Ron:
It worked
YES !!!
Here is
ComboFix Log
ComboFix 11-05-14.01 - Debra Flowers 05/14/2011 17:55:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.623 [GMT -7:00]
Running from: c:\documents and settings\Debra Flowers\Desktop\George.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Debra Flowers\Application Data\PriceGong
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Debra Flowers\Application Data\PriceGong\Data\z.xml
c:\windows\system32\x517_256.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
.
.
2011-05-15 01:07 . 2011-05-15 01:07 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-05-15 01:07 . 2011-05-15 01:07 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-05-15 01:07 . 2011-05-15 01:07 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-05-15 01:07 . 2011-05-15 01:07 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-05-15 01:07 . 2011-05-15 01:07 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-05-15 01:07 . 2011-05-15 01:07 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-05-15 01:07 . 2011-05-15 01:07 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-05-15 01:07 . 2011-05-15 01:07 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-05-15 01:07 . 2011-05-15 01:07 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-05-15 01:07 . 2011-05-15 01:07 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-05-15 01:07 . 2011-05-15 01:07 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-05-15 01:07 . 2011-05-15 01:07 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-05-15 01:06 . 2011-05-15 01:06 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-05-15 01:06 . 2011-05-15 01:06 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-05-15 01:06 . 2011-05-15 01:06 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-05-15 01:06 . 2011-05-15 01:06 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-05-15 01:06 . 2011-05-15 01:06 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-05-13 18:46 . 2011-05-13 19:53 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\DailyMagic
2011-05-12 17:19 . 2011-05-12 17:19 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\LegacyInteractive
2011-05-12 04:04 . 2011-05-12 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2011-05-09 04:53 . 2011-05-09 04:53 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\quickclick
2011-05-01 13:01 . 2011-05-01 18:26 -------- d-----w- c:\documents and settings\Debra Flowers\Local Settings\Application Data\Digital Smoke
2011-05-01 13:01 . 2011-05-01 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Digital
2011-05-01 13:01 . 2011-05-01 13:01 -------- d-----w- c:\documents and settings\Debra Flowers\Local Settings\Application Data\Downloaded Installations
2011-04-30 17:59 . 2011-04-30 17:59 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\Az-Art
