I did finally get it to successfully run. Here is the log:
ComboFix 10-07-13.08 - Owner 07/14/2010 11:03:27.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.733 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\CF.com.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Owner\Application Data\Zear
c:\documents and settings\Owner\Application Data\Zear\lepyi.exe
c:\program files\webserver
c:\windows\jtrmsan.dll
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\Thumbs.db
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PPDRV
-------\Legacy_SVCHOST32
-------\Legacy_WEBSERVER
-------\Service_svchost32
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.
2010-07-12 02:06 . 2010-07-12 02:06 -------- d-----w- c:\documents and settings\Owner\Application Data\CallingID
2010-07-12 00:37 . 2010-07-12 00:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-09 17:01 . 2010-07-09 17:01 -------- d-----w- c:\program files\ESET
2010-07-08 16:10 . 2010-07-08 16:13 -------- d-----w- C:\rsit
2010-07-08 16:06 . 2010-07-08 16:06 -------- d-----w- c:\program files\ERUNT
2010-07-06 04:42 . 2010-07-06 04:42 52432 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-06-25 18:11 . 2010-07-14 11:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-24 19:49 . 2010-06-24 19:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity
2010-06-16 18:40 . 2010-06-16 18:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-06-16 18:40 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 18:40 . 2010-06-16 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-16 18:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-16 18:39 . 2010-06-16 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 16:26 . 2008-11-09 23:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-07-14 02:32 . 2010-02-03 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-07-14 02:32 . 2010-07-14 02:32 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2010-07-14 02:32 . 2010-07-14 02:32 615688 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
2010-07-12 09:24 . 2008-01-24 19:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Ikuko
2010-07-12 03:22 . 2006-02-13 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-07-12 02:05 . 2005-09-01 19:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-11 04:49 . 2008-07-02 13:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-09 18:57 . 2005-09-01 19:50 -------- d-----w- c:\program files\Microsoft Works
2010-07-08 20:48 . 2006-10-14 14:54 -------- d-----w- c:\program files\Palm
2010-07-08 16:13 . 2008-06-30 19:19 -------- d-----w- c:\program files\Trend Micro
2010-06-16 22:26 . 2007-11-04 05:54 2098 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-11 21:31 . 2010-06-11 21:31 10752 ----a-w- c:\windows\DCEBoot.exe
2010-06-11 20:19 . 2010-03-26 02:09 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-06-06 02:41 . 2009-02-01 21:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 02:53 . 2010-05-26 02:46 -------- d-----w- c:\documents and settings\Owner\Application Data\MP3Rocket
2010-05-26 02:48 . 2010-05-26 02:46 -------- d-----w- c:\program files\MP3 Rocket
2010-05-26 02:46 . 2010-05-26 02:45 -------- d-----w- c:\program files\Ask.com
2010-05-06 10:41 . 2005-03-23 16:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-03-23 16:53 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2005-03-23 16:52 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-04-15 23:26 . 2008-04-15 23:18 595928 ----a-w- c:\program files\setup Steel Bldg.exe
2006-09-27 20:25 . 2007-01-09 16:33 1445888 ----a-w- c:\program files\WinsockxpFix.exe
2007-05-22 01:29 . 2010-02-24 02:51 69632 --sh--r- c:\windows\lnchshll.exe
2007-05-22 01:29 . 2010-02-24 02:51 49152 --sh--r- c:\windows\ScrnInt.exe
2004-08-04 19:00 . 2005-03-23 16:52 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2005-03-23 16:52 50688 --sh--w- c:\windows\twain_32.dll
2007-05-17 21:05 . 2010-02-24 02:51 368640 --sh--r- c:\windows\xlsp.exe
2007-11-04 05:54 . 2007-11-04 05:54 88 --sh--r- c:\windows\system32\B21105B38A.sys
2008-04-14 00:11 . 2005-03-23 16:52 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2005-03-23 16:52 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2005-03-23 16:52 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2005-03-23 16:52 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2005-03-23 16:52 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 22:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Roboform\RoboTaskBarIcon.exe" [2008-03-22 160592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-05-25 1253376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Roboform\RoboTaskBarIcon.exe" [2008-03-22 160592]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2009-7-8 1070080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-4-25 25214]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk.disabled]
backup=c:\windows\pss\AT&T Self Support Tool.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Morning Offiice Routine.lnk]
