I'm still a little confused but here's what I did:
You didn't say if the CFScript file needed the .txt so I left it off and dragged it onto Combofix.exe. As it started to run, it said there was an update available and did I want it? I said No, then it suggested I delete my current copy and download a new one, but it ran anyway. However, it again told me that Recovery Console was not installed, even though it supposedly installed it the first time, so I let it install again (still didn't see the RC window on boot up, but I use Acronis Boot Loader and maybe that side-steps it). Here is the new log:
ComboFix 10-06-27.02 - ericjs 06/27/2010 16:53:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3198.1952 [GMT -7:00]
Running from: c:\documents and settings\ericjs\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ericjs\Desktop\CFScript
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-16-2010-16h49m25s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-16-2010-16h49m25s\NortonInstall-06-16-2010-16h49m25s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-21-2010-17h02m41s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-21-2010-17h02m41s\NortonInstall-06-21-2010-17h02m41s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-21-2010-17h03m00s\NortonInstall-06-21-2010-17h03m00s.log
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\symdata.xml
c:\program files\Common Files\Symantec Shared
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.
2010-06-27 22:51 . 2010-06-27 22:51 -------- d-----w- c:\documents and settings\ericjs\Local Settings\Application Data\Temp
2010-06-27 22:51 . 2010-06-27 22:51 -------- d-----w- c:\documents and settings\ericjs\Local Settings\Application Data\Google
2010-06-27 19:31 . 2010-06-27 19:31 -------- d-----w- c:\program files\Western Digital Corporation
2010-06-27 19:20 . 2009-05-18 21:47 3007352 ----a-w- c:\documents and settings\ericjs\Application Data\Simply Super Software\Trojan Remover\egp2.exe
2010-06-25 18:39 . 2010-06-27 17:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\WTablet
2010-06-23 01:07 . 2010-06-23 01:07 -------- d-----w- c:\program files\Trend Micro
2010-06-22 18:42 . 2010-06-22 18:42 -------- d-----w- c:\program files\ESET
2010-06-22 14:52 . 2004-08-04 05:59 95360 ----a-w- C:\atapi.sys
2010-06-16 21:21 . 2010-06-16 21:21 -------- d-----w- c:\program files\Common Files\Java
2010-06-16 21:11 . 2010-06-16 21:11 61440 ----a-w- c:\documents and settings\ericjs\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6c0688b0-n\decora-sse.dll
2010-06-16 21:11 . 2010-06-16 21:11 503808 ----a-w- c:\documents and settings\ericjs\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ad6d70d-n\msvcp71.dll
2010-06-16 21:11 . 2010-06-16 21:11 499712 ----a-w- c:\documents and settings\ericjs\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ad6d70d-n\jmc.dll
2010-06-16 21:11 . 2010-06-16 21:11 12800 ----a-w- c:\documents and settings\ericjs\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6c0688b0-n\decora-d3d.dll
2010-06-16 21:11 . 2010-06-16 21:11 348160 ----a-w- c:\documents and settings\ericjs\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ad6d70d-n\msvcr71.dll
2010-06-16 21:11 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-16 21:00 . 2010-06-16 21:00 -------- d-----w- c:\program files\QuickTime
2010-06-16 21:00 . 2010-06-16 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-16 20:46 . 2010-06-16 20:46 0 ----a-w- c:\windows\nsreg.dat
2010-06-16 20:46 . 2010-06-16 20:46 -------- d-----w- c:\documents and settings\ericjs\Local Settings\Application Data\Mozilla
2010-06-11 05:53 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-11 05:53 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-11 05:52 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-11 05:52 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-11 05:52 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-11 05:52 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-11 05:52 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-11 05:52 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-11 05:52 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-11 05:52 . 2010-06-11 05:52 -------- d-----w- c:\program files\Alwil Software
2010-06-11 05:52 . 2010-06-11 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-10 02:22 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-10 02:22 . 2010-06-10 02:22 -------- d-----w- c:\program files\Panda Security
2010-06-09 04:30 . 2010-06-09 04:30 24280 ----a-w- c:\documents and settings\ericjs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-09 03:58 . 2010-06-09 03:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-08 22:31 . 2010-06-08 22:31 2812928 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191916-191106.dll
2010-06-05 23:02 . 2010-06-26 16:42 -------- d-----w- c:\program files\VodBurner
2010-06-05 23:01 . 2010-06-05 23:01 826880 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\slplugin.dll
2010-06-05 23:01 . 2010-06-05 23:01 626688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\vodburner\msvcr80.dll
2010-06-05 23:01 . 2010-06-05 23:01 620032 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\vodburner\SLHook.dll
2010-06-05 23:01 . 2010-06-05 23:01 603648 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\vodburner\refine.exe
2010-06-05 23:01 . 2010-06-05 23:01 5161984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\vodburner\VodBurner.exe
2010-06-05 23:01 . 2010-06-05 23:01 428032 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\rubit.exe
2010-06-05 23:01 . 2010-06-05 23:01 29696 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\vodburner\sl_wmf.dll
2010-06-05 23:01 . 2010-06-05 23:01 2608128 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\vodburner\Desk.exe
2010-06-05 23:01 . 2010-06-05 23:01 17920 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\vodburner\sl_asf.dll
2010-06-05 23:01 . 2010-06-05 23:01 1700352 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\15369F80F920484EABEE8CCB11D0565F\vodburner\GdiPlus.dll
2010-05-29 22:10 . 2010-05-29 22:58 -------- d-----w- c:\program files\Tomb Raider - Anniversary
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 00:01 . 2008-12-02 05:24 -------- d-----w- c:\program files\Taskbar Shuffle
2010-06-28 00:01 . 2008-11-28 06:50 -------- d-----w- c:\documents and settings\ericjs\Application Data\WTablet
2010-06-28 00:00 . 2010-03-11 04:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-28 00:00 . 2010-03-11 04:27 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-27 23:49 . 2009-02-17 11:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-27 19:20 . 2009-06-06 22:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-27 17:39 . 2004-08-04 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-27 07:28 . 2008-11-28 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Zoom Player
