ComboFix 08-11-19.08 - John Butler 2008-11-20 18:22:06.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1568 [GMT -6:00] Running from: c:\documents and settings\John Butler\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 ))))))))))))))))))))))))))))))) . 2008-11-18 20:43 . 2008-11-18 20:43 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-11-18 20:43 . 2008-11-18 20:43 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2008-11-18 20:42 . 2008-04-13 19:11 21,504 --a------ c:\windows\system32\drivers\hidserv.dll 2008-11-18 13:55 . 2008-11-18 13:55 d-------- c:\program files\Microsoft IntelliPoint 2008-11-17 21:34 . 2008-11-17 21:34 d-------- c:\program files\Windows Installer Clean Up 2008-11-17 19:40 . 2008-11-17 19:40 d-------- c:\documents and settings\All Users\Application Data\Applications 2008-11-17 09:00 . 2008-11-17 09:00 d-------- c:\program files\Lavasoft 2008-11-17 09:00 . 2008-11-17 09:00 d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-17 09:00 . 2008-11-17 09:01 d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-17 06:50 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2008-11-17 00:12 . 2008-11-17 00:12 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-17 00:12 . 2008-11-17 00:12 d-------- c:\documents and settings\John Butler\Application Data\Malwarebytes 2008-11-17 00:12 . 2008-11-17 00:12 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-17 00:12 . 2008-10-22 16:28 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-17 00:12 . 2008-10-22 16:28 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-15 18:23 . 2008-04-13 19:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll 2008-11-15 18:23 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe 2008-11-15 18:23 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll 2008-11-15 18:23 . 2008-04-13 19:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll 2008-11-15 18:22 . 2001-08-17 13:28 771,581 --a------ c:\windows\system32\dllcache\winacisa.sys 2008-11-15 18:22 . 2004-08-03 22:31 154,624 --a------ c:\windows\system32\dllcache\wlluc48.sys 2008-11-15 18:22 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe 2008-11-15 18:22 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\wiamsmud.dll 2008-11-15 18:22 . 2001-08-17 12:12 34,890 --a------ c:\windows\system32\dllcache\wlandrv2.sys 2008-11-15 18:22 . 2004-08-04 04:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls 2008-11-15 18:22 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys 2008-11-15 18:22 . 2008-04-13 13:46 19,200 --a------ c:\windows\system32\dllcache\wstcodec.sys 2008-11-15 18:22 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys 2008-11-15 18:22 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys 2008-11-15 18:22 . 2008-04-13 13:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys 2008-11-15 18:22 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe 2008-11-15 18:20 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys 2008-11-15 18:19 . 2001-08-17 22:36 525,568 --a------ c:\windows\system32\dllcache\tridxp.dll 2008-11-15 18:18 . 2001-08-17 14:01 241,664 --a------ c:\windows\system32\dllcache\tosdvd02.sys 2008-11-15 18:17 . 2001-08-17 12:18 285,760 --a------ c:\windows\system32\dllcache\stlnata.sys 2008-11-15 18:16 . 2001-08-17 14:56 147,200 --a------ c:\windows\system32\dllcache\smidispb.dll 2008-11-15 18:15 . 2001-08-17 22:36 238,592 --a------ c:\windows\system32\dllcache\sisgrv.dll 2008-11-15 18:14 . 2001-08-17 22:36 386,560 --a------ c:\windows\system32\dllcache\sgiul50.dll 2008-11-15 18:13 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll 2008-11-15 18:12 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys 2008-11-15 18:11 . 2008-04-13 19:12 363,520 --a------ c:\windows\system32\dllcache\psisdecd.dll 2008-11-15 18:10 . 2001-08-17 14:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys 2008-11-15 18:09 . 2001-08-17 12:50 198,144 --a------ c:\windows\system32\dllcache\nv3.sys 2008-11-15 18:08 . 2004-08-03 22:31 132,695 --a------ c:\windows\system32\dllcache\netwlan5.sys 2008-11-15 18:07 . 2004-08-04 04:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex 2008-11-15 18:06 . 2001-08-17 13:28 802,683 --a------ c:\windows\system32\dllcache\ltsm.sys 2008-11-15 18:05 . 2004-08-04 04:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex 2008-11-15 18:04 . 2004-08-04 04:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll 2008-11-15 18:03 . 2004-08-04 04:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll 2008-11-15 18:02 . 2004-08-04 04:00 10,096,640 --a------ c:\windows\system32\dllcache\hwxcht.dll 2008-11-15 18:01 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll 2008-11-15 18:00 . 2001-08-17 13:28 595,647 --a------ c:\windows\system32\dllcache\es56cvmp.sys 2008-11-15 17:59 . 2001-08-17 13:28 634,134 --a------ c:\windows\system32\dllcache\el656ct5.sys 2008-11-15 17:58 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys 2008-11-15 17:57 . 2001-08-17 14:02 272,640 --a------ c:\windows\system32\dllcache\cinemclc.sys 2008-11-15 17:56 . 2004-08-04 04:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll 2008-11-15 17:55 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys 2008-11-15 17:54 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll 2008-11-14 21:26 . 2008-11-14 21:26 d-------- c:\documents and settings\NetworkService\Application Data\Intel 2008-11-14 21:26 . 2008-11-14 21:26 d-------- c:\documents and settings\LocalService\Application Data\Intel 2008-11-14 21:26 . 2008-11-14 21:26 d-------- c:\documents and settings\John Butler\Application Data\Intel 2008-11-14 21:26 . 2008-11-14 21:26 d-------- c:\documents and settings\Administrator\Application Data\Intel 2008-11-14 21:25 . 