finished the combofix program, here are the results. Thank you for your time.
ComboFix 09-10-30.01 - Adam 10/31/2009 11:05.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3001 [GMT -5:00]
Running from: c:\documents and settings\Adam\Desktop\Commy.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ZangoSA
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA_kyf_update.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
c:\documents and settings\Tiffany\Application Data\Zango
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.idx
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.dat
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.txt
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\default.cdf
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_511745-514279.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_categorize.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_comparison.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_explorer-Mails.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_explorer-people.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_favorites.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Games.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Hide.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_hotbarcom.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Hotmail.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_hsskin.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemster.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemsterie.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jemsteruk.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_jobsearch.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_Mails.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_new.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_premium.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_reun.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_ringtones.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_SearchBoxTrapper.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_searchfor.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_searchgo.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_weather.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\Default_yellowpages.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\email-def-511724-548964.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\email-def-511724-9595.mnu
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.idx
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.dat
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.cdf
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.txt
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.res
c:\documents and settings\Tiffany\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
c:\program files\Freeze.com Toolbar
c:\program files\Freeze.com Toolbar\basis.xml
c:\program files\Freeze.com Toolbar\freeze.bmp
c:\program files\Freeze.com Toolbar\frzToolbar_logo.bmp
c:\program files\Freeze.com Toolbar\icons.bmp
c:\program files\Freeze.com Toolbar\options.html
c:\program files\Freeze.com Toolbar\powered_yahoo_search.bmp
c:\program files\Freeze.com Toolbar\version.txt
c:\windows\kb913800.exe
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
F:\Autorun.inf
Infected copy of c:\windows\system32\drivers\iastor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.
2009-10-31 16:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 16:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-29 15:23 . 2009-10-29 15:23 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-25 06:11 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 16:33 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-22 16:33 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-22 16:33 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-22 16:33 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-22 16:32 . 2009-10-22 16:33 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-22 16:32 . 2009-10-22 16:32 -------- d-----w- c:\program files\McAfee.com
2009-10-22 16:30 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-22 13:19 . 2009-10-22 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-22 13:19 . 2009-10-31 16:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 13:19 . 2009-10-22 13:19 -------- d-----w- c:\documents and settings\Adam\Application Data\SUPERAntiSpyware.com
2009-10-22 13:09 . 2009-10-22 13:09 -------- d-----w- c:\documents and settings\Adam\Application Data\Malwarebytes
2009-10-22 13:09 . 2009-10-22 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 01:11 . 2009-10-22 01:11 -------- d-----w- c:\program files\Common Files\eSellerate
2009-10-21 19:41 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-21 19:41 . 2009-10-21 19:41 -------- d-----w- c:\program files\Panda Security
2009-10-21 15:14 . 2009-10-21 15:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-21 13:48 . 2009-10-21 13:49 -------- d-----w- c:\program files\ATT-SST
2009-10-21 13:23 . 2009-10-21 13:29 -------- d-----w- c:\program files\ATT-PRT22-WISE
2009-10-21 12:59 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-10-21 06:16 . 2009-10-25 19:26 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-21 04:30 . 2009-10-21 15:15 0 ----a-w- c:\windows\win32k.sys
2009-10-21 04:30 . 2009-10-21 04:30 271 ----a-w- c:\documents and settings\Adam\Local Settings\Application Data\pelf.vbs
2009-10-21 04:27 . 2009-10-21 04:27 271 ----a-w- c:\documents and settings\Adam\Local Settings\Application Data\hlgp.vbs
2009-10-16 15:00 . 2009-10-20 18:49 -------- d-----w- c:\windows\system32\Adobe
2009-10-04 16:46 . 2009-10-21 18:20 -------- d-----w- c:\documents and settings\Adam\Application Data\Move Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 16:21 . 2009-02-03 22:56 -------- d-----w- c:\documents and settings\Adam\Application Data\DNA
2009-10-31 16:21 . 2006-03-13 00:04 -------- d-----w- c:\program files\DNA
2009-10-31 16:02 . 2009-02-03 22:56 -------- d-----w- c:\documents and settings\Adam\Application Data\BitTorrent
2009-10-31 00:06 . 2007-11-08 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-30 19:55 . 2005-12-24 05:00 -------- d-----w- c:\program files\Dl_cats
