Hi everyone...I'm new to this site and have run "combo fix" on my computer. The results are right here. Can anyone tell me what I need to do from here? I would sure appreciate any help I can get!!! Thanks
ComboFix 10-01-16.04 - Chris 01/17/2010 13:36:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.184 [GMT -8:00]
Running from: c:\documents and settings\Chris\Desktop\commy.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\err.log
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1229272821-113007714-1343024091-1005
c:\windows\Downloaded Program Files\dlhelper.dll
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24
c:\windows\kb913800.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.
2010-01-17 21:29 . 2010-01-17 21:30 -------- d-----w- C:\commy
2010-01-17 20:53 . 2010-01-17 21:00 -------- d-----w- c:\documents and settings\Chris\.SunDownloadManager
2010-01-16 06:13 . 2010-01-16 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-01-16 06:12 . 2010-01-16 06:12 -------- d-----w- c:\program files\Security Task Manager
2010-01-15 18:06 . 2010-01-15 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2010-01-13 20:10 . 2010-01-13 20:10 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2010-01-13 20:09 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 20:09 . 2010-01-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 20:09 . 2010-01-13 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 20:09 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 05:11 . 2010-01-13 05:11 -------- d-----w- c:\program files\TrendMicro
2010-01-12 05:27 . 2010-01-16 01:44 -------- d-----w- c:\program files\Princess Isabella - A Witch's Curse
2010-01-12 05:14 . 2010-01-12 05:15 -------- d-----w- c:\program files\Word Whomp Underground
2009-12-27 18:16 . 2009-12-27 18:16 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-27 18:14 . 2009-12-27 18:14 -------- d-----w- c:\program files\Xvid
2009-12-23 07:54 . 2000-06-21 05:13 256 -c----r- c:\documents and settings\Chris\BRMSI04.BIN
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 05:47 . 2007-07-17 07:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-13 05:11 . 2010-01-13 05:11 388096 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-12 05:32 . 2009-12-15 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-12 05:16 . 2008-01-12 13:27 -------- d-----w- c:\documents and settings\Chris\Application Data\Pogo Games
2010-01-10 22:02 . 2009-12-15 02:24 -------- d-----w- c:\program files\bfgclient
2009-12-27 16:17 . 2009-11-02 02:16 -------- d-----w- c:\program files\Graboid
2009-12-27 16:15 . 2009-03-19 04:39 -------- d-----w- c:\program files\RealArcade
2009-12-27 00:17 . 2009-03-06 02:21 46 -c--a-w- c:\windows\popcinfot.dat
2009-12-26 23:53 . 2009-03-06 02:21 -------- d-----w- c:\program files\PopCap Games
2009-12-15 04:53 . 2009-12-15 04:52 -------- d-----w- c:\program files\Lost Secrets - Bermuda Triangle
2009-12-15 03:44 . 2009-12-15 03:44 -------- d-----w- c:\documents and settings\Chris\Application Data\Ludia
2009-12-15 03:44 . 2009-12-15 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ludia
2009-12-15 02:55 . 2009-12-15 02:55 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst
2009-12-15 02:38 . 2009-12-15 02:37 -------- d-----w- c:\program files\The Price is Right
2009-12-13 20:50 . 2009-06-06 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-21 15:51 . 2005-08-16 10:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 10:03 . 2009-09-29 00:56 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-10-20 10:02 . 2009-10-20 10:03 63984 ------w- c:\windows\system32\pxwma.dll
2009-10-16 19:11 . 2009-10-16 19:10 1536 -csha-w- c:\program files\ehthumbs.db
2006-12-12 19:33 . 2006-12-12 19:33 56 --sh--r- c:\windows\system32\0E91058025.sys
2007-07-24 08:02 . 2006-10-26 15:56 56 --sh--r- c:\windows\system32\11C6F2E73F.sys
2007-07-24 08:02 . 2006-10-26 15:56 3454 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
backup=c:\windows\pss\Introducing Media Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\LimeWire On Startup.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorFX
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\First Principle Group]
2007-08-15 15:23 1802240 -c--a-w- c:\program files\First Principle Group\fpg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 20:00 28739 -c--a-w- c:\program files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-06-03 04:44 1660952 ----a-w- c:\program files\Messenger\Msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 06:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
R0 gyyiaizk;gyyiaizk;c:\windows\system32\drivers\gbgppprj.dat --> c:\windows\system32\drivers\gbgppprj.dat [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
S2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe --> c:\program files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 9:39 AM 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 5:28 AM 43392]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [5/19/2009 9:40 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [5/19/2009 9:40 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [5/19/2009 9:40 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [5/19/2009 9:39 PM 10368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/13/2010 12:09 PM 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 zgchsdiag;ZTE CDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgchsdiag.sys [2/24/2009 1:06 AM 105216]
S3 zgchsmdm;ZTE CDMA Handset USB Modem Proprietary;c:\windows\system32\drivers\zgchsmdm.sys [2/24/2009 1:06 AM 105216]
.