2011-04-30 02:52 . 2011-04-30 02:52 -------- d-----w- c:\documents and settings\Debra Flowers\Local Settings\Application Data\dj3
2011-04-28 09:28 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 09:28 . 2011-04-28 09:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-28 09:28 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 00:18 . 2011-04-28 01:30 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\Maximize Games
2011-04-28 00:18 . 2011-04-28 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Maximize Games
2011-04-26 21:26 . 2011-04-26 21:26 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\Sungift Games
2011-04-26 21:26 . 2011-04-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sungift Games
2011-04-24 19:25 . 2011-04-24 20:33 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\Happy Muffin Top
2011-04-21 18:07 . 2011-04-21 18:07 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\Funlinker
2011-04-19 03:58 . 2011-04-19 03:58 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\My Games
2011-04-15 16:31 . 2011-04-15 16:31 -------- d-----w- c:\documents and settings\Debra Flowers\Local Settings\Application Data\WildWestStory
2011-04-15 07:13 . 2011-04-15 07:13 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\Cosmonaut Games
2011-04-15 05:09 . 2011-04-15 05:09 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\Zylom
2011-04-15 05:09 . 2011-04-15 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2011-04-15 04:46 . 2011-04-15 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2011-04-15 04:46 . 2011-04-15 04:46 -------- d-----w- c:\documents and settings\Debra Flowers\Application Data\GameHouse
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 21:00 . 2009-08-18 18:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-09 21:00 . 2009-08-18 18:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 05:33 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 17:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 17:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 14:04 . 2011-04-12 22:46 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2011-04-12 22:46 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2011-04-12 22:46 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 13:56 . 2011-04-12 22:46 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2011-04-12 22:46 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2011-04-12 22:46 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2011-04-12 22:46 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2011-04-12 22:46 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2011-04-12 22:46 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2011-04-12 22:46 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:06 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-07-12 02:06 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-07-12 02:06 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 12:56 . 