Here are the results from combo-fix:
ComboFix 10-05-24.07 - Administrator 05/25/2010 11:20:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.251 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\combo-fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\gkgryshqb
c:\documents and settings\NetworkService\Local Settings\Application Data\gkgryshqb\mwloacktssd.exe
c:\winnt\system32\ATHPRXY(2).DLL
c:\winnt\system32\VB40032.DLL
Infected copy of c:\winnt\system32\drivers\pcmcia.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\winnt\system32\DRIVERS\pcmcia.sys was found and disinfected
Restored copy from - Kitty ate it :p
Infected copy of c:\winnt\system32\drivers\pcmcia.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\winnt\system32\drivers\pcmcia.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\winnt\system32\DRIVERS\pcmcia.sys was found and disinfected
Restored copy from - Kitty ate it :p
Infected copy of c:\winnt\system32\drivers\pcmcia.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\winnt\system32\drivers\pcmcia.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\winnt\system32\DRIVERS\pcmcia.sys was found and disinfected
Restored copy from - Kitty ate it :p
Infected copy of c:\winnt\system32\drivers\pcmcia.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.
2010-05-05 15:20 . 2010-05-05 15:20 -------- d-----w- c:\program files\Trend Micro
2010-05-05 14:35 . 2010-04-12 21:29 411368 ----a-w- c:\winnt\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 15:39 . 2008-07-23 18:16 64 ----a-w- c:\winnt\system32\drivers\kmxcfg.u2k7
2010-05-25 15:39 . 2008-07-23 18:16 64 ----a-w- c:\winnt\system32\drivers\kmxcfg.u2k6
2010-05-25 15:39 . 2008-07-23 18:16 64 ----a-w- c:\winnt\system32\drivers\kmxcfg.u2k5
2010-05-25 15:39 . 2008-07-23 18:16 64 ----a-w- c:\winnt\system32\drivers\kmxcfg.u2k4
2010-05-25 15:39 . 2008-07-23 18:16 64 ----a-w- c:\winnt\system32\drivers\kmxcfg.u2k3
2010-05-25 15:39 . 2008-07-23 18:16 64 ----a-w- c:\winnt\system32\drivers\kmxcfg.u2k2
2010-05-25 15:39 . 2008-07-23 18:16 64 ----a-w- c:\winnt\system32\drivers\kmxcfg.u2k1
2010-05-25 15:39 . 2008-07-23 18:16 156630 ----a-w- c:\winnt\system32\drivers\kmxcfg.u2k0
2010-05-12 15:01 . 2010-04-06 12:10 664 ----a-w- c:\winnt\system32\d3d9caps.dat
2010-05-05 15:07 . 2010-05-05 15:07 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-05-05 15:07 . 2010-05-05 15:07 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-05-05 14:50 . 2003-07-31 19:26 -------- d-----w- c:\program files\Java
2010-05-05 14:41 . 2005-02-17 22:49 -------- d-----w- c:\program files\Common Files\Java
2010-05-05 14:36 . 2010-05-05 14:36 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-463ca356-n\msvcp71.dll
2010-05-05 14:36 . 2010-05-05 14:36 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-207644ed-n\decora-sse.dll
2010-05-05 14:36 . 2010-05-05 14:36 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-463ca356-n\jmc.dll
2010-05-05 14:36 . 2010-05-05 14:36 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-463ca356-n\msvcr71.dll
2010-05-05 14:36 . 2010-05-05 14:36 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-207644ed-n\decora-d3d.dll
2010-05-05 13:50 . 2010-03-05 15:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 15:38 . 2010-03-04 16:43 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-04 15:29 . 2010-03-04 15:58 -------- d-----w- c:\program files\CCleaner
