PDA

View Full Version : "Aparently" Avast Found a Virus



GuyDG
2010-06-01, 02:37
Avast reported the following warning although I think it may be a false alarm seeing as my computer has shown no general symptoms of infection other than the Avast warning.:


File Name: C:\Program Files\Autodesk\Backburner\monitor.exe
Malware name: Win32:Malware-gen
Malware type: Virus/Worm
VPS version: 100531-1, 05/31/2010

Here is the DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Guy at 16:25:39.75 on Mon 05/31/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.1378 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Guy\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://csulb.blackboard.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [updateMgr] c:\program files\adobe\adobe acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\guy\appdata\roaming\mozilla\firefox\profiles\y93ugl5m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=en&source=hp&q=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=en&source=hp&q=
FF - component: c:\users\guy\appdata\roaming\mozilla\firefox\profiles\y93ugl5m.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\guy\appdata\roaming\mozilla\firefox\profiles\y93ugl5m.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-7 114768]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-12-21 15360]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-7 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-7 138680]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-20 1153368]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-2-5 4718888]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-7 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-7 352920]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2008-2-18 104960]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-12-21 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-21 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-24 16168]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-4 1343400]

=============== Created Last 30 ================

2010-05-31 20:49:51 0 d-----w- c:\users\guy\appdata\roaming\Malwarebytes
2010-05-31 20:49:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 20:49:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 20:49:45 0 d-----w- c:\programdata\Malwarebytes
2010-05-31 20:49:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 19:43:44 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-31 19:31:56 98816 ----a-w- c:\windows\sed.exe
2010-05-31 19:31:56 77312 ----a-w- c:\windows\MBR.exe
2010-05-31 19:31:56 256512 ----a-w- c:\windows\PEV.exe
2010-05-31 19:31:56 161792 ----a-w- c:\windows\SWREG.exe
2010-05-28 06:56:31 0 d-----w- c:\program files\Nano
2010-05-26 03:23:23 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 04:08:42 0 d-----w- c:\program files\Emerald Viewer
2010-05-12 02:03:13 740864 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 02:15:05 68624 ----a-w- c:\users\guy\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-04-13 02:40:14 64436 ----a-w- c:\windows\fonts\CLARENDO.TTF
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-30 23:29:10 288232 ----a-w- c:\windows\fonts\Helvetica.ttf
2010-03-30 23:28:40 283912 ----a-w- c:\windows\fonts\Helvetica-Bold.ttf
2010-03-30 23:28:28 229132 ----a-w- c:\windows\fonts\Helvetica-BoldOblique.ttf
2010-03-30 23:28:02 52296 ----a-w- c:\windows\fonts\HelveticaCYBold.ttf
2010-03-30 23:27:52 50744 ----a-w- c:\windows\fonts\HelveticaCYBoldOblique.ttf
2010-03-30 23:27:42 49564 ----a-w- c:\windows\fonts\HelveticaCYOblique.ttf
2010-03-30 23:27:30 50080 ----a-w- c:\windows\fonts\HelveticaCYPlain.ttf
2010-03-30 23:27:18 104812 ----a-w- c:\windows\fonts\HelveticaNeue.ttf
2010-03-30 23:26:42 112344 ----a-w- c:\windows\fonts\HelveticaNeue-Bold.ttf
2010-03-30 23:26:30 102608 ----a-w- c:\windows\fonts\HelveticaNeue-BoldItalic.ttf
2010-03-30 23:26:18 110684 ----a-w- c:\windows\fonts\HelveticaNeue-CondensedBold.ttf
2010-03-30 23:25:54 103684 ----a-w- c:\windows\fonts\HelveticaNeue-Italic.ttf
2010-03-30 23:25:40 106100 ----a-w- c:\windows\fonts\HelveticaNeue-Light.ttf
2010-03-30 23:25:28 108120 ----a-w- c:\windows\fonts\HelveticaNeue-LightItalic.ttf
2010-03-30 23:25:08 102848 ----a-w- c:\windows\fonts\HelveticaNeue-UltraLight.ttf
2010-03-30 23:24:48 104452 ----a-w- c:\windows\fonts\HelveticaNeue-UltraLightItalic.ttf
2010-03-30 23:24:30 228536 ----a-w- c:\windows\fonts\Helvetica-Oblique.ttf
2010-03-30 23:23:48 108468 ----a-w- c:\windows\fonts\HelveticaNeue-CondensedBlack.ttf
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 21:58:09 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:26:11.42 ===============


I ran Spybot and MalwareBytes but they didn’t come up with anything.

If this is not a virus and nothing to worry about I’m sorry to take up your time and thank you for the help.

