ComboFix 10-05-28.02 - Administrator 05/28/2010  17:37:48.4.4 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3069.2784 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\feed.txt
c:\windows\system32\hlp.dat
c:\windows\system32\tmp.reg

Infected copy of c:\windows\system32\drivers\kbdhid.sys was found and disinfected 
Restored copy from - Kitty had a snack :p 
Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected 
Restored copy from - c:\windows\ServicePackFiles\i386\ws2_32.dll 

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-28  )))))))))))))))))))))))))))))))
.

2010-05-28 21:07 . 2010-05-28 21:07	--------	d-----w-	C:\_OTL
2010-05-28 16:10 . 2010-05-28 16:10	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Apple Computer
2010-05-28 16:09 . 2010-05-28 16:09	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-05-26 21:00 . 2010-05-26 21:00	--------	d-----w-	c:\documents and settings\Administrator\Application Data\AOL
2010-05-26 12:34 . 2010-05-26 12:34	--------	d-----w-	c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-26 12:33 . 2010-05-26 12:33	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-26 02:40 . 2010-05-26 02:40	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-05-26 00:43 . 2010-05-26 00:43	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2010-05-26 00:32 . 2010-05-26 00:32	--------	d-----w-	c:\documents and settings\Administrator\Application Data\AdobeUM
2010-05-26 00:31 . 2010-05-26 00:32	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-05-25 23:34 . 2010-05-25 23:34	--------	d-----w-	C:\VundoFix Backups
2010-05-25 23:05 . 2010-05-25 23:05	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Webroot
2010-05-25 22:53 . 2010-05-25 22:53	--------	d-sh--w-	c:\documents and settings\Administrator\PrivacIE
2010-05-25 22:52 . 2010-05-25 22:52	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache
2010-05-15 17:55 . 2010-05-15 17:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-15 17:55 . 2010-05-15 17:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
2010-05-15 17:55 . 2010-05-15 17:55	--------	d-----w-	c:\program files\McAfee Security Scan
2010-05-15 17:55 . 2010-05-15 17:55	1956656	----a-w-	c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-05-15 17:55 . 2010-05-22 14:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2010-05-03 23:03 . 2010-05-05 16:02	--------	d-----w-	c:\program files\Norton 360
2010-05-03 23:02 . 2010-05-05 15:46	60808	----a-w-	c:\windows\system32\S32EVNT1.DLL
2010-05-03 23:02 . 2010-05-05 15:46	124464	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-03 23:02 . 2010-05-05 15:46	--------	d-----w-	c:\program files\Symantec
2010-05-03 22:22 . 2010-05-03 22:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\PCSettings
2010-05-03 22:20 . 2010-05-03 22:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-03 22:20 . 2010-05-03 22:44	--------	d-----w-	c:\program files\NortonInstaller
2010-05-01 03:27 . 2010-05-25 22:29	--------	d-----w-	c:\program files\Steam
2010-04-29 00:21 . 2010-04-12 17:39	1808752	----a-w-	c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-29 00:21 . 2010-05-10 00:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Norton

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 21:48 . 2007-03-02 00:00	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-05-28 16:12 . 2008-04-13 14:11	1324	----a-w-	c:\windows\system32\d3d9caps.dat
2010-05-26 01:35 . 2008-04-15 01:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-25 22:17 . 2009-04-19 00:18	--------	d-----w-	c:\program files\City Interactive
2010-05-20 22:02 . 2008-09-27 04:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2010-05-12 01:54 . 2007-01-14 21:21	8354	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-05-05 15:46 . 2010-05-03 23:02	806	----a-w-	c:\windows\system32\drivers\SYMEVENT.INF
2010-05-05 15:46 . 2010-05-03 23:02	10635	----a-w-	c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-01 15:21 . 2007-05-19 13:40	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-04-29 19:39 . 2008-07-20 19:40	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-05-06 21:25	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-17 16:35 . 2010-04-17 16:35	--------	d-----w-	c:\program files\CNC 3 Map Manager
2010-03-10 06:15 . 2005-08-16 10:18	420352	----a-w-	c:\windows\system32\vbscript.dll
2007-03-17 19:09 . 2007-01-14 21:21	104	-csh--r-	c:\windows\system32\91AD597CC2.sys
2007-03-17 19:19 . 2007-03-17 19:19	88	--sh--r-	c:\windows\system32\C27C59AD91.sys
.

------- Sigcheck -------

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 21:02	238968	----a-w-	c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
"Malwarebytes Anti-Malware Reboot"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42	72208	----a-w-	c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35	50528	----a-w-	c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50	71216	----a-r-	c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER]
2006-12-12 15:46	19456	----a-w-	c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-07-11 19:50	19968	----a-w-	c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 11:20	122940	----a-w-	c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCQCATS]
2006-10-16 05:31	106496	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\dlcqtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcqmon.exe]
2006-06-20 17:37	286720	----a-w-	c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12	94208	----a-w-	c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01	67584	----a-w-	c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-06-15 10:03	307200	----a-w-	c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34	41824	----a-w-	c:\program files\Common Files\AOL\1171741720\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44	249856	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12	76304	----a-w-	c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-06-27 11:34	299008	----a-w-	c:\program files\Dell Photo AIO Printer 966\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2008-02-26 14:50	988512	----a-w-	c:\program files\Norton 360\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54	417792	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 04:00	1238352	----a-w-	c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2005-10-14 17:01	122880	------w-	c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\Common Files\\AOL\\1171741720\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\paukid\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 tiberium wars\\CNC3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 tiberium wars\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [11/14/2008 6:22 PM 1201640]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [9/26/2009 11:43 AM 45824]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/15/2010 8:52 PM 632792]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/22/2008 8:17 PM 24652]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [10/20/2007 10:53 AM 598856]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/3/2010 7:00 PM 102448]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:20 AM 10664]
S3 MBAMCatchMe;MBAMCatchMe;c:\program files\Malwarebytes' Anti-Malware\catchme.sys [5/25/2010 7:30 PM 27048]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [9/26/2009 11:43 AM 56960]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys --> c:\windows\system32\drivers\CM106.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 21:50]

2010-05-22 c:\windows\Tasks\wrSpySweeper_L23953B70C8704BD5845639FED976B2D9.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-10-20 20:19]

2010-05-22 c:\windows\Tasks\wrSpySweeper_L23953B70C8704BD5845639FED976B2D9.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-10-20 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 17:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AF59D01]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf740b852
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
user & kernel MBR OK 

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1359408678-2099340390-3988896321-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,b8,fe,d1,2e,26,ca,46,9d,bf,6c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,b8,fe,d1,2e,26,ca,46,9d,bf,6c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1836)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
.
**************************************************************************
.
Completion time: 2010-05-28  17:58:00 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-28 21:57
ComboFix2.txt  2008-04-17 11:29

Pre-Run: 432,547,004,416 bytes free
Post-Run: 432,614,760,448 bytes free

- - End Of File - - 548E76B87DDBDFABF863D946235D3161