2004-08-10 17:50 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= 5ed9f75d9d755ad1a37d34ae14546e015815c95b4b772cd436f43c4ffe2a2e009c81d92ccd0e10300bb72ec5bb98f282a8a68ea2b092fa08bdf08e80f799d048394e8bcfc19e21bc2b092132dda0651c534b81b5030c09f8ee71a9edcce2756ce31b8932cedfec357eebba357e2983947b27ee6703c7a2cd8d38667fba2586a9da2c79f9b291c2f57c34149130c0b901022634cc2c4a2622edb4fb6e6fd229943034526805023ee608c0ec5d5ed0ccd00bf12e9d0b05fb5c9e17a30ae39c5667a8f9779c81464e211752fddec3e7b5915c4f296f4c16430eea12168204a115c6ba32825e9307b7283bca384ddfe9fce3c19924fef3b9e88b02ade63e1ef968cc7b0ee65bf663cb36fcc87cc6a8f797bd2b6d78957178023901909c0226ea79e44c4b1deaac1a1ddf2cba264e801640ad967e54c8d631b1ecb6d33b3b49e1015dc6021adf16c8e0828b92473ccfb16e801bc974bfa97a8d2f6b4055cbfd98639bd8652235c991dc84a2f718c8308126de6d8df8c2f6963352bf10865505933bbbb6843c0c26eb5037aa8d23d4d1593967e30caab264a5cbcddd190a78df491aaf4631517fbb624e197cb2de24603220581560e849ad9e628059e3f8d074b175e7c3476a24fb17d0a8837af0b07ce1a38022ffd10f65a5c9a2764d84a0391925eb0cba2d50a2eef2210f464d201f2d949fec26c8e6b0550fd5d74164ca59d88dc546b34dcba29cdc88744e94371a7bedc7df14ab36cfc45641cabdeceb40d8b8d14cbc370ea2cc0ebb4c0021b5fe486f963e2350e4c76dfa8730784a81c95fc2d9c597cdd89fc74b78b6da491a3a5210774cdf62d96130008be8096f8e2c96fc8d7bfefe13883c5b96fc0e2a4e29b6df67783b3bd3f4ccc0dd48b2a4b57a322470d6b51a512726d2472e9c1ab64c39987a825161299bcfc699a8d571a3ada3b1269aba134e7d413216f5a7d00bea8a25537bd876ef9f3834ea3d929b9ac18f47e724c2d3107d7ba103d03b7974d46b722dfa4d16a5aa32c1d3d0ee4a449789e56c74374839678a0dee7ee7582f9a36b95875de5413e4f13f2a5aa32b99ae0147e81efbe061b893134e9b26e18d29e4b52750ce18d9eb24dd7596e49b86c18d60330428a466b2897c2cb1d3105f893a4f83ba0de2ef53f35e2dc074bda3e4bc0f72679c6d9e52d22f6fd98a5e187724cf6c97413823dc73d8dc2d5015f1c929c475ccbb812252bdf592dfba55b2ff1d2b74298a59c5e9755bbf3eedcc1f41b82cf908a5e0aaca1e7a0f44fd3bf45ba0d6d0024077af5e7e046f283fa3a52f54ba7c05f0cfc0ef4e9bea0d6549450d752baee6ea099bc983b95c54b3efa10947573d004ae129d8265cccf30b4779e395e43a1fa98dccfb9f4bead7a7a5ce9665b6f651df82244d998aa8ee2bfe9ee15f02f302e30676122dfc5f365ecb0833bcf5002f62775bb736f04d071c06f7856906818e9bca697547e01bc952e8c1d7643e5c709ada14ed7c74cc6f2eebfa6beae7b667adbd10fefb3194a72a1cc677c37789f34261cf54cb056a306bc9744e9dc8eeb91483a713b4d3602ce1222dd3fddb1eed2c1f1fc35bba1da080556b9c23ed63b31d84501aa0168bd277cee57d8f7a4571b7b03c920ba483d445383a968b033f8ecb0b1780ccc8e05fc07387b51c803b46a76921f0d1ae49d6471ae0bdc447a8b62a64a6fed1361a221f5db46759d90568b8cd3401c082f26ccdaeb0aaeff7ce0f25f7b39893d2f2ad1d16bebfc1dba1c2f5cc68de8d7d2768deff7d1024b3195c215b7d550777027f98ce1d0f8c4be059330ac4885bb3a59174070e69f2b8b776f37e4c442267707adb6e02eb0c8f509fb26b9b689834080557760ae924dda7d847e387a7cfab4b44852d1ff51e9493e5b5e4a6dc78e0244ea12b3397a7ad2885b6389f175d6cca8487d8097fad61bbba4ae854a98e27b088eb56dca79f5c2ae2c5ab3ced23572b