Blade81
2010-06-04, 10:54
Hi,

ComboFix shouldn't be run without supervision. Kindly post contents of c:\ComboFix.txt file.

GuyDG
2010-06-04, 17:59
Yeah, sorry about that I know I got a little ahead of myself, but here is the ComboFix Log. I would have posted it before, but I couldn't remember where it was saved to.:


ComboFix 10-05-30.09 - Guy 05/31/2010 12:35:20.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.1831 [GMT -7:00]
Running from: c:\users\Guy\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 19:42 . 2010-05-31 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-31 05:51 . 2010-05-31 05:51 2157 ----a-w- c:\users\Guy\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-05-31 05:51 . 2010-05-31 05:51 2095 ----a-w- c:\users\Guy\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
2010-05-31 05:50 . 2010-05-31 05:50 1791 ----a-w- c:\users\Guy\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-05-31 05:50 . 2010-05-31 05:50 1505 ----a-w- c:\users\Guy\AppData\Roaming\.purple\certificates\x509\tls_peers\slogin.oscar.aol.com
2010-05-31 05:50 . 2010-05-31 05:50 1089 ----a-w- c:\users\Guy\AppData\Roaming\.purple\certificates\x509\tls_peers\login.yahoo.com
2010-05-28 06:56 . 2010-05-28 07:00 -------- d-----w- c:\program files\Nano
2010-05-26 03:23 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 19:42 . 2010-05-24 19:42 2157 ----a-w- c:\users\Guy\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\omega.contacts.msn.com
2010-05-24 19:42 . 2010-05-24 19:42 1791 ----a-w- c:\users\Guy\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\bos.oscar.aol.com
2010-05-24 19:42 . 2010-05-24 19:42 2095 ----a-w- c:\users\Guy\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\login.live.com
2010-05-24 19:42 . 2010-05-24 19:42 1505 ----a-w- c:\users\Guy\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\slogin.oscar.aol.com
2010-05-24 19:42 . 2010-05-24 19:42 1089 ----a-w- c:\users\Guy\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\login.yahoo.com
2010-05-24 19:42 . 2010-05-24 19:42 1251 ----a-w- c:\users\Guy\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\xmpp.raptr.com
2010-05-20 04:10 . 2010-05-20 04:42 -------- d-----w- c:\users\Guy\AppData\Local\Emerald
2010-05-20 04:08 . 2010-05-20 04:10 -------- d-----w- c:\program files\Emerald Viewer
2010-05-18 06:10 . 2010-05-18 06:10 17510192 ----a-w- c:\users\Guy\AppData\Roaming\Raptr\raptr-0.7.5-r39454-release.exe
2010-05-18 04:36 . 2010-05-18 04:36 2165 ----a-w- c:\users\Guy\AppData\Roaming\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2010-05-12 02:03 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 08:33 . 2010-03-26 04:49 66048 ----a-w- c:\users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\y93ugl5m.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
2010-05-05 04:41 . 2009-07-14 01:16 30749 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\vbajet32.dll
2010-05-05 04:41 . 2009-07-14 01:15 618496 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Mswstr10.dll
2010-05-05 04:41 . 2009-07-14 01:15 61440 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjter40.dll
2010-05-05 04:41 . 2009-07-14 01:15 364544 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjetoledb40.dll
2010-05-05 04:41 . 2009-07-14 01:15 290816 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjtes40.dll
2010-05-05 04:41 . 2009-07-14 01:15 24576 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjint40.dll
2010-05-05 04:41 . 2009-07-14 01:15 143360 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjro.dll
2010-05-05 04:41 . 2009-07-14 01:15 1589248 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjet40.dll
2010-05-05 04:41 . 2009-07-14 01:15 987136 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msado15.dll
2010-05-05 04:41 . 2009-07-14 01:15 81920 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msadrh15.dll
2010-05-05 04:41 . 2009-07-14 01:15 372736 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Msadox.dll
2010-05-05 04:41 . 2009-07-14 01:15 380957 ----a-w- c:\users\Guy\AppData\Roaming\Creative\Media Database\JetFileBackup\Expsrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 08:36 . 2009-12-21 01:35 -------- d-----w- c:\users\Guy\AppData\Roaming\.purple
2010-05-28 06:53 . 2010-02-15 05:03 -------- d-----w- c:\program files\7-Zip
2010-05-26 16:22 . 2010-02-06 01:36 -------- d-----w- c:\users\Guy\AppData\Roaming\WTablet
2010-05-24 19:42 . 2010-04-22 05:24 -------- d-----w- c:\users\Guy\AppData\Roaming\Raptr
2010-05-18 06:10 . 2010-04-22 05:24 -------- d-----w- c:\program files\Raptr
