ComboFix 08-04-10.7 - Linda Kristina 2008-04-11 18:13:28.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.69 [GMT -5:00]
Running from: C:\Documents and Settings\Linda Kristina\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Linda Kristina\Desktop\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


(((((((((((((((((((((((((   Files Created from 2008-03-11 to 2008-04-11  )))))))))))))))))))))))))))))))
.

2008-04-11 13:54 . 2008-04-11 17:18	<DIR>	d--------	C:\WINDOWS\system32\drivers\downld
2008-04-11 13:43 . 2008-04-11 13:43	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 13:43 . 2008-04-11 13:43	<DIR>	d--------	C:\Documents and Settings\Linda Kristina\Application Data\Malwarebytes
2008-04-11 13:43 . 2008-04-11 13:43	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 10:20 . 2008-04-11 11:52	<DIR>	d--------	C:\Geeks_New
2008-04-10 20:36 . 2008-04-10 20:36	<DIR>	d--------	C:\Program Files\ParetoLogic
2008-04-10 20:36 . 2008-04-10 20:36	<DIR>	d--------	C:\Program Files\Common Files\ParetoLogic
2008-04-10 20:36 . 2008-04-10 20:36	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-04-10 20:31 . 2008-04-10 21:49	<DIR>	d--------	C:\paretologic
2008-04-09 21:51 . 2008-04-09 21:51	<DIR>	d--------	C:\Documents and Settings\Linda Kristina\Application Data\Thinstall
2008-04-09 21:51 . 2008-04-09 21:21	12,828,619	--a------	C:\RegCure 1.5.exe
2008-04-09 20:11 . 2008-04-09 21:00	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-09 20:11 . 2008-04-09 21:00	1,409	--a------	C:\WINDOWS\QTFont.for
2008-04-09 19:54 . 2008-04-09 19:54	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 19:54 . 2008-04-09 19:54	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 19:53 . 2008-04-09 19:53	<DIR>	d--------	C:\Program Files\CCleaner
2008-04-09 07:42 . 2008-04-09 19:54	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware
2008-04-09 07:42 . 2008-04-09 07:42	<DIR>	d--------	C:\Documents and Settings\Linda Kristina\Application Data\SUPERAntiSpyware.com
2008-04-09 07:38 . 2008-04-09 07:38	1,239,357	--a------	C:\MGtools.exe
2008-04-08 21:05 . 2008-03-29 12:45	1,146,232	--a------	C:\WINDOWS\system32\aswBoot.exe
2008-04-08 21:05 . 2004-01-09 03:13	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2008-04-08 21:05 . 2008-03-29 12:23	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2008-04-08 21:05 . 2008-03-29 12:35	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-08 21:05 . 2008-01-17 10:34	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-08 21:05 . 2008-03-29 12:31	75,856	--a------	C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-08 21:05 . 2008-03-29 12:27	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-08 21:05 . 2008-03-29 12:26	26,944	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-08 21:05 . 2008-03-29 12:29	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-08 21:05 . 2008-03-29 12:35	20,560	--a------	C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-05 17:10 . 2008-04-05 17:10	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\U3
2008-04-05 17:04 . 2008-04-05 18:12	<DIR>	d--------	C:\Documents and Settings\Linda Kristina\Application Data\U3
2008-04-05 17:03 . 2004-08-04 00:08	26,496	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-05 10:10 . 2008-04-05 10:10	<DIR>	d--------	C:\WINDOWS\system32\windows media
2008-04-05 10:10 . 2008-04-05 10:10	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp
2008-04-05 10:10 . 2008-04-05 10:10	<DIR>	d--------	C:\Program Files\Windows Media Components
2008-04-05 10:09 . 2008-04-05 15:21	737,280	--a------	C:\WINDOWS\iun6002.exe
2008-04-04 22:40 . 2006-10-26 20:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-04-04 22:36 . 2008-04-04 23:00	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-21 14:18 . 2008-03-21 14:18	<DIR>	d--------	C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-21 14:17 . 2007-10-22 19:58	1,721,712	---------	C:\WINDOWS\system32\InetClnt.dll
2008-03-16 19:58 . 2008-03-16 19:58	<DIR>	d--h-----	C:\WINDOWS\PIF

