ComboFix 10-07-06.03 - Smashley 07/07/2010   0:15.5.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1013.359 [GMT -5:00]
Running from: c:\users\Smashley\Downloads\ComboFix.exe
Command switches used :: c:\users\Smashley\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2010-06-07 to 2010-07-07  )))))))))))))))))))))))))))))))
.

2010-07-07 06:21 . 2010-07-07 06:21	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-07-07 06:21 . 2010-07-07 06:21	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2010-07-07 06:21 . 2010-07-07 06:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-05 19:10 . 2010-07-07 06:21	--------	d-----w-	c:\users\Smashley\AppData\Local\temp
2010-07-02 17:35 . 2010-07-02 17:35	--------	d-----w-	C:\_OTL
2010-07-02 06:30 . 2010-07-02 06:35	--------	d--h--w-	c:\program files\Temp
2010-07-01 23:37 . 2010-07-01 23:37	--------	d-----w-	c:\windows\system32\x64
2010-07-01 23:37 . 2008-02-12 01:13	920088	----a-w-	c:\windows\system32\igxpun.exe
2010-07-01 21:23 . 2010-07-01 21:23	--------	d-----w-	C:\Intel
2010-07-01 18:18 . 2010-07-01 18:18	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2010-07-01 18:17 . 2010-06-28 20:57	38848	----a-w-	c:\windows\avastSS.scr
2010-06-30 18:09 . 2010-06-30 18:09	--------	d-----w-	c:\users\Smashley\AppData\Local\AVG Security Toolbar
2010-06-30 17:30 . 2010-06-30 19:53	--------	d-----w-	C:\$AVG
2010-06-30 17:26 . 2010-07-01 18:18	242896	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-06-30 17:26 . 2010-07-01 18:15	216200	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-06-30 17:26 . 2010-07-01 18:18	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-06-30 17:26 . 2010-07-05 22:31	--------	d-----w-	c:\windows\system32\drivers\Avg
2010-06-30 17:26 . 2010-06-30 17:28	--------	d-----w-	c:\programdata\AVG Security Toolbar
2010-06-30 04:38 . 2010-07-01 23:59	680	----a-w-	c:\users\Smashley\AppData\Local\d3d9caps.dat
2010-06-24 08:00 . 2009-11-08 15:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:00 . 2009-11-08 15:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-06-24 08:00 . 2009-11-08 15:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-06-24 08:00 . 2009-11-08 15:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-06-24 08:00 . 2009-11-08 15:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-06-23 05:23 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-06-23 05:23 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-18 00:30 . 2010-06-18 00:30	--------	d-----w-	c:\users\Smashley\heart
2010-06-09 02:40 . 2010-04-05 17:01	67072	----a-w-	c:\windows\system32\asycfilt.dll
2010-06-09 02:40 . 2010-05-26 14:47	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-06-09 02:40 . 2010-05-26 17:06	34304	----a-w-	c:\windows\system32\atmlib.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 06:35 . 2007-02-28 19:50	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-02 06:35 . 2007-02-28 19:50	319456	----a-w-	c:\windows\DIFxAPI.dll
2010-07-02 05:34 . 2010-02-07 00:28	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-01 18:18 . 2010-07-01 18:18	360584	----a-w-	c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-01 18:18 . 2010-07-01 18:18	333192	----a-w-	c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-01 18:18 . 2010-07-01 18:18	28424	----a-w-	c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-30 17:26 . 2010-07-01 18:10	1658136	----a-w-	c:\programdata\avg9\update\backup\avgupd.dll
2010-06-30 17:26 . 2010-07-01 18:10	1007896	----a-w-	c:\programdata\avg9\update\backup\avgupd.exe
2010-06-30 17:26 . 2010-07-01 18:10	800536	----a-w-	c:\programdata\avg9\update\backup\avginet.dll
2010-06-30 17:26 . 2010-07-01 18:10	613656	----a-w-	c:\programdata\avg9\update\backup\avgiproxy.exe
2010-06-30 17:25 . 2010-02-07 02:10	--------	d-----w-	c:\programdata\avg9
2010-06-30 04:22 . 2010-02-07 05:42	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-06-30 04:22 . 2010-05-06 01:11	--------	d-----w-	c:\program files\Common Files\Motive
2010-06-29 00:07 . 2009-09-28 00:26	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-06-28 20:57 . 2010-03-30 11:44	165032	----a-w-	c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-30 11:46	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-03-30 11:46	165456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-03-30 11:46	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-03-30 11:46	50256	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-03-30 11:46	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 08:02 . 2007-07-18 05:58	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-17 19:13 . 2007-12-07 22:28	--------	d-----w-	c:\users\Smashley\AppData\Roaming\gtk-2.0
