ComboFix 11-02-09.05 - Kalin 10/02/2011 21:52:34.1.1 - x86
Running from: c:\documents and settings\Kalin\My Documents\Downloads\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Data
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\svchost
D:\install.exe
c:\windows\regedit.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_hwinterface
-------\Service_hwinterface
((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.
2011-02-11 06:04 . 2011-02-11 06:04 -------- d-----w- c:\windows\LastGood
2011-02-10 06:16 . 2011-02-10 06:16 -------- d-----w- c:\program files\ESET
2011-02-07 03:10 . 2011-02-07 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-07 03:10 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 03:09 . 2011-02-07 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-07 03:09 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-05 22:55 . 2011-02-05 22:55 -------- d-----w- C:\_OTL
2011-01-28 08:39 . 2011-01-28 08:39 -------- d-----w- c:\program files\ERUNT
2011-01-24 01:30 . 2011-01-24 01:47 -------- d-----w- c:\documents and settings\Kalin\Local Settings\Application Data\MediaMonkey
2011-01-24 01:30 . 2011-01-24 01:31 -------- d-----w- c:\program files\MediaMonkey
2011-01-24 01:17 . 2011-02-07 02:10 2572 ----a-w- c:\windows\system32\ASOROSet.bin
2011-01-24 01:17 . 2010-04-20 00:15 15080 ----a-w- c:\windows\system32\ROBoot.exe
2011-01-23 19:16 . 2011-01-23 19:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-23 18:52 . 2011-01-23 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-23 02:47 . 2011-01-23 02:47 -------- d-----w- c:\documents and settings\Kalin\Application Data\SUPERAntiSpyware.com
2011-01-23 02:47 . 2011-01-23 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-22 19:07 . 2010-11-09 21:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-22 19:07 . 2010-11-09 21:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-22 19:07 . 2011-01-22 21:01 -------- d-----w- C:\VIPRERESCUE
2011-01-22 18:08 . 2011-01-22 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-22 02:36 . 2011-01-22 02:36 -------- d-----w- c:\documents and settings\Kalin\Application Data\.minecraft
2011-01-15 19:48 . 2011-01-15 19:51 -------- d-----w- c:\windows\system32\drivers\NIS\1205000.07D
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 19:50 . 2010-05-30 20:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-15 19:50 . 2010-05-30 20:03 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-27 02:58 . 2010-12-27 02:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-27 02:58 . 2010-12-27 02:58 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-18 18:12 . 2008-06-27 04:33 81920 ------w- c:\windows\system32\isign32.dll
2001-05-24 20:59 . 2009-02-14 06:56 162304 ----a-w- c:\program files\UNWISE.EXE
2007-07-25 02:03 . 2007-07-25 02:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2008-12-10 21:50 . 2008-12-10 21:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-12-07 2387968]
"Steam"="c:\program files\steam\steam.exe" [2011-01-06 1242448]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-12 2969496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\umonit.exe" [2004-10-28 53248]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Xtreme N Dual Band DWA-160"="c:\program files\D-Link\DWA-160 revA\AirNCFG.exe" [2009-02-13 1687552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SystemProtector"="c:\program files\Advanced System Optimizer 3\SystemProtector.exe" [2010-04-20 9999080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Brian\Start Menu\Programs\Startup\
Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2008-7-15 110592]
c:\documents and settings\Kalin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-15 221247]
Philips GoGear SA018 Device Manager.lnk - c:\program files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe [2010-7-11 1615232]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-31 02:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
2000-01-19 23:43 49152 ----a-w- c:\program files\TextBridge Pro Millennium\Bin\InstantAccess.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 12:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 12:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
2003-08-19 00:46 53248 ----a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-30 22:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Roxio\\Audio Master 9\\MusicDiscCreator9.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\dystopia\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\source sdk base 2007\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\condition zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\darwinia\\darwinia.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plain sight\\PlainSight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\foreign legion (buckets of blood)\\Foreign Legion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\eufloria\\Eufloria.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\star wars battlefront ii\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\pirates, vikings, and knights ii\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\swords and soldiers\\Swords and Soldiers Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\day of defeat source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"57926:TCP"= 57926:TCP:Pando Media Booster
"57926:UDP"= 57926:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"56945:TCP"= 56945:TCP:Pando Media Booster
"56945:UDP"= 56945:UDP:Pando Media Booster
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SymDS.sys [15/01/2011 11:48 AM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SymEFA.sys [15/01/2011 11:48 AM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [19/01/2011 5:12 PM 691248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 10:41 AM 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [22/01/2011 11:07 AM 98392]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.sys [15/01/2011 11:48 AM 136312]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [30/05/2010 11:28 AM 147456]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [25/10/2009 5:52 PM 238824]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [15/01/2011 11:48 AM 130000]
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [25/10/2009 5:52 PM 6656]
R3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [30/05/2010 11:27 AM 592384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/05/2010 12:05 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110210.001\IDSXpx86.sys [10/02/2011 10:15 PM 341944]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate1c9e17254587758;Google Update Service (gupdate1c9e17254587758);c:\program files\Google\Update\GoogleUpdate.exe [30/05/2009 2:02 PM 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [09/07/2009 5:44 PM 17432]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [25/10/2009 10:11 AM 16194]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [15/07/2008 12:42 PM 6016]
S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\DRIVERS\wg311tn5.sys --> c:\windows\system32\DRIVERS\wg311tn5.sys [?]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]
S3 NUVision;NUVision Video Service;c:\windows\system32\drivers\NUVvid2.sys [01/02/2001 9:00 AM 153824]
S3 RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192u.sys [26/10/2009 1:56 PM 450944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [16/11/2009 10:29 AM 16640]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IPOD_SERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-07 06:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-05 00:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2011-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2011-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 22:01]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:02]
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:02]
2009-08-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 20:51]
2011-01-15 c:\windows\Tasks\Norton Security Scan for Kalin.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-25 18:04]
2011-02-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-19 02:40]
2011-02-11 c:\windows\Tasks\User_Feed_Synchronization-{7E60004C-CF9C-40F3-B2CB-FB79394A5166}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://blueheronproject.dyndns.org/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter:
[email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
MSConfigStartUp-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
MSConfigStartUp-ParetoLogic Anti-Spyware - c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-02-10 22:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\system32\PSIService.exe
c:\windows\System32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Advanced System Optimizer 3\CheckUpdate.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-02-10 22:36:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-11 06:36
Pre-Run: 25,951,911,936 bytes free
Post-Run: 25,681,956,864 bytes free
- - End Of File - - 7C9C9425BC1905E7FB6D0860D0A5563F
wow that really helped out alot, my norton is running again, i can see whats open in the taskbar again, and sound is running again! seems to be running back at its normal ways, but are there any other things that i should still check?