It took awhile but here they are. Computer seems to be doing fine so far.
ComboFix 10-09-09.04 - Laptop 09/11/2010 8:57.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.391 [GMT -4:00]
Running from: c:\documents and settings\Laptop\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laptop\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-09 11:45 . 2010-09-09 11:45 388096 ----a-r- c:\documents and settings\Laptop\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-09 11:45 . 2010-09-09 11:45 -------- d-----w- c:\program files\Trend Micro
2010-09-09 11:34 . 2010-09-09 11:34 -------- d-----w- C:\Hi This
2010-09-09 01:12 . 2010-09-09 01:12 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-09-09 00:51 . 2010-09-09 00:51 503808 ----a-w- c:\documents and settings\Laptop\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1215e3e4-n\msvcp71.dll
2010-09-09 00:51 . 2010-09-09 00:51 499712 ----a-w- c:\documents and settings\Laptop\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1215e3e4-n\jmc.dll
2010-09-09 00:51 . 2010-09-09 00:51 348160 ----a-w- c:\documents and settings\Laptop\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1215e3e4-n\msvcr71.dll
2010-09-09 00:51 . 2010-09-09 00:51 61440 ----a-w- c:\documents and settings\Laptop\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-394dd786-n\decora-sse.dll
2010-09-09 00:51 . 2010-09-09 00:51 12800 ----a-w- c:\documents and settings\Laptop\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-394dd786-n\decora-d3d.dll
2010-09-09 00:50 . 2010-09-09 00:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 00:43 . 2010-09-09 00:43 79488 ----a-w- c:\documents and settings\Laptop\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-09-09 00:43 . 2010-09-09 00:43 152576 ----a-w- c:\documents and settings\Laptop\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-09-09 00:16 . 2007-07-05 15:39 0 ----a-w- c:\documents and settings\Laptop\Application Data\WinPatrol\Config.sys
2010-09-09 00:16 . 2007-07-05 15:39 0 ----a-w- c:\documents and settings\Laptop\Application Data\WinPatrol\Autoexec.bat
2010-09-09 00:16 . 2010-09-09 00:16 -------- d-----w- c:\documents and settings\Laptop\Application Data\WinPatrol
2010-09-09 00:15 . 2010-09-09 00:15 -------- d-----w- c:\program files\BillP Studios
2010-09-08 17:25 . 2010-09-08 17:29 -------- d-----w- c:\program files\QuickTime
2010-09-08 17:24 . 2010-09-08 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-08 17:15 . 2010-09-08 17:15 -------- d-----w- c:\program files\Common Files\xing shared
2010-09-01 16:05 . 2010-09-01 16:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-01 15:56 . 2010-09-01 15:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-25 16:37 . 2010-09-10 12:40 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-25 16:37 . 2010-08-25 16:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-08-25 16:25 . 2010-08-25 16:25 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-25 16:25 . 2010-09-01 20:10 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-25 16:24 . 2010-08-25 16:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-08-25 16:24 . 2010-08-25 16:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-15 22:48 . 2010-07-23 22:22 43008 ----a-w- c:\documents and settings\Laptop\Application Data\Mozilla\Firefox\Profiles\hqzsve64.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-15 22:48 . 2010-07-23 22:22 338944 ----a-w- c:\documents and settings\Laptop\Application Data\Mozilla\Firefox\Profiles\hqzsve64.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-15 22:48 . 2010-07-23 22:22 346112 ----a-w- c:\documents and settings\Laptop\Application Data\Mozilla\Firefox\Profiles\hqzsve64.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-15 22:48 . 2010-07-23 22:22 1496064 ----a-w- c:\documents and settings\Laptop\Application Data\Mozilla\Firefox\Profiles\hqzsve64.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 17:04 . 2010-07-18 22:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 10:55 . 2010-03-09 14:03 117760 ----a-w- c:\documents and settings\Laptop\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-09 00:51 . 2007-10-12 13:53 -------- d-----w- c:\program files\Common Files\Java
2010-09-08 17:18 . 2010-06-17 16:29 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-08 17:18 . 2010-06-17 16:29 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-08 17:18 . 2010-06-17 16:29 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-08 17:18 . 2010-06-17 16:29 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-08 17:18 . 2010-06-17 16:29 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-08 17:18 . 2010-06-17 16:29 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-08 17:18 . 2010-06-17 16:29 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-08 17:18 . 2010-02-28 22:47 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-08 17:17 . 2007-12-09 00:16 -------- d-----w- c:\program files\Common Files\Real
