Sbj007,
Thank you very much for your reply. I followed your instructions, and here is the combofix log you requested. I greatly appreciate your help. -- Todd Hoback
ComboFix 08-11-12.01 - Owner 2008-11-13 16:33:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\1340EC71.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
c:\program files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\
000DACDA
c:\program files\MyWebSearch\bar\Cache\
07CA999D
c:\program files\MyWebSearch\bar\Cache\
07CA9EEC.bin
c:\program files\MyWebSearch\bar\Cache\
07CA9FA8.bin
c:\program files\MyWebSearch\bar\Cache\
07CAA12E.bin
c:\program files\MyWebSearch\bar\Cache\
07CAA228.bin
c:\program files\MyWebSearch\bar\Cache\
0C2DDE41.bin
c:\program files\MyWebSearch\bar\Cache\
0C2DDFD7.bin
c:\program files\MyWebSearch\bar\Cache\
0C2DE13F.bin
c:\program files\MyWebSearch\bar\Cache\
0C2DE1EA.bin
c:\program files\MyWebSearch\bar\Cache\2EB51A01
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system\oeminfo.ini
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\wini10846.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.
2008-11-23 20:05 . 2008-10-15 08:34 337,408 --------- c:\windows\SYSTEM32\dllcache\netapi32.dll
2008-11-19 22:20 . 2008-11-13 16:22 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-19 22:03 . 2008-11-19 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-19 22:03 . 2008-11-13 16:21 8,805 --a------ c:\windows\SYSTEM32\Config.MPF
2008-11-19 22:02 . 2006-03-03 08:07 143,360 --a------ c:\windows\SYSTEM32\dunzip32.dll
2008-11-19 21:59 . 2007-11-22 06:44 201,320 --a------ c:\windows\SYSTEM32\drivers\mfehidk.sys
2008-11-19 21:59 . 2007-07-13 06:20 113,952 --a------ c:\windows\SYSTEM32\drivers\Mpfp.sys
2008-11-19 21:59 . 2007-11-22 06:44 79,304 --a------ c:\windows\SYSTEM32\drivers\mfeavfk.sys
2008-11-19 21:59 . 2007-12-02 12:51 40,488 --a------ c:\windows\SYSTEM32\drivers\mfesmfk.sys
2008-11-19 21:59 . 2007-11-22 06:44 35,240 --a------ c:\windows\SYSTEM32\drivers\mfebopk.sys
2008-11-19 21:59 . 2007-11-22 06:44 33,832 --a------ c:\windows\SYSTEM32\drivers\mferkdk.sys
2008-11-19 21:58 . 2008-11-19 21:58 <DIR> d-------- c:\program files\McAfee.com
2008-11-19 21:58 . 2008-11-29 20:42 <DIR> d-------- c:\program files\McAfee
2008-11-19 21:58 . 2008-11-19 21:59 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-15 23:29 . 2008-09-08 02:41 333,824 --------- c:\windows\SYSTEM32\dllcache\srv.sys
2008-11-15 23:28 . 2008-08-14 02:11 2,189,184 --------- c:\windows\SYSTEM32\dllcache\ntoskrnl.exe
2008-11-15 23:28 . 2008-08-14 02:09 2,145,280 --------- c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe
2008-11-15 23:28 . 2008-08-14 01:33 2,066,048 --------- c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe
2008-11-15 23:28 . 2008-08-14 01:33 2,023,936 --------- c:\windows\SYSTEM32\dllcache\ntkrpamp.exe
2008-11-15 23:28 . 2008-09-15 04:12 1,846,400 --------- c:\windows\SYSTEM32\dllcache\win32k.sys
2008-11-12 22:03 . 2008-11-12 22:03 118 --a------ c:\windows\SYSTEM32\MRT.INI
2008-11-12 21:00 . 2008-09-04 09:15 1,106,944 --------- c:\windows\SYSTEM32\dllcache\msxml3.dll
2008-11-12 21:00 . 2008-10-24 03:21 455,296 --------- c:\windows\SYSTEM32\dllcache\mrxsmb.sys
2008-11-11 18:33 . 2008-11-11 18:33 250 --a------ c:\windows\gmer.ini
2008-11-09 16:52 . 2008-11-09 16:52 <DIR> d-------- c:\documents and settings\Owner\Application Data\InstallShield
2008-11-08 23:23 . 2008-11-12 12:05 <DIR> d-------- c:\program files\AntivirusPro2009
2008-11-06 21:50 . 2008-11-06 21:50 19,866 --a------ c:\documents and settings\Owner\Application Data\modiquw.dat
2008-11-06 21:50 . 2008-11-06 21:50 18,892 --a------ c:\windows\ymiwusudug.reg
2008-11-06 21:50 . 2008-11-06 21:50 18,571 --a------ c:\windows\dasyqipiz.bin
2008-11-06 21:50 . 2008-11-06 21:50 18,533 --a------ c:\windows\avahy.exe
2008-11-06 21:50 . 2008-11-06 21:50 17,369 --a------ c:\documents and settings\Owner\Application Data\fyhubumove.pif
