Managed to run ComboFix without having to install the Microsoft Windows Recovery Console and now post the results of the scan:-
ComboFix 10-11-17.04 - NIGEL 20/11/2010 16:06:54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1258 [GMT 0:00]
Running from: J:\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\JEAN\Application Data\Izixe
c:\documents and settings\JEAN\Application Data\Izixe\soupo.hov
c:\documents and settings\JEAN\Application Data\Izixe\soupo.tmp
c:\documents and settings\JEAN\Local Settings\Application Data\{47CAE5D7-4D78-4077-AFF2-9340A5C27673}
c:\documents and settings\JEAN\Local Settings\Application Data\{47CAE5D7-4D78-4077-AFF2-9340A5C27673}\chrome\content\_cfg.js
c:\documents and settings\JEAN\Local Settings\Application Data\{47CAE5D7-4D78-4077-AFF2-9340A5C27673}\chrome\content\overlay.xul
c:\documents and settings\JEAN\Local Settings\Application Data\{47CAE5D7-4D78-4077-AFF2-9340A5C27673}\install.rdf
c:\documents and settings\NIGEL\.COMMgr
c:\documents and settings\NIGEL\GoToAssistDownloadHelper.exe
c:\documents and settings\NIGEL\Local Settings\Application Data\{44C18674-B5A8-482B-8CE3-C3C4A8C2C94A}
c:\documents and settings\NIGEL\Local Settings\Application Data\{44C18674-B5A8-482B-8CE3-C3C4A8C2C94A}\chrome.manifest
c:\documents and settings\NIGEL\Local Settings\Application Data\{44C18674-B5A8-482B-8CE3-C3C4A8C2C94A}\chrome\content\_cfg.js
c:\documents and settings\NIGEL\Local Settings\Application Data\{44C18674-B5A8-482B-8CE3-C3C4A8C2C94A}\chrome\content\overlay.xul
c:\documents and settings\NIGEL\Local Settings\Application Data\{44C18674-B5A8-482B-8CE3-C3C4A8C2C94A}\install.rdf
c:\documents and settings\NIGEL\My Documents\cc_20101028_170437.reg
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Internet Explorer\SET19.tmp
c:\program files\Internet Explorer\SET1A.tmp
c:\program files\Internet Explorer\SET1B.tmp
c:\program files\Internet Explorer\SET426.tmp
c:\program files\Internet Explorer\SET427.tmp
c:\program files\Internet Explorer\SET428.tmp
c:\program files\Internet Explorer\SET92.tmp
c:\program files\Internet Explorer\SET93.tmp
c:\program files\Internet Explorer\SET94.tmp
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\ST6UNST.000
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))
.
2010-11-01 18:07 . 2010-11-01 18:07 -------- d-----w- C:\_OTL
2010-10-31 11:42 . 2010-10-31 11:42 -------- d-----w- c:\documents and settings\NIGEL\Local Settings\Application Data\Deployment
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 16:39 . 2008-05-28 15:30 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-03 21:06 . 2010-10-19 16:16 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-11 14:16 . 2010-09-11 14:16 213504 ----a-w- c:\windows\Zvoxea.exe
2010-08-24 13:57 . 2010-01-05 18:04 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 13:57 . 2009-07-08 12:44 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.
------- Sigcheck -------
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2006-02-28 . 57BF20A3977F07049EBBB9FB87D40BA5 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[-] 2007-06-13 . 6BDBD88586BCB185C8CD4758DEF214FD . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3B419EE1-1FA8-47B9-9AEC-6B60AC2E3FCA}"= "c:\program files\Torrents-Search-Engine\tbTor1.dll" [2010-02-21 2349080]
[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-01-24 17:10 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-01-24 17:10 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-01-24 17:10 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-05 68856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Google Update"="c:\documents and settings\NIGEL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-31 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-01-30 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1211986260\ee\AOLSoftware.exe" [2006-09-26 50736]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-01-28 159744]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-01-28 98304]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-06 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2008-5-28 156784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
2007-06-04 17:24 599600 ----a-w- c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 11:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2006-08-17 12:45 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2007-08-09 12:17 2503976 ----a-w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 13:23 81920 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\AOL\\1211986260\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Zattoo\\zattood.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/09/2010 19:32 64288]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [30/04/2008 15:00 16048]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [05/02/2010 16:00 54776]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [30/04/2008 15:00 162096]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 12:15 1375992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/02/2010 16:00 88176]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05/02/2010 15:59 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [05/02/2010 15:59 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [05/02/2010 15:59 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [05/02/2010 15:59 141792]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [22/05/2008 13:38 38656]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05/02/2010 15:59 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05/02/2010 15:59 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05/02/2010 15:59 88480]
R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [28/05/2008 15:27 55808]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys --> c:\windows\system32\drivers\mfetdi2k.sys [?]
