ComboFix 10-12-09.04 - Owner 12/10/2010 13:26:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.807 [GMT -6]
Running from: f:\documents and settings\Owner\Desktop\commy.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
f:\documents and settings\Owner\My Documents\New Folder\Temporary Internet Files\mccA2.tmp
F:\setup.exe
f:\windows\Downloaded Program Files\DM.0
f:\windows\Downloaded Program Files\DM.0\DMService.exe
f:\windows\Downloaded Program Files\DM.0\WhlMgr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DMService
-------\Legacy_DMService
-------\Service_DMService
-------\Service_DMService
((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.
2010-12-10 18:50 . 2010-12-10 18:50 -------- d-----w- F:\_OTL
2010-12-10 18:31 . 2010-11-10 04:33 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202A54CB-7A6F-44DB-8751-4F9FBB456A31}\mpengine.dll
2010-12-09 18:37 . 2010-11-16 18:01 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{AE027AA8-F938-4295-9AF4-07E12A34BA97}\mpengine.dll
2010-12-09 05:30 . 2010-12-09 05:31 -------- d-----w- f:\documents and settings\Administrator
2010-12-06 04:05 . 2010-12-06 21:13 -------- d-----w- f:\program files\Common Files\PC Tools
2010-12-06 01:09 . 2010-12-06 01:09 -------- d-----w- f:\program files\STOPzilla!
2010-12-05 00:26 . 2010-12-05 00:26 -------- d-----w- F:\Cache
2010-12-04 23:40 . 2010-12-04 23:40 82944 ----a-w- f:\windows\system32\drivers\6973E8.tmp
2010-12-01 00:07 . 2010-12-01 00:07 -------- d-----w- f:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2010-11-22 22:56 . 2010-11-22 22:56 546256 ----a-r- f:\windows\system32\SZComp5.dll
2010-11-22 22:56 . 2010-11-22 22:56 452048 ----a-r- f:\windows\system32\SZBase5.dll
2010-11-22 22:56 . 2010-11-22 22:56 398800 ----a-r- f:\windows\system32\IS3DBA5.dll
2010-11-22 22:56 . 2010-11-22 22:56 28624 ----a-r- f:\windows\system32\IS3XDat5.dll
2010-11-22 22:56 . 2010-11-22 22:56 22992 ----a-r- f:\windows\system32\SZIO5.dll
2010-11-22 22:56 . 2010-11-22 22:56 132560 ----a-r- f:\windows\system32\IS3HTUI5.dll
2010-11-22 22:56 . 2010-11-22 22:56 99792 ----a-r- f:\windows\system32\IS3Svc5.dll
2010-11-22 22:56 . 2010-11-22 22:56 99792 ----a-r- f:\windows\system32\IS3Inet5.dll
2010-11-22 22:56 . 2010-11-22 22:56 738768 ----a-r- f:\windows\system32\IS3Base5.dll
2010-11-22 22:56 . 2010-11-22 22:56 67024 ----a-r- f:\windows\system32\IS3Hks5.dll
2010-11-22 22:56 . 2010-11-22 22:56 390608 ----a-r- f:\windows\system32\IS3UI5.dll
2010-11-22 22:56 . 2010-11-22 22:56 230864 ----a-r- f:\windows\system32\IS3Win325.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:42 . 2010-02-27 16:00 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2010-02-27 16:00 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-11-16 18:01 . 2009-11-17 23:08 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-10 04:33 . 2010-02-28 08:19 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 16:41 . 2009-11-17 23:08 222080 ------w- f:\windows\system32\MpSigStub.exe
2010-09-18 17:23 . 2004-08-04 10:00 974848 ----a-w- f:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- f:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- f:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- f:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w- f:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"Search Protection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Push Client"="f:\documents and settings\Owner\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-09-17 935240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"ccApp"="f:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="f:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="f:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AppleSyncNotifier"="f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"RoxWatchTray"="f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"MSSE"="f:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
f:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - f:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
R0 szkg5;szkg5;f:\windows\system32\drivers\SZKG.sys [12/7/2009 4:59 PM 61328]
R0 szkgfs;szkgfs;f:\windows\system32\drivers\SZKGFS.sys [5/12/2010 5:01 PM 59280]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;f:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [5/31/2010 2:11 PM 149904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;f:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2010 7:07 PM 102448]
S0 is3srv;is3srv;f:\windows\system32\drivers\is3srv.sys [12/7/2009 4:59 PM 61328]
S2 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 cpuz134;cpuz134;\??\f:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> f:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MotDev;Motorola Inc. USB Device;f:\windows\system32\drivers\motodrv.sys [4/20/2008 9:08 PM 42112]
S3 SavRoam;SAVRoam;f:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 12:27 PM 169200]
.
