combo fix part 2
c:\program files\McAfee\SiteAdvisor\Scripts\xdown.gif
c:\program files\McAfee\SiteAdvisor\Scripts\xup.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y.png
c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_c.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_l.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_r.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_sep.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_c.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_l.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_r.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_sep.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_facet.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_c.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_l.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_r.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_header_c.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_header_l.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_header_r.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_header_r_nox.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_icon.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_upsell_border.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yellow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yellowbubble.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yellowdownarrow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yellowuparrow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yl.png
c:\program files\McAfee\SiteAdvisor\Scripts\yleftarrow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yllc.png
c:\program files\McAfee\SiteAdvisor\Scripts\ylrc.png
c:\program files\McAfee\SiteAdvisor\Scripts\yr.png
c:\program files\McAfee\SiteAdvisor\Scripts\yrightarrow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\ytri.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yul.png
c:\program files\McAfee\SiteAdvisor\Scripts\yulc.png
c:\program files\McAfee\SiteAdvisor\Scripts\yurc.png
c:\program files\McAfee\SiteAdvisor\sqlite3.dll
c:\program files\McAfee\SiteAdvisor\subst.inf
c:\program files\McAfee\SiteAdvisor\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCAFEE_SITEADVISOR_SERVICE
-------\Service_McAfee SiteAdvisor Service
((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.
2010-09-12 12:30 . 2010-09-12 12:30 -------- d-sh--w- c:\documents and settings\Owner\UserData
2010-09-07 22:24 . 2010-09-07 22:24 -------- d-----w- C:\_OTM
2010-09-06 21:14 . 2010-09-06 21:14 -------- d-----w- c:\program files\ESET
2010-08-28 13:04 . 2010-08-28 13:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-28 13:01 . 2010-08-28 13:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-28 12:47 . 2010-08-28 12:47 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 23:54 . 2009-07-12 03:30 -------- d-----w- c:\program files\Java
2010-09-04 23:31 . 2009-07-11 21:55 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-28 22:07 . 2009-07-13 01:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-28 13:02 . 2009-07-12 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
((((((((((((((((((((((((((((( SnapShot@2010-09-06_21.08.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-13 23:17 . 2010-09-13 23:17 16384 c:\windows\temp\Perflib_Perfdata_1a4.dat
+ 2009-07-12 02:01 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2009-07-12 02:01 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-09-07 22:29 . 2010-09-07 22:29 176128 c:\windows\ERDNT\AutoBackup\9-7-2010\Users\00000002\UsrClass.dat
+ 2010-09-07 22:29 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-7-2010\ERDNT.EXE
+ 2010-09-06 22:44 . 2010-09-06 22:44 176128 c:\windows\ERDNT\AutoBackup\9-6-2010\Users\00000002\UsrClass.dat
+ 2010-09-06 22:44 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-6-2010\ERDNT.EXE
+ 2010-09-13 23:17 . 2010-09-13 23:17 176128 c:\windows\ERDNT\AutoBackup\9-13-2010\Users\00000002\UsrClass.dat
+ 2010-09-13 23:17 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-13-2010\ERDNT.EXE
+ 2010-09-07 22:29 . 2010-09-07 22:29 2035712 c:\windows\ERDNT\AutoBackup\9-7-2010\Users\00000001\NTUSER.DAT
+ 2010-09-06 22:44 . 2010-09-06 22:44 2031616 c:\windows\ERDNT\AutoBackup\9-6-2010\Users\00000001\NTUSER.DAT
+ 2010-09-13 23:17 . 2010-09-13 23:17 2080768 c:\windows\ERDNT\AutoBackup\9-13-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-19 1998576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 22:45 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/12/2009 10:17 AM 135336]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{187F1E56-F43A-4693-880F-D322638AB6C3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\oeyzpp30.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} - c:\program files\McAfee\SiteAdvisor\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-13 19:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(1844)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-13 19:24:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-13 23:24
ComboFix2.txt 2010-09-09 22:50
ComboFix3.txt 2010-09-08 23:43
ComboFix4.txt 2010-09-06 21:10
Pre-Run: 17,281,916,928 bytes free
Post-Run: 17,222,316,032 bytes free
- - End Of File - - B83E61EC2289D373132A79A5922B7088
