ComboFix 09-08-03.04 - Peter 04/08/2009 11:15.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1449 [GMT 1:00] Running from: C:\fixcombo.exe AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\driver c:\windows\system32\Config.ini c:\windows\system32\drivers\vsfocebbwkmrmp.sys c:\windows\system32\Ijl11.dll c:\windows\system32\vsfocealxbhxdo.dll c:\windows\system32\vsfocejnkougom.dll c:\windows\system32\vsfocestidwkmp.dat c:\windows\system32\vsfoceywrxiktk.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_vsfoceprqhhbaq ((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 ))))))))))))))))))))))))))))))) . 2009-08-04 09:58 . 2009-08-04 08:37 3154679 ----a-r- C:\fixcombo.exe 2009-08-04 09:09 . 2009-08-04 09:09 -------- d-----w- c:\program files\ERUNT 2009-08-04 08:01 . 2009-08-04 08:01 -------- d-----w- C:\stdtsa 2009-08-03 19:35 . 2009-08-04 10:24 117760 ----a-w- c:\documents and settings\Peter\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-03 19:34 . 2009-08-03 19:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-03 17:18 . 2009-08-03 17:18 -------- d-----w- c:\program files\CCleaner 2009-08-02 16:27 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-02 16:27 . 2009-08-04 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-02 16:27 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-02 13:59 . 2009-08-02 13:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-29 10:19 . 2009-07-29 10:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir 2009-07-29 10:06 . 2009-07-29 10:06 -------- d-----w- c:\documents and settings\Peter\Application Data\Windows Search 2009-07-29 09:34 . 2009-07-29 09:34 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-07-29 09:33 . 2009-07-29 09:33 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-07-29 09:32 . 2009-07-29 09:34 -------- d-----w- c:\program files\Microsoft 2009-07-29 09:32 . 2009-07-29 09:32 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-07-29 09:31 . 2009-07-29 09:33 -------- d-----w- c:\program files\Windows Live 2009-07-29 09:31 . 2009-07-29 09:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-07-29 09:22 . 2009-07-29 09:22 -------- d-----w- c:\program files\Common Files\Windows Live 2009-07-29 09:22 . 2009-07-29 09:22 -------- d-----w- c:\documents and settings\Peter\Application Data\Windows Desktop Search 2009-07-29 09:02 . 2009-07-29 09:02 -------- d-----w- c:\program files\Common Files\L&H 2009-07-29 09:02 . 2009-07-29 09:02 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-07-29 09:01 . 2009-07-29 09:18 -------- d-----w- c:\program files\Microsoft Works 2009-07-29 09:01 . 2009-07-29 09:02 -------- d-----w- c:\windows\SHELLNEW 2009-07-29 09:00 . 2009-07-29 09:00 -------- d-----w- c:\program files\Microsoft.NET 2009-07-29 08:58 . 2009-07-29 08:58 -------- d--h--r- C:\MSOCache 2009-07-26 21:44 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2009-07-26 18:27 . 2009-07-26 18:27 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\Microsoft Help 2009-07-26 18:27 . 2009-07-26 20:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help 2009-07-26 17:51 . 2009-07-26 17:58 -------- d-----w- c:\documents and settings\Peter\Application Data\GetRightToGo 2009-07-26 17:48 . 2009-07-26 17:48 -------- d-----w- c:\documents and settings\Peter\Application Data\ICAClient 2009-07-26 17:47 . 2009-07-26 17:47 370070 ----a-r- c:\documents and settings\Peter\Application Data\Microsoft\Installer\{36C9E08A-BE2B-40A0-83C5-576748F7B777}\ARPPRODUCTICON.exe 2009-07-26 17:47 . 2009-07-26 17:47 -------- d-----w- c:\documents and settings\Peter\Application Data\Runaware 2009-07-20 13:44 . 2009-07-20 13:44 -------- d-----w- c:\program files\Memeo 2009-07-17 11:35 . 2009-07-20 13:46 -------- d-----w- c:\program files\Common Files\Memeo 2009-07-17 11:32 . 2009-07-17 11:32 10054640 ----a-w- c:\documents and settings\Peter\Application Data\Memeo\AutoBackup\temp\5735_me_ab_en-US_setup.exe 2009-07-13 15:01 . 2009-07-13 15:01 -------- d-----w- c:\program files\BBC iPlayer Desktop . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-03 19:34 . 2008-12-13 08:24 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-03 19:34 . 2008-12-13 08:24 -------- d-----w- c:\documents and settings\Peter\Application Data\SUPERAntiSpyware.com 2009-08-01 08:30 . 2008-06-27 10:39 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-30 09:54 . 2008-07-08 09:06 -------- d-----w- c:\documents and settings\Peter\Application Data\Canon 2009-07-29 13:37 . 2009-04-30 12:21 -------- d-----w- c:\program files\Windows Desktop Search 2009-07-29 09:22 . 2008-06-26 22:01 93128 ----a-w- c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-27 18:17 . 2009-03-19 18:55 -------- d-----w- c:\documents and settings\Peter\Application Data\Spotify 2009-07-18 07:43 . 2009-06-16 13:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-03 08:30 . 2008-06-26 16:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-02 17:16 . 2008-06-27 08:08 -------- d-----w- c:\program files\Audible 2009-07-02 13:24 . 2008-06-27 08:03 -------- d--h--w- c:\program files\Creative Installation Information 2009-07-02 12:57 . 2008-06-27 08:04 -------- d-----w- c:\program files\Creative 2009-07-02 12:55 . 2009-07-02 12:55 -------- d-----w- c:\program files\Common Files\Creative 2009-06-17 15:20 . 2009-06-17 15:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-17 15:12 . 2009-06-16 12:56 -------- d-----w- c:\program files\McAfee 2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 13:05 . 2009-06-16 13:01 -------- d-----w- c:\program files\SiteAdvisor 2009-06-16 13:01 . 2009-06-16 12:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee 2009-06-16 13:01 . 2009-06-16 13:01 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SiteAdvisor 2009-06-16 12:57 . 2009-06-16 12:56 -------- d-----w- c:\program files\Common Files\McAfee 2009-06-16 12:57 . 2009-06-16 12:56 -------- d-----w- c:\program files\McAfee.com 2009-06-16 12:42 . 2008-06-26 18:06 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-16 12:38 . 2008-07-08 12:41 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec 2009-06-16 12:38 . 