2010-05-13 06:51 . 2009-12-20 19:57 71848 ----a-w- c:\users\Guy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-12 20:40 . 2010-01-21 21:24 -------- d-----w- c:\users\Guy\AppData\Roaming\Skype
2010-05-12 20:36 . 2010-01-21 21:26 -------- d-----w- c:\users\Guy\AppData\Roaming\skypePM
2010-05-12 18:21 . 2009-12-20 19:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 07:56 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-05 04:39 . 2009-12-20 22:55 -------- d-----w- c:\users\Guy\AppData\Roaming\Audacity
2010-04-28 03:02 . 2010-02-03 03:01 -------- d-----w- c:\program files\iTunes
2010-04-28 03:02 . 2010-04-28 03:02 -------- d-----w- c:\program files\iPod
2010-04-28 03:02 . 2009-12-21 07:32 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 03:00 . 2010-04-28 03:00 -------- d-----w- c:\program files\Bonjour
2010-04-28 02:59 . 2010-04-28 02:59 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-25 18:21 . 2010-04-25 18:02 -------- d-----w- c:\programdata\Autodesk
2010-04-25 18:20 . 2010-04-25 18:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-25 18:04 . 2010-04-25 18:00 -------- d-----w- c:\program files\Autodesk
2010-04-25 03:50 . 2010-01-03 06:19 -------- d-----w- c:\users\Guy\AppData\Roaming\gtk-2.0
2010-04-18 03:42 . 2010-04-18 03:35 -------- d-----w- c:\users\Guy\AppData\Roaming\vlc
2010-04-18 03:33 . 2010-04-18 03:33 -------- d-----w- c:\program files\VideoLAN
2010-04-16 18:16 . 2010-04-16 18:11 -------- d-----w- c:\program files\StarCraft II Beta
2010-04-16 18:14 . 2010-04-16 18:11 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-16 18:14 . 2010-04-16 18:11 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-04-16 18:10 . 2010-04-16 18:10 -------- d-----w- c:\programdata\Blizzard
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 03:25 . 2009-12-27 23:29 -------- d-----w- c:\program files\SecondLife
2010-04-06 05:55 . 2010-04-06 05:55 -------- d-----w- c:\programdata\Sync App Settings
2010-04-05 01:42 . 2010-04-05 01:42 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 01:41 . 2009-12-21 07:33 -------- d-----w- c:\program files\QuickTime
2010-04-05 01:35 . 2010-04-05 01:23 -------- d-----w- c:\programdata\Pure Networks
2010-04-05 01:32 . 2010-04-05 01:32 -------- d-----w- c:\program files\Linksys
2010-04-05 01:24 . 2010-04-05 01:24 -------- d-----w- c:\program files\Pure Networks
2010-04-05 01:24 . 2010-04-05 01:24 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-04-05 01:23 . 2010-04-05 01:24 34226736 ----a-w- c:\programdata\Pure Networks\Setup\nmsetup.exe
2010-03-08 21:33 . 2010-04-14 19:53 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 07:50 . 2010-03-03 07:50 2145 ----a-w- c:\users\Guy\AppData\Roaming\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"updateMgr"="c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-31 313472]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-19 126976]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2008-01-19 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-01-19 131072]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-12-24 1643200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-25 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-12-22 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-22 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-21 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-06-23 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-06-23 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-25 16168]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-05 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 XDva320;XDva320;c:\windows\system32\XDva320.sys [x]
R4 Dpsmanwx.fte;Dpsmanwx.fte; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-02 15360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-01-07 4718888]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 375808]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-02-18 104960]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-12-21 18:30]
.
.
------- Supplementary Scan -------
.
uStart Page = https://csulb.blackboard.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\y93ugl5m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=en&source=hp&q=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=en&source=hp&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\y93ugl5m.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\y93ugl5m.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - c:\program files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3160)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Completion time: 2010-05-31 12:44:06
ComboFix-quarantined-files.txt 2010-05-31 19:44

