ComboFix 11-09-08.03 - Owner 09/08/2011 21:27:29.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1453 [GMT 8:00] Running from: c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.000\WINDOWS c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\WINDOWS c:\documents and settings\Administrator.YOUR-RVLNHR6V8D\WINDOWS c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\hpeC.dll c:\documents and settings\All Users\Documents\~WRL0994.tmp c:\documents and settings\All Users\Documents\Copy of ~WRL0994.tmp c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini c:\documents and settings\Angie.YOUR-RVLNHR6V8D\WINDOWS c:\documents and settings\Angie\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Guest\WINDOWS c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini c:\documents and settings\Owner.YOUR-RVLNHR6V8D\WINDOWS c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\HPQDOC~1.EXE.7f11b083.ini c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini.inuse c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.ccbceb54.ini c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.ccbceb54.ini.inuse c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\Install.exe.91d4de35.ini c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini c:\documents and settings\Owner\WINDOWS c:\program files\001JoinerSplitterPro_Setup.exe c:\program files\messenger\msmsgsin.exe C:\System c:\system\FILES\Desktop.ini c:\windows\bwUnin-6.1.0.155-8876480L.exe c:\windows\bwUnin-6.1.4.65-8876480L.exe c:\windows\CDAC13BA.EXE c:\windows\CDAC14BA.DLL c:\windows\dasetup.log c:\windows\help\wmplayer.bak c:\windows\system32\comct332.ocx c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\keylog.txt c:\windows\system32\ps2.bat c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll c:\windows\tsoc.log . . ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 ))))))))))))))))))))))))))))))) . . 2011-09-07 15:44 . 2011-09-07 15:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2011-09-06 09:22 . 2004-08-03 16:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2011-09-06 09:22 . 2001-08-17 14:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe 2011-09-06 09:22 . 2001-08-17 14:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2011-09-06 09:22 . 2001-08-17 14:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2011-09-06 09:22 . 2001-08-17 14:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe 2011-09-06 09:22 . 2001-08-17 14:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe 2011-09-06 09:22 . 2001-08-17 04:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys 2011-09-06 09:22 . 2004-08-03 14:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys 2011-09-06 09:22 . 2004-08-03 16:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2011-09-06 09:22 . 2004-08-03 14:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys 2011-09-06 09:20 . 2001-08-17 05:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys 2011-09-06 09:19 . 2001-08-17 04:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys 2011-09-06 09:18 . 2004-08-03 14:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys 2011-09-06 09:17 . 2001-08-17 04:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys 2011-09-06 09:16 . 2001-08-17 05:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys 2011-09-06 09:15 . 2001-08-17 05:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys 2011-09-06 09:14 . 2001-08-17 05:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys 2011-09-06 09:13 . 2001-08-17 14:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe 2011-09-06 09:12 . 2001-08-17 14:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll 2011-09-06 09:11 . 2001-08-17 05:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys 2011-09-06 09:10 . 2001-08-17 06:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys 2011-09-02 14:14 . 2011-09-02 14:14 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-09-02 14:14 . 2011-09-02 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-09-02 10:41 . 2002-08-29 12:00 68608 ----a-w- c:\windows\system32\plugin.ocx 2011-09-02 07:05 . 2011-09-01 18:27 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-09-01 18:12 . 2011-08-18 07:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-09-01 09:40 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-09-01 09:40 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-01 09:40 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-01 09:40 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-01 09:40 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-01 09:40 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-09-01 09:40 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-09-01 09:40 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-09-01 09:39 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr 2011-09-01 09:39 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-01 03:27 . 2011-09-01 03:27 -------- d-----w- c:\program files\Common Files\Apple 2011-09-01 03:27 . 2011-09-01 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-09-01 02:52 . 2011-09-01 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-09-01 02:52 . 2011-09-01 02:52 -------- d-----w- c:\program files\AVAST Software 2011-08-31 16:52 . 2011-08-31 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2011-08-31 16:20 . 