2010-06-12 06:28 . 2010-04-05 20:15	501584	----a-w-	c:\users\Smashley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 04:10 . 2007-11-26 11:16	--------	d-----w-	c:\users\Smashley\AppData\Roaming\LimeWire
2010-06-09 04:04 . 2009-09-18 01:22	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-06-09 04:02 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-06-09 03:52 . 2010-06-09 03:52	20480	----a-w-	c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2010-06-09 03:52 . 2010-06-09 03:52	18944	----a-w-	c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-06-09 03:52 . 2010-06-09 03:52	17408	----a-w-	c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2010-06-09 03:52 . 2010-06-09 03:52	20480	----a-w-	c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-06-09 03:52 . 2010-06-09 03:52	8192	----a-w-	c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-06-09 03:50 . 2007-11-26 11:16	--------	d-----w-	c:\program files\LimeWire
2010-06-09 03:43 . 2007-07-18 05:56	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-21 19:14 . 2009-10-03 00:43	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-11 01:57 . 2009-02-17 16:03	--------	d-----w-	c:\users\Smashley\AppData\Roaming\ArcSoft
2010-05-11 01:25 . 2010-05-11 00:25	5311698	----a-w-	c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-05-11 00:25 . 2010-05-07 22:37	--------	d-----w-	c:\programdata\ArcSoft
2010-05-04 12:11 . 2008-12-01 05:45	148904	----a-w-	c:\windows\hpoins19.dat
2010-05-04 05:59 . 2010-06-09 02:39	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 02:39	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-09 02:39	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-09 02:39	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 02:39	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-29 22:24 . 2010-04-29 22:24	52224	----a-w-	c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
2010-04-29 22:24 . 2010-04-29 22:24	101376	----a-w-	c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
2010-04-29 20:39 . 2010-02-07 00:28	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-07 00:28	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 03:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 05:23	173056	----a-w-	c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 05:23	458752	----a-w-	c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 05:23	542720	----a-w-	c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 05:23	2159616	----a-w-	c:\windows\AppPatch\AcGenral.dll
2009-02-24 19:34 . 2009-02-24 19:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01	1230080	----a-w-	c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"GoBoingo"="c:\program files\Alltel\GoBoingo\AlltelWifi.exe" [2007-10-02 324912]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2010-01-14 370992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"CamWizard"="c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe" [2005-05-13 184320]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2009-10-22 1088800]
"EPSON_UD_START"="c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2009-04-15 329632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-01 2065248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Smashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Smashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 14:30	405504	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 03:52	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,8e,da,8f,1b,3a,ca,01

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-28 908056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2008-05-15 17664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-01 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-01 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-01 308064]
S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2009-04-16 98304]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-30 16:02]

2010-07-05 c:\windows\Tasks\Norton Security Scan for Smashley.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-07 15:22]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {62E68F72-4893-476F-B1E9-D04FBA56E918} = 75.116.127.154 75.116.63.154
FF - ProfilePath - c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://weather.yahoo.com/forecast/USLA0319_f.html
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 01:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5752)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
.
Completion time: 2010-07-07  01:33:17
ComboFix-quarantined-files.txt  2010-07-07 06:33
ComboFix2.txt  2010-07-06 07:05
ComboFix3.txt  2010-07-05 19:39
ComboFix4.txt  2010-07-02 20:56
ComboFix5.txt  2010-07-07 05:10

Pre-Run: 51,829,243,904 bytes free
Post-Run: 51,375,837,184 bytes free

- - End Of File - - B70AC415A41A0378961246890F31DCCA