2008-06-26 18:45 -------- d-----w- c:\documents and settings\Peter\Application Data\Symantec 2009-06-15 08:13 . 2009-06-15 08:13 -------- d-----w- c:\documents and settings\Peter\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 2009-06-15 08:12 . 2009-06-15 08:12 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-15 08:12 . 2009-06-15 08:13 38208 ----a-w- c:\documents and settings\Peter\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-06-11 10:53 . 2009-06-11 10:51 -------- d-----w- c:\documents and settings\Peter\Application Data\FileZilla 2009-06-11 10:51 . 2009-06-11 10:50 -------- d-----w- c:\program files\FileZilla FTP Client 2009-06-07 10:50 . 2009-06-07 10:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SupportSoft 2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-24 23:24 . 2008-05-26 21:18 350208 ----a-w- c:\windows\system32\mssph.dll 2009-05-23 15:18 . 2009-05-23 15:18 53248 ----a-r- c:\documents and settings\Peter\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2009-05-13 22:25 . 2009-06-16 12:57 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-05-13 22:25 . 2009-06-16 12:57 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-05-13 22:25 . 2009-06-16 12:57 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-05-13 22:25 . 2009-05-13 22:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-05-13 22:24 . 2009-06-16 12:55 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-05-12 14:12 . 2008-06-26 17:15 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 13:23 . 2009-05-08 08:15 372736 ----a-w- c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\4dgd7o8n.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll 2009-07-25 09:17 . 2008-12-17 13:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-03-31 21:47 . 2008-12-17 13:32 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-13 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USBIR"="c:\program files\USBIR\FrontPanelIo.exe" [2004-10-03 24576] "Server Application for MFP Server"="c:\program files\MFP Server Utilities\ServoApp.exe" [2007-01-08 413696] "MFP Server Agent"="c:\program files\MFP Server Utilities\MFPAgent.exe" [2007-01-12 724992] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-31 185896] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-09 1176808] "Memeo Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2009-06-05 169184] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-12-14 577536] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] c:\documents and settings\Peter\Start Menu\Programs\Startup\ BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2008-7-1 1234360] ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2008-7-1 200704] c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\ SystemControl.lnk - c:\program files\SystemControl\SystemControl\FanConditioner.exe [2008-6-26 3273216] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Philips\\WADM\\WADM.exe"= "c:\\Program Files\\BUFFALO\\NASNAVI\\NasNavi.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13364:UDP"= 13364:UDP:Print Server Utility "13621:UDP"= 13621:UDP:MFP Bot Utility "13878:UDP"= 13878:UDP:MFP Agent "14135:UDP"= 14135:UDP:MFP Driver "14135:TCP"= 14135:TCP:MFP Driver "13107:UDP"= 13107:UDP:Print Server Utility "69:UDP"= 69:UDP:Print Server Utility R0 cdburner;cdburner;c:\windows\system32\drivers\vburner.sys [17/07/2008 09:44 15872] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26/06/2008 17:55 13696] R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [26/06/2008 18:00 8192] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10:53 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10:53 72944] R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [26/06/2008 20:37 40448] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [16/06/2009 14:00 210216] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [06/06/2009 00:04 25824] R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?] R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10:53 7408] R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [26/06/2008 20:37 9472] S2 gupdate1c98b73dae9e4d2;Google Update Service (gupdate1c98b73dae9e4d2);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2009 12:36 133104] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [02/10/2008 18:25 13352] S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [17/07/2008 06:26 3768] S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31/05/2007 21:11 13312] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - ORPHANS REMOVED - - - - ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file) SafeBoot-mfehidk SafeBoot-mferkdk SafeBoot-mfetdik SafeBoot-mfetdik.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: o2.co.uk\*.broadband DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab FF - ProfilePath - c:\docume~1\Peter\APPLIC~1\Mozilla\Firefox\Profiles\4dgd7o8n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\4dgd7o8n.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - . . ------- File Associations ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-04 11:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler] @DACL=(02 0000) @="{2e2294a9-50d7-4fe7-a09f-e6492e185884}" [HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell] @DACL=(02 0000) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(676) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2724) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\CTSVCCDA.EXE c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MSK\msksrver.exe c:\program files\BUFFALO\NASNAVI\nassvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\windows\system32\searchindexer.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\windows\system32\searchprotocolhost.exe c:\program files\Memeo\AutoBackup\MemeoBackup.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2009-08-04 11:30 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-04 10:30 Pre-Run: 170,803,073,024 bytes free Post-Run: 170,725,740,544 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 333 --- E O F --- 2009-07-31 08:14