Deleted the folder as requested.
Combofix log is below:
ComboFix 09-07-09.07 - Paul Troup 07/10/2009 4:19.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.789 [GMT -5:00]
Running from: c:\documents and settings\Paul Troup\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Paul Troup\Application Data\Microsoft\profile.dat
c:\windows\Installer\1aa28d.msp
c:\windows\Installer\247672a5.msi
c:\windows\Installer\247672ab.msi
c:\windows\Installer\247672b1.msi
c:\windows\Installer\36825fd.msp
c:\windows\Installer\4e8e3c15.msp
c:\windows\Installer\63c186d.msp
c:\windows\Installer\63c1880.msp
c:\windows\Installer\8a2359.msp
c:\windows\Installer\8a236d.msp
c:\windows\Installer\97fc0a.msp
c:\windows\Installer\97fc71.msp
c:\windows\Installer\e855fa.msp
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\hjgruinsdjrdtq.dat
c:\windows\system32\hjgruiskeemqll.dat
c:\windows\system32\pwdmon.dll
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ZESOFT
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-07-05 19:35 . 2009-07-05 19:35 -------- d-sh--w- c:\documents and settings\Paul Troup\UserData
2009-07-05 02:55 . 2009-07-05 19:26 -------- d-----w- C:\ToolBar SD
2009-07-05 00:10 . 2009-07-05 00:10 -------- d-----w- C:\rsit
2009-06-29 03:31 . 2009-06-29 03:31 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-29 01:10 . 2009-06-29 01:10 -------- d-----w- c:\program files\Alwil Software
2009-06-28 22:29 . 2009-06-28 22:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-28 19:26 . 2009-07-05 00:10 -------- d-----w- c:\program files\Trend Micro
2009-06-28 18:52 . 2009-06-28 18:52 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 09:26 . 2004-09-26 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 07:01 . 2004-12-07 20:33 -------- d-----w- c:\documents and settings\Paul Troup\Application Data\wsInspector
2009-07-05 22:33 . 2004-09-26 13:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-05 02:25 . 2004-09-26 14:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-05 02:13 . 2004-08-22 04:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 02:11 . 2004-11-06 09:16 -------- d-----w- c:\program files\Resplendent Registrar
2009-07-05 00:03 . 2009-04-12 03:11 117760 ----a-w- c:\documents and settings\Paul Troup\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-04 23:51 . 2006-02-26 18:05 -------- d-----w- c:\program files\Java
2009-06-29 03:41 . 2006-02-26 04:25 -------- d-----w- c:\program files\Yahoo!
2009-06-29 02:54 . 2007-06-09 21:10 -------- d-----w- c:\program files\CCleaner
2009-06-28 22:30 . 2009-04-12 03:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-28 18:52 . 2008-10-26 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 16:27 . 2008-10-26 21:22 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2008-10-26 21:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 02:53 . 2007-02-20 08:25 -------- d-----w- c:\program files\Palm
2009-05-23 20:40 . 2009-05-23 20:40 -------- d-----w- c:\documents and settings\Paul Troup\Application Data\vlc
2009-05-07 15:32 . 1980-01-01 07:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-24 01:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 1980-01-01 07:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-10-15 12:09 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 05:42 . 2009-04-15 05:42 152576 ----a-w- c:\documents and settings\Paul Troup\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-13 04:32 . 2004-10-04 05:37 83096 ----a-w- c:\documents and settings\Paul Troup\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-10-26 20:59 . 2008-10-26 20:59 18758 ----a-w- c:\program files\Common Files\azadyro.exe
2008-10-26 20:59 . 2008-10-26 20:59 15827 ----a-w- c:\program files\Common Files\ybanycop.dat
2008-10-26 20:59 . 2008-10-26 20:59 13633 ----a-w- c:\program files\Common Files\elucemeb.bin
2008-10-26 20:59 . 2008-10-26 20:59 13441 ----a-w- c:\program files\Common Files\kusupiq.dat
2008-10-26 20:59 . 2008-10-26 20:59 13034 ----a-w- c:\program files\Common Files\vedoz.bin
2008-10-26 20:59 . 2008-10-26 20:59 11413 ----a-w- c:\program files\Common Files\umobagilaw._sy
2008-10-26 20:59 . 2008-10-26 20:59 10954 ----a-w- c:\program files\Common Files\xibogiwe.com
2008-10-26 20:59 . 2008-10-26 20:59 10506 ----a-w- c:\program files\Common Files\zyzovol._dl