8d3a6a22532721c0712659bdcd5644d154bb60d19189aa1b7ea00e359a5323b13b6d15542676e2765d32caac386b00a5b7f0a65217def84aa31ec86ccd2f982ac67d2670b5a9f3594e26e585fdbe702c6c822f10a76125b07dfa48bf29af40d431fb6c638f0526ec0f754872f886ee2fee5c7e861798e6397d2b25dcb4670d8abc5c47d62861970480f161dd79e5b96d71f3eee7f0ebe4aafb12ddbd07541e1eb22d49bfb1cae6cf0a6b433a830b7e735a43e071366c6cf75e03b8192952fcfcb54d69dddcbbbc55649612db76b3fe8a52a5d92440df5958b1ca1a654028f6282efce465a840430ab17cc9074a3c256039c1e38109f78fd252a71d8c3aee88cb3ceebae429c3acf86cb8ceca91bba9cd090fc3812741c3006f5dd5d41061500caff2968f66ea4e3cb00d826c02b8dd876d80a40e818707c20b36540ae6c96b96140e72420d69ca3d571c416a57c589066728e88b282f32d51a2ff5846a6df3a10ae1d584073a1df518215d9172c2a66fe489fc44041f29a84455e3a60a0705e1ba17b1832525df31ad18a53da9fbb61e0a0b291e3f0e7d5357e6d9d06665981c296304e3ed0e62ecac82304b7a99aad81f0592e0069c311a56f299dc5e2d2ed78e3615655fa36bca383c7c48eecbf5a5bcf6f94cf01f714fe488a4ac30bb07cf1e2956595e11e320fca32e778e65b7afb2d710ddb85236de9b36219936449a84b4494d6a49fd1f6b1f2ac244b9941186d0a20972cf9e6993e726a894e854c38f5438df231f8630c7b38b195d3766950a1174d546aa0c2a2f716d262322f4fe8d489233ff007e72820127b829d96db9ed791083b4f4695fb384d758f8f6ce7dbf3d67ab8d0a96998af85cdb4e4eb11147d4115f5be6371dcec628cf65367457cc47b969356c684042d2cc8f25f448bb0569e047a401fa8f401166bab60b9deaed5246b5724cffa9d960b8592b834224d1bd54eeb1a830c6297c3c4501349cd09eec0617788ed2e1cdad510c97b160cfbc353d4386ad9922524ceece8c241295db900c3398cf279885f146ecbcf777d1e536cbe8eaacfc64967276cf0843d1947409a00ca2ff7e73ac68f43e01809cafb0b387a6e40dddbaaaf2c388fb0f824bf690e5ad6d93e2dda3dd7de254ccea2ff68df2773f8f97c3e738fbc1afd67e5fa29dd827989b3e458e074e56daec8927202add3de6011c74a6d4ade6212d810ef700492d7534e7edae5f2245cdd29d9ca9d50a319a339bba8bfab94b517cf97a3b994cc1eb4175236434c113630cf9f291f37e7c963cddf4b29cdfc5f4f9a4250a55f447a9a2c8d22fd80d938846a46e4e25ad9b3473050ea4fe0d37a7bfaeec066a9aa4ae43d4e5593372ff6b1ba1fb1a68ebcfd2e8b5d3d8dc0cf9792d4ea138b5a511c998766a96e99deb70868d0c803fe4be803a42f42a955c62f14e4c85f0602be3202fe294cd263d014b9f41ece503c0b116322acbfb25a69909d16262fb4f27970f3b3059ad725a3c3bf97fe24911af2549f98348402fcee3392780374143cabfb6008307c26dcbc122e2ee162cee8a3a1091f5435eacd93bc8b5217429af191bc75ad010d5a7c1f53c6eb3859c63de288de8474fc42a5b8ed5d01a7dc0232783645285eaf39c068600140698d9a158f11648815b72ae2434dad8be5cc4369351c2e0e899571f7361092f1063b743b50d2dcaa8dff6f1f01471690986276aa5dccc5cf8eda5e465d7993817f5ddc98b6378959a25a4f7fba577c30a63c292c7e8395b22fbd544761877b7531eceb780487a75405e721ed52da3f84334d9ad56a0e3e6e67bf21c5a2043ab6ba5f2fe292a4d5df545bd1013866ee1379ce4941f1eec1126cdd3c41719d5453fe7d834c6925a673e30a9487d165278a89edbb99127b50a435e6c13dabc21c499503a3a36bf58e2788989e0048ef0bfb274d08210aa7ae1176422aea7104beb0ae12e7fd622b92d14cbd9c7a152f59fd5c3ba3f63131e5a80b19f01485fcc1a5d40070fd13289c3465da6ca530c53d92abce57b78731b068d