I think that did it. I believe I saw a notice that Combofix found issues in the boot sector and so far so good as far as the virus popups go since it finished.
Here is the log.
ComboFix 10-08-26.04 - Doug Tennant 08/27/2010 8:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1667 [GMT -7:00]
Running from: c:\documents and settings\Doug Tennant\desktop\commy.exe
Command switches used :: /stepdel
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Cassie\Application Data\.#
c:\documents and settings\Doug Tennant\Application Data\.#
c:\documents and settings\Cassie\Application Data\.#\MBX@8C0@3841A0.###
c:\documents and settings\Cassie\Application Data\.#\MBX@8C0@3841D0.###
c:\documents and settings\Cassie\Application Data\.#\MBX@8C0@384200.###
c:\documents and settings\Cassie\Application Data\.#\MBX@D0C@3841A0.###
c:\documents and settings\Cassie\Application Data\.#\MBX@D0C@3841D0.###
c:\documents and settings\Cassie\Application Data\.#\MBX@D0C@384200.###
c:\documents and settings\Doug Tennant\Application Data\.#\MBX@D3C@3841A0.###
c:\documents and settings\Doug Tennant\Application Data\.#\MBX@D3C@3841D0.###
c:\documents and settings\Doug Tennant\Application Data\.#\MBX@D3C@384200.###
c:\documents and settings\Doug Tennant\Application Data\.#\MBX@F2C@3841A0.###
c:\documents and settings\Doug Tennant\Application Data\.#\MBX@F2C@3841D0.###
c:\documents and settings\Doug Tennant\Application Data\.#\MBX@F2C@384200.###
C:\khq
c:\program files\Internet Explorer\SET86.tmp
c:\program files\Internet Explorer\SET87.tmp
c:\program files\Internet Explorer\SET88.tmp
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-24 02:38 . 2010-08-24 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-21 22:12 . 2010-08-22 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-18 05:33 . 2010-08-18 05:33 -------- d-----w- c:\documents and settings\Kathy\Application Data\Trusteer
2010-08-16 00:23 . 2010-08-16 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-08-15 06:40 . 2010-08-15 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
2010-08-08 05:40 . 2010-07-18 12:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer
2010-08-07 18:23 . 2010-08-07 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Carbonite
2010-08-07 02:29 . 2010-08-07 02:29 -------- d-----w- c:\documents and settings\Doug Tennant\Application Data\DeviceDoctorSoftware
2010-08-07 01:23 . 2010-08-07 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-05 01:43 . 2010-08-05 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-03 12:00 . 2010-08-15 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-01 20:47 . 2010-08-01 20:47 -------- d-----w- c:\documents and settings\Cassie\Application Data\Malwarebytes
2010-08-01 20:24 . 2010-08-01 20:24 -------- d-----w- c:\documents and settings\Cassie\Application Data\freshgames
2010-07-31 15:56 . 2010-07-31 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-07-30 08:39 . 2010-07-31 15:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-07-29 02:54 . 2010-07-29 02:54 -------- d-----w- c:\documents and settings\Cassie\Application Data\Trusteer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 04:47 . 2010-08-19 04:47 0 ----a-w- c:\documents and settings\Doug Tennant\Local Settings\Application Data\prvlcl.dat
2010-08-27 04:40 . 2008-09-17 02:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-26 15:25 . 2008-09-17 04:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-25 04:15 . 2010-08-22 21:57 166928 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-24 02:48 . 2008-09-18 03:53 -------- d-----w- c:\documents and settings\Cassie\Application Data\Apple Computer
2010-08-24 02:44 . 2008-09-17 02:52 -------- d-----w- c:\documents and settings\Doug Tennant\Application Data\Apple Computer
2010-08-24 02:40 . 2010-08-24 02:38 -------- d-----w- c:\program files\iTunes
2010-08-24 02:38 . 2010-08-24 02:38 -------- d-----w- c:\program files\iPod
2010-08-24 02:38 . 2008-09-17 02:48 -------- d-----w- c:\program files\Common Files\Apple
2010-08-24 02:35 . 2010-08-24 02:33 -------- d-----w- c:\program files\QuickTime
2010-08-24 02:25 . 2010-08-24 02:25 -------- d-----w- c:\program files\Bonjour
2010-08-24 02:19 . 2008-09-17 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-23 05:42 . 2010-08-23 05:42 -------- d-----w- c:\program files\CCleaner
2010-08-22 22:43 . 2008-09-18 06:34 -------- d-----w- c:\documents and settings\Doug Tennant\Application Data\gtk-2.0
2010-08-21 22:21 . 2010-08-21 22:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-21 22:15 . 2010-08-21 22:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-21 01:50 . 2008-10-06 18:10 -------- d-----w- c:\program files\Yahoo!
2010-08-21 01:49 . 2009-02-14 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-21 01:48 . 2008-10-11 21:15 -------- d-----w- c:\documents and settings\Doug Tennant\Application Data\Yahoo!
