Please do not attache logs but post them in the topic if not specifically asked to attach them. It makes it much more difficult for the helpers to analyze the logs.
This is the last attached log copied to this post.
ComboFix 09-12-23.02 - Colin 12/23/2009 21:10:32.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2756 [GMT -8:00]
Running from: c:\documents and settings\Colin\Desktop\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Colin\Start Menu\Programs\Startup\ePrompter.lnk
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
-- Previous Run --
c:\windows\system32\proquota.exe . . . is missing!!
--------
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.
2009-12-17 15:26 . 2009-12-17 15:26 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Threat Expert
2009-12-16 07:20 . 2009-12-16 07:20 -------- d-----w- c:\documents and settings\Colin\Application Data\CheckPoint
2009-12-16 07:19 . 2009-12-16 07:19 -------- d-----w- c:\program files\CheckPoint
2009-12-16 07:18 . 2009-12-16 07:18 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-16 07:12 . 2009-11-22 23:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-16 07:12 . 2009-11-22 23:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-16 07:11 . 2009-11-22 23:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-16 07:11 . 2009-12-16 07:18 -------- d-----w- c:\windows\system32\ZoneLabs
2009-12-16 07:11 . 2009-12-16 07:11 -------- d-----w- c:\program files\Zone Labs
2009-12-16 07:10 . 2009-12-24 05:10 -------- d-----w- c:\windows\Internet Logs
2009-12-15 07:21 . 2009-12-15 07:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-12-14 06:08 . 2009-12-15 07:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 21:26 . 2009-12-13 21:26 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-12-13 21:10 . 2009-12-13 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-13 21:10 . 2009-12-13 21:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 15:57 . 2009-12-07 15:57 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Sophos
2009-12-07 15:52 . 2009-12-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2009-12-07 15:50 . 2009-12-07 15:51 -------- d-----w- C:\sophos-detector-stdtsa
2009-12-07 04:26 . 2009-12-17 15:43 -------- d-----w- c:\program files\Sophos
2009-12-07 00:28 . 2009-12-06 20:22 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-06 20:22 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-06 20:19 . 2009-12-06 20:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-06 20:18 . 2009-12-06 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-06 20:18 . 2009-12-06 20:18 -------- d-----w- c:\program files\Lavasoft
2009-12-05 06:37 . 2009-12-05 06:37 -------- d-----w- c:\documents and settings\Colin\mbox
2009-12-05 06:37 . 2009-12-05 06:37 -------- d-----w- c:\documents and settings\Colin\attachments
2009-12-05 04:30 . 2009-12-05 04:30 -------- d-----w- c:\program files\Trend Micro
2009-12-03 15:53 . 2009-12-20 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-12-02 16:13 . 2009-12-02 16:13 -------- d-----w- C:\found.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 05:23 . 2008-07-28 19:59 16608 ----a-w- c:\windows\gdrv.sys
2009-12-24 05:08 . 2009-08-10 23:26 -------- d-----w- c:\program files\Trillian
2009-12-24 05:08 . 2008-08-03 03:18 -------- d-----w- c:\documents and settings\Colin\Application Data\Skype
2009-12-24 02:47 . 2008-08-03 03:22 -------- d-----w- c:\documents and settings\Colin\Application Data\skypePM
2009-12-23 16:15 . 2009-12-23 16:15 20171276 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_12_23_07_59_51_full.dmp.zip
2009-12-23 16:09 . 2009-12-16 07:51 2610289 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-23 15:59 . 2009-12-24 02:44 414208 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-12-23 15:59 . 2009-12-24 02:44 1647104 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-12-23 15:48 . 2009-08-15 22:57 -------- d-----w- c:\program files\ePrompter
2009-12-23 15:42 . 2009-07-14 03:36 -------- d-----w- c:\documents and settings\Colin\Application Data\vlc
2009-12-23 07:20 . 2009-07-07 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-12-23 04:17 . 2008-09-28 04:01 -------- d-----w- c:\documents and settings\Colin\Application Data\dvdcss
2009-12-23 04:08 . 2009-05-09 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-22 05:24 . 2009-12-22 05:24 65024 ----a-w- c:\windows\system32\drivers\jraid.tsk
2009-12-21 15:31 . 2009-12-21 15:31 120037 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_21_07_25_54_small.dmp.zip
2009-12-21 15:26 . 2009-12-21 15:26 792064 ----a-w- c:\windows\Internet Logs\xDB95.tmp
2009-12-20 23:25 . 2008-08-31 05:52 -------- d-----w- c:\documents and settings\Colin\Application Data\mjusbsp
2009-12-20 18:41 . 2008-09-12 06:20 -------- d-----w- c:\program files\Google
2009-12-19 23:30 . 2009-12-19 23:31 69632 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-12-19 23:29 . 2009-12-19 23:31 1598976 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-12-19 17:27 . 2009-12-19 17:29 891392 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-19 17:27 . 2009-12-19 17:29 1656320 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-19 17:26 . 2009-12-19 17:29 1656320 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-12-18 03:28 . 2008-08-01 03:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-17 15:24 . 2008-07-29 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-17 15:21 . 2008-07-29 05:32 -------- d-----w- c:\program files\Comodo
2009-12-15 03:10 . 2008-07-29 05:32 99408 -c--a-w- c:\documents and settings\Colin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-12 06:06 . 2009-07-02 14:08 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-05 23:04 . 2008-09-13 22:27 -------- d-----w- c:\program files\FlashGet
