ComboFix 08-04-22.5 - Owner 2008-04-25 13:42:46.2 - NTFSx86
Running from: C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dllcache\figaro.sys
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\WINDOWS\base64.tmp
C:\WINDOWS\braviax.exe
C:\WINDOWS\Help\oqtxde.chm
C:\WINDOWS\nivavir.config
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dllcache\figaro.sys
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\uFhiQqss.ini
C:\WINDOWS\system32\uFhiQqss.ini2
C:\WINDOWS\system32\univrs32.dat
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\Web\def.htm
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_asc3550p
-------\Service_oqtxde
-------\Service_asc3550p
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.
2008-04-25 13:41 . 2002-08-29 05:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-04-25 13:41 . 2002-08-29 05:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-04-25 12:55 . 2008-04-25 12:55
d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-25 11:58 . 2008-04-25 11:58 d-------- C:\Deckard
2008-04-24 20:54 . 2008-04-25 13:37 d-------- C:\!KillBox
2008-04-24 20:30 . 2008-04-24 20:30 d-------- C:\VundoFix Backups
2008-04-24 20:10 . 2008-04-24 20:12 d-------- C:\MGtools
2008-04-24 20:10 . 2008-04-24 20:12 40,568 --a------ C:\MGlogs.zip
2008-04-24 20:10 . 2005-01-13 20:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-04-24 19:59 . 2008-04-24 19:59 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-24 19:42 . 2008-04-24 19:42 d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Malwarebytes
2008-04-24 19:20 . 2008-04-24 19:20 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Malwarebytes
2008-04-24 19:20 . 2008-04-24 19:20 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 19:19 . 2008-04-24 19:19 d-------- C:\Program Files\Common Files\Download Manager
2008-04-24 19:12 . 2008-04-24 19:12 d-------- C:\WinPFind3u
2008-04-24 19:12 . 2008-04-24 19:12 d-------- C:\Rustbfix
2008-04-24 19:11 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-24 19:11 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-24 19:11 . 2008-03-09 02:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-24 19:11 . 2008-03-05 23:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-24 19:11 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-24 19:11 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-24 19:11 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-24 18:51 . 2008-04-24 18:51 d-------- C:\Program Files\Alwil Software
2008-04-24 18:44 . 2007-10-29 15:46 401,720 --a------ C:\Hjeeet.exe
2008-04-24 18:37 . 2008-04-24 18:37 483,328 --a------ C:\WINDOWS\system32\hphmon05.exe
2008-04-24 18:37 . 2002-10-16 16:57 81,920 --a------ C:\WINDOWS\system32\ps2.exe
2008-04-24 18:37 . 2008-04-24 18:37 52,736 --a------ C:\WINDOWS\system\hpsysdrv.exe
2008-04-24 18:14 . 2008-04-24 18:14 d-------- C:\Program Files\CCleaner
2008-04-24 17:32 . 2008-04-24 17:32 10,752 --a------ C:\exefix_xp.com
2008-04-24 17:31 . 2008-04-24 17:30 69,696 --a------ C:\FixSirc.com
2008-04-24 17:15 . 2008-04-25 13:41 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-24 17:15 . 2008-04-24 17:15 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\SUPERAntiSpyware.com
2008-04-24 17:15 . 2008-04-24 17:15 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-24 17:15 . 2008-04-24 17:21 1,509,211 ---hs---- C:\WINDOWS\system32\krdkkjha.ini
2008-04-24 17:14 . 2008-04-24 17:14 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 17:13 . 2008-04-24 17:13 109,738 --a------ C:\WINDOWS\BM4794470a.xml
2008-04-23 05:15 . 2008-04-23 05:18 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-23 05:15 . 2008-04-23 05:18 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-23 05:13 . 2008-04-24 18:48 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-22 18:56 . 2008-04-22 18:56 d-------- C:\Program Files\Norton Security Scan
2008-04-22 18:38 . 2008-04-22 19:06 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 18:38 . 2008-04-22 18:38 827,392 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-04-22 11:15 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-22 11:15 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-22 11:15 . 2001-08-17 13:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-22 11:15 . 2002-08-29 01:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-22 11:15 . 2002-08-29 03:40 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-22 11:15 . 2001-08-17 13:48 13,952 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-22 11:15 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-22 11:15 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-22 11:15 . 2002-08-29 01:32 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-22 11:14 . 2002-08-29 01:33 55,680 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-22 11:14 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-22 09:59 . 2008-04-22 09:59 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\ErrorSmart