2011-08-31 16:20 2923248 ----a-w- c:\program files\WindowsXP-KB914882-x86-ENU.exe 2011-08-31 13:52 . 2004-08-03 16:56 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll 2011-08-31 13:52 . 2004-08-03 16:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-08-31 13:48 . 2004-07-17 03:40 19528 ----a-w- c:\windows\005695_.tmp 2011-08-31 13:27 . 2002-08-29 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe 2011-08-31 13:04 . 2011-08-31 13:04 278927592 ----a-w- c:\program files\WindowsXP-KB835935-SP2-ENU.exe 2011-08-31 08:22 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Angie.YOUR-RVLNHR6V8D 2011-08-29 20:23 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Owner.YOUR-RVLNHR6V8D 2011-08-29 20:18 . 2004-08-03 15:14 52736 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys 2011-08-29 20:18 . 2004-08-03 15:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-08-29 20:18 . 2004-08-03 14:58 24576 -c--a-w- c:\windows\system32\dllcache\kbdclass.sys 2011-08-29 20:18 . 2004-08-03 14:58 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys 2011-08-29 17:39 . 2011-02-16 11:00 17370496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL 2011-08-29 15:02 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001 2011-08-29 13:13 . 2004-08-03 15:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2011-08-29 13:11 . 2004-08-03 15:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2011-08-22 18:52 . 2011-08-22 18:52 1409 ----a-w- c:\windows\QTFont.for . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-01 03:58 . 2010-05-01 23:36 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe 2011-08-24 15:34 . 2011-05-14 06:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-01 06:14 . 2011-08-01 06:14 73048120 ----a-w- c:\program files\4vc9y445 dr webb 2.exe 2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll 2011-07-17 11:26 . 2011-07-17 11:26 6490479 ----a-w- c:\program files\Install_VideoTodoPro_6.0.0.0.exe 2011-07-08 13:53 . 2011-08-07 14:34 14215496 ----a-w- c:\program files\PDFXVwer.exe 2011-07-06 11:52 . 2009-08-24 02:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 11:52 . 2009-08-24 02:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-07-01 02:45 . 2010-07-31 07:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec 2011-03-31 18:19 . 2011-03-31 18:19 1448614 ----a-w- c:\program files\wrar400.exe 2011-03-16 15:06 . 2011-03-16 15:06 6489190 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.3.exe 2011-02-13 19:42 . 2011-02-13 19:42 6489068 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.2.exe 2011-01-29 08:34 . 2011-01-29 08:34 4138449 ----a-w- c:\program files\personalVPN_Installer.exe 2010-08-29 17:08 . 2010-08-29 17:08 1967336 ----a-w- c:\program files\installspeedfan441.exe 2010-08-07 04:34 . 2010-08-07 04:34 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe 2010-08-07 02:09 . 2010-08-07 02:09 1364522 ----a-w- c:\program files\wrar393.exe 2010-08-02 19:21 . 2010-08-02 19:12 19461015 ----a-w- c:\program files\vlc-1.1.2-win32.exe 2010-07-31 02:56 . 2010-07-31 02:56 115547440 ----a-w- c:\program files\DigitalImageStarter06.exe 2010-07-31 01:25 . 2010-07-31 01:25 20393805 ----a-w- c:\program files\Hugin_2009-4-0_win32_setup.exe 2010-07-31 00:51 . 2010-07-31 00:51 128750008 ----a-w- c:\program files\Ad-AwareInstall.exe 2010-07-31 00:36 . 2010-07-31 00:36 3366912 ----a-w- c:\program files\Panorama ICE-1.3.5-for-32-bit-Windows.msi 2010-07-31 00:30 . 2010-07-31 00:30 9284121 ----a-w- c:\program files\PosPanoramaPro_SetUp.exe 2010-07-23 00:52 . 2010-07-23 00:52 4203037 ----a-w- c:\program files\MyPhoneExplorer_Setup_1.7.6.exe 2010-05-02 17:44 . 2010-05-02 17:44 6489810 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.1.exe 2010-05-02 00:02 . 2009-08-19 16:41 693840 ----a-w- c:\program files\wmv9VCMsetup.exe 2010-04-21 00:03 . 2010-04-21 00:03 2899511 ----a-w- c:\program files\SkypeRecorderSetup.exe 2009-10-07 01:07 . 2009-10-07 01:07 7292928 ----a-w- c:\program files\VideoTodoPro2.exe 2009-08-15 15:58 . 2009-08-15 14:34 7290880 ----a-w- c:\program files\VideoTodoPro.exe 2009-08-12 13:39 . 2009-08-12 13:39 308160 ----a-w- c:\program files\avast_home_setup.exe 2009-08-02 22:14 . 2009-08-02 22:14 1925024 ----a-w- c:\program files\install_flash_player.exe 2009-07-22 01:50 . 2009-07-22 01:50 1092216 ----a-w- c:\program files\Google Updater.exe 2009-06-06 23:02 . 2009-06-06 23:01 1237824 ----a-w- c:\program files\Setup 3D.exe 2009-05-09 20:37 . 2009-05-09 20:37 812344 ----a-w- c:\program files\HJTInstall.exe 2009-01-21 00:15 . 2009-01-21 00:15 4865408 ----a-w- c:\program files\Silverlight.2.0.exe 2009-01-07 05:18 . 2009-01-07 05:18 19333112 ----a-w- c:\program files\DivXInstaller.exe 2009-01-07 04:46 . 2009-01-07 04:46 16320472 ----a-w- c:\program files\vlc-0[1].9.8a-win32 VLC Media Player.exe 2009-01-07 04:36 . 2009-01-07 04:36 9506511 ----a-w- c:\program files\FVStudio30.exe 2008-12-15 16:38 . 2008-12-15 16:38 90749456 ----a-w- c:\program files\NVIDIA 178[1].13_geforce_winxp_32bit_english_whql.exe 2008-12-15 16:02 . 2008-12-15 16:02 2462200 ----a-w- c:\program files\ac3filter_1_51a.exe 2008-11-11 04:18 . 2008-11-11 04:18 28868320 ----a-w- c:\program files\FileFormatConverters.exe 2008-08-18 01:04 . 2008-08-18 01:04 22453544 ----a-w- c:\program files\SkypeSetup.exe 2008-08-17 19:56 . 