ComboFix 10-05-14.06 - Owner 05/14/2010 21:41:02.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.898 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Guest\Application Data\alot c:\documents and settings\Owner\Application Data\alot c:\documents and settings\Owner\Application Data\rbap550.dll c:\documents and settings\Owner\Application Data\RBDB550.dll c:\documents and settings\Owner\g2mdlhlpx.exe c:\documents and settings\Owner\Recent\Thumbs.db c:\documents and settings\Vishakha\Application Data\alot c:\documents and settings\Vishakha\Application Data\alot\BrowserSearch\BrowserSearch.xml c:\documents and settings\Vishakha\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup c:\documents and settings\Vishakha\Application Data\alot\Button_0\Button_0.xml c:\documents and settings\Vishakha\Application Data\alot\Button_0\Button_0.xml.backup c:\documents and settings\Vishakha\Application Data\alot\Button_1\Button_1.xml c:\documents and settings\Vishakha\Application Data\alot\Button_1\Button_1.xml.backup c:\documents and settings\Vishakha\Application Data\alot\configurator\configurator.xml c:\documents and settings\Vishakha\Application Data\alot\configurator\configurator.xml.backup c:\documents and settings\Vishakha\Application Data\alot\contextMenu\contextMenu.xml c:\documents and settings\Vishakha\Application Data\alot\contextMenu\contextMenu.xml.backup c:\documents and settings\Vishakha\Application Data\alot\ErrorSearch\ErrorSearch.xml c:\documents and settings\Vishakha\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup c:\documents and settings\Vishakha\Application Data\alot\postInstallLayout\postInstallLayout.xml c:\documents and settings\Vishakha\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup c:\documents and settings\Vishakha\Application Data\alot\products\products.xml c:\documents and settings\Vishakha\Application Data\alot\products\products.xml.backup c:\documents and settings\Vishakha\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html c:\documents and settings\Vishakha\Application Data\alot\Resources\BrowserSearch\images\favicon.ico c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_0\images\alot_logo_button.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_1\images\alot_search_button.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_201\images\default_1390_facebook.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_201\images\default_1390_facebook.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_202\images\default_1390_facebook.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_202\images\default_1390_facebook.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_203\images\default_1390_facebook.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_203\images\default_1390_facebook.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_204\images\default_1390_facebook.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_204\images\default_1390_facebook.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_205\images\default_1390_facebook.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_205\images\default_1390_facebook.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_3\images\default_2307_music_videos.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_3\images\default_2307_music_videos.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_4\images\default_1042_alot_video_vault.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_4\images\default_1042_alot_video_vault.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_6\images\default_1390_facebook.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_6\images\default_1390_facebook.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_7\images\default_1045_alot_rea_laughs.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_7\images\default_1045_alot_rea_laughs.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_8\images\default_1103_alot_lottery_dollar.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_8\images\default_1103_alot_lottery_dollar.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.png c:\documents and settings\Vishakha\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\contextMenu\images\alot_icon.png c:\documents and settings\Vishakha\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\domains.dat c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\alot_brand.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\alot_splitter.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\discover.png c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\spinner.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\widget_bottom.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\widget_caption.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\widget_error_close.bmp c:\documents and settings\Vishakha\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp c:\documents and settings\Vishakha\Application Data\alot\TimerManager\TimerManager.xml c:\documents and settings\Vishakha\Application Data\alot\TimerManager\TimerManager.xml.backup c:\documents and settings\Vishakha\Application Data\alot\toolbar.xml c:\documents and settings\Vishakha\Application Data\alot\toolbar.xml.backup c:\documents and settings\Vishakha\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml c:\documents and settings\Vishakha\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup c:\documents and settings\Vishakha\Application Data\alot\ToolbarSearch\ToolbarSearch.xml c:\documents and settings\Vishakha\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup c:\documents and settings\Vishakha\Application Data\alot\Updater\Updater.xml c:\documents and settings\Vishakha\Application Data\alot\Updater\Updater.xml.backup c:\program files\scdata c:\program files\scdata\dbsinit.exe c:\program files\scdata\images\i1.gif c:\program files\scdata\images\i2.gif c:\program files\scdata\images\i3.gif c:\program files\scdata\images\j1.gif c:\program files\scdata\images\j2.gif c:\program files\scdata\images\j3.gif c:\program files\scdata\images\jj1.gif c:\program files\scdata\images\jj2.gif c:\program files\scdata\images\jj3.gif c:\program files\scdata\images\l1.gif c:\program files\scdata\images\l2.gif c:\program files\scdata\images\l3.gif c:\program files\scdata\images\pix.gif c:\program files\scdata\images\t1.gif c:\program files\scdata\images\t2.gif c:\program files\scdata\images\Thumbs.db c:\program files\scdata\images\up1.gif c:\program files\scdata\images\up2.gif c:\program files\scdata\images\w1.gif c:\program files\scdata\images\w11.gif c:\program files\scdata\images\w2.gif c:\program files\scdata\images\w3.jpg c:\program files\scdata\images\word.doc c:\program files\scdata\images\wt1.gif c:\program files\scdata\images\wt2.gif c:\program files\scdata\images\wt3.gif c:\program files\scdata\wispex.html C:\setup.exe c:\windows\system32\18467.exe c:\windows\system32\491.exe c:\windows\system32\Thumbs.db D:\Autorun.inf Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected Restored copy from - Kitty had a snack :p . ((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 ))))))))))))))))))))))))))))))) . 2010-05-13 00:14 . 2010-05-13 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-05-13 00:14 . 2010-05-13 00:14 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-13 00:14 . 