ComboFix 10-08-07.01 - Sesillia Vartanyan 08/08/2010   0:27.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.593 [GMT -7:00]
Running from: c:\documents and settings\Sesillia Vartanyan\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


(((((((((((((((((((((((((   Files Created from 2010-07-08 to 2010-08-08  )))))))))))))))))))))))))))))))
.

2010-08-08 03:28 . 2010-08-08 03:28	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-08-08 03:16 . 2010-08-08 03:16	--------	d-----w-	c:\documents and settings\Sesillia Vartanyan\Local Settings\Application Data\Sunbelt Software
2010-08-06 01:33 . 2010-08-06 06:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-06 01:33 . 2010-08-06 01:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-04 03:01 . 2010-07-27 05:30	705208	----a-w-	c:\documents and settings\Sesillia Vartanyan\Application Data\Mozilla\Firefox\Profiles\zftk3tp2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-04 03:01 . 2010-07-27 05:30	978664	----a-w-	c:\documents and settings\Sesillia Vartanyan\Application Data\Mozilla\Firefox\Profiles\zftk3tp2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-31 20:43 . 2010-07-31 20:43	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2010-07-30 03:57 . 2010-07-30 06:21	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-29 18:49 . 2010-07-29 18:54	--------	d-----w-	c:\documents and settings\Sesillia Vartanyan\Application Data\QuickScan
2010-07-29 01:58 . 2009-10-07 22:28	17544	------w-	c:\windows\system32\drivers\RkPavproc1.sys
2010-07-29 01:55 . 2009-06-30 16:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2010-07-23 04:25 . 2010-07-23 04:25	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2010-07-23 04:11 . 2010-07-23 04:12	--------	d-----w-	c:\documents and settings\Sesillia Vartanyan\Application Data\C3560C269260DEAC70AADE320846CE8B
2010-07-21 02:31 . 2010-07-21 02:31	1615200	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 02:31 . 2010-07-21 02:31	921440	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 02:31 . 2010-07-21 02:31	4368224	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 02:31 . 2010-07-21 02:31	1373536	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 02:31 . 2010-07-21 02:31	1107296	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-17 03:19 . 2010-07-17 03:19	242896	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-17 03:19 . 2010-07-17 03:19	216200	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-17 03:17 . 2010-07-17 03:17	813336	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-17 03:17 . 2010-07-17 03:17	624920	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-17 03:17 . 2010-07-17 03:17	1690464	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-17 03:17 . 2010-07-17 03:17	1038688	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:54 . 2010-07-16 05:54	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-07-14 01:58 . 2010-06-14 14:31	744448	------w-	c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 21:53 . 2010-07-10 21:53	--------	d-----w-	c:\documents and settings\Sesillia Vartanyan\Application Data\U3

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 06:59 . 2009-11-28 00:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg9
2010-08-08 05:55 . 2009-08-25 05:07	--------	d-----w-	c:\program files\Lavasoft
2010-08-08 05:55 . 2009-08-25 05:07	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-14 14:31 . 2004-08-04 21:00	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-29 08:25 . 2010-05-29 08:25	503808	-c--a-w-	c:\documents and settings\Sesillia Vartanyan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46553c60-n\msvcp71.dll
2010-05-29 08:25 . 2010-05-29 08:25	499712	-c--a-w-	c:\documents and settings\Sesillia Vartanyan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46553c60-n\jmc.dll
2010-05-29 08:25 . 2010-05-29 08:25	348160	-c--a-w-	c:\documents and settings\Sesillia Vartanyan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46553c60-n\msvcr71.dll
2006-09-19 00:18 . 2006-09-19 00:18	22	-csha-w-	c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-06 149280]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/28/2010 6:55 PM 28552]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Sesillia Vartanyan\Application Data\Mozilla\Firefox\Profiles\zftk3tp2.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Sesillia Vartanyan\Application Data\Mozilla\Firefox\Profiles\zftk3tp2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Sesillia Vartanyan\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Sesillia Vartanyan\Application Data\Mozilla\Firefox\Profiles\zftk3tp2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - (no file)
AddRemove-ActiveScan 2.0 - c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 00:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z????????@???????@ 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1352)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-08-08  00:33:25
ComboFix-quarantined-files.txt  2010-08-08 07:33

Pre-Run: 49,984,884,736 bytes free
Post-Run: 49,954,353,152 bytes free

- - End Of File - - D8EC417B275927FF518C6F7D7754A8C6