ComboFix 12-10-04.02 - kaysha 10/07/2012  22:43:20.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.1014.340 [GMT -7:00]
Running from: c:\users\kaysha\Desktop\ComboFix.exe
Command switches used :: c:\users\kaysha\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"d:\dokumen\data lama\software\Konami_Pro_Evolution_Soccer_2008_176x208_S60v3.jar"
"d:\dokumen\data\AGAMAKU\islamic\Athan_PC\AthanBasic3.exe"
"d:\dokumen\data\AGAMAKU\islamic\islam&wanita\Darah (Haid, Nifas, Istihadah).zip"
"d:\dokumen\data\AGAMAKU\islamic\islam&wanita\Tajwid Mudah.zip"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Smadav
c:\program files\Smadav\Smadav-Updater.exe
c:\program files\Smadav\Smadav.loov
c:\program files\Smadav\SmadEngine.dll
c:\program files\Smadav\SmadExtc.dll
c:\program files\Smadav\SM?RTP.exe . . . . Failed to delete
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe --> c:\windows\System32\csrss.exe
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --> c:\windows\System32\services.exe
.
(((((((((((((((((((((((((   Files Created from 2012-09-08 to 2012-10-08  )))))))))))))))))))))))))))))))
.
.
2012-10-08 05:54 . 2012-10-08 05:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-08 04:38 . 2012-10-08 04:38	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-10-07 21:26 . 2012-10-07 21:26	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-10-07 18:43 . 2012-10-07 18:43	--------	d-----w-	c:\program files\Rovio
2012-10-07 18:41 . 2012-10-07 18:41	--------	d-----w-	c:\program files\PhotoScape
2012-10-07 18:40 . 2012-10-07 18:40	--------	d-----w-	c:\program files\Common Files\Adobe
2012-10-07 18:01 . 2006-10-27 02:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-10-07 18:01 . 2006-10-27 02:56	32592	----a-w-	c:\windows\system32\msonpmon.dll
2012-10-07 17:54 . 2012-10-07 17:54	--------	d-----w-	c:\program files\Microsoft Works
2012-10-07 17:52 . 2012-10-07 17:52	--------	d-----w-	c:\windows\PCHEALTH
2012-10-07 17:52 . 2012-10-07 17:52	--------	d-----w-	c:\program files\Microsoft.NET
2012-10-07 17:47 . 2012-10-07 17:47	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2012-10-07 17:45 . 2012-10-07 18:02	--------	d-----w-	c:\programdata\Microsoft Help
2012-10-07 17:43 . 2012-10-07 17:43	--------	d-----r-	C:\MSOCache
2012-10-07 15:47 . 2012-08-21 09:13	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-07 15:46 . 2012-08-21 09:12	41224	----a-w-	c:\windows\avastSS.scr
2012-10-07 15:46 . 2012-08-21 09:12	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-07 15:46 . 2012-10-07 15:46	--------	d-----w-	c:\programdata\AVAST Software
2012-10-07 15:46 . 2012-10-07 15:46	--------	d-----w-	c:\program files\AVAST Software
2012-10-07 15:40 . 2011-07-11 21:36	34728	----a-w-	c:\windows\system32\AsusSender.exe
2012-10-07 15:40 . 2011-07-11 21:36	224680	----a-w-	c:\windows\system32\AsusService.exe
2012-10-07 15:40 . 2012-10-07 15:40	--------	d-----w-	c:\program files\ASUS
2012-10-07 15:40 . 2012-10-07 15:40	--------	d--h--w-	c:\program files\InstallShield Installation Information
2012-10-07 15:31 . 2012-10-07 15:31	--------	d-----w-	c:\windows\system32\Lang
2012-10-07 15:31 . 2011-04-20 06:39	1006360	----a-w-	c:\windows\system32\igxpun.exe
2012-10-07 15:30 . 2012-10-07 15:30	--------	d-----w-	C:\Intel
2012-10-07 15:06 . 2012-10-07 15:06	--------	d-----w-	c:\program files\Google
2012-10-07 15:05 . 2012-10-07 15:06	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-10-07 15:05 . 2012-10-07 15:05	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-10-07 13:55 . 2012-10-07 13:04	--------	d-----w-	c:\windows\Panther
2012-10-07 13:11 . 2012-10-08 05:46	--------	d-----w-	c:\windows\system32\wbem\Performance
2012-10-07 13:08 . 2007-03-22 03:39	1060864	----a-w-	c:\windows\system32\MFC71.DLL
2012-10-07 13:08 . 2007-03-22 03:33	503808	----a-w-	c:\windows\system32\MSVCP71.DLL
2012-10-07 13:08 . 2007-03-22 03:33	348160	----a-w-	c:\windows\system32\MSVCR71.DLL
2012-10-07 13:07 . 2012-10-07 21:33	--------	d-sh--w-	c:\windows\Installer
2012-10-07 13:06 . 2012-10-07 13:06	--------	d-----w-	C:\[Smad-Cage]
2012-10-07 13:04 . 2012-10-07 13:05	--------	d-----w-	c:\users\kaysha
2012-10-07 13:04 . 2012-10-07 13:04	--------	d-----w-	C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 00:17 . 2012-10-07 21:26	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-04 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 150808]
"HotkeyMon"="AsusSender.exe" [2011-07-11 34728]
"HotkeyService"="AsusSender.exe" [2011-07-11 34728]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 15:06]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 15:06]
.
2012-10-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 322de4f3-2eca-40a9-bf68-9dd4cf6316be.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\users\kaysha\AppData\Roaming\Mozilla\Firefox\Profiles\m11f685r.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-07  22:58:40 - machine was rebooted
ComboFix-quarantined-files.txt  2012-10-08 05:58
ComboFix2.txt  2012-10-08 04:32
.
Pre-Run: 90,438,496,256 bytes free
Post-Run: 90,402,676,736 bytes free
.
- - End Of File - - 71E0DB00111292932E5C859EEDB5BA79