2008-11-14 21:25 d-------- c:\program files\Intel 2008-11-14 21:25 . 2008-11-14 21:25 d-------- c:\documents and settings\All Users\Application Data\Intel 2008-11-14 21:25 . 2007-02-12 11:41 2,732,032 --a------ c:\windows\system32\Netw2r32.dll 2008-11-14 21:25 . 2007-02-12 11:40 557,056 --a------ c:\windows\system32\Netw2c32.dll 2008-11-14 18:19 . 2008-06-09 13:12 1,421,384 --a------ c:\windows\system32\wdfcoinstaller01005.dll 2008-11-14 18:19 . 2008-06-09 13:12 18,504 --a------ c:\windows\system32\drivers\nuidfltr.sys 2008-11-14 14:30 . 2008-04-13 13:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-11-14 14:30 . 2008-04-13 13:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys 2008-11-03 23:54 . 2008-11-03 23:54 d-------- c:\program files\Common Files\Simple Star Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-21 00:27 26,638,112 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-11-21 00:26 357,788 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-11-21 00:26 116,780 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-11-21 00:26 1,234,976 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-11-21 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-18 19:46 --------- d-----w c:\program files\Trend Micro 2008-11-18 03:33 --------- d-----w c:\program files\MSECACHE 2008-11-15 03:30 21,425 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-11-12 05:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-11 20:34 4,680 ----a-w c:\documents and settings\John Butler\Application Data\wklnhst.dat 2008-11-07 23:53 --------- d-----w c:\program files\Google 2008-11-07 23:39 --------- d-----w c:\program files\Yahoo! 2008-11-07 23:39 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo 2008-11-07 23:32 --------- d-----w c:\documents and settings\John Butler\Application Data\Walgreens 2008-11-04 05:56 --------- d-----w c:\documents and settings\John Butler\Application Data\Simple Star 2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys 2008-10-21 03:29 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-14 22:16 --------- d-----w c:\program files\iTunes 2008-10-14 22:16 --------- d-----w c:\program files\iPod 2008-10-14 22:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-13 03:30 --------- d-----w c:\documents and settings\John Butler\Application Data\GARMIN 2008-10-07 07:06 --------- d-----w c:\documents and settings\All Users\Application Data\GARMIN 2008-10-07 05:04 --------- d--h--w c:\program files\InstallShield Installation Information 2007-11-27 11:36 0 ----a-w c:\program files\error.dat 2008-05-06 21:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] backup=c:\windows\pss\ymetray.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2004-09-13 15:33 155648 c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-12-03 20:00 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] --------- 2006-06-28 07:46 622592 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] --a------ 2006-06-29 12:18 77824 c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] --a------ 2005-03-04 10:26 606208 c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] --a------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2005-03-17 13:45 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-07-27 15:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2005-03-17 13:25 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2005-03-14 11:38 335970 c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2008-03-03 10:58 214296 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 09:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RDSessMgr"=3 (0x3) "mnmsrvc"=3 (0x3) "WMPNetworkSvc"=2 (0x2) "vsmon"=2 (0x2) "sprtsvc_dellsupportcenter"=2 (0x2) "S24EventMonitor"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NICCONFIGSVC"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "DSBrokerService"=3 (0x3) "Bonjour Service"=2 (0x2) "Avg7UpdSvc"=2 (0x2) "Avg7Alrt"=2 (0x2) "Apple Mobile Device"=2 (0x2) "xmlprov"=3 (0x3) "WSearch"=2 (0x2) "VSS"=3 (0x3) "TermService"=3 (0x3) "TapiSrv"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "Fax"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "Dot3svc"=3 (0x3) "Browser"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344] . Contents of the 'Scheduled Tasks' folder 2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-18 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3AJ4N3F07A.job - c:\program files\HP\hpcoretech\comp\hpdarc.exe [] 2008-11-15 c:\windows\Tasks\Uniblue SpyEraser Nag.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-12-03 15:39] 2007-12-28 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-12-03 15:39] . - - - - ORPHANS REMOVED - - - - HKLM-Run-RegistryMechanic - (no file) MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-Walgreens PhotoShow Media Manager - c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe MSConfigStartUp-pccguide - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\John Butler\Application Data\Mozilla\Firefox\Profiles\q70z2x9t.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yme&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-20 18:28:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\documents and settings\John Butler\Local Settings\Application Data\Microsoft\Outlook\extend.dat 964 bytes scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\msiexec.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2008-11-20 18:33:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-21 00:33:23 Pre-Run: 37,563,957,248 bytes free Post-Run: 37,423,542,272 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 290 --- E O F --- 2008-11-12 01:10:50