Pre-Run: 118,316,822,528 bytes free
Post-Run: 118,508,867,584 bytes free

- - End Of File - - 5C17159C6025DBD63944B40415B62DD4


However I have removed the program that Avast was giving the warning for sense I don't need it to run 3DS Max anyways. (I removed Backburner which the file in question was part of) That being the case afterworlds I did a full system scan with Spybot, Avast, and MalwareBytes and came up with nothing. So in other words it appears it was just a false alarm like I thought.

So, unless there is something that they or I have missed I think that's it. Below I have included the recent MalwareBytes log and a more recent DDS log in case there have been any changes.

MalwareBytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4159

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

6/2/2010 4:13:53 PM
mbam-log-2010-06-02 (16-13-53).txt

Scan type: Quick scan
Objects scanned: 122179
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS Log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Guy at 7:50:26.61 on Fri 06/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.2044 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Guy\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://csulb.blackboard.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [updateMgr] c:\program files\adobe\adobe acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\guy\appdata\roaming\mozilla\firefox\profiles\y93ugl5m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=en&source=hp&q=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=en&source=hp&q=
FF - component: c:\users\guy\appdata\roaming\mozilla\firefox\profiles\y93ugl5m.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\guy\appdata\roaming\mozilla\firefox\profiles\y93ugl5m.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-7 114768]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-12-21 15360]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-7 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-7 138680]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-20 1153368]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-2-5 4718888]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-7 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-7 352920]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2008-2-18 104960]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-12-21 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-21 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-24 16168]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-4 1343400]

=============== Created Last 30 ================

2010-05-31 20:49:51 0 d-----w- c:\users\guy\appdata\roaming\Malwarebytes
2010-05-31 20:49:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 20:49:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 20:49:45 0 d-----w- c:\programdata\Malwarebytes
2010-05-31 20:49:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 19:43:44 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-31 19:31:56 98816 ----a-w- c:\windows\sed.exe
2010-05-31 19:31:56 77312 ----a-w- c:\windows\MBR.exe
2010-05-31 19:31:56 256512 ----a-w- c:\windows\PEV.exe
2010-05-31 19:31:56 161792 ----a-w- c:\windows\SWREG.exe
2010-05-28 06:56:31 0 d-----w- c:\program files\Nano
2010-05-26 03:23:23 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 04:08:42 0 d-----w- c:\program files\Emerald Viewer
2010-05-12 02:03:13 740864 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 02:15:05 68624 ----a-w- c:\users\guy\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-04-13 02:40:14 64436 ----a-w- c:\windows\fonts\CLARENDO.TTF
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-30 23:29:10 288232 ----a-w- c:\windows\fonts\Helvetica.ttf
2010-03-30 23:28:40 283912 ----a-w- c:\windows\fonts\Helvetica-Bold.ttf
2010-03-30 23:28:28 229132 ----a-w- c:\windows\fonts\Helvetica-BoldOblique.ttf
2010-03-30 23:28:02 52296 ----a-w- c:\windows\fonts\HelveticaCYBold.ttf
2010-03-30 23:27:52 50744 ----a-w- c:\windows\fonts\HelveticaCYBoldOblique.ttf
2010-03-30 23:27:42 49564 ----a-w- c:\windows\fonts\HelveticaCYOblique.ttf
2010-03-30 23:27:30 50080 ----a-w- c:\windows\fonts\HelveticaCYPlain.ttf
2010-03-30 23:27:18 104812 ----a-w- c:\windows\fonts\HelveticaNeue.ttf
2010-03-30 23:26:42 112344 ----a-w- c:\windows\fonts\HelveticaNeue-Bold.ttf
2010-03-30 23:26:30 102608 ----a-w- c:\windows\fonts\HelveticaNeue-BoldItalic.ttf
2010-03-30 23:26:18 110684 ----a-w- c:\windows\fonts\HelveticaNeue-CondensedBold.ttf
2010-03-30 23:25:54 103684 ----a-w- c:\windows\fonts\HelveticaNeue-Italic.ttf
2010-03-30 23:25:40 106100 ----a-w- c:\windows\fonts\HelveticaNeue-Light.ttf
2010-03-30 23:25:28 108120 ----a-w- c:\windows\fonts\HelveticaNeue-LightItalic.ttf
2010-03-30 23:25:08 102848 ----a-w- c:\windows\fonts\HelveticaNeue-UltraLight.ttf
2010-03-30 23:24:48 104452 ----a-w- c:\windows\fonts\HelveticaNeue-UltraLightItalic.ttf
2010-03-30 23:24:30 228536 ----a-w- c:\windows\fonts\Helvetica-Oblique.ttf
2010-03-30 23:23:48 108468 ----a-w- c:\windows\fonts\HelveticaNeue-CondensedBlack.ttf
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 21:58:09 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 7:51:16.56 ===============


Thanks for your help and, if I'm correct, sorry for wasting your time.

Blade81
2010-06-04, 18:11
Hi,

Yes, looks like it was indeed a false alarm.

Uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

GuyDG
2010-06-04, 18:17
Ok, thanks again.

Blade81
2010-06-04, 18:21
You're welcome :)