Contents of the 'Scheduled Tasks' folder
2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{CD1610B7-52EE-4D17-8807-655400EF8D00}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{FC64643E-3601-416C-A5AF-37C118D6D0E3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1255116686&.rand=4365hl81uk498
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: mcafee.com
Trusted Zone: yahoo.com\login
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
BHO-{3220349D-1845-4A6A-B140-8440BBFC6627} - c:\windows\system32\clusap.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-aawservice
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Microsoft Works Portfolio - c:\program files\Microsoft Works\WksSb.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WorksFUD - c:\program files\Microsoft Works\wkfud.exe
AddRemove-Ten Thousand Dice - c:\program files\ENW Software\Ten Thousand Dice\Uninst.isu
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 13:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gyyiaizk]
"ImagePath"="system32\drivers\gbgppprj.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2485250196-3517679154-1249815061-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
Completion time: 2010-01-17 13:56:21
ComboFix-quarantined-files.txt 2010-01-17 21:56
Pre-Run: 123,566,583,808 bytes free
Post-Run: 124,522,319,872 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E2EB0481E8233DB6D9D18514C04CA199
ComboFix 10-01-16.04 - Chris 01/17/2010 13:36:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.184 [GMT -8:00]
Running from: c:\documents and settings\Chris\Desktop\commy.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\err.log
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1229272821-113007714-1343024091-1005
c:\windows\Downloaded Program Files\dlhelper.dll
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24
c:\windows\kb913800.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.
2010-01-17 21:29 . 2010-01-17 21:30 -------- d-----w- C:\commy
2010-01-17 20:53 . 2010-01-17 21:00 -------- d-----w- c:\documents and settings\Chris\.SunDownloadManager
2010-01-16 06:13 . 2010-01-16 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-01-16 06:12 . 2010-01-16 06:12 -------- d-----w- c:\program files\Security Task Manager
2010-01-15 18:06 . 2010-01-15 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2010-01-13 20:10 . 2010-01-13 20:10 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2010-01-13 20:09 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 20:09 . 2010-01-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 20:09 . 2010-01-13 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 20:09 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 05:11 . 2010-01-13 05:11 -------- d-----w- c:\program files\TrendMicro
2010-01-12 05:27 . 2010-01-16 01:44 -------- d-----w- c:\program files\Princess Isabella - A Witch's Curse
2010-01-12 05:14 . 2010-01-12 05:15 -------- d-----w- c:\program files\Word Whomp Underground
2009-12-27 18:16 . 2009-12-27 18:16 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-27 18:14 . 2009-12-27 18:14 -------- d-----w- c:\program files\Xvid
2009-12-23 07:54 . 2000-06-21 05:13 256 -c----r- c:\documents and settings\Chris\BRMSI04.BIN
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 05:47 . 2007-07-17 07:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-13 05:11 . 2010-01-13 05:11 388096 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-12 05:32 . 2009-12-15 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-12 05:16 . 2008-01-12 13:27 -------- d-----w- c:\documents and settings\Chris\Application Data\Pogo Games
2010-01-10 22:02 . 2009-12-15 02:24 -------- d-----w- c:\program files\bfgclient
2009-12-27 16:17 . 2009-11-02 02:16 -------- d-----w- c:\program files\Graboid
2009-12-27 16:15 . 2009-03-19 04:39 -------- d-----w- c:\program files\RealArcade
2009-12-27 00:17 . 2009-03-06 02:21 46 -c--a-w- c:\windows\popcinfot.dat
2009-12-26 23:53 . 2009-03-06 02:21 -------- d-----w- c:\program files\PopCap Games
2009-12-15 04:53 . 2009-12-15 04:52 -------- d-----w- c:\program files\Lost Secrets - Bermuda Triangle