Contents of the 'Scheduled Tasks' folder
2010-11-30 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-12-10 f:\windows\Tasks\User_Feed_Synchronization-{F07C0FFD-E5E4-4D4E-B810-7CCC811B04B6}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - f:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send Image to Phone - http://www.freeringers.net/ezimage.php
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-Malwarebytes' Anti-Malware_is1 - f:\program files\Malwarebytes' Anti-Malware\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 15:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
f:\windows\system32\l3codeca.acm
f:\windows\system32\scg726.acm
f:\windows\system32\alf2cd.acm
f:\windows\system32\AC3ACM.acm
- - - - - - - > 'explorer.exe'(904)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\mshtml.dll
f:\windows\system32\msls31.dll
f:\windows\IME\SPGRMR.DLL
f:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
f:\windows\system32\l3codeca.acm
f:\windows\system32\scg726.acm
f:\windows\system32\alf2cd.acm
f:\windows\system32\AC3ACM.acm
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
f:\program files\Microsoft Security Essentials\MsMpEng.exe
f:\program files\Common Files\Symantec Shared\ccSetMgr.exe
f:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Symantec AntiVirus\DefWatch.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Motive\McciCMService.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\Symantec AntiVirus\Rtvscan.exe
f:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
f:\program files\Symantec AntiVirus\DoScan.exe
f:\program files\Microsoft ActiveSync\wcescomm.exe
f:\progra~1\MI3AA1~1\rapimgr.exe
f:\windows\system32\HPZipm12.exe
f:\program files\iPod\bin\iPodService.exe
f:\program files\HP\Digital Imaging\bin\hpqgalry.exe
f:\program files\Java\jre6\bin\jucheck.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-12-10 16:00:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 21:59
Pre-Run: 67,134,484,480 bytes free
Post-Run: 69,355,839,488 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - AFD411796D45DF92E3267F52B46D3B80
s the results, I want to thank u again for all your help.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.807 [GMT -6]
Running from: f:\documents and settings\Owner\Desktop\commy.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
f:\documents and settings\Owner\My Documents\New Folder\Temporary Internet Files\mccA2.tmp
F:\setup.exe
f:\windows\Downloaded Program Files\DM.0
f:\windows\Downloaded Program Files\DM.0\DMService.exe
f:\windows\Downloaded Program Files\DM.0\WhlMgr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DMService
-------\Legacy_DMService
-------\Service_DMService
-------\Service_DMService
((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.
2010-12-10 18:50 . 2010-12-10 18:50 -------- d-----w- F:\_OTL
2010-12-10 18:31 . 2010-11-10 04:33 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202A54CB-7A6F-44DB-8751-4F9FBB456A31}\mpengine.dll
2010-12-09 18:37 . 2010-11-16 18:01 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{AE027AA8-F938-4295-9AF4-07E12A34BA97}\mpengine.dll
2010-12-09 05:30 . 2010-12-09 05:31 -------- d-----w- f:\documents and settings\Administrator
2010-12-06 04:05 . 2010-12-06 21:13 -------- d-----w- f:\program files\Common Files\PC Tools
2010-12-06 01:09 . 2010-12-06 01:09 -------- d-----w- f:\program files\STOPzilla!
