Here is the combofix.txt file:
ComboFix 09-07-31.02 - Owner 07/31/2009 22:44.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1087 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1690175968-0234485417-985240095-9380
c:\recycler\S-1-5-21-1693142573-2701678193-3712899132-500
c:\windows\Installer\1455e96.msp
c:\windows\Installer\1455ea6.msp
c:\windows\Installer\1455f24.msp
c:\windows\Installer\1455fc6.msp
c:\windows\Installer\1456102.msp
c:\windows\Installer\cf24de.msi
c:\windows\run.log
c:\windows\system32\drivers\SKYNETgxwurini.sys
c:\windows\system32\drivers\UAClhylqgkwvr.sys
c:\windows\system32\SKYNETfqpxmktp.dat
c:\windows\system32\SKYNETkndsetvj.dat
c:\windows\system32\SKYNETnsvsmuvx.dll
c:\windows\system32\SKYNETrfvkonbg.dll
c:\windows\system32\UACdpwfiinykkrpjgglt.db
c:\windows\system32\UACedkyhsarnumptiqau.dat
c:\windows\system32\UACwjykhbowki.dll
E:\Autorun.inf
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETqlrvrwbw
-------\Service_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.
2009-07-27 12:02 . 2009-07-27 12:02 61440 ----a-w- c:\windows\system32\drivers\tsznzwb.sys
2009-07-27 11:18 . 2009-07-27 11:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-27 11:13 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 11:13 . 2009-07-27 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 11:13 . 2009-07-27 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 11:13 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 23:08 . 2009-07-26 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonCP
2009-07-26 23:08 . 2007-02-21 14:20 108736 ------w- c:\documents and settings\All Users\Application Data\CanonCP\CNYSELPHYCP\CNYWINDOWS\CNYCanon SELPHY CP740\CNYCPUIN.EXE
2009-07-26 23:08 . 2007-01-12 12:07 102400 ------w- c:\documents and settings\All Users\Application Data\CanonCP\CNYSELPHYCP\CNYWINDOWS\CNYCanon SELPHY CP740\CNY04091.DLL
2009-07-24 20:32 . 2009-07-28 01:35 -------- d-----w- c:\program files\hfiwvj
2009-07-16 11:57 . 2009-07-16 11:58 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2009-07-03 12:08 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-02 22:59 . 2009-07-02 22:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Backup MyPC
2009-07-02 20:24 . 2009-07-02 20:24 -------- d-sh--w- c:\windows\System Volume Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 02:56 . 2008-10-25 22:03 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2009-08-01 02:54 . 2009-07-19 01:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-08-01 02:54 . 2009-07-19 01:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-08-01 02:54 . 2009-07-19 01:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-08-01 02:54 . 2009-07-19 01:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-08-01 02:54 . 2009-07-19 01:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-08-01 02:54 . 2009-07-19 01:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-08-01 02:54 . 2009-07-19 01:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-08-01 02:54 . 2009-07-19 01:45 213460 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-08-01 00:45 . 2009-02-02 13:05 -------- d-----w- c:\documents and settings\Owner\Application Data\CallingID
2009-07-31 23:14 . 2008-08-05 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-31 23:14 . 2008-08-05 00:36 -------- d-----w- c:\program files\Viewpoint
2009-07-31 21:06 . 2008-08-07 00:45 -------- d-----w- c:\program files\Sound Forge XP
2009-07-31 12:29 . 2009-02-02 13:04 91376 ----a-w- c:\windows\system32\isafprod.dll
2009-07-31 00:45 . 2008-08-06 11:03 -------- d-----w- c:\program files\palmOne
2009-07-30 20:29 . 2009-02-02 13:04 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-07-30 20:29 . 2009-02-02 13:04 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-07-30 20:29 . 2009-02-02 13:04 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-07-30 20:29 . 2009-02-02 13:04 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-07-29 14:12 . 2008-08-06 04:40 89064 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 02:12 . 2008-08-05 00:35 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-07-16 02:09 . 2009-07-16 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-07-03 17:09 . 2004-10-28 00:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 22:59 . 2009-06-23 16:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2009-07-01 22:40 . 2009-07-01 22:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Sonic
2009-06-23 16:16 . 2009-06-23 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-06-23 16:15 . 2009-06-23 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-06-23 16:08 . 2009-06-23 16:08 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-23 16:08 . 2009-06-23 16:03 -------- d-----w- c:\program files\Roxio
2009-06-23 16:07 . 2009-06-23 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-23 16:07 . 2009-06-23 16:07 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-23 16:07 . 2009-06-23 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-23 16:07 . 2009-06-23 16:03 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-23 16:06 . 2008-08-05 00:32 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-22 10:43 . 2009-06-22 10:42 -------- d-----w- c:\program files\IrfanView
2009-06-16 14:36 . 2004-10-28 00:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-10-28 00:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:13 . 2008-08-05 00:32 -------- d-----w- c:\program files\Java