2009-12-15 03:44 . 2009-12-15 03:44 -------- d-----w- c:\documents and settings\Chris\Application Data\Ludia
2009-12-15 03:44 . 2009-12-15 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ludia
2009-12-15 02:55 . 2009-12-15 02:55 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst
2009-12-15 02:38 . 2009-12-15 02:37 -------- d-----w- c:\program files\The Price is Right
2009-12-13 20:50 . 2009-06-06 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-21 15:51 . 2005-08-16 10:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 10:03 . 2009-09-29 00:56 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-10-20 10:02 . 2009-10-20 10:03 63984 ------w- c:\windows\system32\pxwma.dll
2009-10-16 19:11 . 2009-10-16 19:10 1536 -csha-w- c:\program files\ehthumbs.db
2006-12-12 19:33 . 2006-12-12 19:33 56 --sh--r- c:\windows\system32\0E91058025.sys
2007-07-24 08:02 . 2006-10-26 15:56 56 --sh--r- c:\windows\system32\11C6F2E73F.sys
2007-07-24 08:02 . 2006-10-26 15:56 3454 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
backup=c:\windows\pss\Introducing Media Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\LimeWire On Startup.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorFX
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\First Principle Group]
2007-08-15 15:23 1802240 -c--a-w- c:\program files\First Principle Group\fpg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 20:00 28739 -c--a-w- c:\program files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-06-03 04:44 1660952 ----a-w- c:\program files\Messenger\Msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 06:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
R0 gyyiaizk;gyyiaizk;c:\windows\system32\drivers\gbgppprj.dat --> c:\windows\system32\drivers\gbgppprj.dat [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
S2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe --> c:\program files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 9:39 AM 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 5:28 AM 43392]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [5/19/2009 9:40 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [5/19/2009 9:40 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [5/19/2009 9:40 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [5/19/2009 9:39 PM 10368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/13/2010 12:09 PM 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 zgchsdiag;ZTE CDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgchsdiag.sys [2/24/2009 1:06 AM 105216]
S3 zgchsmdm;ZTE CDMA Handset USB Modem Proprietary;c:\windows\system32\drivers\zgchsmdm.sys [2/24/2009 1:06 AM 105216]
.
Contents of the 'Scheduled Tasks' folder
2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{CD1610B7-52EE-4D17-8807-655400EF8D00}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{FC64643E-3601-416C-A5AF-37C118D6D0E3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1255116686&.rand=4365hl81uk498
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: mcafee.com
Trusted Zone: yahoo.com\login
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
BHO-{3220349D-1845-4A6A-B140-8440BBFC6627} - c:\windows\system32\clusap.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-aawservice
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Microsoft Works Portfolio - c:\program files\Microsoft Works\WksSb.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WorksFUD - c:\program files\Microsoft Works\wkfud.exe
AddRemove-Ten Thousand Dice - c:\program files\ENW Software\Ten Thousand Dice\Uninst.isu
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 13:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gyyiaizk]
"ImagePath"="system32\drivers\gbgppprj.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2485250196-3517679154-1249815061-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
Completion time: 2010-01-17 13:56:21
ComboFix-quarantined-files.txt 2010-01-17 21:56
Pre-Run: 123,566,583,808 bytes free
Post-Run: 124,522,319,872 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E2EB0481E8233DB6D9D18514C04CA199