ComboFix 10-07-15.05 - Bobby Beckum 07/17/2010 11:35:29.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1381 [GMT -5:00] Running from: c:\documents and settings\Bobby Beckum\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\System\Uninstall c:\windows\Downloaded Program Files\popcaploader.inf . ((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 ))))))))))))))))))))))))))))))) . 2010-07-17 15:57 . 2010-07-17 15:57 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\Malwarebytes 2010-07-17 15:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-17 15:56 . 2010-07-17 15:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2010-07-17 15:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-17 15:56 . 2010-07-17 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-17 13:44 . 2010-07-17 13:44 63488 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-07-17 13:44 . 2010-07-17 13:44 52224 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-07-17 13:44 . 2010-07-17 13:44 117760 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-17 13:43 . 2010-07-17 13:43 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\SUPERAntiSpyware.com 2010-07-17 13:43 . 2010-07-17 13:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com 2010-07-17 13:43 . 2010-07-17 14:21 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-17 13:13 . 2010-07-17 13:13 -------- d-----w- c:\program files\CCleaner 2010-07-17 01:41 . 2010-07-17 01:41 -------- d-----w- c:\program files\Trend Micro 2010-07-17 01:41 . 2010-07-17 01:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-17 01:30 . 2010-07-17 01:30 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\Dell 2010-07-14 21:38 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-14 21:35 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-07-14 19:36 . 2010-07-14 19:36 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-13 00:17 . 2010-07-14 22:04 -------- d-----w- c:\documents and settings\Bobby Beckum\Local Settings\Application Data\ursefrtjm 2010-07-10 02:58 . 2010-07-10 02:58 503808 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72621edb-n\msvcp71.dll 2010-07-10 02:58 . 2010-07-10 02:58 499712 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72621edb-n\jmc.dll 2010-07-10 02:58 . 2010-07-10 02:58 348160 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72621edb-n\msvcr71.dll 2010-07-10 02:58 . 2010-07-10 02:58 61440 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12618108-n\decora-sse.dll 2010-07-10 02:58 . 2010-07-10 02:58 12800 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12618108-n\decora-d3d.dll 2010-07-09 05:03 . 2010-07-09 05:03 -------- d-----w- c:\documents and settings\Windows Three\Application Data\ScanSoft 2010-06-20 20:55 . 2010-06-20 20:55 -------- d-----w- c:\program files\Hallmark . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-17 14:09 . 2008-02-10 02:19 -------- d-----w- c:\program files\Common Files\AOL 2010-07-17 14:09 . 2007-11-01 15:56 -------- d-----w- c:\program files\Google 2010-07-17 14:09 . 2008-06-20 04:26 -------- d-----w- c:\program files\Yahoo! 2010-07-17 13:06 . 2008-02-10 02:23 -------- d-----w- c:\program files\Common Files\aolshare 2010-07-17 13:06 . 2010-05-24 03:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL 2010-07-17 13:01 . 2010-03-22 03:27 -------- d-----w- c:\program files\att games 2010-07-17 12:57 . 2010-01-26 07:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! 2010-07-17 12:56 . 2009-04-13 02:24 -------- d-----w- c:\program files\VideoLAN 2010-07-17 01:41 . 2010-01-18 21:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-17 01:40 . 2010-01-18 21:55 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-14 21:58 . 2008-06-29 05:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-16 13:28 . 2010-02-03 07:01 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\vlc 2010-06-14 14:31 . 2010-01-18 19:56 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2010-06-12 06:12 . 2009-03-03 04:35 -------- d-----w- c:\program files\Bonjour 2010-06-12 06:12 . 2009-09-06 15:51 -------- d-----w- c:\program files\Apple Software Update 2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll 2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Mozilla\plugins\npgoogletalk.dll 2010-06-10 04:53 . 2010-06-10 04:53 1244648 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\MSNInstaller\msnauins.exe 2010-06-10 04:53 . 2010-06-10 04:53 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\MSNInstaller 2010-06-02 15:50 . 2010-01-18 21:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-26 14:44 . 2010-05-26 14:44 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\dvdcss 2010-05-26 03:59 . 2010-05-26 03:59 503808 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27950006-n\msvcp71.dll 2010-05-26 03:59 . 2010-05-26 03:59 499712 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27950006-n\jmc.dll 2010-05-26 03:59 . 2010-05-26 03:59 348160 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27950006-n\msvcr71.dll 2010-05-26 03:59 . 2010-05-26 03:59 61440 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-766445f8-n\decora-sse.dll 2010-05-26 03:59 . 2010-05-26 03:59 12800 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-766445f8-n\decora-d3d.dll 2010-05-24 04:05 . 2010-05-24 04:05 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\acccore 2010-05-24 03:58 . 2010-05-24 03:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP 2010-05-24 03:57 . 2010-05-24 03:57 686928 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\SinfInst.exe 2010-05-24 03:55 . 2010-05-24 03:55 1484136 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\acscore.exe 2010-05-24 03:55 . 2010-05-24 03:55 420800 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\AIMLang.exe 2010-05-24 03:55 . 2010-05-24 03:55 1364608 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\fdosetup.exe 2010-05-24 03:55 . 2010-05-24 03:54 5243272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\noneCodesignFilesBundle.exe 2010-05-24 03:54 . 2010-05-24 03:54 45864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ACSInstA.dll 2010-05-24 03:54 . 2010-05-24 03:54 11592 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ocfcheck.dll 2010-05-24 03:54 . 2010-05-24 03:54 8008 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ie7chck.dll 2010-05-24 03:54 . 2010-05-24 03:54 123376 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\jginst.exe 2010-05-24 03:54 . 