2010-04-29 19:39 . 2010-03-05 15:06 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-05 15:05 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-04-20 18:08 . 2002-08-29 07:09 120192 ----a-w- c:\winnt\system32\drivers\pcmcia.sys
2010-04-19 19:30 . 2008-09-29 16:46 -------- d-----w- c:\program files\Interbank FX Trader 4
2010-04-18 22:19 . 2010-04-18 22:19 5430 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3ED2A2F6-8775-4ACD-9356-EAE4BEDE0509}\_E5D2003571905B71FEBBC9.exe
2010-04-18 22:19 . 2010-04-18 22:19 5430 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3ED2A2F6-8775-4ACD-9356-EAE4BEDE0509}\_CA5F55103AD4154ED344AC.exe
2010-04-18 22:19 . 2010-04-18 22:19 5430 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3ED2A2F6-8775-4ACD-9356-EAE4BEDE0509}\_A46C3B54F2C9871CD81DAF.exe
2010-04-18 22:18 . 2008-06-18 23:55 -------- d-----w- c:\program files\ARLT
2010-04-16 17:45 . 2010-04-16 17:45 32038 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1AED0E8F-170C-46AD-91C6-E0334DB65A3E}\_C6D28B8AA1A9ABA5E07174.exe
2010-04-16 17:45 . 2010-04-16 17:45 32038 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1AED0E8F-170C-46AD-91C6-E0334DB65A3E}\_DC23633F7DD39500B4E7F9.exe
2010-04-16 17:45 . 2010-04-16 17:45 32038 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1AED0E8F-170C-46AD-91C6-E0334DB65A3E}\_6FEFF9B68218417F98F549.exe
2010-04-16 17:45 . 2010-04-16 17:45 32038 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1AED0E8F-170C-46AD-91C6-E0334DB65A3E}\_6860B031EE4AA9CB415D4C.exe
2010-04-16 17:45 . 2010-04-16 17:45 32038 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1AED0E8F-170C-46AD-91C6-E0334DB65A3E}\_5787B9EABABEEE425FCB87.exe
2010-04-14 18:53 . 2008-09-11 01:33 -------- d-----w- c:\program files\QuickTime
2010-04-14 18:53 . 2008-08-12 15:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-14 18:53 . 2008-10-23 01:45 -------- d-----w- c:\program files\iTunes
2010-04-14 18:53 . 2002-11-08 09:08 -------- d-----w- c:\program files\PhoneTools
2010-04-14 15:04 . 2010-03-04 16:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-14 14:31 . 2010-04-12 19:44 112 ----a-w- c:\documents and settings\All Users\Application Data\7oLQoNBb8.dat
2010-04-09 13:26 . 2008-08-12 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-08 14:46 . 2007-03-28 01:29 -------- d-----w- c:\program files\Citrix
2010-04-08 14:46 . 2005-12-04 18:39 -------- d-----w- c:\program files\Google
2010-04-08 14:33 . 2009-07-08 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-08 14:12 . 2009-07-08 15:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-04-07 15:29 . 2010-03-27 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-07 14:40 . 2006-02-20 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-06 12:10 . 2010-04-06 12:10 552 ----a-w- c:\winnt\system32\d3d8caps.dat
2010-03-31 00:08 . 2010-03-31 00:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-27 21:37 . 2010-03-27 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-11 12:38 . 2004-02-06 22:05 832512 ----a-w- c:\winnt\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\winnt\system32\ieencode.dll
2010-03-11 12:38 . 1980-01-01 06:00 17408 ----a-w- c:\winnt\system32\corpol.dll
2010-03-09 11:09 . 1980-01-01 06:00 430080 ----a-w- c:\winnt\system32\vbscript.dll
2010-03-04 16:43 . 2010-03-04 16:43 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2008-07-23 16:46 . 2008-07-23 16:46 10663 ----a-w- c:\program files\Common Files\gawuficifi.dl
.