2010-12-05 00:26 . 2010-12-05 00:26 -------- d-----w- F:\Cache
2010-12-04 23:40 . 2010-12-04 23:40 82944 ----a-w- f:\windows\system32\drivers\6973E8.tmp
2010-12-01 00:07 . 2010-12-01 00:07 -------- d-----w- f:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2010-11-22 22:56 . 2010-11-22 22:56 546256 ----a-r- f:\windows\system32\SZComp5.dll
2010-11-22 22:56 . 2010-11-22 22:56 452048 ----a-r- f:\windows\system32\SZBase5.dll
2010-11-22 22:56 . 2010-11-22 22:56 398800 ----a-r- f:\windows\system32\IS3DBA5.dll
2010-11-22 22:56 . 2010-11-22 22:56 28624 ----a-r- f:\windows\system32\IS3XDat5.dll
2010-11-22 22:56 . 2010-11-22 22:56 22992 ----a-r- f:\windows\system32\SZIO5.dll
2010-11-22 22:56 . 2010-11-22 22:56 132560 ----a-r- f:\windows\system32\IS3HTUI5.dll
2010-11-22 22:56 . 2010-11-22 22:56 99792 ----a-r- f:\windows\system32\IS3Svc5.dll
2010-11-22 22:56 . 2010-11-22 22:56 99792 ----a-r- f:\windows\system32\IS3Inet5.dll
2010-11-22 22:56 . 2010-11-22 22:56 738768 ----a-r- f:\windows\system32\IS3Base5.dll
2010-11-22 22:56 . 2010-11-22 22:56 67024 ----a-r- f:\windows\system32\IS3Hks5.dll
2010-11-22 22:56 . 2010-11-22 22:56 390608 ----a-r- f:\windows\system32\IS3UI5.dll
2010-11-22 22:56 . 2010-11-22 22:56 230864 ----a-r- f:\windows\system32\IS3Win325.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:42 . 2010-02-27 16:00 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2010-02-27 16:00 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-11-16 18:01 . 2009-11-17 23:08 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-10 04:33 . 2010-02-28 08:19 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 16:41 . 2009-11-17 23:08 222080 ------w- f:\windows\system32\MpSigStub.exe
2010-09-18 17:23 . 2004-08-04 10:00 974848 ----a-w- f:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- f:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- f:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- f:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w- f:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"Search Protection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Push Client"="f:\documents and settings\Owner\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-09-17 935240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"ccApp"="f:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="f:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="f:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AppleSyncNotifier"="f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"RoxWatchTray"="f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"MSSE"="f:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
f:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - f:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
R0 szkg5;szkg5;f:\windows\system32\drivers\SZKG.sys [12/7/2009 4:59 PM 61328]
R0 szkgfs;szkgfs;f:\windows\system32\drivers\SZKGFS.sys [5/12/2010 5:01 PM 59280]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;f:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [5/31/2010 2:11 PM 149904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;f:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2010 7:07 PM 102448]
S0 is3srv;is3srv;f:\windows\system32\drivers\is3srv.sys [12/7/2009 4:59 PM 61328]
S2 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 cpuz134;cpuz134;\??\f:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> f:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MotDev;Motorola Inc. USB Device;f:\windows\system32\drivers\motodrv.sys [4/20/2008 9:08 PM 42112]
S3 SavRoam;SAVRoam;f:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 12:27 PM 169200]
.
Contents of the 'Scheduled Tasks' folder
2010-11-30 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-12-10 f:\windows\Tasks\User_Feed_Synchronization-{F07C0FFD-E5E4-4D4E-B810-7CCC811B04B6}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - f:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send Image to Phone - http://www.freeringers.net/ezimage.php
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-Malwarebytes' Anti-Malware_is1 - f:\program files\Malwarebytes' Anti-Malware\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 15:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
f:\windows\system32\l3codeca.acm
f:\windows\system32\scg726.acm
f:\windows\system32\alf2cd.acm
f:\windows\system32\AC3ACM.acm
- - - - - - - > 'explorer.exe'(904)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\mshtml.dll
f:\windows\system32\msls31.dll
f:\windows\IME\SPGRMR.DLL
f:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
f:\windows\system32\l3codeca.acm
f:\windows\system32\scg726.acm
f:\windows\system32\alf2cd.acm
f:\windows\system32\AC3ACM.acm
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
f:\program files\Microsoft Security Essentials\MsMpEng.exe
f:\program files\Common Files\Symantec Shared\ccSetMgr.exe
f:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Symantec AntiVirus\DefWatch.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Motive\McciCMService.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\Symantec AntiVirus\Rtvscan.exe
f:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
f:\program files\Symantec AntiVirus\DoScan.exe
f:\program files\Microsoft ActiveSync\wcescomm.exe
f:\progra~1\MI3AA1~1\rapimgr.exe
f:\windows\system32\HPZipm12.exe
f:\program files\iPod\bin\iPodService.exe
f:\program files\HP\Digital Imaging\bin\hpqgalry.exe
f:\program files\Java\jre6\bin\jucheck.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-12-10 16:00:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 21:59
Pre-Run: 67,134,484,480 bytes free
Post-Run: 69,355,839,488 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - AFD411796D45DF92E3267F52B46D3B80
s the results, I want to thank u again for all your help.