Hi,
Here is the combofix log;
ComboFix 10-10-17.04 - Kathleen 10/18/2010 17:12:32.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1573 [GMT -4:00]
Running from: c:\documents and settings\Kathleen\desktop\combo-fix.exe
Command switches used :: /killall
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))
.
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\documents and settings\Tim\Application Data\Intel
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\program files\Common Files\Intel
2010-10-14 15:44 . 2010-10-14 15:44 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-10-14 15:43 . 2010-10-14 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-10-14 15:43 . 2010-10-14 15:43 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Intel
2010-10-14 15:27 . 2010-02-25 00:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2010-10-14 15:27 . 2010-02-25 00:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2010-10-14 15:27 . 2010-08-16 14:26 6607744 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2010-10-14 15:18 . 2009-10-26 13:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-10-14 15:18 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-10-14 15:18 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-10-13 20:33 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 20:33 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 20:33 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 20:33 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 16:43 . 2010-10-12 16:43 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Canon
2010-10-12 16:23 . 2009-10-19 20:29 307200 ----a-w- c:\windows\system32\CNC870L.dll
2010-10-12 16:23 . 2009-10-05 22:09 1310720 ----a-w- c:\windows\system32\CNC870C.dll
2010-10-12 16:23 . 2009-10-05 22:08 110592 ----a-w- c:\windows\system32\CNC870I.dll
2010-10-12 16:23 . 2009-10-05 22:05 102400 ----a-w- c:\windows\system32\CNC870U.dll
2010-10-12 16:23 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-10-12 14:19 . 2010-10-13 02:59 -------- d-----w- c:\program files\Cisco Systems
2010-10-12 14:07 . 2010-10-12 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
2010-10-11 21:28 . 2010-10-11 21:28 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Canon Easy-WebPrint EX
2010-10-11 21:21 . 2009-10-26 09:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA7.DLL
2010-10-11 21:21 . 2009-10-26 09:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA7.DLL
2010-10-11 21:21 . 2009-10-26 09:00 276992 ----a-w- c:\windows\system32\CNMLMA7.DLL
2010-10-11 21:21 . 2010-10-11 21:21 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-10-11 21:21 . 2009-09-10 09:00 179200 ----a-w- c:\windows\system32\CNMIUA7.DLL
2010-10-11 21:20 . 2010-10-11 21:20 -------- d--h--w- c:\program files\CanonBJ
2010-10-11 21:20 . 2010-10-11 21:20 -------- d-----w- c:\windows\system32\STRING
2010-10-11 21:20 . 2009-10-09 15:01 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2010-10-11 21:20 . 2009-10-09 15:01 354816 ----a-w- c:\windows\system32\CNMNPPM.DLL
2010-10-11 21:20 . 2010-10-11 21:20 -------- d-----w- c:\windows\system32\CHM
2010-10-08 11:11 . 2010-10-08 11:11 -------- d-----w- c:\windows\A13A764803C54B6AB7C118CB04588E52.TMP
2010-10-05 17:56 . 2010-10-05 17:56 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\AVG Security Toolbar
2010-10-05 17:51 . 2010-10-05 17:51 -------- d-----w- c:\documents and settings\Tim\Application Data\AVG10
2010-10-05 10:09 . 2010-10-05 10:09 -------- d-----w- c:\documents and settings\Kathleen\Local Settings\Application Data\AVG Security Toolbar
2010-10-05 01:33 . 2010-10-05 01:33 -------- d-----w- C:\$AVG
2010-10-05 01:10 . 2010-10-05 01:10 -------- d-----w- c:\documents and settings\Kathleen\Application Data\AVG10
2010-10-05 01:09 . 2010-10-05 01:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-05 01:08 . 2010-10-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-05 00:55 . 2010-10-05 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-29 01:56 . 2010-09-29 01:56 -------- d-----w- c:\documents and settings\Kathleen\Local Settings\Application Data\Help
2010-09-26 20:38 . 2010-09-26 20:38 -------- d-----w- c:\program files\Fisher-Price
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 23:09 . 2009-06-24 21:32 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-31 23:09 . 2009-06-24 21:32 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-31 23:09 . 2009-06-24 21:32 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-06-24 21:32 . 2009-06-24 21:32 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-07-03 410248]
"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-07-03 307848]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-07-03 455304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-09-28 185688]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-19 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1206544]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-28 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\tmproxy.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [11/8/2007 9:19 PM 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [11/8/2007 9:19 PM 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/8/2007 9:20 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [11/8/2007 9:19 PM 566872]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [10/14/2010 11:27 AM 6607744]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/8/2007 9:20 PM 280392]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [11/28/2007 11:01 AM 98952]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/28/2009 10:41 AM 18560]
.
Contents of the 'Scheduled Tasks' folder
2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext =
hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Kathleen\Application Data\Mozilla\Firefox\Profiles\jqa8kn38.default\
FF - prefs.js: browser.startup.homepage -
hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialFF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Kathleen\Application Data\Mozilla\Firefox\Profiles\jqa8kn38.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - f:\malwarebytes' anti-malware\mbam.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(4500)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldfcoms.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\TRENDM~1\INTERN~1\PccGuide.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-10-18 17:26:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-18 21:26
ComboFix2.txt 2009-11-08 15:46
Pre-Run: 198,041,202,688 bytes free
Post-Run: 198,501,785,600 bytes free
- - End Of File - - C1719FA8536714783F0E5ECFDC476471