2008-04-22 09:52 . 2008-04-25 13:43 dr-hsc--- C:\WINDOWS\system32\dllcache
2008-04-22 08:29 . 2002-12-12 01:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-22 08:28 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-04-22 08:28 . 2008-04-22 08:28 4,094 -rahs---- C:\WINDOWS\system32\drivers\HP_PC032A-ABA A527X_YC_Pavi_QMXK423_E42NAheBLU4_4_IKelut_SASUSTek Computer INC._V2.02_B3.03_T040209_WXH1_L409_M448_J120_7AMD_8Athlon XP 3000+_92.1_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G11067205.MRK
2008-04-22 08:27 . 2005-06-01 12:54 175,712 --a------ C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 08:26 . 2008-04-17 15:01 7,160 --a------ C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\NMM-MetaData.db
2008-04-22 08:14 . 2008-03-25 08:46 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Incomplete
2008-04-22 08:14 . 2005-03-18 16:27 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Yahoo! Messenger
2008-04-22 08:14 . 2006-05-01 14:24 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Yahoo!
2008-04-22 08:14 . 2006-12-22 09:38 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\WildTangent
2008-04-22 08:14 . 2007-08-26 12:40 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Webshots
2008-04-22 08:14 . 2007-11-25 13:25 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Viewpoint
2008-04-22 08:14 . 2008-04-22 06:13 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\TmpRecentIcons
2008-04-22 08:14 . 2006-11-02 08:01 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Template
2008-04-22 08:14 . 2004-01-21 02:48 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Symantec
2008-04-22 08:14 . 2004-01-20 20:21 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Sonic
2008-04-22 08:14 . 2004-06-28 10:32 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Share-to-Web Upload Folder
2008-04-22 08:14 . 2007-05-11 10:30 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\ScamBlocker
2008-04-22 08:14 . 2004-01-20 21:29 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\SampleView
2008-04-22 08:14 . 2008-04-17 14:48 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\PC Suite
2008-04-22 08:14 . 2008-04-18 14:16 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Nokia Multimedia Player
2008-04-22 08:14 . 2008-04-17 11:19 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Nokia
2008-04-22 08:14 . 2005-10-31 13:10 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Musicmatch
2008-04-22 08:14 . 2007-09-26 12:17 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\MSN6
2008-04-22 08:14 . 2004-07-14 09:29 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Motive
2008-04-22 08:14 . 2008-03-31 13:05 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\LimeWire
2008-04-22 08:14 . 2004-06-28 08:20 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Leadertech
2008-04-22 08:14 . 2004-12-23 14:46 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\j2 Global
2008-04-22 08:14 . 2004-12-06 07:40 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\InterVideo
2008-04-22 08:14 . 2008-04-24 18:18 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\interMute
2008-04-22 08:14 . 2005-07-22 11:20 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\HP
2008-04-22 08:14 . 2006-07-09 13:54 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\funkitron
2008-04-22 08:14 . 2004-09-20 18:01 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\FUJIFILM
2008-04-22 08:14 . 2005-05-29 16:27 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\EarthLink Toolbar
2008-04-22 08:14 . 2007-05-11 10:24 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Earthlink
2008-04-22 08:14 . 2008-04-17 17:15 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Datalayer
2008-04-22 08:14 . 2008-02-02 09:07 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\Aim
2008-04-22 08:14 . 2007-10-20 10:41 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Application Data\AdobeUM
2008-04-22 08:13 . 2004-01-20 20:48 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\WINDOWS
2008-04-22 08:13 . 2004-06-27 16:13 d---s---- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\UserData
2008-04-22 08:13 . 2008-03-25 08:45 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Shared
2008-04-22 08:13 . 2008-04-17 17:15 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Phone Browser
2008-04-22 08:13 . 2008-04-25 13:38 d-------- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z
2008-04-22 08:13 . 2008-04-25 13:48 77,824 --ah----- C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\ntuser.dat.LOG
2008-04-22 07:57 . 2004-01-20 20:48 d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-22 07:57 . 2004-06-27 16:13 d--hs---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-04-22 07:57 . 2008-03-25 08:45 d-------- C:\WINDOWS\system32\config\systemprofile\Shared