S2 gupdate1c98c6ec92d4c10;Google Update Service (gupdate1c98c6ec92d4c10);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 17:32 133104]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [20/06/2009 20:28 69632]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 12:15 15264]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05/02/2010 15:59 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05/02/2010 15:59 83496]
S3 nenum13E;nenum13E;\??\c:\docume~1\NIGEL\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\NIGEL\LOCALS~1\Temp\nenum13E.sys [?]
S4 0126371281191039mcinstcleanup;McAfee Application Installer Cleanup (0126371281191039);c:\windows\TEMP\012637~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\012637~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [24/01/2010 17:10 229688]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
2010-11-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 19:08]
2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 17:32]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 17:32]
2010-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2689334666-3409229528-900351719-1005Core.job
- c:\documents and settings\NIGEL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 11:42]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2689334666-3409229528-900351719-1005UA.job
- c:\documents and settings\NIGEL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 11:42]
2009-03-21 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2007-09-19 00:55]
2010-11-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2689334666-3409229528-900351719-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2689334666-3409229528-900351719-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2689334666-3409229528-900351719-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689334666-3409229528-900351719-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-09-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689334666-3409229528-900351719-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689334666-3409229528-900351719-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-20 c:\windows\Tasks\User_Feed_Synchronization-{D9B3A1E6-7A73-4E80-8E3F-13AC2AFCDC3B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.bbc.co.uk
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-klmdb.sys
MSConfigStartUp-Ejiqoxoyi - c:\windows\sfmsapr.dll
MSConfigStartUp-Tzeqaxuwibiqore - c:\windows\okajepop.dll
MSConfigStartUp-{97884004-7E03-796B-F1BF-50328496B136} - c:\documents and settings\JEAN\Application Data\Agozk\ynqe.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-20 16:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\sqlite_SzypCnGDgipJLre 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Portrait Displays\DisplayTune\HPW\CNN81202C7]
@DACL=(02 0000)
"Analog Caps"="(prot(monitor)type(LCD)model(W2007)cmds(01 02 03 07 0C 4E F3 E3)vcp(02 04 05 06 08 0B 0C 0E 10 12 14(01 05 08 0B) 16 18 1A 1E 1F 20 30 3E 52 60(01 03) 62 6C 6E 70 8D AC AE B2 B6 C0 C6 C8 C9 CA CC(01 02 03 04 05 06 0A 13) D6(01 04 05) DC(00 02 03 04 05) DF FF)mswhql(1)mccs_ver(2.1)asset_eep(32)mpu_ver(1.02))"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\common files\aol\1211986260\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-11-20 16:33:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-20 16:33
Pre-Run: 257,684,258,816 bytes free
Post-Run: 261,136,351,232 bytes free
- - End Of File - - A011FBC0F8BC35D6D36A712AA0811257
IE 8 now seems to work satisfactorily without any redirection and I have managed to uninstall/reinstall Google Chrome so that this is now working. McAfee still persisted in failing to update so I uinstalled and reinstalled this and McAfee appears now to be up to date so cannot yet test whether updating yet works!
I have had requests coming up from time to time to run a DLL as an App. These are on C:\WINDOWS\System32\rundll32exe and C:\WINDOWS\system32\ieframe.dll, OpenURL%1. I have refused these and they continue to persist - should they be accepted?
I look forward to hearing from you.