2008-11-06 21:50 . 2008-11-06 21:50 16,746 --a------ c:\documents and settings\Owner\Application Data\ahek.bin
2008-11-06 21:50 . 2008-11-06 21:50 16,062 --a------ c:\documents and settings\Owner\Application Data\qyvijy.com
2008-11-06 21:50 . 2008-11-06 21:50 15,114 --a------ c:\windows\SYSTEM32\pefolu.vbs
2008-11-06 21:50 . 2008-11-06 21:50 14,788 --a------ c:\documents and settings\All Users\Application Data\nudogopese.dat
2008-11-06 21:50 . 2008-11-06 21:50 14,123 --a------ c:\documents and settings\All Users\Application Data\abut.com
2008-11-06 21:50 . 2008-11-06 21:50 13,382 --a------ c:\documents and settings\Owner\Application Data\mymadabo.vbs
2008-11-06 21:50 . 2008-11-06 21:50 13,358 --a------ c:\documents and settings\Owner\Application Data\ezoti.bin
2008-11-06 21:50 . 2008-11-06 21:50 13,318 --a------ c:\windows\cejuzyw._sy
2008-11-06 21:50 . 2008-11-06 21:50 12,136 --a------ c:\windows\SYSTEM32\ycyxyneqet.ban
2008-11-06 21:50 . 2008-11-06 21:50 11,743 --a------ c:\documents and settings\All Users\Application Data\awejiv.dat
2008-11-06 21:44 . 2008-11-06 21:44 19,844 --a------ c:\windows\omaz.pif
2008-11-06 21:44 . 2008-11-06 21:44 19,808 --a------ c:\documents and settings\Owner\Application Data\bixyxop.com
2008-11-06 21:44 . 2008-11-06 21:44 19,322 --a------ c:\windows\SYSTEM32\erabotyk.dl
2008-11-06 21:44 . 2008-11-06 21:44 18,381 --a------ c:\documents and settings\Owner\Application Data\ifycac.scr
2008-11-06 21:44 . 2008-11-06 21:44 17,852 --a------ c:\documents and settings\Owner\Application Data\ydude.reg
2008-11-06 21:44 . 2008-11-06 21:44 16,867 --a------ c:\windows\sinum.exe
2008-11-06 21:44 . 2008-11-06 21:44 16,481 --a------ c:\windows\usowys.bin
2008-11-06 21:44 . 2008-11-06 21:44 16,046 --a------ c:\windows\gybebuleca.exe
2008-11-06 21:44 . 2008-11-06 21:44 15,771 --a------ c:\windows\SYSTEM32\uzymod.dat
2008-11-06 21:44 . 2008-11-06 21:44 15,547 --a------ c:\documents and settings\All Users\Application Data\uhywuro.vbs
2008-11-06 21:44 . 2008-11-06 21:44 14,056 --a------ c:\windows\esolypis.vbs
2008-11-06 21:44 . 2008-11-06 21:44 13,718 --a------ c:\program files\Common Files\dameh.com
2008-11-06 21:44 . 2008-11-06 21:44 12,576 --a------ c:\documents and settings\All Users\Application Data\owodoweti.bin
2008-11-06 21:44 . 2008-11-06 21:44 12,303 --a------ c:\documents and settings\Owner\Application Data\uvod.sys
2008-11-06 21:44 . 2008-11-06 21:44 11,870 --a------ c:\program files\Common Files\aresysyqov.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 07:30 --------- d-----w c:\program files\Full Tilt Poker
2008-11-20 06:16 --------- d-----w c:\program files\Common Files\Motive
2008-11-20 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-20 05:46 --------- d-----w c:\documents and settings\Owner\Application Data\Verizon
2008-11-20 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-11-18 20:49 --------- d-----w c:\documents and settings\Owner\Application Data\Move Networks
2008-11-12 02:33 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-08 04:44 --------- d---a-w c:\program files\Encarta Online
2008-11-08 04:44 --------- d-----w c:\program files\Microsoft Works
2008-11-08 04:44 --------- d-----w c:\program files\EMusic
2008-11-07 08:21 --------- d-----w c:\program files\viewsonic
2008-11-07 08:21 --------- d-----w c:\program files\Compaq A3000
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\dllcache\ieframe.dll
2008-10-01 23:46 49,152 ----a-w c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\PCHI18N.dll
2008-10-01 23:45 77,824 ----a-w c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\WinVerifyTrust.dll
2008-10-01 23:45 420,432 ----a-w c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\pchplugin.zip
2008-10-01 23:45 155,648 ----a-w c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\PCHButton.exe
2008-10-01 23:45 126,976 ----a-w c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\ContentUpdater.exe