2008-08-17 19:56 14905624 ----a-w- c:\program files\oovoosetup.exe 2008-07-06 05:52 . 2008-07-06 05:44 382352 ----a-w- c:\program files\jre-6u6-windows-i586-p-iftw JAVA.exe 2008-06-27 03:58 . 2008-06-27 03:58 21924608 ----a-w- c:\program files\Sony Ericsson PC Suite_3.209.00_EN.exe 2008-06-23 04:31 . 2008-06-23 04:31 23454528 ----a-w- c:\program files\AdbeRdr812.exe 2008-06-20 00:59 . 2008-06-20 00:59 20740760 ----a-w- c:\program files\avinstall pctools antivirus.exe 2008-06-07 05:04 . 2008-06-07 05:04 840679 ----a-w- c:\program files\7z432 7zip.exe 2008-06-06 05:13 . 2008-06-06 05:13 4974945 ----a-w- c:\program files\AVIMoviePlayer52.exe 2008-06-03 00:46 . 2008-06-03 00:46 2400784 ----a-w- c:\program files\WLinstaller Messager.exe 2008-05-29 01:14 . 2008-05-29 01:14 1559005 ----a-w- c:\program files\FreeFLVPlayer1[1].0.exe 2008-05-20 02:42 . 2008-05-20 02:42 26815520 ----a-w- c:\program files\kis7[1].0.0.125en.exe 2007-07-24 19:47 . 2007-07-24 19:47 219 ----a-w- c:\program files\setup.reg 2007-06-28 17:15 . 2007-06-28 17:15 25556480 ----a-w- c:\program files\kis.en.msi 2006-11-28 04:16 . 2006-11-28 04:16 484352 -c--a-w- c:\program files\ie6setup.exe 2004-05-16 17:52 . 2004-05-16 17:52 276992 -c--a-w- c:\program files\mpeg_joiner.exe 2004-04-03 01:32 . 2004-04-03 01:32 19979192 -c--a-w- c:\program files\iTunesSetup.exe 2004-01-02 03:01 . 2004-01-02 03:01 10135688 -c--a-w- c:\program files\MPSetupXP.exe 2003-12-29 05:35 . 2003-12-29 05:34 10802360 -c--a-w- c:\program files\RealOnePlayerV2GOLD_bb.exe 2003-12-28 19:58 . 2003-12-28 19:58 5313488 -c--a-w- c:\program files\DivX51Bundle.exe 2003-12-06 03:33 . 2003-12-06 03:33 3662787 -c--a-w- c:\program files\spybotsd12.exe 2003-09-17 04:30 . 2003-09-17 04:29 3740624 -c--a-w- c:\program files\DivXPlayerInstaller.exe 2003-07-09 05:11 . 2003-07-09 05:11 2270960 -c--a-w- c:\program files\nsradioplus.exe 2003-07-07 03:55 . 2003-07-07 03:55 8365240 -c--a-w- c:\program files\RealOnePlayerV2GOLD.exe 1998-09-30 14:26 . 2006-01-12 17:31 683520 -c--a-w- c:\program files\MSREGX32.DLL 1998-08-25 15:47 . 2006-01-12 17:31 29696 -c--a-w- c:\program files\MSRUN32.EXE 1996-11-06 06:10 . 2006-01-12 17:32 886784 ----a-w- c:\program files\MetaComp.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe . [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll . [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys . [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632] "KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440] "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648] "WCOLOREAL"="c:\program files\Coloreal\coloreal.exe" [2002-11-27 131072] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-01-11 315392] "nwiz"="nwiz.exe" [2002-09-10 372736] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-8 553021] hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [N/A] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-7-9 156160] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] MsnFixer.lnk - c:\hp\bin\msnfix\msnfixjs.js [N/A] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-21 53248] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640] R2 mrtRate;mrtRate; [x] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 aswFsBlk;aswFsBlk; [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] . . --- Other Services/Drivers In Memory --- . *Deregistered* - MBAMSwissArmy . Contents of the 'Scheduled Tasks' folder . 2011-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:26] . 2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57] . 2011-09-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 01:03] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 01:56] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 01:56] . 2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1786441397-2294659099-1544360120-1003Core.job - c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 15:49] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1786441397-2294659099-1544360120-1003UA.job - c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 15:49] . 2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 14:44] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 14:44] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1013Core.job - c:\documents and settings\Angie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 14:44] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1013UA.job - c:\documents and settings\Angie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 14:44] . 2011-09-08 c:\windows\Tasks\User_Feed_Synchronization-{798191DE-4619-4963-A03E-E2E7F57CD5DA}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uDefault_Search_URL = hxxp://srch-us7.hpwis.com/ mSearch Bar = hxxp://srch-us7.hpwis.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe uInternet Settings,ProxyOverride = localhost DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - . HKLM-Run-AutoTBar - c:\hp\bin\autotbar.exe AddRemove-{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-08 21:55 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(700) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Completion time: 2011-09-08 22:07:37 ComboFix-quarantined-files.txt 2011-09-08 14:07 . Pre-Run: 4,048,519,168 bytes free Post-Run: 6,478,389,248 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 875824994A733F1A514CED489B4AEE7F