2010-06-25 18:51 . 2008-11-30 02:46 -------- d-----w- c:\program files\Macro Express3
2010-06-16 21:10 . 2009-01-12 02:37 -------- d-----w- c:\program files\Java
2010-06-10 19:32 . 2009-12-27 18:09 -------- d-----w- c:\documents and settings\ericjs\Application Data\Skype
2010-06-10 16:23 . 2009-12-27 18:11 -------- d-----w- c:\documents and settings\ericjs\Application Data\skypePM
2010-06-10 16:20 . 2009-06-06 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 22:31 . 2010-04-11 00:19 -------- d-----w- c:\program files\Quicken
2010-06-08 22:31 . 2010-04-11 00:24 243032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-06-08 17:31 . 2009-02-15 22:55 -------- d-----w- c:\program files\MetaTrader - Alpari (US)
2010-06-06 18:40 . 2010-03-18 14:14 -------- d-----w- c:\program files\MetaTrader 4 at FOREX.com
2010-05-04 17:20 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2009-05-23 13:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-04 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-06-06 16:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-06-06 16:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 03:36 . 2010-04-28 03:36 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-11 00:25 . 2010-04-11 00:25 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-04-11 00:25 . 2010-04-11 00:25 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-04-11 00:24 . 2010-04-11 00:24 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-04-11 00:23 . 2010-04-11 00:23 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-04-11 00:23 . 2010-04-11 00:23 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-04-11 00:23 . 2010-04-11 00:23 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-04-11 00:21 . 2010-04-11 00:21 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-04-11 00:21 . 2010-04-11 00:21 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-03-31 07:16 . 2010-03-31 07:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 07:10 . 2010-03-31 07:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-06-27_18.38.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-28 00:00 . 2010-06-28 00:00 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
+ 2010-06-27 19:43 . 2010-06-27 19:43 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-06-27 19:44 . 2010-06-27 19:44 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-27 19:43 . 2010-06-27 19:43 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-27 19:43 . 2010-06-27 19:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-27 19:40 . 2010-06-27 19:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-27 19:44 . 2010-06-27 19:44 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-27 19:44 . 2010-06-27 19:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-27 19:43 . 2010-06-27 19:43 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-27 19:43 . 2010-06-27 19:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-27 19:43 . 2010-06-27 19:43 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-27 19:43 . 2010-06-27 19:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-27 19:40 . 2010-06-27 19:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-27 19:41 . 2010-06-27 19:41 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-27 19:42 . 2010-06-27 19:42 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\ericjs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-27 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2007-01-31 1129232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-23 2209224]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-21 4382720]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2007-01-31 1862112]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-01-31 140832]
c:\documents and settings\ericjs\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-11-28 534016]
NetPerSec.lnk - f:\dl\Utils\NetPerSec\NetPerSec.exe [2009-5-21 192512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-2-3 221247]
Macro Express 3.lnk - c:\program files\Macro Express3\MacExp.exe [2008-11-29 3556864]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-2-21 29310]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImage.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Radmin Viewer 3\\Radmin.exe"=
"c:\\Program Files\\OEC\\Trader\\Trader.exe"=
"c:\\Program Files\\MetaTrader 4 at FOREX.com\\terminal.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Metatrader 4 by Gallant FX\\terminal.exe"=
"f:\\NewsBin5\\nbpro.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"23:TCP"= 23:TCP:Radmin
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/9/2010 7:22 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/10/2010 10:53 PM 164048]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [10/31/2007 4:30 PM 45976]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/10/2010 10:53 PM 19024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2009 9:47 AM 304464]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [3/19/2010 8:39 PM 91392]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [12/6/2008 2:22 PM 1246536]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/27/2008 11:49 PM 3032360]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 3:11 AM 17184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2009 9:47 AM 20952]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/27/2008 11:49 PM 15144]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [3/19/2010 8:40 PM 25856]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [8/21/2009 9:37 PM 428184]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1214440339-839522115-1003Core.job
- c:\documents and settings\ericjs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-27 22:51]
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1214440339-839522115-1003UA.job
- c:\documents and settings\ericjs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-27 22:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\ericjs\Application Data\Mozilla\Firefox\Profiles\bwi5qfu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-06-27 17:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(8088)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Macro Express3\mexhook.dll
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\documents and settings\ericjs\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\UltraMon\UltraMon.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-06-27 17:06:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-28 00:06
Pre-Run: 8,225,398,784 bytes free
Post-Run: 8,272,199,680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
;timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4D0E1DC2E9D3FF1060667B65945F79BF
Also, I switched to Chrome as my browser.