545fd3cebd6f499806dd6552f20d3601bf597bfabeddb055f988d89f18737acf8672ea7bcfe9c94c4ce2cfb0035cc8cec9e5ddbfa96b15fb8a4f1b110bbb429cb236c6724675551e7974ce91cac648bc14aa295681de5e89b32438373b19f27b545ac57d19eabaf4f6d4bde95d11f4bdbaab4f6da8235f1565106bb3830ac12ee1c64a97da8261aebca4e5a87c9e8d2fa8147cab9c4116c0f99711179d53a5cf622a3eeb9a1cd8118b5832149356393aa7c52dda96c5002a9257ff52ec12b3c51f170ad01047b27394b3c6713353aca32bfb3d91b88c274393679055b928fc4a6d90712280c2d92fd0aeb3a7240fdcbe6fc6318ec99957800bcc12944306fc4807557dbc0973f715ec48411f56af5736477d5066a9bf90d127443e51435cf85fa3dec634ac704d2d520246742f9c2eddd25a3e0e59b4b59de34203d5107e418309c711531e34ff2ceb0b08a8efd65dc77bb964e4ce0200e87e0212bd191b40050d1bf40dc5c8a8fc15bc6251d8747a8cd8a3a32aedcc29d7690f78e0b443dee7344692e0da7091f4257410162777307ce3bb3920f9b5deb9d46e123d24291ea58f46f1f0a366b76a10d0ad2e141333ea36ed22e2376c61384653b36a73bfd31c660bc31851f0619323f13bb1fef6a44cb1ec3707f1ce5b7c2c94e19906b4c08bcbd44a6511ca56b7f5c79e63a8cf66ac2b6d5f9056a4ca581f28e06d19ce726d3b42cd7ee3f8e0e31a65a1cc1a6eac730d212d6418a3011c986918d6acbcab1ea2f3165ab797c2d60a8a63c0200fc310207d706b2c3fb147f120bf517dc5320b517bbabab8330f7f57cb2bc40490b6d9db00c2df8fd4b8e6ff3e92520a6f4b83a35c94b528c2c924ef67c5237422a32f51ce207f5236de9f246d7a4ae424afdeccc01d0e12af49d70dfde6b59a225316be1f640f8dc9654e4a645c50cf738fd32fcf468f9bf7d22182a7ce48fcaca55369f654da55ef72ebad9f0b6d0adba01613f4f9607e16a5648fcb15a9436466a3ce9a7c794875500ba46d8b34e1cf534c846365f2454c6408092f70fe1098fb547099d85ac2b3953b1bfa0b393d75333a0fc43b84e54b05dac577f7e056166011c01fad3380aed96607fa90b4058793e9e79c5ea59ef808afa3c16c8c38bd8651f0c41fb57176ad6a792975ae1f25f21c5c147ac9c9b41f8caacfd39d2c6dd062ebf4483785b780f84a9890f1200f815a759f5d60cf8ce71019e389773aba8e08ecb9913dccda3681ad6c174e325e02939cba6158e070f9a4fd55d89f8c6b88f499638979b160fe123cfea7d20d93da0f6438b407aa24fc52a3e108a292bbc6c35d0ff017335dd342719f5526c7d9361296f296369dc2b85bd56c05d099ee54a80af66822b2f7ba69677d797e73bdd072f17167d87ae32c7a024753d44bfc4d9b9dc5f7d4943fa89edbbc7e73951fe2e8973d5e2fd489aee118f119fafa0301250b54ba3b5422980600384c4a55127006e94260f712124c5e9e6b8b03c4f6327a5b80e6a54aa3ee7a8e40a38c06a5968eb2d0c820c67a5de42b72384575931c0720f311231a5e0ad38203c4e9b06cf16475b49645a4f4b29fd1fe20ee584ebea9a13dcf1ba3789e6ea7b164094f946c1bd6fd757899b76858a5d7a8eb2eb5dc244085a082734780a8e870b24b94eb044fdb5e132d61aebe981dc5da60af932796f35283f1d60f5e7068666e41338da4e2cb935e86a7eadeba2f24fb4816fa165cea92ac50e5ea01fa3e170f4d0e8d3b5c6d14ff4648f356b006047a736b0ef291bd4ecc6e2657283d5a1df6b8794cff1437de2a343aecf81dc3c452aa913d8480024789457cc6890d0ba1a0154c15e1a9b489509b8e253bda0b3b973107824bb7cc74fc503dafdf2e539bcb97ce4d93e824ab92dabed1870463b4a3a1f405e1945b5896a9be86491ef850c46249456b1c4ce5cd6f2a06797c0e771329a7d9e4a72116f93c1c30caad61e273b489f0fb4885157f29e33c8cb94cf2cc0d521ce54468e59e1732fb43b200fb4bc2942939d02c65c0cdbc5