2010-05-13 00:14 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2010-05-13 00:13 . 2010-05-13 00:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-12 02:46 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-05-12 02:46 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-05-12 02:46 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-12 02:46 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-12 02:46 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-05-12 02:46 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-05-12 02:46 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-05-12 02:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-05-12 02:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-12 02:45 . 2010-05-12 02:45 -------- d-----w- c:\program files\Alwil Software 2010-05-12 02:45 . 2010-05-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-05-12 02:43 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-12 02:43 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-12 02:43 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-12 02:43 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-12 02:43 . 2010-05-12 02:43 -------- d-----w- c:\program files\Avira 2010-05-12 02:43 . 2010-05-12 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-10 01:26 . 2010-05-10 05:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar 2010-05-10 00:23 . 2010-05-11 01:15 -------- d-----w- c:\program files\Ask.com 2010-05-10 00:22 . 2010-05-10 00:22 -------- d-----w- c:\program files\Foxit Software 2010-05-09 15:42 . 2010-05-09 21:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bbbturras 2010-05-09 15:27 . 2010-05-09 15:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-05-09 15:27 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-09 15:27 . 2010-05-09 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-09 15:27 . 2010-05-09 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-09 15:27 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-09 14:50 . 2010-05-09 14:54 -------- d-----w- c:\windows\SxsCaPendDel 2010-05-09 14:16 . 2010-05-09 14:16 -------- d-----w- c:\program files\IObit 2010-05-09 14:16 . 2010-05-09 14:16 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit 2010-05-08 19:55 . 2010-05-08 19:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-08 19:44 . 2010-05-09 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-02 01:50 . 2010-05-02 01:50 -------- d-----w- c:\documents and settings\Vishakha\Application Data\HpUpdate 2010-04-25 14:37 . 2010-04-25 14:37 -------- d-----w- c:\documents and settings\Vishakha\Local Settings\Application Data\Identities 2010-04-25 14:37 . 2010-04-25 14:37 -------- d-----w- c:\documents and settings\Vishakha\Application Data\Windows Desktop Search . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 04:35 . 2006-05-08 20:06 12 ----a-w- c:\windows\bthservsdp.dat 2010-05-14 20:43 . 2004-11-11 22:54 -------- d-----w- c:\program files\LogMeIn 2010-05-13 00:15 . 2010-05-13 00:15 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-13 00:15 . 2010-05-13 00:15 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-13 00:15 . 2010-05-13 00:15 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-10 03:01 . 2004-10-03 06:38 79736 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-10 02:54 . 2004-05-22 01:06 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-05-08 22:39 . 2004-12-21 22:35 -------- d-----w- c:\program files\ICQToolbar 2010-05-06 15:52 . 2010-05-06 15:52 16 ----a-w- c:\documents and settings\Owner\Application Data\woxcdv.dat 2010-04-27 01:42 . 2007-06-17 20:03 -------- d-----w- c:\documents and settings\Vishakha\Application Data\LimeWire 2010-04-26 16:45 . 2007-06-17 19:25 -------- d-----w- c:\documents and settings\Vishakha\Application Data\Apple Computer 2010-04-18 21:35 . 2004-10-07 00:26 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-15 10:06 . 2008-12-02 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-04 03:23 . 2007-02-12 01:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2010-03-10 06:15 . 2004-04-29 17:31 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2004-01-22 07:16 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-04-01 04:49 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 16:10 . 2004-04-01 04:49 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2002-08-29 08:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2004-10-18 19:46 . 2004-10-18 19:46 0 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-01 39408] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-07 2017280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "VTTimer"="VTTimer.exe" [2004-10-22 53248] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "vdrdpup"="c:\windows\system32\vdrdpup.dll" [2005-05-18 94208] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "VX3000"="c:\windows\vVX3000.exe" [2006-10-14 707376] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-14 277296] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-16 115560] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192] c:\documents and settings\Guest\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 04:50 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rainit] 2009-10-02 04:50 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Documents and Settings\\Vishakha\\Desktop\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/11/2010 7:46 PM 164048] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/11/2010 7:44 PM 135336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/11/2010 7:46 PM 19024] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2007 1:27 PM 12856] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 5:26 PM 102448] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [10/4/2004 1:38 PM 12192] S1 aebd;aebd;\??\c:\windows\system32\aebd.sys --> c:\windows\system32\aebd.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [3/16/2009 3:35 PM 23904] S3 sonydcam;Generic 1394 Desktop Camera;c:\windows\system32\drivers\sonydcam.sys [8/29/2002 1:33 AM 25344] S3 STVqx5;Digital Blue QX5(tm) Microscope;c:\windows\system32\drivers\STVqx5.sys [9/2/2006 6:09 PM 64512] S3 STVqx5m;Digital Blue QX5(tm) Microscopem;c:\windows\system32\drivers\STVqx5m.sys [9/2/2006 6:09 PM 6144] . Contents of the 'Scheduled Tasks' folder 2010-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-05-14 c:\windows\Tasks\Norton Security Scan for Owner.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-10 07:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = localhost;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html Trusted Zone: k12.ca.us\dssdisco.lausd Trusted Zone: voyagerlearning.com\secure.vport Trusted Zone: yahoo.com\login . . ------- File Associations ------- . .txt= . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-klmdb.sys SafeBoot-Symantec Antvirus AddRemove-DSMT6 - C:\Setup.exe AddRemove-mIRC - c:\windows\system32\explorer.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-14 22:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\LMIinit.dll . Completion time: 2010-05-14 22:10:25 ComboFix-quarantined-files.txt 2010-05-15 05:10 Pre-Run: 62,116,245,504 bytes free Post-Run: 67,201,957,888 bytes free - - End Of File - - 820BCF5C769B3305A6378E27A1551FB8