2010-05-24 03:54 383128 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\tbsetup.exe 2010-05-24 03:54 . 2010-05-24 03:54 11592 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\tbinst.dll 2010-05-24 03:54 . 2010-05-24 03:54 6378688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ocpinst.exe 2010-05-24 03:54 . 2010-05-24 03:54 183080 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\gui_ext.dll 2010-05-24 03:54 . 2010-05-24 03:53 247136 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\gui.dll 2010-05-24 03:53 . 2010-05-24 03:53 2426872 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\frntlang.exe 2010-05-24 03:53 . 2010-05-24 03:53 17736 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\brwschk.dll 2010-05-24 03:53 . 2010-05-24 03:53 8520 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\wappchck.dll 2010-05-24 03:53 . 2010-05-24 03:53 10856 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\wsfixchk.dll 2010-05-24 03:53 . 2010-05-24 03:53 1362936 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\msvc9rt.exe 2010-05-24 03:53 . 2010-05-24 03:53 964544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\acslaeu.exe 2010-05-24 03:53 . 2010-05-24 03:53 1651320 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\reginst4.exe 2010-05-24 03:53 . 2010-05-24 03:53 642480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\SLinst.exe 2010-05-24 03:53 . 2010-05-24 03:52 80912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\alsetup.exe 2010-05-24 03:51 . 2010-05-24 03:51 127224 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\afixlang.exe 2010-05-24 03:51 . 2010-05-24 03:51 1233552 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\mailinst.exe 2010-05-24 03:51 . 2010-05-24 03:51 37672 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ACSInstC.dll 2010-05-24 03:51 . 2010-05-24 03:51 18248 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\imappver.dll 2010-05-24 03:51 . 2010-05-24 03:51 335 ----a-w- c:\windows\nsreg.dat 2010-05-24 03:51 . 2010-05-24 03:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads 2010-05-22 08:15 . 2010-05-22 08:15 -------- d-----w- c:\documents and settings\Windows Three\Application Data\Flood Light Games 2010-05-22 08:15 . 2010-05-22 08:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Flood Light Games 2010-05-22 08:13 . 2008-06-20 04:05 -------- d-----w- c:\program files\Yahoo! Games 2010-05-22 06:21 . 2010-02-06 20:59 31 ----a-w- c:\windows\popcinfo.dat 2010-05-19 17:59 . 2010-05-19 17:59 503808 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bceb510-n\msvcp71.dll 2010-05-19 17:59 . 2010-05-19 17:59 499712 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bceb510-n\jmc.dll 2010-05-19 17:59 . 2010-05-19 17:59 348160 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bceb510-n\msvcr71.dll 2010-05-19 17:59 . 2010-05-19 17:59 61440 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26de578b-n\decora-sse.dll 2010-05-19 17:59 . 2010-05-19 17:59 12800 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26de578b-n\decora-d3d.dll 2010-05-16 01:26 . 2010-05-16 01:26 61440 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f00b271-n\decora-sse.dll 2010-05-16 01:26 . 2010-05-16 01:26 12800 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f00b271-n\decora-d3d.dll 2010-05-16 01:26 . 2010-05-16 01:26 503808 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46250fd1-n\msvcp71.dll 2010-05-16 01:26 . 2010-05-16 01:26 499712 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46250fd1-n\jmc.dll 2010-05-16 01:26 . 2010-05-16 01:26 348160 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46250fd1-n\msvcr71.dll 2010-05-16 01:25 . 2010-05-16 01:26 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2001-08-23 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Bobby Beckum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-02 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760] "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947] "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe" [2010-02-17 243032] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-17 01:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\Bobby Beckum\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/18/2010 4:55 PM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/18/2010 4:55 PM 243024] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/16/2010 8:40 PM 921440] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:41 PM 308136] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 11:15 PM 133104] S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [1/31/2010 11:19 PM 480128] S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [1/31/2010 11:19 PM 1472000] . Contents of the 'Scheduled Tasks' folder 2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 04:15] 2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 04:15] 2010-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1500820517-725345543-1008Core.job - c:\documents and settings\Bobby Beckum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 02:14] 2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1500820517-725345543-1008UA.job - c:\documents and settings\Bobby Beckum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 02:14] 2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{09D4E691-BC9F-4850-BDF0-A3C97A4FF982}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31] 2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{8A72F133-AB9F-4D20-9F0E-441DB93986D9}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31] 2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{E3A1DCE9-99DD-4452-8AB5-F7240770FAB6}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31] 2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{ED25AC74-2BE2-4C26-A940-5569E693242B}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://internetexplorer.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe HKLM-Run-Domino - c:\windows\Domino.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-17 11:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-1500820517-725345543-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2010-07-17 11:42:19 ComboFix-quarantined-files.txt 2010-07-17 16:42 Pre-Run: 21,333,372,928 bytes free Post-Run: 22,005,985,280 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - A9FB083EDA3C9E5BF0FC66129A1C37B2