-04-10 04:33 . 2009-04-10 04:33 29208 ----a-w c:\windows\system32\drivers\avgfwdx.sys 2009-04-10 03:13 . 2009-04-10 03:13 -------- d-----w C:\$regrest 2009-04-09 21:03 . 2009-04-10 13:29 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-09 21:03 . 2009-04-09 23:13 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-09 21:03 . 2009-04-09 21:03 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-04-09 21:03 . 2009-04-09 23:13 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-09 21:03 . 2009-04-18 13:31 -------- d-----w c:\windows\system32\drivers\Avg 2009-04-09 21:03 . 2009-04-09 21:27 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\AVGTOOLBAR 2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll 2009-03-20 20:31 . 2009-03-20 20:31 -------- d-sh--w c:\documents and settings\Compaq_Owner\IECompatCache 2009-03-20 20:15 . 2009-03-20 20:15 -------- d-sh--w c:\documents and settings\Compaq_Owner\PrivacIE 2009-03-20 19:23 . 2009-03-20 19:23 -------- d-sh--w c:\documents and settings\Compaq_Owner\IETldCache 2009-03-20 16:15 . 2009-04-10 04:36 -------- d-----w c:\windows\ie8updates 2009-03-20 16:07 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 08:04 . 2009-02-22 15:43 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-17 22:21 . 2009-04-17 22:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-17 21:28 . 2009-04-17 21:28 2704 ----a-w C:\Rooter.txt 2009-04-14 20:02 . 2008-02-11 07:18 2747 ----a-w C:\VundoFix.txt 2009-04-14 16:20 . 2006-08-23 15:24 95504 -c--a-w c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-11 23:44 . 2007-05-29 15:01 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-10 04:30 . 2008-12-17 01:53 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-10 03:59 . 2009-01-04 03:40 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-04-10 03:43 . 2006-08-22 16:45 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-10 03:43 . 2006-08-22 16:42 -------- d-----w c:\program files\Yahoo! 2009-04-10 03:12 . 2008-03-09 21:32 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Thinstall 2009-04-10 00:53 . 2009-02-22 14:39 -------- d-----w c:\program files\Celtx 2009-04-05 04:33 . 2007-05-24 02:10 -------- d-----w c:\program files\FriendBlasterPro 2009-04-03 23:38 . 2009-04-03 23:19 -------- d-----w c:\program files\Lotto007 For P3P4 2009 Demo 2009-04-02 14:47 . 2009-04-02 14:47 -------- d-----w c:\program files\Apple Software Update 2009-03-24 16:42 . 2009-03-23 21:25 -------- d-----w c:\program files\MySpace 2009-03-23 22:14 . 2009-03-23 22:14 -------- d-----w c:\program files\Windows Defender 2009-03-13 19:46 . 2009-03-13 19:46 -------- d-----w c:\program files\Micracom 2009-03-11 17:15 . 2009-03-11 17:15 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-03-08 19:09 . 2004-08-04 11:00 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-03-08 19:09 . 2004-08-04 11:00 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-03-08 09:41 . 2004-08-04 11:00 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-03-08 09:39 . 2008-02-08 18:18 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll 2009-03-08 09:34 . 2008-04-21 06:44 914944 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-08 09:34 . 2004-08-04 11:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 09:34 . 2008-06-26 08:15 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-03-08 09:34 . 2007-08-14 00:54 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-03-08 09:34 . 2004-08-04 11:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 09:34 . 2004-08-04 11:00 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-03-08 09:34 . 2007-08-14 00:44 105984 ----a-w c:\windows\system32\dllcache\url.dll 2009-03-08 09:34 . 2007-08-14 00:44 109568 ----a-w c:\windows\system32\dllcache\occache.dll 2009-03-08 09:34 . 2004-08-04 11:00 193536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-03-08 09:33 . 2004-08-04 11:00 759296 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-03-08 09:33 . 2004-08-04 11:00 18944 ----a-w c:\windows\system32\dllcache\corpol.dll 2009-03-08 09:33 . 2004-08-04 11:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 09:33 . 2007-08-14 00:54 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-03-08 09:33 . 2008-05-09 10:53 726528 ----a-w c:\windows\system32\dllcache\jscript.dll 2009-03-08 09:33 . 2004-08-04 11:00 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll 2009-03-08 09:33 . 2008-05-09 10:53 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll 2009-03-08 09:33 . 2004-08-04 11:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 09:33 . 2004-08-04 11:00 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll 2009-03-08 09:32 . 2004-08-04 11:00 72704 ----a-w c:\windows\system32\dllcache\admparse.dll 2009-03-08 09:32 . 2004-08-04 11:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 09:32 . 2004-08-04 11:00 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2009-03-08 09:32 . 2004-08-04 11:00 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll 2009-03-08 09:32 . 2004-08-04 11:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 09:32 . 2004-08-04 11:00 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll 2009-03-08 09:32 . 2004-08-04 11:00 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll 2009-03-08 09:32 . 2004-08-04 11:00 128512 ----a-w c:\windows\system32\dllcache\advpack.dll 2009-03-08 09:32 . 