YES! Awesome!
here is the log.....
ComboFix 11-04-18.01 - David and Marla 04/20/2011 18:31:53.5.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.298 [GMT -4:00]
Running from: c:\documents and settings\David and Marla\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-20 to 2011-04-20 )))))))))))))))))))))))))))))))
.
.
2011-04-20 18:38 . 2011-04-20 18:42 -------- d-----w- c:\documents and settings\Administrator
2011-04-18 21:46 . 2011-04-18 21:46 -------- d-----w- C:\_OTL
2011-04-17 16:04 . 2011-04-17 16:04 -------- d-----w- c:\program files\ESET
2011-04-11 13:07 . 2011-04-11 13:07 -------- d-----w- C:\50d15fd2e8bd2b4b59
2011-04-10 21:36 . 2011-04-10 21:36 88820 ----a-w- c:\documents and settings\All Users\SPL56.tmp
2011-03-25 14:09 . 2011-03-25 14:16 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-22 15:57 . 2011-03-22 21:28 -------- d-----w- c:\program files\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 00:51 . 2010-08-21 22:17 90112 ----a-w- c:\windows\DUMP66e7.tmp
2011-03-07 05:33 . 2005-12-13 16:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-12-13 16:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-12-13 16:38 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 15:04 . 2010-07-13 15:57 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-05-23 17:36 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-03-08 15:08 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-05-23 17:38 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-05-23 17:38 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-05-23 17:38 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-05-23 17:38 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-05-23 17:38 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-05-23 17:38 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-05-23 17:38 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:06 . 2005-12-13 16:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-12-13 16:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2005-10-21 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-12-13 16:37 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-12-13 16:38 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-08-21 16:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2005-12-13 16:35 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 17:24 . 2010-08-21 22:17 90112 ----a-w- c:\windows\DUMP64c4.tmp
2011-02-09 13:53 . 2005-12-13 16:38 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2005-12-13 16:36 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2005-12-13 16:37 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2005-12-13 16:37 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2005-12-13 16:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-12-13 16:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-12-13 16:38 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cookienator"="c:\program files\Cookienator\cookienator.exe" [2009-10-19 1333472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-09-13 46592]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2006-03-09 262144]
"SiSPower"="SiSPower.dll" [2006-03-09 49152]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
.
c:\documents and settings\David and Marla\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2011-3-14 241664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\frun.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/08/2011 11:08 AM 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/23/2010 1:38 PM 301528]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/23/2010 1:38 PM 19544]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [03/14/2011 2:31 PM 8576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [05/28/2010 7:04 AM 14896]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [03/14/2011 2:31 PM 461056]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DCFS2K
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant =
hxxp://www.google.comuSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.bing.com/search?FORM=IEFM1&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.cnn.com/FF - prefs.js: keyword.URL -
hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Nautipolis for Firefox: {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92} - %profile%\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas:
personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep:
wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Move Media Player:
moveplayer@movenetworks.com - c:\documents and settings\David and Marla\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-04-20 18:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3889389676-2448089655-718245918-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-20 18:48:35
ComboFix-quarantined-files.txt 2011-04-20 22:48
ComboFix2.txt 2011-04-19 00:33
ComboFix3.txt 2011-04-18 23:16
ComboFix4.txt 2010-08-18 20:05
ComboFix5.txt 2011-04-20 22:30
.
Pre-Run: 11,851,788,288 bytes free
Post-Run: 11,851,620,352 bytes free
.
- - End Of File - - C68A73AAD5AE22422DA4330CFF1619C7