Without doing anything the message disappeared and the blue window titled, "Find3M" says that it's almost done and to wait for the report log to pop up.....Here it is....
ComboFix 09-11-23.02 - Steve 11/23/2009 23:55.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.887 [GMT -5:00]
Running from: E:\commy.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Steve\Local Settings\Application Data\ejldpe
c:\documents and settings\Steve\Local Settings\Application Data\ejldpe\ojaisysguard.exe
c:\documents and settings\Steve\Local Settings\Application Data\gxryes
c:\documents and settings\Steve\Local Settings\Application Data\gxryes\oqcwsysguard.exe
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-3073028524-1786658244-3844812114-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\bcmwl5.inf
c:\windows\system32\tmp.reg
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.
2009-11-24 05:02 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-24 00:18 . 2009-11-24 00:18 -------- d--h--w- c:\windows\PIF
2009-11-18 17:29 . 2009-11-18 17:29 -------- d-----w- c:\documents and settings\Shann\Local Settings\Application Data\Google
2009-11-04 01:06 . 2009-11-04 01:06 -------- d-sh--w- c:\documents and settings\Steve\IECompatCache
2009-11-02 12:23 . 2009-11-02 12:23 -------- d-----w- c:\documents and settings\Tammy\Local Settings\Application Data\Microsoft
2009-11-02 12:22 . 2009-11-02 12:22 -------- d-sh--w- c:\documents and settings\Shann\IECompatCache
2009-11-02 12:21 . 2009-11-02 12:21 -------- d-sh--w- c:\documents and settings\Shann\PrivacIE
2009-11-02 12:20 . 2009-11-03 02:24 -------- d-----w- c:\documents and settings\Shann\Application Data\ArcSoft
2009-11-02 12:20 . 2009-11-02 12:20 -------- d-sh--w- c:\documents and settings\Shann\IETldCache
2009-11-02 12:14 . 2009-11-02 12:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-02 12:13 . 2009-11-02 12:13 -------- d-sh--w- c:\documents and settings\Landon\PrivacIE
2009-11-02 12:11 . 2009-11-02 12:11 -------- d-sh--w- c:\documents and settings\Landon\IETldCache
2009-11-02 01:54 . 2009-11-02 01:54 -------- d-sh--w- c:\documents and settings\Steve\PrivacIE
2009-11-02 01:50 . 2009-11-02 01:50 -------- d-sh--w- c:\documents and settings\Steve\IETldCache
2009-11-02 01:45 . 2009-11-02 01:45 -------- d-----w- c:\windows\ie8updates
2009-11-02 01:40 . 2009-11-02 01:42 -------- dc-h--w- c:\windows\ie8
2009-11-02 01:37 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-11-02 01:37 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-02 01:37 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-01 18:08 . 2009-11-01 18:08 -------- d-----w- c:\documents and settings\Landon\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 04:17 . 2009-08-08 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 21:12 . 2009-06-05 00:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-18 22:57 . 2009-06-04 23:49 -------- d-----w- c:\program files\McAfee
2009-11-10 23:34 . 2004-08-26 06:09 -------- d-----w- c:\program files\Quicken
2009-11-03 12:46 . 2009-11-02 12:23 -------- d-----w- c:\documents and settings\Tammy\Application Data\ArcSoft
2009-10-27 12:46 . 2004-08-26 05:11 -------- d-----w- c:\program files\Java
2009-10-27 12:44 . 2009-09-30 11:40 152576 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-19 09:46 . 2009-07-30 20:46 -------- d-----w- c:\documents and settings\Steve\Application Data\U3
2009-10-11 02:01 . 2009-10-11 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-11 02:01 . 2009-10-11 02:01 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-10 20:35 . 2007-01-24 01:47 -------- d--h--w- c:\documents and settings\Steve\Application Data\Move Networks
2009-10-10 20:12 . 2009-10-10 20:12 -------- d-----w- c:\documents and settings\Steve\Application Data\ArcSoft
2009-10-10 19:45 . 2004-08-26 05:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 19:43 . 2004-12-25 07:28 -------- d-----w- c:\program files\Common Files\Real
2009-10-10 19:42 . 2005-11-26 23:08 -------- d-----w- c:\program files\QuickTime
2009-10-10 19:12 . 2005-08-21 03:35 -------- d-----w- c:\program files\OfficeUpdate11
2009-10-10 19:11 . 2006-04-12 12:59 -------- d-----w- c:\program files\Microsoft Money
2009-10-10 19:11 . 2004-08-26 05:29 -------- d-----w- c:\program files\HPQ
2009-10-10 19:11 . 2004-08-26 06:16 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-10 19:07 . 2006-10-06 01:19 -------- d-----w- c:\program files\DivX
2009-10-10 18:52 . 2005-01-27 18:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-10 13:56 . 2009-10-10 13:56 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-10-10 13:56 . 2009-10-10 13:56 -------- d-----w- c:\program files\ArcSoft
2009-10-10 13:54 . 2009-10-10 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FNET