2009-12-04 06:34 . 2009-07-07 04:33 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-12-04 06:34 . 2009-07-07 04:33 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-12-04 03:53 . 2009-07-24 02:17 -------- d-----w- c:\program files\MediaCoder
2009-12-04 00:14 . 2009-01-03 20:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13 . 2009-01-03 20:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 15:26 . 2008-07-31 20:00 -------- d-----w- c:\documents and settings\Colin\Application Data\AdobeUM
2009-11-26 19:06 . 2009-08-14 19:37 -------- d-----w- c:\documents and settings\Colin\Application Data\U3
2009-11-26 18:18 . 2008-08-01 04:03 -------- d-----w- c:\program files\Java
2009-11-26 02:51 . 2008-09-04 05:16 -------- d-----w- c:\documents and settings\Colin\Application Data\uTorrent
2009-11-18 15:41 . 2009-11-18 15:41 -------- d-----w- c:\documents and settings\Colin\Application Data\Helios
2009-11-18 15:41 . 2009-11-18 15:41 -------- d-----w- c:\program files\TextPad 5
2009-11-04 11:16 . 2009-08-12 10:06 831176 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-03 07:26 . 2009-06-18 14:15 -------- d-----r- c:\program files\Skype
2009-11-03 07:26 . 2009-11-03 07:26 -------- d-----w- c:\program files\Common Files\Skype
2009-11-03 07:26 . 2008-08-03 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-29 05:48 . 2004-08-04 07:56 662016 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 06:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-04 07:56 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-04 07:56 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-04 07:56 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 12:17 . 2008-11-23 06:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 15:26 . 2006-09-29 02:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-29 15:26 . 2006-09-29 02:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-25 05:56 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"TaggedFrog"="c:\program files\TaggedFrog\TaggedFrog.exe" [2009-07-13 317952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-09 39408]
"Meebo Notifier"="c:\documents and settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" [2009-08-21 790528]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-08 1884160]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"cdloader"="c:\documents and settings\Colin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-29 198160]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-27 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-7-31 656896]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-16 65588]
SnagIt 8.lnk - d:\program files\Snagit\SnagIt32.exe [2007-5-1 6395464]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\altme\\altme.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\downloads\\grahans rebol chatter\\browser.exe"=
"d:\\downloads\\grahans rebol chatter\\browser3.exe"=
"d:\\downloads\\grahans rebol chatter\\browser4.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\NCH Swift Sound\\BroadWave\\broadwave.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Colin\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:*:Disabled:BroadWave Web Server
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/6/2009 12:22 PM 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [7/6/2009 8:33 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [7/6/2009 8:33 PM 27656]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [7/6/2009 8:33 PM 4368952]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 5:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 5:30 AM 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1181328]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [7/28/2008 12:01 PM 47624]
R3 PIAFCTM;NetworkActiv PIAFCTM Packet Driver Miniport;c:\windows\system32\drivers\PIAFCTM.sys [8/1/2008 8:45 PM 15488]
S2 gupdate1c9d0c5fcbe0f7e;Google Update Service (gupdate1c9d0c5fcbe0f7e);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2009 8:48 AM 133104]
S3 HRJZCDH;HRJZCDH;c:\docume~1\Colin\LOCALS~1\Temp\HRJZCDH.exe --> c:\docume~1\Colin\LOCALS~1\Temp\HRJZCDH.exe [?]
S3 JMJMJJ;JMJMJJ;c:\docume~1\Colin\LOCALS~1\Temp\JMJMJJ.exe --> c:\docume~1\Colin\LOCALS~1\Temp\JMJMJJ.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\44.tmp --> c:\windows\system32\44.tmp [?]
S3 ODLDQ;ODLDQ;c:\docume~1\Colin\LOCALS~1\Temp\ODLDQ.exe --> c:\docume~1\Colin\LOCALS~1\Temp\ODLDQ.exe [?]
S4 CVCGCV;CVCGCV;c:\docume~1\Colin\LOCALS~1\Temp\CVCGCV.exe --> c:\docume~1\Colin\LOCALS~1\Temp\CVCGCV.exe [?]
S4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/1/2009 9:46 PM 1205760]
.
------- Supplementary Scan -------
.
uDefault_Search_URL =
hxxp://www.google.com/iemStart Page =
hxxp://www.yahoo.comuInternet Connection Wizard,ShellNext =
hxxp://www.yahoo.com/uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {0FD48D82-ED3E-45A6-873A-94F7CFA0845B} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL -
hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WgaLogon - (no file)
AddRemove-{F59AC46C-10C3-4023-882C-4212A92283B3}_is1 - c:\windows\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-23 21:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\JRAID]
"ImagePath"="system32\Drivers\jraid.tsk"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\44.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1088)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(1144)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'explorer.exe'(2864)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-23 21:27:37
ComboFix-quarantined-files.txt 2009-12-24 05:27
Pre-Run: 4,280,025,088 bytes free
Post-Run: 4,201,082,880 bytes free
- - End Of File - - 2BC080CFD486547F54E7684E9D1C10AD