2009-06-12 11:10 . 2009-06-12 11:10 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 01:33 . 2008-08-05 11:50 -------- d-----w- c:\program files\Quicken
2009-06-08 01:32 . 2009-06-08 01:32 2904064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-06-08 01:31 . 2009-04-07 18:39 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-06-03 19:09 . 2004-10-28 00:52 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 03:06 . 2008-08-05 00:37 -------- d-----w- c:\program files\BigFix
2009-05-21 15:33 . 2009-01-01 02:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 05:36 . 2009-07-16 02:09 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-07-16 02:09 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-07-16 02:09 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-07-16 02:09 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-07-16 02:09 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-07-16 02:09 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-07-16 02:09 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-07-16 02:09 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-07 15:32 . 2004-10-28 00:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-23 11:09 . 2008-12-17 03:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-30 12:00 . 2009-03-30 11:55 109 --sha-w- c:\windows\system32\4098406430.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-01-10 262144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2008-09-25 81920]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-06-30 99480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-05 98304]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-23 181488]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-07-31 230640]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-02-02 14088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-23 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-10-02 167936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-8-6 28672]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-8-25 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217902055\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [3/19/2008 11:56 AM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [3/21/2008 4:00 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [3/21/2008 4:00 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [3/19/2008 11:56 AM 115216]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/4/2008 12:27 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [3/21/2008 4:00 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 11:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 11:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [4/15/2008 12:50 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [5/30/2008 4:56 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2/2/2009 9:04 AM 185584]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [5/12/2009 10:08 PM 11264]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [12/6/2008 4:03 PM 11520]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-02 c:\windows\Tasks\CAAntiSpywareScan_Daily as Owner at 8 05 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-02-02 13:06]
2008-08-20 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-10-28 00:12]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
SafeBoot-WinDefend
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
LSP: c:\windows\system32\VetRedir.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/voip/downloads/IOBIVMUtil.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gvx4wf7b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4E7FF8BB-0A5A-4AA3-B764-B39BA9A13E38", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDB24F189F-FB14-4EFD-8B9D-217EC6C84EA1", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID86ED3659-02F6-465D-8F19-A9334614CCC3", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID5D7F48C0-CB49-4ea6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDA43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4C8D6404-A9F6-4236-8488-6C5732CB3BFA", "AllAccess");.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-31 22:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcrobatAccess.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
@DACL=(02 0000)
@SACL=
@=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{C523F390-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcrobatAccess"
[HKEY_LOCAL_MACHINE\software\Classes\igfx.CUITestConfig.1\CLSID]
@DACL=(02 0000)
@SACL=
@="c"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
- - - - - - - > 'explorer.exe'(1480)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-08-01 23:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 03:05
Pre-Run: 204,978,434,048 bytes free
Post-Run: 208,157,167,616 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
345 --- E O F --- 2009-07-29 04:11
Here is the result, as reported by jotti:
This file has been scanned before. The results for this previous scan are listed below.
Filename: jvwm.sys
Status:
Scan finished. 3 out of 20 scanners reported malware.
Scan taken on: Thu 23 Jul 2009 17:08:11 (CET) Permalink
Additional info
File size: 61440 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 589312a3b46721c5a751e4d5222a89be
SHA1: 3a497d3968a4f6e3c648d196da38e5f98e75ec30
You asked for info.txt. I do not see an info.txt. there is a log.txt file, and I am attaching that, perhaps that's what you meant.