2008-09-21 06:13 . 2008-09-21 06:13 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-22 00:39 . 2007-06-22 00:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-06-22 00:39 . 2007-06-22 00:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-01-20 581632]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"frymxins"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-26 344064]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"hffsrv"="c:\windows\hffext\hffsrv.exe" [2005-05-27 82432]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 356352]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-09 40960]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2005-09-06 745472]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"QCWLIcon"="c:\progra~1\ThinkPad\CONNEC~1\QCWLIcon.exe" [2005-09-06 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"S3TRAY2"="S3Tray2.exe" - c:\windows\system32\S3Tray2.exe [2001-10-12 69632]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-08-24 40960]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"="rmdir" [X]
"supportdir"="rmdir" [X]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-10-04 04:59 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-01 17:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-09-06 09:08 262144 ----a-w- c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 05:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\\0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [8/21/2004 11:24 PM 69632]
R1 FDCENT;FDCENT;c:\windows\system32\drivers\FDCENT.SYS [6/26/2007 1:06 AM 44928]
R1 NEOFLTR_600_13487;Juniper Networks TDI Filter Driver (NEOFLTR_600_13487);c:\windows\system32\drivers\NEOFLTR_600_13487.sys [8/13/2008 8:50 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [8/21/2004 11:24 PM 4736]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [8/21/2004 11:25 PM 16384]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [3/19/2004 2:05 PM 63872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/7/2009 3:47 AM 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/28/2008 1:32 AM 598856]
S2 0195131245902298mcinstcleanup;McAfee Application Installer Cleanup (0195131245902298);c:\windows\TEMP\019513~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\019513~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [8/21/2004 11:46 PM 12288]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys --> c:\windows\system32\DRIVERS\radpms.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-05-17 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-08-22 07:38]
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-07 15:53]
2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-07 15:53]
2009-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.comIE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search &Dictionary - c:\program files\Lexico\Toolbar\dictionary.htm
IE: Search &Thesaurus - c:\program files\Lexico\Toolbar\thesaurus.htm
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} -
hxxps://touchworks.cvapc.com/Touchworks ... Engine.cabDPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
hxxp://downloads.ewido.net/ewidoOnlineScan.cabDPF: {46965FE7-2129-407B-938C-BE358A56D11E} -
hxxps://touchworks.cvapc.com/TouchWorks ... iewer3.cabDPF: {A325C946-0C71-4098-AC94-46694E46CEB4} -
hxxps://touchworks.cvapc.com/AHSWeb/IDX ... XTools.cabDPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} -
hxxps://touchworks.cvapc.com/TouchWorks ... /twrtf.cabDPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} -
hxxps://touchworks.cvapc.com/Touchworks/DictateBar.cabDPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} -
hxxps://www-307.ibm.com/pc/support/acce ... ontrol.cabDPF: {CE10AD66-84BC-46A9-9424-C863199C0408} -
hxxps://touchworks.cvapc.com/TouchWorks ... iewer2.cabDPF: {D14CA9D7-7C03-4E39-B076-0F3E852E705B} -
hxxps://touchworks.cvapc.com/AHSWeb/IDX ... DXWFCB.cabDPF: {EECF9899-FC3A-4841-986F-30B874921B36} -
hxxps://touchworks.cvapc.com/AHSWeb/IDX ... rowser.cabFF - ProfilePath - c:\documents and settings\Paul Troup\Application Data\Mozilla\Firefox\Profiles\5glr35th.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.comFF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-10 04:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\XR
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(2764)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\IBM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Maxtor\Utils\SyncServices.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\QCONSVC.EXE
c:\windows\system32\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\1XConfig.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-10 4:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 09:33
Pre-Run: 26,648,875,008 bytes free
Post-Run: 26,934,632,448 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
316 --- E O F --- 2009-06-19 07:54