2004-08-04 11:00 94720 ----a-w c:\windows\system32\dllcache\inseng.dll 2009-03-08 09:32 . 2008-02-08 18:18 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll 2009-03-08 09:32 . 2008-02-08 18:18 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll 2009-03-08 09:32 . 2004-08-04 11:00 611840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-03-08 09:24 . 2004-08-04 11:00 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-03-08 09:22 . 2004-08-04 11:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 09:22 . 2004-08-04 11:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll 2009-03-08 09:11 . 2008-02-08 18:18 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll 2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\system32\dllcache\pdh.dll 2009-02-28 10:34 . 2008-08-16 05:53 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-28 10:03 . 2009-02-28 10:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-26 17:46 . 2009-02-26 17:46 74760 ----a-w c:\windows\system32\drivers\UniversalDD.sys 2009-02-26 17:46 . 2009-02-26 17:46 25608 ----a-w c:\windows\system32\drivers\AVGIDSErHr.sys 2009-02-22 15:50 . 2006-06-19 14:49 -------- d-----w c:\program files\Microsoft Works 2009-02-22 15:48 . 2009-02-22 15:48 -------- d-----w c:\program files\Microsoft.NET 2009-02-22 15:01 . 2009-02-22 15:01 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Greyfirst 2009-02-09 12:10 . 2004-08-04 11:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 11:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 11:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 11:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 11:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 00:02 . 2004-08-04 11:00 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-08 00:02 . 2004-08-04 11:00 2066048 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-06 11:11 . 2004-08-04 11:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2004-08-04 11:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 11:08 . 2004-08-04 11:00 2189056 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 11:06 . 2008-10-15 02:45 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 10:39 . 2004-08-04 11:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:39 . 2004-08-04 11:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe 2009-02-06 10:32 . 2008-10-15 02:45 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-06 10:10 . 2004-08-04 11:00 227840 ----a-w c:\windows\system32\dllcache\wmiprvse.exe 2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll 2009-02-03 19:59 . 2004-08-04 11:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-11-09 15:09 . 2007-12-17 06:07 81920 -c--a-w c:\documents and settings\Compaq_Owner\Application Data\ezpinst.exe 2008-11-09 15:09 . 2007-12-17 05:55 47360 -c--a-w c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys 2007-04-19 01:24 . 2006-12-12 04:05 1092 -c--a-w c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat 2007-04-18 18:44 . 2007-04-18 18:44 135 -c--a-w c:\documents and settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-10 7311360] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 180269] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-10 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568] "AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-10 1519616] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-10-25 16855552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-09 23:13 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]lsdelete\[u]0[/u] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Celtx\\celtx.exe"= "c:\\Program Files\\FriendBlasterPro\\FriendBlasterPro.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= R0 pfvxkco;pfvxkco; [x] R2 AVGIDSAgent;AVGIDSAgent; [x] R2 gupdate1c90a39ee8665ee;Google Update Service (gupdate1c90a39ee8665ee);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 133104] R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-04-10 29208] S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-02-26 25608] S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-09 12552] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-09 325640] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264] S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-04-10 1356616] S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-02-26 563720] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-04-10 29208] S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2009-02-26 121352] S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2009-02-26 30216] S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2009-02-26 27232] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-04-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 04:25] 2009-04-18 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{3EFA48DA-AA65-4E21-BC06-0E6EFDC333B1}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31] . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9dt86hxb.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9dt86hxb.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-18 10:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2009-04-18 10:07 ComboFix-quarantined-files.txt 2009-04-18 15:06 Pre-Run: 72,970,870,784 bytes free Post-Run: 76,922,163,200 bytes free 258 --- E O F --- 2009-04-18 08:09