ComboFix 11-09-05.05 - Rick 09/05/2011 16:27:02.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3061.2025 [GMT -5:00] Running from: c:\documents and settings\Rick\My Documents\Downloads\ComboFix.exe AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini c:\documents and settings\All Users\SPL1.tmp c:\documents and settings\All Users\SPL156.tmp c:\documents and settings\All Users\SPL190.tmp c:\documents and settings\All Users\SPL4B.tmp c:\documents and settings\All Users\SPL7.tmp c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini c:\documents and settings\EagleSpirit\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini c:\documents and settings\Liz\GoToAssistDownloadHelper.exe c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\EULA.exe.e24c9112.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\Launcher.exe.33c15faa.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini c:\documents and settings\Liz\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse c:\documents and settings\Rick\Application Data\Dealio c:\documents and settings\Rick\Application Data\Dealio\res\widgets.xml c:\documents and settings\Rick\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\EULA.exe.e24c9112.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini c:\documents and settings\Rick\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini c:\program files\ArcadeWeb\arcadeweb32.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE . . ((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 ))))))))))))))))))))))))))))))) . . 2011-09-04 23:37 . 2011-09-05 02:15 -------- d-----w- c:\documents and settings\EagleSpirit 2011-09-04 16:24 . 2011-09-04 16:24 388096 ----a-r- c:\documents and settings\Rick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-04 16:24 . 2011-09-04 16:24 -------- d-----w- c:\program files\Trend Micro 2011-09-04 14:16 . 2011-09-04 14:16 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes 2011-09-04 14:16 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-04 14:16 . 2011-09-04 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-09-04 14:16 . 2011-09-04 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-04 14:16 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-04 14:09 . 2011-09-04 14:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Uniblue 2011-09-04 14:09 . 2011-09-04 14:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} 2011-09-04 14:09 . 2011-09-04 14:09 -------- d-----w- c:\program files\Uniblue 2011-09-04 14:09 . 2011-09-04 14:09 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\PackageAware 2011-09-01 02:25 . 2011-09-05 21:51 -------- d-----w- c:\program files\ArcadeWeb 2011-08-28 00:02 . 2011-08-28 00:02 -------- d-----w- c:\program files\iPod 2011-08-28 00:02 . 2011-08-28 00:03 -------- d-----w- c:\program files\iTunes 2011-08-27 23:55 . 2011-08-27 23:55 -------- d-----w- c:\program files\Bonjour 2011-08-10 12:24 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 12:24 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-21 12:19 . 2011-07-03 11:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-09-01 02:26 . 2011-03-25 10:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-08-18 67456] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-06-17 36864] "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] backup=c:\windows\pss\Billminder.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk] backup=c:\windows\pss\Quicken Startup.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCure HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Spyware HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SelectRebates HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteRanker HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-06-19 21:20 57344 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite] 2010-11-21 01:17 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-08-19 06:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Share] 2010-04-09 01:52 830224 ----a-w- c:\program files\Memeo\Memeo Share\MemeoLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] 2010-08-05 13:46 4327384 ----a-w- c:\program files\Registry Mechanic\RegMech.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-12-30 19:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Liz\\My Documents\\Downloads\\FLV_Player_Setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/20/2010 8:53 PM 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/20/2010 8:53 PM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/20/2010 8:53 PM 656320] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/21/2010 5:21 AM 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/21/2010 5:21 AM 68880] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/20/2010 8:53 PM 247824] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/4/2011 9:16 AM 366640] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [9/21/2010 5:10 PM 583640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/4/2011 9:16 AM 22712] R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [5/7/2008 11:07 AM 141376] R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [5/7/2008 11:07 AM 7424] R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [5/7/2008 11:07 AM 235808] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [5/7/2008 11:25 AM 31616] S2 mrtRate;mrtRate; [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/4/2011 9:16 AM 41272] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [9/20/2010 8:53 PM 70536] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [9/21/2010 4:38 AM 366840] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/21/2010 5:21 AM 33552] S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?] . Contents of the 'Scheduled Tasks' folder . 2011-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2011-09-05 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-09-04 09:48] . 2011-09-05 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2010-09-21 13:46] . 2011-09-05 c:\windows\Tasks\User_Feed_Synchronization-{737B0FA7-FC01-4FCC-9AB4-FE4F76F6BB6F}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=2 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Crawler Search - tbr:iemenu IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\cyvb08nl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80106&lng=en FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80106&language=en&qkw= FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . BHO-{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - (no file) BHO-{CCB69577-088B-4004-9ED8-FF5BCC83A039} - (no file) Toolbar-Locked - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file) HKLM-Run-MemoryCardManager - (no file) HKLM-Run-AW TrayIcon - c:\program files\ArcadeWeb\arcadeweb32.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-05 16:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? AW TrayIcon = RunDll32.exe "c:\program files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(784) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(3104) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dlcxcoms.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\Uniblue\RegistryBooster\registrybooster.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-09-05 17:05:34 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-05 22:05 . Pre-Run: 396,350,525,440 bytes free Post-Run: 417,877,241,856 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - D119015D690309F1B96CE6F8974C3294