I am going to post this log now but please enjoy your thanksgiving holiday and get to it when you can.
Thanks in advance.....
ComboFix 10-11-24.02 - Smoking Guns BBQ 11/25/2010 4:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.124 [GMT -5:00]
Running from: c:\documents and settings\Smoking Guns BBQ\Desktop\commy.exe.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {806ED0B3-FFA4-00C8-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mike\Favorites\Thumbs.db
c:\documents and settings\Stephanie\Application Data\PriceGong
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Stephanie\Application Data\PriceGong\Data\z.xml
c:\windows\system32\cfbxrttn.ini
c:\windows\system32\qeoroqre.ini
.
((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 )))))))))))))))))))))))))))))))
.
2010-11-25 08:38 . 2010-11-25 08:38 -------- d-----w- c:\program files\Common Files\Java
2010-11-25 08:38 . 2010-11-25 08:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-25 08:00 . 2010-11-25 08:00 659968 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\syssvc.exe
2010-11-24 15:20 . 2010-11-24 15:20 -------- d-----w- c:\documents and settings\Gabrielle\Local Settings\Application Data\Apple
2010-11-24 07:33 . 2010-11-24 07:33 -------- d-----w- c:\program files\Trend Micro
2010-11-23 23:16 . 2010-11-23 23:28 -------- d-----w- C:\Pictures
2010-11-23 20:38 . 2010-11-23 20:38 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2010-11-23 20:38 . 2010-11-23 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-23 09:46 . 2010-11-23 09:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Xobni
2010-11-21 21:14 . 2010-11-21 21:22 -------- d-----w- c:\program files\Lame For Audacity
2010-11-19 06:23 . 2010-11-19 06:24 -------- d-----w- c:\program files\Voobly
2010-11-08 22:05 . 2010-11-08 22:05 -------- d-----w- c:\program files\iPod
2010-11-08 22:04 . 2010-11-08 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-08 22:04 . 2010-11-08 22:07 -------- d-----w- c:\program files\iTunes
2010-11-08 21:39 . 2010-11-08 21:40 -------- d-----w- c:\program files\Safari
2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-10-30 19:35 . 2010-10-30 19:35 -------- d-----w- c:\documents and settings\Ryan\Application Data\Apple Computer
2010-10-30 19:34 . 2010-10-30 19:35 -------- d-----w- c:\documents and settings\Ryan\Local Settings\Application Data\Apple Computer
2010-10-28 21:31 . 2010-10-28 21:31 -------- d-sh--w- c:\documents and settings\Gabrielle\PrivacIE
2010-10-28 21:30 . 2010-10-28 21:30 -------- d-----w- c:\documents and settings\Gabrielle\C
2010-10-28 21:25 . 2010-11-24 23:54 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\Apple Computer
2010-10-28 21:25 . 2010-11-24 15:16 -------- d-----w- c:\documents and settings\Gabrielle\Local Settings\Application Data\Apple Computer
2010-10-28 21:25 . 2010-10-28 21:25 -------- d-----w- c:\documents and settings\Gabrielle\Application Data\Logitech
2010-10-28 03:29 . 2010-10-28 03:29 -------- d-----w- c:\documents and settings\Smoking Guns BBQ\Local Settings\Application Data\Mozilla
2010-10-28 03:12 . 2010-10-28 03:12 -------- d-sh--w- c:\documents and settings\Smoking Guns BBQ\PrivacIE
2010-10-28 03:11 . 2010-10-28 03:12 -------- d-----w- c:\documents and settings\Smoking Guns BBQ\Local Settings\Application Data\Google
2010-10-28 03:09 . 2010-10-28 03:09 -------- d-----w- c:\documents and settings\Smoking Guns BBQ\Application Data\Malwarebytes
2010-10-28 02:49 . 2010-10-28 02:49 -------- d-----w- c:\documents and settings\Smoking Guns BBQ\Application Data\Avira
2010-10-28 02:49 . 2010-10-28 02:49 -------- d-----w- c:\documents and settings\Smoking Guns BBQ\Application Data\Apple Computer
2010-10-28 02:48 . 2010-10-28 02:48 -------- d-----w- c:\documents and settings\Smoking Guns BBQ\Local Settings\Application Data\Apple Computer
2010-10-27 23:11 . 2010-10-27 23:11 -------- d-----w- c:\documents and settings\Stephanie\Application Data\Apple Computer
2010-10-27 23:11 . 2010-10-27 23:11 -------- d-----w- c:\documents and settings\Stephanie\Local Settings\Application Data\Apple Computer
2010-10-27 06:44 . 2010-10-27 07:40 -------- d-----w- C:\db84fb62b7c5d1a83eaf147f
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-25 08:37 . 2010-04-29 03:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-27 12:06 . 2010-04-29 23:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-02-09 19:07 . 2008-10-12 04:28 385024 ----a-w- c:\program files\pribluda.dll
2003-05-05 13:09 . 2008-10-12 04:28 886 ----a-w- c:\program files\PATCH.COM
2003-01-05 20:02 . 2008-10-12 06:35 63488 ----a-w- c:\program files\bwpatch.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"Logitech Utility"="Logi_MwX.Exe" [2004-03-03 19968]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-22 113664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\Mike\Desktop\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\documents and settings\Mike\Desktop\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-08-07 15:06 700416 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1160619236\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-04-12 09:15 1383936 ------w- c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 06:00 28672 -c--a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
2006-03-08 13:56 278528 ------w- c:\program files\Creative\MediaSource5\MtdAcqu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-05-19 23:38 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-08-08 01:47 208941 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-05 23:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
2006-10-03 18:04 6104568 ----a-w- c:\program files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"gusvc"=3 (0x3)
"CCALib8"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Mike\\My Documents\\B2R\\teammate\\Teammate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1160619236\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/19/2006 10:23 PM 642560]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\Mike\Desktop\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\Mike\Desktop\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [2/17/2006 11:26 PM 16690]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 11:33 AM 46824]
R3 VWan2k;BroadJump PPPoE Adapter;c:\windows\system32\drivers\VWAN2K.sys [2/17/2006 11:26 PM 29228]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:38 PM 135664]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2/17/2006 5:24 PM 54271]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/23/2001 7:00 AM 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [5/19/2006 10:26 PM 223128]
S3 WmAdiHid;Logitech WingMan Digital Devices Driver;c:\windows\system32\drivers\WmAdiHid.sys [6/20/2002 12:45 PM 20320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:38]
2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:38]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Smoking Guns BBQ\Application Data\Mozilla\Firefox\Profiles\1gd729ek.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)
MSConfigStartUp-AdaptecDirectCD - c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-plxkpadq - c:\docume~1\Mike\LOCALS~1\Temp\qnqsbpkfr\qfmvudtdlta.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-25 09:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x837A2808]<<
_asm { MOV EAX, 0x837a2728; XCHG [ESP], EAX; PUSH EAX; PUSH 0x837cceb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x837755E0]
\Driver\Disk[0x83770F38] -> IRP_MJ_CREATE -> 0x837A2808
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x837a2808
user & kernel MBR OK
Warning: possible MBR rootkit infection !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\documents and settings\Mike\Desktop\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\Logi_MwX.Exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\SetPointP\LU\LULnchr.exe
c:\program files\Logitech\SetPointP\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2010-11-25 09:52:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-25 14:52
Pre-Run: 9,872,470,016 bytes free
Post-Run: 11,097,464,832 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A2D31BCAB4C6CD2A7179EEDC2EB8157B