c:\program files\McAfee\SiteAdvisor\Scripts\xdown.gif
c:\program files\McAfee\SiteAdvisor\Scripts\xup.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y.png
c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_c.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_l.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_r.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_sep.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_c.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_l.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_r.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_sep.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_facet.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_c.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_l.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_r.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_header_c.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_header_l.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_header_r.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_header_r_nox.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_icon.gif
c:\program files\McAfee\SiteAdvisor\Scripts\y_upsell_border.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yellow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yellowbubble.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yellowdownarrow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yellowuparrow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yl.png
c:\program files\McAfee\SiteAdvisor\Scripts\yleftarrow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yllc.png
c:\program files\McAfee\SiteAdvisor\Scripts\ylrc.png
c:\program files\McAfee\SiteAdvisor\Scripts\yr.png
c:\program files\McAfee\SiteAdvisor\Scripts\yrightarrow.gif
c:\program files\McAfee\SiteAdvisor\Scripts\ytri.gif
c:\program files\McAfee\SiteAdvisor\Scripts\yul.png
c:\program files\McAfee\SiteAdvisor\Scripts\yulc.png
c:\program files\McAfee\SiteAdvisor\Scripts\yurc.png
c:\program files\McAfee\SiteAdvisor\sqlite3.dll
c:\program files\McAfee\SiteAdvisor\subst.inf
c:\program files\McAfee\SiteAdvisor\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCAFEE_SITEADVISOR_SERVICE
-------\Service_McAfee SiteAdvisor Service
((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.
2010-09-12 12:30 . 2010-09-12 12:30 -------- d-sh--w- c:\documents and settings\Owner\UserData
2010-09-07 22:24 . 2010-09-07 22:24 -------- d-----w- C:\_OTM
2010-09-06 21:14 . 2010-09-06 21:14 -------- d-----w- c:\program files\ESET
2010-08-28 13:04 . 2010-08-28 13:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-28 13:01 . 2010-08-28 13:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-28 12:47 . 2010-08-28 12:47 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 23:54 . 2009-07-12 03:30 -------- d-----w- c:\program files\Java
2010-09-04 23:31 . 2009-07-11 21:55 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-28 22:07 . 2009-07-13 01:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-28 13:02 . 2009-07-12 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
((((((((((((((((((((((((((((( SnapShot@2010-09-06_21.08.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-13 23:17 . 2010-09-13 23:17 16384 c:\windows\temp\Perflib_Perfdata_1a4.dat
+ 2009-07-12 02:01 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2009-07-12 02:01 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-09-07 22:29 . 2010-09-07 22:29 176128 c:\windows\ERDNT\AutoBackup\9-7-2010\Users\00000002\UsrClass.dat
+ 2010-09-07 22:29 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-7-2010\ERDNT.EXE
+ 2010-09-06 22:44 . 2010-09-06 22:44 176128 c:\windows\ERDNT\AutoBackup\9-6-2010\Users\00000002\UsrClass.dat
+ 2010-09-06 22:44 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-6-2010\ERDNT.EXE
+ 2010-09-13 23:17 . 2010-09-13 23:17 176128 c:\windows\ERDNT\AutoBackup\9-13-2010\Users\00000002\UsrClass.dat
+ 2010-09-13 23:17 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-13-2010\ERDNT.EXE
+ 2010-09-07 22:29 . 2010-09-07 22:29 2035712 c:\windows\ERDNT\AutoBackup\9-7-2010\Users\00000001\NTUSER.DAT
+ 2010-09-06 22:44 . 2010-09-06 22:44 2031616 c:\windows\ERDNT\AutoBackup\9-6-2010\Users\00000001\NTUSER.DAT
+ 2010-09-13 23:17 . 2010-09-13 23:17 2080768 c:\windows\ERDNT\AutoBackup\9-13-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-19 1998576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 22:45 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/12/2009 10:17 AM 135336]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{187F1E56-F43A-4693-880F-D322638AB6C3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\oeyzpp30.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} - c:\program files\McAfee\SiteAdvisor\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-13 19:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(1844)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-13 19:24:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-13 23:24
ComboFix2.txt 2010-09-09 22:50
ComboFix3.txt 2010-09-08 23:43
ComboFix4.txt 2010-09-06 21:10
Pre-Run: 17,281,916,928 bytes free
Post-Run: 17,222,316,032 bytes free
- - End Of File - - B83E61EC2289D373132A79A5922B7088