2009-10-10 13:54 . 2009-10-10 13:54 7040 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2009-10-10 13:54 . 2009-10-10 13:54 17792 ----a-w- c:\windows\system32\drivers\FNETTBOH.SYS
2009-10-10 13:54 . 2009-10-10 13:54 -------- d-----w- c:\program files\TurboHddUsb
2009-10-10 13:51 . 2009-10-10 13:51 -------- d-----w- c:\documents and settings\Steve\Application Data\Sony Corporation
2009-10-06 01:47 . 2004-08-26 06:10 -------- d-----w- c:\program files\Sonic
2009-10-06 01:27 . 2009-10-06 01:27 -------- d-----w- c:\program files\Sony
2009-10-06 01:26 . 2009-10-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-09-29 09:35 . 2009-09-29 09:35 64000 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-29 09:35 . 2009-09-29 09:35 52288 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-29 09:35 . 2009-09-29 09:35 50688 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-29 09:35 . 2009-09-29 09:35 114688 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-22 03:23 . 2009-09-22 03:23 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-16 14:22 . 2009-06-04 23:51 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-06-04 23:51 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-06-04 23:51 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-03-25 15:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-06-04 23:46 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 23:56 . 2009-09-14 23:55 17204720 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\rp\.exe
2009-09-14 23:55 . 2009-09-14 23:55 8406648 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-14 23:55 . 2009-09-14 23:55 10309448 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-08-08 22:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-08-08 22:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2002-07-26 22:02 . 2008-12-14 23:29 153088 ----a-w- c:\program files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2006-02-16 1346560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-23 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-07 4730880]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"TurboHddUsb"="c:\program files\TurboHddUsb\TurboHddUsb.exe" [2009-10-10 3327488]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-01-30 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-04-07 323584]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2004-1-29 57344]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-10-10 278528]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [10/10/2009 8:54 AM 7040]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [9/1/2004 1:50 PM 188416]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2/10/2005 10:55 AM 62976]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/4/2009 6:53 PM 203280]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\Steve\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Steve\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [10/10/2009 8:54 AM 17792]
.
Contents of the 'Scheduled Tasks' folder
2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-04 16:22]
2009-06-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-04 16:22]
2009-11-24 c:\windows\Tasks\User_Feed_Synchronization-{1DCDF151-777F-417D-B7A8-4329496A3143}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\7vrkbd4x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/|http://www.att.net/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Steve\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-atggwjqp - c:\documents and settings\Steve\Local Settings\Application Data\ejldpe\ojaisysguard.exe
HKCU-Run-xuburghx - c:\documents and settings\Steve\Local Settings\Application Data\gxryes\oqcwsysguard.exe
HKLM-Run-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
HKLM-Run-atggwjqp - c:\documents and settings\Steve\Local Settings\Application Data\ejldpe\ojaisysguard.exe
HKLM-Run-xuburghx - c:\documents and settings\Steve\Local Settings\Application Data\gxryes\oqcwsysguard.exe
AddRemove-Broadcom 802.11b Network Adapter - c:\windows\system32\BCMWLU00.exe verbose
AddRemove-Hollywood FX for Studio - c:\windows\unvise32.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-NVIDIA nForce Drivers - c:\windows\system32\nvuninst.exe Uninstall
AddRemove-Pixie 2 - c:\windows\unvise32.exe
AddRemove-proDAD-Heroglyph-2.5 - c:\program files\proDAD\Heroglyph-2.5\uninstall.exe uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 00:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?1?3?5??p???? ???B???????????????B? ??????
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
Completion time: 2009-11-24 00:14
ComboFix-quarantined-files.txt 2009-11-24 05:13
Pre-Run: 31,810,183,168 bytes free
Post-Run: 33,790,844,928 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 2DCAFB53E78442D7323FDE724CB627BF