2010-08-19 04:54 . 2010-08-19 04:54 -------- d-----w- c:\program files\ESET
2010-08-18 05:30 . 2010-08-18 05:30 -------- d-----w- c:\program files\My Tribe
2010-08-16 07:12 . 2010-08-16 07:11 -------- d-----w- c:\program files\Ranch Rush 2 - Sara's Island Experiment
2010-08-16 00:27 . 2009-02-08 16:14 -------- d-----w- c:\program files\COMODO
2010-08-15 17:35 . 2009-01-23 02:31 -------- d-----w- c:\program files\Wonderland Adventures
2010-08-13 09:48 . 2010-08-13 09:48 -------- d-----w- c:\program files\Trend Micro
2010-08-11 10:17 . 2010-08-07 01:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-08 18:45 . 2010-08-07 01:25 -------- d-----w- c:\program files\Microsoft
2010-08-08 18:42 . 2010-08-07 18:16 -------- d-----w- c:\program files\MozyHome
2010-08-08 18:37 . 2009-08-24 05:25 -------- d-----w- c:\program files\Easy Duplicate Finder
2010-08-08 05:42 . 2010-05-02 07:04 -------- d-----w- c:\program files\Canasis
2010-08-07 18:23 . 2010-08-07 18:23 -------- d-----w- c:\program files\Carbonite
2010-08-07 16:44 . 2009-03-19 01:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 01:43 . 2010-08-05 01:43 -------- d-----w- c:\program files\Alwil Software
2010-08-04 05:17 . 2010-03-19 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 04:48 . 2008-09-18 06:12 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 04:47 . 2008-09-18 06:12 -------- d-----w- c:\program files\Java
2010-08-03 13:48 . 2009-08-24 04:57 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-08-03 12:05 . 2010-08-03 12:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-02 06:11 . 2010-08-02 06:11 -------- d-----w- c:\program files\AVG
2010-08-01 07:47 . 2009-09-05 23:48 -------- d-----w- c:\program files\Google
2010-07-31 16:56 . 2010-07-31 16:56 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-29 03:09 . 2010-07-28 15:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-07-26 06:48 . 2009-02-08 16:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-26 06:40 . 2010-07-26 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-07-26 06:38 . 2010-07-26 06:37 -------- d-----w- c:\program files\bfgclient
2010-07-25 04:47 . 2009-04-13 05:44 -------- d-----w- c:\program files\Ice Cream Craze - Tycoon Takeover
2010-07-21 05:27 . 2008-09-18 06:13 -------- d-----w- c:\documents and settings\Doug Tennant\Application Data\LimeWire
2010-07-18 21:02 . 2010-05-23 22:43 -------- d-----w- c:\documents and settings\Doug Tennant\Application Data\freshgames
2010-07-18 21:02 . 2009-01-24 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\FreshGames
2010-07-17 12:00 . 2010-08-04 04:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 09:05 . 2009-08-03 00:03 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-16 00:54 . 2008-10-06 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-07-16 00:51 . 2010-07-16 00:49 -------- d-----w- c:\program files\Cake Mania - Lights, Camera, Action
2010-07-15 05:11 . 2008-12-19 03:23 -------- d-----w- c:\program files\Fireworks Extravaganza
2010-06-30 12:31 . 2003-04-15 13:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2003-04-15 13:00 667136 ------w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-04-15 13:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-15 13:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-04-15 13:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2003-04-15 13:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 18:55 . 2010-06-04 18:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-02 02:00 . 2010-06-02 02:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 02:00 . 2010-06-02 02:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 02:00 . 2010-06-02 02:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-06-01 17:37 . 2010-08-12 14:40 221568 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-06-29 00:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-06-29 00:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-06-29 00:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-06-29 900240]
c:\documents and settings\Doug Tennant\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
c:\documents and settings\Cassie\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-11 20:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MostFun\\Bin\\MostFun.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [7/1/2010 12:07 PM 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/1/2010 12:07 PM 166632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 67656]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/1/2010 12:07 PM 840936]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
S3 cpuz133;cpuz133;\??\c:\docume~1\DOUGTE~1\LOCALS~1\Temp\cpuz133\cpuz133_x32.sys --> c:\docume~1\DOUGTE~1\LOCALS~1\Temp\cpuz133\cpuz133_x32.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260}
FF - ProfilePath - c:\documents and settings\Doug Tennant\Application Data\Mozilla\Firefox\Profiles\79f9hx51.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage -
www.google.comFF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-BFG-Cake Mania - Lights, Camera, Action - c:\program files\Cake Mania - Lights
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-Yahoo! Search Defender - c:\progra~1\Yahoo!\SEARCH~1\UNINST~1.EXE
AddRemove-Yahoo! Software Update - c:\progra~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-27 08:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5
977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,cf,7e,e4,12,82,a0,44,8d,45,3f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839
E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,cf,7e,e4,12,82,a0,44,8d,45,3f,\
[HKEY_USERS\S-1-5-21-854245398-1450960922-839522115-1006\Software\Zango\Common]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-854245398-1450960922-839522115-1006\Software\Zango\HostOI]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-854245398-1450960922-839522115-1006\Software\Zango\HostOL]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-854245398-1450960922-839522115-1006\Software\Zango\Time]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-854245398-1450960922-839522115-1006\Software\Zango\Zango]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(6080)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\pctspk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\System32\vssvc.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
.
**************************************************************************
.
Completion time: 2010-08-27 09:06:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-27 16:06
Pre-Run: 2,229,399,552 bytes free
Post-Run: 5,975,461,888 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - B910BC4274B69131E8D2C2D775A6DE61