okay, here is the combo fix log:
ComboFix 10-12-18.02 - מתן 12/20/2010 11:33:28.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1255.972.1037.18.3068.2293 [GMT 2:00]
Running from: c:\documents and settings\מתן\שולחן העבודה\commy.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\XSxS
.
((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
.
2010-12-16 05:05 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 05:04 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-10 17:01 . 2010-12-10 17:01 -------- d-----w- c:\documents and settings\מתן\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-10 17:01 . 2010-12-10 17:01 -------- d-----w- c:\documents and settings\מתן\Application Data\Adobe Mini Bridge CS5
2010-12-09 12:02 . 2010-12-09 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-12-09 11:59 . 2010-12-09 11:59 -------- d-----w- c:\program files\Adobe Media Player
2010-12-07 03:42 . 2010-12-07 03:42 -------- d-----w- C:\BrowserPlusPlugins
2010-12-07 03:42 . 2010-12-07 03:42 -------- d-----w- c:\documents and settings\מתן\Local Settings\Application Data\Yahoo!
2010-11-27 14:00 . 2010-11-27 14:00 -------- d-----w- c:\documents and settings\מתן\Application Data\pdf995
2010-11-27 13:51 . 2010-11-27 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-11-27 13:51 . 2010-11-27 14:01 59 ----a-w- c:\windows\wpd99.drv
2010-11-27 13:51 . 2010-11-27 13:53 -------- d-----w- c:\program files\pdf995
2010-11-27 13:51 . 2010-11-27 13:51 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-11-27 13:51 . 2010-11-27 13:51 249856 ----a-w- c:\windows\system32\pdfmona.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 15:42 . 2009-08-22 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 15:42 . 2009-08-22 13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:15 . 2009-08-19 22:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 15:55 . 2009-10-17 19:27 272739 ----a-w- c:\documents and settings\מתן\Application Data\mdbu.bin
2010-11-06 00:21 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:08 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2006-03-02 12:00 1853184 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 00:17 . 2010-09-28 00:17 37376 ----a-w- c:\windows\system32\libusb0.dll
2010-09-28 00:17 . 2010-09-28 00:17 20992 ----a-w- c:\windows\system32\drivers\libusb0.sys
2010-01-05 15:04 . 2010-06-22 18:27 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\מתן\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\מתן\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\מתן\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PrinterShare"="c:\program files\PrinterShare\paConsole.exe" [2010-07-28 1107456]
"Octoshape Streaming Services"="c:\documents and settings\מתן\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Google Update"="c:\documents and settings\מתן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16862720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-05-29 479232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-12-09 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\\”˜‰ˆ „‡„\…‹‰…\„”’„\
Dropbox.lnk - c:\documents and settings\\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^PHOTOfunSTUDIO.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 00:10 136176 ----atw- c:\documents and settings\מתן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 13:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-03-06 14:48 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-03-06 14:58 1060376 ----a-w- c:\program files\Labtec\WebCam10\WebCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:17 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 13:43 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-05-29 14:58 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 09:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-29 14:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trackstick Manager.exe]
2010-01-06 15:51 2809856 ----a-w- c:\program files\Trackstick Manager\Trackstick Manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=
"c:\\Documents and Settings\\מתן\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15/11/2009 16:27 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/08/2009 12:15 691696]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23/04/2010 19:39 82952]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [02/03/2006 14:00 14336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [15/11/2009 16:31 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/08/2009 04:35 88176]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23/04/2010 19:39 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [23/04/2010 19:39 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [23/04/2010 19:39 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [23/04/2010 19:39 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23/04/2010 19:39 55456]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [20/08/2009 00:17 244368]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23/04/2010 19:39 312584]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [23/04/2010 19:39 88480]
S2 0147501282686806mcinstcleanup;McAfee Application Installer Cleanup (0147501282686806);c:\windows\TEMP\014750~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\014750~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1ca28b79fb728ac;שירות Google Update (gupdate1ca28b79fb728ac);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2009 16:47 133104]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [02/10/2010 08:44 24576]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [28/09/2010 02:17 20992]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [23/04/2010 19:39 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23/04/2010 19:39 83496]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/11/2009 16:26 358600]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-12-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-MATAN-מתן.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-09 11:54]
2010-12-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 14:46]
2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 14:47]
2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 14:47]
2010-12-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
2010-12-17 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
2010-12-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.il/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\מתן\Application Data\Mozilla\Firefox\Profiles\m2cax6dw.matan\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Firebug:
firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-20 11:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-764733703-839522115-1004\Software\Microsoft\ M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\devmgmt.msc"
"File2"="c:\\WINDOWS\\system32\\services.msc"
[HKEY_USERS\S-1-5-21-436374069-764733703-839522115-1004\Software\Microsoft\ M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Settings]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(5360)
c:\windows\system32\WININET.dll
c:\documents and settings\מתן\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-20 11:44:53
ComboFix-quarantined-files.txt 2010-12-20 09:44
ComboFix2.txt 2010-06-12 08:24
Pre-Run: 6,860,120,064 bytes free
Post-Run: 7,542,484,992 bytes free
- - End Of File - - E9AA2A7A1C53223F3C099DEF1790A4F8
here is the Mbytes log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.orgDatabase version: 5317
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20/12/2010 11:57:51
mbam-log-2010-12-20 (11-57-51).txt
Scan type: Quick scan
Objects scanned: 144660
Time elapsed: 7 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
