Here is the log file from Combo Fix. Please advise me as to what I should do now.
ComboFix 10-01-27.06 - Cynthia Devonshire 01/28/2010 10:35:30.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT -5:00]
Running from: c:\documents and settings\Cynthia Devonshire\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\s
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\comrepl.exe
c:\windows\system32\reboot.txt
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.
2010-01-27 21:33 . 2010-01-28 15:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 16:54 . 2010-01-28 13:37 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-27 16:13 . 2010-01-27 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-27 15:56 . 2010-01-27 15:56 -------- d-----w- c:\program files\Secunia
2010-01-26 03:10 . 2010-01-26 03:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-25 21:45 . 2010-01-28 03:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-25 00:54 . 2010-01-25 00:54 -------- d-----w- c:\documents and settings\Cynthia Devonshire\Application Data\Malwarebytes
2010-01-25 00:53 . 2010-01-25 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-24 22:59 . 2010-01-24 22:59 -------- d-----w- C:\spoolerlogs
2010-01-24 22:53 . 2010-01-24 22:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-13 13:46 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:30 . 2010-01-12 20:31 -------- d-----w- c:\program files\QuickTime
2010-01-12 20:30 . 2010-01-12 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-12 13:55 . 2010-01-12 13:55 -------- d-----w- c:\program files\Network Stumbler
2010-01-03 17:56 . 2010-01-03 17:56 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 17:59 . 2010-01-27 17:59 348160 ----a-w- c:\documents and settings\Cynthia Devonshire\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62c8acb8-n\msvcr71.dll
2010-01-27 17:59 . 2010-01-27 17:59 503808 ----a-w- c:\documents and settings\Cynthia Devonshire\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62c8acb8-n\msvcp71.dll
2010-01-27 17:59 . 2010-01-27 17:59 499712 ----a-w- c:\documents and settings\Cynthia Devonshire\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62c8acb8-n\jmc.dll
2010-01-27 17:59 . 2010-01-27 17:59 61440 ----a-w- c:\documents and settings\Cynthia Devonshire\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-454b2504-n\decora-sse.dll
2010-01-27 17:59 . 2010-01-27 17:59 12800 ----a-w- c:\documents and settings\Cynthia Devonshire\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-454b2504-n\decora-d3d.dll
2010-01-27 16:36 . 2004-06-22 20:02 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 16:35 . 2004-06-22 20:02 -------- d-----w- c:\program files\Java
2010-01-27 16:13 . 2010-01-27 16:13 152576 ----a-w- c:\documents and settings\Cynthia Devonshire\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-27 15:42 . 2008-08-25 19:41 -------- d-----w- c:\program files\CCleaner
2010-01-26 03:27 . 2004-09-21 00:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-25 15:23 . 2007-02-15 20:49 -------- d-----w- c:\documents and settings\Cynthia Devonshire\Application Data\Skype
2010-01-25 14:45 . 2008-02-24 20:40 -------- d-----w- c:\documents and settings\Cynthia Devonshire\Application Data\skypePM
2010-01-25 13:12 . 2008-10-29 21:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 20:34 . 2008-04-06 18:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-14 16:12 . 2009-10-03 20:43 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 00:34 . 2009-09-02 01:06 706912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-03 17:56 . 2007-02-15 20:47 -------- d-----r- c:\program files\Skype
2010-01-03 17:56 . 2007-02-15 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-21 19:14 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14 . 2007-08-13 23:54 11070464 ----a-w- c:\windows\system32\ieframe(2).dll
2009-12-17 22:14 . 2009-07-05 20:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-11-21 15:51 . 2002-08-29 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2005-07-27 13:18 . 2005-07-27 01:17 56 --sh--r- c:\windows\SYSTEM32\E128D5E257.sys
2005-07-27 13:18 . 2005-07-27 01:12 3766 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\Cynthia Devonshire\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 20:17 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2009.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk
backup=c:\windows\pss\Event Planner Reminder 2009.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\U.S. Robotics Wireless Manager UI]
c:\windows\system32\WLTRAY [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 06:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 18:51 2335880 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-02-02 20:32 155648 ----a-w- c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 06:04 122933 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 15:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-07 15:06 133104 ----atw- c:\documents and settings\Cynthia Devonshire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-01-30 23:55 196608 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-30 23:55 311296 ----a-w- c:\windows\SYSTEM32\hphmon03.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-23 19:44 101136 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-05-19 23:38 1957888 ------w- c:\progra~1\Ahead\NEROBA~1\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-01-08 20:26 4866048 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-01-08 20:26 323584 ----a-w- c:\windows\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-02-26 00:28 212992 ----a-w- c:\progra~1\Nero\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-12-19 17:49 86016 ----a-w- c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\Common Files\\DeLorme\\DeLSerial\\DeLSerial.exe"=
"\\\\192.168.2.63\\c$\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"\\\\192.168.2.63\\c$\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 VirtualSerial;VirtualSerial;c:\windows\SYSTEM32\DRIVERS\virtualserial.sys [6/12/2006 4:22 PM 106336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [6/17/2009 7:20 AM 12648]
S0 hiyxod;hiyxod;c:\windows\system32\drivers\bagsi.sys --> c:\windows\system32\drivers\bagsi.sys [?]
S0 uqpblp;uqpblp;c:\windows\system32\drivers\hgexv.sys --> c:\windows\system32\drivers\hgexv.sys [?]
S2 gupdate1c9aa7a24bce970;Google Update Service (gupdate1c9aa7a24bce970);c:\program files\Google\Update\GoogleUpdate.exe [3/21/2009 6:09 PM 133104]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\BRGSp50.sys [10/20/2009 1:28 PM 20608]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\DRIVERS\hphius09.sys [1/30/2003 6:55 PM 18864]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 23:09]
2010-01-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.cnn.com/uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%sIE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Cynthia Devonshire\Application Data\Mozilla\Firefox\Profiles\87s1pd9j.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage -
hxxp://www.usatoday.com/FF - prefs.js: keyword.URL -
hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=aMRon0RAXda6DAG6VFaZ0g&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\Cynthia Devonshire\Application Data\Mozilla\Firefox\Profiles\87s1pd9j.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\Cynthia Devonshire\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\Cynthia Devonshire\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~2\bar\6.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~2\bar\6.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~2\bar\6.bin\M3PLUGIN.DLL
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-28 10:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\LgNotify.dll
- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\System32\RegSrvc.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\System32\1XConfig.exe
.
**************************************************************************
.
Completion time: 2010-01-28 10:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 15:56
Pre-Run: 32,613,044,224 bytes free
Post-Run: 32,686,862,336 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - FF2833AB5890B4BB1EED330F49A4C68A