2009-10-30 03:32 . 2008-12-08 03:48 -------- d-----w- c:\program files\WinTV
2009-10-30 00:19 . 2005-12-16 08:29 -------- d-----w- c:\program files\McAfee
2009-10-22 16:35 . 2005-12-16 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-22 16:19 . 2005-12-16 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-10-22 14:56 . 2005-12-16 08:25 -------- d-----w- c:\program files\WildTangent
2009-10-22 14:54 . 2008-11-23 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-10-22 14:51 . 2005-12-27 04:53 -------- d-----w- c:\program files\EarthLink
2009-10-22 14:48 . 2008-01-29 00:52 -------- d-----w- c:\program files\Cap'n Crunch
2009-10-22 14:48 . 2005-12-16 08:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 14:04 . 2005-12-16 08:22 -------- d-----w- c:\program files\Viewpoint
2009-10-22 11:10 . 2005-12-16 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-21 15:30 . 2008-01-03 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-21 14:58 . 2009-01-12 14:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 14:39 . 2007-06-24 22:11 -------- d-----w- c:\program files\Common Files\Motive
2009-10-21 14:37 . 2007-06-24 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-10-21 14:32 . 2007-07-01 04:53 -------- d-----w- c:\documents and settings\Adam\Application Data\Motive
2009-10-21 13:00 . 2009-03-06 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-21 12:59 . 2009-01-02 21:34 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-21 06:52 . 2006-03-29 23:29 120816 -c--a-w- c:\documents and settings\Tiffany\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-16 15:25 . 2009-08-27 18:12 -------- d-----w- c:\documents and settings\Adam\Application Data\dvdcss
2009-10-14 19:06 . 2008-10-12 06:16 101188 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-13 12:25 . 2005-12-27 03:01 120816 -c--a-w- c:\documents and settings\Adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 08:05 . 2008-01-03 02:18 -------- d-----w- c:\program files\Microsoft Works
2009-09-17 19:43 . 2009-09-17 19:43 -------- d-----w- c:\documents and settings\Adam\Application Data\McAfee
2009-09-17 19:22 . 2007-12-12 03:32 -------- d-----w- c:\program files\The Weather Channel FW
2009-09-16 15:40 . 2009-01-02 21:40 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-16 15:40 . 2009-09-16 15:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 15:57 . 2005-12-16 08:12 -------- d-----w- c:\program files\Java
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2005-08-16 10:40 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-01-03 03:25 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-01-03 03:25 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-08-16 10:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-02-16 19:18 . 2009-02-16 19:18 4823040 -c----w- c:\program files\ehthumbs.db
2006-11-05 22:36 . 2006-11-05 22:36 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-05-03 21:01 . 2005-12-27 03:00 104 -csh--r- c:\windows\system32\7D6C9378DC.sys
2008-05-03 21:01 . 2005-12-27 03:00 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-03 342848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-13 180269]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-03-02 18944]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
c:\documents and settings\Tiffany\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\Adam\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Adam\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-10-21 73728]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-22 385024]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-16 156784]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-6-24 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-16 24576]
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-5 813584]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-02-18 18:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/21/2009 2:41 PM 28552]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/22/2009 11:35 AM 203280]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [7/8/2008 7:35 PM 27904]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [7/8/2008 7:37 PM 1198720]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [7/8/2008 7:41 PM 1191552]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Medcin;Medcin;c:\program files\Medicomp Systems, Inc\Server\medcinserv --> c:\program files\Medicomp Systems, Inc\Server\medcinserv [?]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 krdpdre;krdpdre;\??\c:\docume~1\Adam\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\Adam\LOCALS~1\Temp\krdpdre.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 03:39]
2009-10-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]
2009-10-22 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page =
hxxp://www.att.net/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = 127.0.0.1;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-OneStep - c:\program files\OneStep\uninstall.exe
AddRemove-SBC Self Support Tool - c:\docume~1\Adam\LOCALS~1\Temp\SST\CustomUninstall.exe
AddRemove-SBC.MCCInstall - c:\windows\Motive\SBC\MCCUninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 11:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll iastor.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
iastor.sys @ 0xB9E36000 0xD4E80 bytes
\Driver\iastor [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xB9E48B10 != 0xBA0C98B4 sfsync02.sys
\Driver\iastor IRP hooks detected !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Medcin]
"ImagePath"="c:\program files\Medicomp Systems, Inc\Server\medcinserv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll
- - - - - - - > 'explorer.exe'(4868)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\dlcccoms.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\Memeo\AutoBackup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2009-10-31 11:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 16:27
Pre-Run: 90,154,369,024 bytes free
Post-Run: 90,055,925,760 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - CB139586E6036DB46EAD6BFB98D68A41