here is the MBRCheck log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EB4000 spub.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6E000 ACPI.sys
0xB7E4E000 fltmgr.sys
0xB7E3D000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7E1E000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7E06000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DCF000 PCTCore.sys
0xB7D73000 mfehidk.sys
0xB7D5C000 KSecDD.sys
0xB7D49000 WudfPf.sys
0xB7CBC000 Ntfs.sys
0xB7C8F000 NDIS.sys
0xB7C75000 Mup.sys
0xB6A5F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6A4B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB7557000 \SystemRoot\system32\DRIVERS\HECI.sys
0xB6A0D000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xB8458000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB69E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB69C1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7547000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8470000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB7527000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7C35000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8128000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8478000 \SystemRoot\system32\drivers\Afc.sys
0xB8138000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8148000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB699E000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8480000 \SystemRoot\system32\drivers\InCDPass.sys
0xB8158000 \SystemRoot\system32\drivers\InCDRm.sys
0xB6965000 \SystemRoot\System32\Drivers\a2s8ignb.SYS
0xB8168000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8703000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB6951000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7C19000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB693A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6929000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB6905000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB68BA000 \SystemRoot\system32\drivers\mfefirek.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8208000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB64EA000 \SystemRoot\system32\DRIVERS\update.sys
0xB855C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8228000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8238000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8602000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB3EE5000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB3EC1000 \SystemRoot\system32\drivers\portcls.sys
0xB8258000 \SystemRoot\system32\drivers\drmk.sys
0xB8606000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86D8000 \SystemRoot\System32\Drivers\Null.SYS
0xB8608000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83E8000 \SystemRoot\System32\drivers\vga.sys
0xB860A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB860C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB43DE000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB3E0D000 \SystemRoot\system32\drivers\InCDFs.sys
0xB83F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB43DA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3DFA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3DA1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3D8E000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB3D68000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB3D40000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3D1E000 \SystemRoot\System32\drivers\afd.sys
0xB8278000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3CF3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3C83000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8298000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3EB9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB3EB5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\LVUSBSta.sys
0xB3EA9000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB8408000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB8410000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB8418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB3EA1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB3E81000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB3BAA000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB3B92000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8652000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3E65000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8430000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86FC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB374E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB357D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB33AC000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3304000 \SystemRoot\system32\DRIVERS\srv.sys
0xB32B4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB2E6B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB31BC000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2EC8000 \SystemRoot\system32\drivers\cfwids.sys
0x9F021000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9EFF9000 \SystemRoot\system32\DRIVERS\sr.sys
0xA5E1C000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB8388000 \??\C:\DOCUME~1\5F05~1\LOCALS~1\Temp\catchme.sys
0x9EFCE000 \SystemRoot\system32\drivers\kmixer.sys
0x9EFB8000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB1DC8000 \SystemRoot\system32\drivers\mfebopk.sys
0x7C950000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
Processes (total 57):
0 System Idle Process
4 System
1056 C:\WINDOWS\system32\smss.exe
1120 csrss.exe
1144 C:\WINDOWS\system32\winlogon.exe
1192 C:\WINDOWS\system32\services.exe
1204 C:\WINDOWS\system32\lsass.exe
1372 C:\WINDOWS\system32\nvsvc32.exe
1444 C:\WINDOWS\system32\svchost.exe
1520 svchost.exe
1644 C:\WINDOWS\system32\svchost.exe
1688 C:\WINDOWS\system32\svchost.exe
1848 svchost.exe
1988 svchost.exe
252 C:\WINDOWS\system32\spoolsv.exe
376 svchost.exe
412 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
424 C:\WINDOWS\system32\svchost.exe
440 C:\Program Files\Bonjour\mDNSResponder.exe
468 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
148 C:\WINDOWS\system32\svchost.exe
1208 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
1468 C:\Program Files\Java\jre6\bin\jqs.exe
1832 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1944 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
556 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
572 C:\WINDOWS\system32\svchost.exe
924 C:\WINDOWS\system32\svchost.exe
1844 C:\WINDOWS\system32\svchost.exe
2068 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2180 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2584 C:\Program Files\Canon\CAL\CALMAIN.exe
3632 C:\WINDOWS\RTHDCPL.exe
3688 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
3720 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3960 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
4016 C:\Program Files\McAfee.com\Agent\mcagent.exe
1612 C:\WINDOWS\system32\rundll32.exe
2120 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2988 C:\WINDOWS\system32\ctfmon.exe
796 C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
3052 alg.exe
2332 C:\WINDOWS\system32\svchost.exe
1744 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
5336 C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
5360 C:\WINDOWS\explorer.exe
5668 C:\WINDOWS\system32\notepad.exe
3728 C:\Documents and Settings\
2316 C:\Documents and Settings\
4496 C:\Documents and Settings\
6128 C:\Documents and Settings\
2648 C:\Documents and Settings\
3908 C:\Documents and Settings\
5804 C:\Documents and Settings\
5876 C:\Documents and Settings\
5584 C:\Documents and Settings\
4380 C:\Documents and Settings\
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200AAKS-00YGA0, Rev: 12.01C02
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!