2008-10-01 23:45 122,880 ----a-w c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\SearchCtrl.dll
2008-10-01 23:44 731,136 ----a-w c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\motdeusr.zip
2008-10-01 23:44 106,496 ----a-w c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\PluginCtrl.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\dllcache\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-08-27 08:24 3,593,216 ----a-w c:\windows\SYSTEM32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\SYSTEM32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\SYSTEM32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\SYSTEM32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\SYSTEM32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\SYSTEM32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ------w c:\windows\SYSTEM32\ntkrnlpa.exe
2008-04-14 00:12 50,688 --sha-w c:\windows\twain_32.dll
2008-04-14 00:11 1,028,096 --sha-w c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 57,344 --sha-w c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\SYSTEM32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\SYSTEM32\msvcrt.dll
2008-04-14 00:12 551,936 --sh--w c:\windows\SYSTEM32\oleaut32.dll
2008-04-14 00:12 84,992 --sh--w c:\windows\SYSTEM32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-15 28739]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-06 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-06-15 212992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-07 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-07 90112]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-03 81920]
"CTPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE" [2001-09-18 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"nwiz"="nwiz.exe" [2003-07-28 c:\windows\SYSTEM32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-01 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-01 113664]
Compaq A3000 Settings Utility.lnk - c:\program files\Compaq A3000\CPQA3000.exe [2006-03-01 1142784]
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2001-09-05 16384]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-05 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-05 28672]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-03-01 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\WINDOWS\\SYSTEM32\\spool\\drivers\\w32x86\\3\\CTpdpsrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:57]
2006-06-14 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1142361872.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2006-02-18 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]
2006-02-17 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]
2006-02-17 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]
2008-11-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-11-20 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2006-02-17 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]
2006-02-17 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]
2008-12-03 c:\windows\Tasks\User_Feed_Synchronization-{DE8326EE-D556-48F0-A912-DDE24CD006C2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://webmail.west.cox.net/do/logout?rnd=5515342718109138664
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
O8 -: &Search -
http://edits.mywebsearch.com/toolbar...p=ZUxdm080YYUS
O8 -: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://jmcpds.lifepics.com/net/Uploader/LPUploader45.cab
c:\windows\Downloaded Program Files\LPUploader45.inf
c:\windows\SYSTEM32\unicows.dll
c:\windows\Downloaded Program Files\LPUploader45.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-13 16:36:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-13 16:37:47
ComboFix-quarantined-files.txt 2008-11-14 00:37:21
Pre-Run: 50,469,384,192 bytes free
Post-Run: 51,104,194,560 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn
288 --- E O F --- 2008-11-13 06:04:05