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 21:46	---------	d-----w	C:\Documents and Settings\Linda Kristina\Application Data\ComcastToolbar
2008-04-10 00:53	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-21 19:21	---------	d-----w	C:\Documents and Settings\Linda Kristina\Application Data\Intuit
2008-03-21 19:17	---------	d-----w	C:\Program Files\Common Files\Intuit
2008-03-20 12:03	---------	d-----w	C:\Program Files\CrossTrainerII
2005-07-14 19:31	27,648	--sha-w	C:\WINDOWS\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-04-10_23.07.47.21   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-04 01:29:06	761,856	----a-w	C:\WINDOWS\gmer.exe
+ 2008-04-11 22:16:31	68,512	----a-w	C:\WINDOWS\system32\drivers\downld\13204887.exe
+ 2008-04-11 22:16:50	715,780	----a-w	C:\WINDOWS\system32\drivers\downld\13219648.exe
+ 2008-04-11 19:12:06	68,512	----a-w	C:\WINDOWS\system32\drivers\downld\2142560.exe
+ 2008-04-11 19:50:01	68,512	----a-w	C:\WINDOWS\system32\drivers\downld\4414728.exe
+ 2008-04-11 19:50:22	715,780	----a-w	C:\WINDOWS\system32\drivers\downld\4432483.exe
+ 2008-04-11 19:52:43	68,512	----a-w	C:\WINDOWS\system32\drivers\downld\4574778.exe
+ 2008-04-11 19:53:01	715,780	----a-w	C:\WINDOWS\system32\drivers\downld\4592744.exe
+ 2008-04-11 20:24:34	68,512	----a-w	C:\WINDOWS\system32\drivers\downld\6490623.exe
+ 2008-04-11 20:24:47	715,780	----a-w	C:\WINDOWS\system32\drivers\downld\6498003.exe
+ 2008-04-11 20:28:31	68,512	----a-w	C:\WINDOWS\system32\drivers\downld\6724749.exe
- 2008-04-10 00:09:44	58,800	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 2008-04-11 04:08:54	58,800	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2008-04-10 00:09:44	392,626	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2008-04-11 04:08:54	392,626	----a-w	C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ParetoLogic Anti-Spyware"="C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-08-01 13:56 2643312]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [2007-04-11 17:47 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus CX3800 Series (Copy 1) on LMK-XP]
--a------ 2005-02-07 22:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus CX3800 Series on LMK-XP]
--a------ 2005-02-07 22:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-04-10 22:21 79224 E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2007-04-19 15:21 198184 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
--a------ 2004-03-10 16:16 204800 E:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-15 22:01 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-06 18:33 282624 E:\Program Files\QuickTime_4\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 E:\Program Files\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-08-07 02:04 688128 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\dnloads\\eMule\\eMule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\EMule Extracts\\EMule.46c\\emule.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"D:\\dnloads\\eMule\\eMule_II\\eMule.exe"=
"D:\\Program Files\\EMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\drivers\hpt3xx.sys [2004-01-05 04:10]
R0 hptpro;hptpro;C:\WINDOWS\system32\drivers\hptpro.sys [2003-01-27 10:12]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 12:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 12:35]
S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 03:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17282e89-0346-11dd-a3b2-000103c623f3}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 01:37:31 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-04-11 12:03:04 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job"
- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
"2008-04-11 05:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 18:17:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-04-11 18:21:49 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-11 23:21:41
ComboFix2.txt  2008-04-11 18:40:35
ComboFix3.txt  2008-04-11 16:48:36
ComboFix4.txt  2008-04-11 15:36:42
ComboFix5.txt  2008-04-11 12:01:22
Pre-Run: 1,013,223,424 bytes free
Post-Run: 998,600,704 bytes free