Ok got my PC back using repair disk. So I ran Combofix and here is the report:
ComboFix 10-11-11.01 - Brian 11/11/2010 21:36:41.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2379 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Brian\Application Data\completescan
c:\documents and settings\Brian\Application Data\install
c:\documents and settings\Brian\IDHWTSS1.dll
c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}
c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}\chrome.manifest
c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}\chrome\content\_cfg.js
c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}\chrome\content\overlay.xul
c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}\install.rdf
c:\documents and settings\Brian\PrtDLL.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\ucicuraqilaquvac.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.
2010-11-09 23:42 . 2010-11-09 23:42 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-11-07 02:45 . 2010-11-07 02:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-06 21:00 . 2010-11-06 21:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-06 13:10 . 2010-11-06 13:10 -------- d-----w- c:\documents and settings\Brian\Application Data\Tific
2010-11-06 13:10 . 2010-11-06 13:10 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Symantec
2010-11-06 12:50 . 2010-11-06 12:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-06 12:50 . 2010-11-06 12:50 -------- d-----w- c:\program files\Symantec
2010-11-06 12:50 . 2010-11-06 12:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-06 12:49 . 2010-11-07 12:25 -------- d-----w- c:\windows\system32\drivers\N360
2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\Norton 360
2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\Windows Sidebar
2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\NortonInstaller
2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-11-06 01:49 . 2010-11-09 23:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-05 23:12 . 2010-11-05 23:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-05 09:10 . 2010-11-05 09:10 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
2010-11-05 06:09 . 2010-11-05 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-11-05 03:52 . 2010-11-05 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-11-05 03:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 03:51 . 2010-11-05 03:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-05 03:51 . 2010-11-05 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-05 03:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-05 03:47 . 2010-11-05 03:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-11-05 03:43 . 2010-11-06 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-11-05 03:23 . 2010-11-05 03:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-11-05 02:06 . 2010-11-12 02:11 0 ----a-w- c:\windows\Fnapaqabezaxeqe.bin
2010-11-02 19:14 . 2010-11-02 19:15 -------- d-----w- c:\program files\iTunes
2010-11-02 19:10 . 2010-11-02 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-11-02 13:47 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 13:40 . 2010-11-02 13:40 -------- d-----w- c:\windows\system32\Adobe
2010-11-02 11:39 . 2010-11-02 11:39 -------- d-----w- c:\documents and settings\Brian\Application Data\Acapela Group
2010-11-02 11:38 . 2010-11-02 11:38 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Xtranormal
2010-11-02 11:35 . 2010-11-04 23:58 -------- d-----w- c:\program files\Xtranormal
2010-11-02 11:34 . 2010-11-02 13:12 -------- d-----w- c:\documents and settings\Brian\Application Data\Xtranormal
2010-10-29 23:03 . 2010-10-29 23:07 -------- d-----w- c:\program files\PS3 Media Server
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-08-11 23:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-16 17:46 . 2010-09-16 17:46 28672 ----a-w- c:\windows\system32\drivers\CO_Mon.sys
2010-09-16 15:22 . 2010-09-16 15:22 53248 ----a-r- c:\documents and settings\Brian\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-09-15 06:29 . 2008-03-30 02:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 00:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2007-05-09 21:31 . 2007-05-09 21:29 15788024 ----a-w- c:\program files\StuffIt11.0.0.34.exe
2006-11-30 15:03 . 2006-11-30 15:03 16508560 ----a-w- c:\program files\jre-1_5_0_09-windows-i586-p-s.exe
2006-11-28 15:56 . 2006-11-28 15:56 14879120 ----a-w- c:\program files\GoogleEarthWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-23 68856]
"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-31 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-07-14 26112]
"bbui"="c:\program files\Creative\8xxx\bbui.exe" [2002-03-08 258048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"HostManager"="c:\program files\Common Files\AOL\1187566823\ee\AOLSoftware.exe" [2008-06-24 41824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe" [2010-01-26 243032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\Brian\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-19 344064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-10 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Creative\\8xxx\\bbui.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1187566823\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Brian\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [11/6/2010 11:58 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [11/6/2010 11:58 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [10/29/2010 4:37 PM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [11/6/2010 11:58 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [11/6/2010 11:58 AM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [11/6/2010 11:57 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2010 7:54 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101104.004\IDSXpx86.sys [10/19/2010 3:36 PM 341880]
S2 gupdate1c9f44852430e5e;Google Update Service (gupdate1c9f44852430e5e);c:\program files\Google\Update\GoogleUpdate.exe [6/23/2009 4:19 PM 133104]
S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA.sys --> c:\windows\system32\Drivers\L6TPortA.sys [?]
S3 VVBETHERNET;Broadband Blaster 8012U Ethernet Driver;c:\windows\SYSTEM32\DRIVERS\vvbeth.sys [7/15/2006 5:12 PM 15878]
S3 vvbususb;Broadband Blaster 8012U USB;c:\windows\SYSTEM32\DRIVERS\vvbususb.sys [7/15/2006 5:12 PM 51448]
.
Contents of the 'Scheduled Tasks' folder
2010-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2010-11-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-30 03:42]
2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 21:19]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 21:19]
2010-11-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Brian.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-11-06 19:24]
2010-11-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{35D46A12-E3B1-49FD-A798-D1C86D2B3D55}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/Home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: db.com
Trusted Zone: line6.net
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://dbrasweb-ny1.us.db.com/llclient/dbrasweb/winxp/,DanaInfo=rctoolbox2.us.db.com,CT=java+AXXPEE.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-Dsepaxeyuvasaxo - c:\windows\WIFCIA.dll
HKLM-Run-Ccuwixiwuhuqe - c:\windows\ucicuraqilaquvac.dll
AddRemove-M2416447 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
AddRemove-M979906 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-11-11 21:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3465306497-152574272-1382073938-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,e0,16,
63,95,c9,d4,4f,d1,7d,a7,4c,82,51,c9,37,b6,ca,f8,54,4b,1f,39,51,08,f1,0c,03,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DA5FD177-5ED9-D129-A0BCADEF3ACDBDBC}\{79EAF540-0E74-317B-4A6E156139C845D3}\{99F2609B-7483-5DDB-3E9DF7E4B6714B5D}*]
"WHRUBFTNUT3JMXQXKMKSXOBADA1"=hex:01,00,01,00,00,00,00,00,7d,86,67,30,10,5d,1c,
b8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Smith Micro\StuffIt11\ArcNameService.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\FSScrCtl.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-11-11 21:53:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 02:53
Pre-Run: 11,689,316,352 bytes free
Post-Run: 11,703,037,952 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 03250224F2EFBDF50B0A1ADD7EA70484