backup=c:\windows\pss\Morning Offiice Routine.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 07:08 483328 -c--a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2007-03-28 14:38 1015808 ----a-w- c:\program files\ACT\Act for Windows\ActSage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2007-03-28 14:43 9728 -c--a-w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Free Clock]
2006-01-24 04:31 356352 ----a-w- c:\program files\Handy Free Clock\hfc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HFC.exe]
2006-01-24 04:31 356352 ----a-w- c:\program files\Handy Free Clock\hfc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-07-10 09:13 114688 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-07-10 09:25 155648 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 11:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-08-09 11:03 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 15:36 267048 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA PagePro 1400W STD]
2005-08-22 04:03 184320 ----a-w- c:\windows\system32\MSTMON_Y.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mainstreet login script]
2006-03-14 16:44 147 ----a-w- c:\windows\login.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 04:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKist]
2004-05-27 00:57 139264 -c--a-w- c:\program files\Digital Media Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-03-27 00:20 499712 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-03-27 00:20 98304 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
2008-02-28 17:35 1885464 ----a-w- c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Uniblue RegistryBooster 2"=c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16327:TCP"= 16327:TCP:BitComet 16327 TCP
"16327:UDP"= 16327:UDP:BitComet 16327 UDP
"443:TCP"= 443:TCP:800Meet_Conn_Port
"8200:TCP"= 8200:TCP:800Meet_Conn_Port
"8085:TCP"= 8085:TCP:pdrv
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [10/31/2007 1:30 PM 91136]
R2 Canon NetSpot Suite Service;Canon NetSpot Suite Service;c:\program files\Canon\Vdc\AuVdc.exe [10/3/2006 2:06 PM 57344]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R2 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe -sEMMSDE --> c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe -sEMMSDE [?]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [10/31/2007 1:42 PM 114944]
R2 xlsp;xlsp;c:\windows\xlsp.exe [2/23/2010 9:51 PM 368640]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [10/31/2007 1:29 PM 23180]
R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [9/14/2007 12:40 AM 513152]
R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [9/14/2007 12:40 AM 2688]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 9:39 AM 135664]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [9/14/2007 12:40 AM 184320]
S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlagent.EXE -i EMMSDE --> c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlagent.EXE -i EMMSDE [?]
S4 ProtectsStore;RtoAutos; [x]
.
Contents of the 'Scheduled Tasks' folder
2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 14:38]
2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 14:38]
2010-07-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-08 22:40]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ig?hl=enuSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext =
hxxp://www.gateway.com/uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:1361
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu -
file://c:\program files\Roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms -
file://c:\program files\Roboform\RoboFormComFillForms.html
IE: Save Forms -
file://c:\program files\Roboform\RoboFormComSavePass.html
Trusted Zone: allregs.com\www
Trusted Zone: classmates.com\secure
Trusted Zone: classmates.com\www
Trusted Zone: mortgagemarketguide.com
Trusted Zone: usbank.com\sellus
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xglh0wtj.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPE2Host.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-{75243E56-3860-B048-E389-C46190A83261} - c:\documents and settings\Owner\Application Data\Zear\lepyi.exe
HKLM-Run-VetStart - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
HKU-Default-Run-Oqukiquyiwi - c:\windows\jtrmsan.dll
Notify-avldr - (no file)
MSConfigStartUp-PC Pitstop Optimize Reminder - c:\program files\PCPitstop\Optimize3\Reminder-Optimize3.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-14 11:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ProtectsStore]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1456)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(520)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\FOG\File Own Guard\FOGExpExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\VPN Client\cvpnd.exe
c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\cryptainersrv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2010-07-14 11:34:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-14 16:34
ComboFix2.txt 2008-07-12 03:39
Pre-Run: 23,940,558,848 bytes free
Post-Run: 23,864,651,776 bytes free
- - End Of File - - 36DC2CB5BEDA9C43CB18F49A1F37E33C