2010-09-08 16:29 . 2007-07-05 15:48 11336 ----a-w- c:\windows\system32\nvModes.dat
2010-09-01 12:39 . 2010-01-19 18:33 -------- d-----w- c:\program files\Ashampoo
2010-08-16 00:20 . 2008-07-14 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-08 14:37 . 2010-08-08 14:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-01 17:30 . 2009-08-29 13:50 -------- d-----w- c:\documents and settings\Laptop\Application Data\HpUpdate
2010-07-26 21:02 . 2009-06-15 01:27 -------- d-----w- c:\program files\McAfee
2010-07-26 21:00 . 2010-02-28 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-16 09:51 . 2007-09-27 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-15 20:18 . 2009-06-15 01:29 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-12 08:56 . 2010-08-08 14:37 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-08-08 14:45 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-03-10 23:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2004-08-12 13:27 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 22:05 . 2010-06-27 22:05 50354 ----a-w- c:\documents and settings\Laptop\Application Data\Facebook\uninstall.exe
2010-06-24 12:22 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-12 13:33 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-12 13:30 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-12 13:19 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-07-05 15:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 17:28 . 2009-11-21 17:29 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-27 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"nwiz"="nwiz.exe" [2004-10-26 921600]
"AIRPLUS"="c:\program files\D-Link\AIRPLUS.exe" [2005-08-13 548864]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-21 30192]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-07-16 161336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-08 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless-G Notebook Adapter Utility.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2007-9-11 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/8/2010 10:45 AM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/14/2009 9:33 PM 93320]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S2 gupdate1c985fa2f4e5230;Google Update Service (gupdate1c985fa2f4e5230);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 8:23 AM 133104]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2005 10:17 PM 450400]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/8/2007 7:55 PM 30192]
S3 jswimd;jswimd Service;c:\windows\system32\DRIVERS\jswimd.sys --> c:\windows\system32\DRIVERS\jswimd.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/15/2010 6:35 PM 15008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 21:06]
2010-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-27 09:51]
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 12:23]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 12:23]
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-15 17:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-15 17:22]
2010-09-09 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
2010-08-29 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
2010-09-10 c:\windows\Tasks\Norton Security Scan for Laptop.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 01:20]
2010-09-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1004336348-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
2010-09-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1004336348-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://att.my.yahoo.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-11 09:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(996)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll
- - - - - - - > 'explorer.exe'(1880)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-11 09:08:12
ComboFix-quarantined-files.txt 2010-09-11 13:08
ComboFix2.txt 2010-09-10 16:46
Pre-Run: 30,732,795,904 bytes free
Post-Run: 30,721,404,928 bytes free
- - End Of File - - 44127DE2DEEC28503C8F6F1C561E5763
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 11, 2010 15:18:39
Records in database: 4208367
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 80063
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:27:23
File name / Threat / Threats count
C:\System Volume Information\_restore{795EB6E9-DED0-4AC2-94D6-7C60AEDF023D}\RP278\A0056413.exe Infected: Trojan.Win32.FakeAv.eka 1
C:\System Volume Information\_restore{795EB6E9-DED0-4AC2-94D6-7C60AEDF023D}\RP278\A0056414.exe Infected: Trojan.Win32.FakeAv.fby 1
Selected area has been scanned.