<pre>
c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID .exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem .exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade .exe
c:\program files\CA\CA Internet Security Suite\cctray\cctray .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Netscape\Netscape\Netscp .exe
c:\program files\PhoneTools\CapFax .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\winnt\system32\SK9910DM .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [N/A]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [N/A]
"\CARL-PC\EPSON Stylus CX7400 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE" [2007-02-15 179200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-07 65536]
"Keyboard Preload Check"="c:\oemdrvrs\KEYB\Preload.exe" [N/A]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Instant Wireless Configuration Utility.lnk - c:\program files\Linksys\WPC11 Config Utility\WPC11Cfg.exe [2004-1-21 176128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2002-11-8 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 ----a-w- c:\winnt\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eSignal\\winros.exe"=
"c:\\WINNT\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\CentraOne\\bin\\launcher.exe"=
"c:\\Program Files\\GlobalTec Solutions, LLP\\OptionHunter\\optionhunter.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R0 KmxStart;KmxStart;c:\winnt\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\winnt\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\winnt\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\winnt\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 KmxCF;KmxCF;c:\winnt\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\winnt\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [11/8/2002 5:13 AM 6736]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 10:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 10:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\winnt\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 mv2;mv2;c:\winnt\system32\drivers\mv2.sys [7/30/2009 3:27 PM 8792]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\winnt\system32\drivers\pwi_bus.sys [6/13/2007 8:55 PM 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\winnt\system32\drivers\pwi_mdfl.sys [6/13/2007 8:55 PM 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\winnt\system32\drivers\pwi_mdm.sys [6/13/2007 8:55 PM 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\winnt\system32\drivers\pwi_oflt.sys [6/13/2007 8:55 PM 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\winnt\system32\drivers\pwi_serd.sys [6/13/2007 8:55 PM 69632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 WPC11;Instant Wireless Network PC Card V3.0 Driver;c:\winnt\system32\drivers\LSWLN51.sys [1/21/2004 12:15 PM 50688]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PCANDIS5
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-04-01 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-01-15 c:\winnt\Tasks\CAAntiSpywareScan_Daily as Administrator at 2 02 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]
2003-08-15 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-11-08 15:04]
2010-05-25 c:\winnt\Tasks\User_Feed_Synchronization-{08E89116-8597-4F58-A253-0C36183D8D73}.job
- c:\winnt\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
LSP: c:\winnt\system32\VetRedir.dll
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - hxxp://asp1.centra.com/SiteRoots/main/Install/CentraDownloader.cab
.
- - - - ORPHANS REMOVED - - - -
AddRemove-BETATEST-CTEQ-TRDE-H3R3-2UN1NST4LL1T_is1 - c:\program files\GlobalTec Solutions
AddRemove-BETATEST-WTST-OCKS-H3R3-2UN1NST4LL1T_is1 - c:\program files\GlobalTec Solutions
AddRemove-C0MM4NDT-L00K-FXFX-H3R3-UN1NST4LLTH3_is1 - c:\program files\GlobalTec Solutions
AddRemove-FB7AB7D4-B1C0-4384-BAF1-A0F7566BE4B7_is1 - c:\program files\GlobalTec Solutions
AddRemove-FX Charts PlugIn - c:\progra~1\CANDLE~1\TS\UNWISE.EXE
AddRemove-News PlugIn - c:\progra~1\CANDLE~1\TS\UNINST~1\UNWISE.EXE
AddRemove-W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1 - c:\program files\GlobalTec Solutions
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-25 11:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\WININET.dll
c:\winnt\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(844)
c:\winnt\system32\VetRedir.dll
c:\winnt\system32\ISafeIf.dll
- - - - - - - > 'explorer.exe'(1072)
c:\winnt\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\winnt\system32\bmwebcfg.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\System32\nvsvc32.exe
c:\program files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\winnt\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\winnt\GWMDMMSG.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-05-25 11:57:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-25 15:57
Pre-Run: 94,517,284,864 bytes free
Post-Run: 94,773,297,152 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - C6DCA18BBFAE5683D6C04615EFB30DC2