2008-04-22 07:57 . 2008-04-17 17:15 d-------- C:\WINDOWS\system32\config\systemprofile\Phone Browser
2008-04-22 07:57 . 2008-03-25 08:46 d-------- C:\WINDOWS\system32\config\systemprofile\Incomplete
2008-04-22 07:55 . 2003-09-19 01:47 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-04-22 07:54 . 2001-12-10 17:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-22 07:54 . 2001-12-10 17:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-22 07:54 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-22 07:54 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-22 07:54 . 2001-12-10 17:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-22 07:54 . 2001-12-10 17:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-22 07:53 . 2001-08-17 22:37 22,016 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-04-22 07:52 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-22 07:52 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-22 07:20 . 2004-06-27 16:13 d--hs---- C:\Documents and Settings\Default User\UserData
2008-04-22 07:20 . 2008-03-25 08:45 d-------- C:\Documents and Settings\Default User\Shared
2008-04-22 07:20 . 2008-04-17 17:15 d-------- C:\Documents and Settings\Default User\Phone Browser
2008-04-22 07:20 . 2008-03-25 08:46 d-------- C:\Documents and Settings\Default User\Incomplete
2008-04-21 22:12 . 2008-04-21 22:12 d-------- C:\Program Files\Windows Sidebar
2008-04-21 19:40 . 2008-04-21 19:40 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite
2008-04-17 11:14 . 2008-04-17 11:14 d-------- C:\Program Files\Common Files\PCSuite
2008-04-17 11:14 . 2008-04-17 11:14 d-------- C:\Program Files\Common Files\Nokia
2008-04-01 13:54 . 2008-04-01 13:54 d-------- C:\Program Files\Cablenut
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 02:28 --------- d-----w C:\Program Files\Wxvwgbtk
2008-04-25 01:48 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-04-25 01:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\dmpqzarm
2008-04-23 11:27 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-23 11:23 --------- d-----w C:\Program Files\Google
2008-04-22 16:01 3,884 -c--a-w C:\WINDOWS\viassary-hp.reg
2008-04-22 16:01 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-22 13:13 --------- d-----w C:\Program Files\The Cleaner
2008-04-22 13:13 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\TmpRecentIcons
2008-04-22 02:40 --------- d-----w C:\Documents and Settings\Guest\Application Data\Symantec
2008-04-18 21:16 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Nokia Multimedia Player
2008-04-18 00:15 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Datalayer
2008-04-17 21:48 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\PC Suite
2008-04-17 18:19 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Nokia
2008-04-17 18:14 --------- d-----w C:\Program Files\Nokia
2008-04-17 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-31 20:05 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\LimeWire
2008-03-24 21:09 --------- d-----w C:\Program Files\Common Files\Adobe
2006-11-04 23:08 135,168 ----a-w C:\Documents and Settings\All Users\Application Data\jevavqno.dll
2006-11-04 22:35 118 ----a-w C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\c39.bat
2006-11-05 23:29 6,668 --sha-w C:\WINDOWS\system32\tEdedJjl.ini2
.
[color=red]Files Infected - Win32.Agent.zb[/color]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 18:37 151597]
"AGRSMMSG"="AGRSMMSG.exe" [2003-12-12 22:54 88363 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"jdgf894jrghoiiskd"="C:\WINDOWS\TEMP\winlogan.exe" [ ]
"Service Pack 1"="C:\WINDOWS\System32\vedxg6ame4.exe" [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"lDbygiFghaRNwYW"= {44A7743A-EE0D-DE90-4441-CB946BE9BCEF} - C:\WINDOWS\system32\kpdfw.dll [2002-08-29 05:00 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 11:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jmq57.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xce13.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
S1 ydhqzop;ydhqzop;C:\WINDOWS\ydhqzop.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-22 18:56]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 16:01:33 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2006-11-04 22:34:18 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-04-23 01:56:41 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 13:48:24
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset004\Services\asc3550p]
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Completion time: 2008-04-25 13:55:15 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-04-25 20:55:04
Pre-Run: 92,523,921,408 bytes free
Post-Run: 92,526,321,664 bytes free
260