a2aee7cf9fab9a226d16071b18e4f7287b90102f12a22170c5ec5ab1825f1e285eeaac0120a4b41a35f6fa54260120b653cf4416f563edb79f66882513e5a8fc35fd2d8180c05cadd2f89b9e5dc72739183bb1b4f69e8356159eafde09643fd00f9156bde95e9717fd7ffe544620bf6b080c2d837ab4a684d4eef13c3cc17f453c3783c7a9288d78519354defbfd7e6eaba63113c8ae1064cc720ab7d1da8b4ba95f00f5216d17f072b3b866106c6278948c5cc2fd2f5160a5a555479d2dc30cd5afde5aa1129acb02b96775b433fe228f32b67faa3f3d1bb9e7ef3466b1099855a83bfd65dd301b419e153933d70f20b13749a39548cfa6341cdc265daefc1ca25e3afe65bde1db8d1fa9436f5f6a33e7acf26cfb690c879486ac712fd07f7abf41c0ac2013e0eb950f637874b17dfaebd4fcb6d37fdb036b242f662775bbb243c2e1bbc9022afcfed793453b05b472d2a1bbceadc85434b1aebf1e1be0f92141d43406a3acf34063a93dd6f18ee2f949ade3e0c84680ba20b3a9e108c8f550b7e537b80a5871c1e89e8181427cb771ce64cfcb8cbcda7fdbbf2e6710c36bd4ba72fb206e4668082fcc3be0ec945bcc6cdf6ae1f761f0cc0a0b838945c22611df018a80b1ee3820daace5ee716da87c4b0b34bcecee25dfd5943782c88ba4572eeda227fafb78655652f9410ca834ef51bcc036d32497e635bec7dee64196430f3aa337d1c36b6c03393fb1bdf9909ce7029cf5a736e5be683634de161968ae9472b35ec7a23db8d1fdeedc94fdff574da6ed0005bb8c6e1ae1cc59a9b4e87933918790e12f0075c82d019516042def5e0bac87cb829d87982cf1b4e625174e7e80b9da838a769a368ef4c0f29df1cf5aaff192db9ef2c892b446cc5507f92e6eebeca9ee9a5c7d11706237d0f6c4f23ddfee3ccfaa6324a7a7222c0883a3a651083fd84bba377c7202615b63871ba7b13a50ee8cac619bbb51d1220deda7177b5fe4b580578dfd4e0268e6cfe747f46aa016729758762cd06a1f4bb923aa95ea645f85d21ae6d287f9107d15eabdf1e3a0d0bdc7c18c276b3a5c1c62184ed2a792839dbe7a0ca7a51c959ecdcc3da68b3a15bce03da652e3b4a2b4adad2a4effd78c6896cb2c2d7fcd1374c6483a5b64d9b241da81556ee44549a58a0af82f7fd2c87b0b88bfcdcd78741a8e25839bbf47cfe1a11b7d349ba5959b3bfbf064c551ca9d4756879362033fb50340d65673386dd971ab2f3c489c5dfd223e00a19382bd113a1248558ec36b6cdb98eb118642a4757e533d011f48c706c70ab99a101a8d1aefc93b64a880b3f1eff0c44fe32970941a6423b57a2d338938f61c77388f0f3a60b4e5e14f53cd81eadce30279f154a53ecfa728e5f6df0d1a3c0dda0b44d35d7945f2ca73f50c6dce0eea2614523160591d5817f310cddb0cc115394290f6095edaff7a678110bfc00212609fa0e0c95e0fd9b1032fef627ba3fe395157f703c6fc6dd748e54b6a312d7400dfbe116ee6b9814c6adaf74f5779637876ceec751e540da3df1dfee99e29a6a02586ba58b4a2ecb084cfa2dce6f6e7e19133743abfdd885b6a9aac9fce22141358f5244b1d0b2fc3e4a215f4cbe27604fe17d666568cffd3962c0cb27ca2ec6a15db8a5d1a97eaa947f67282c360a2aa2a298463f3db952102a0d3bde61c34a600d68a6b032fc1bfc934b197ed37a00aedae19ab67a18e926535524e9f4f5fc774258234d1ef20f9a429ffb3c6c3730eabf6382b9b366af1da77ae082d42687cc7409d63864dbb3e4d8540bd74d496942c018c7051e47a375fb68565d8640a242bd288aecddb266211d9036b49bb237be97afb42cdf661f7a8ae560bde9896de7cabb671b47a0eb334fd0bfc99a0defc92dd64ad3fede0b49b2bdb9a6abe44b1142d690315195ce44f55ba96b928b474817e7b2cb83037e49a7faabcf2e5fccb5dc77697613a5a3be9b2516c5a2fffd04dc0231af45c3370648e1aa84834f4256823b04bc9094b6b1ccca96ce7fd54b6cac781c09e9c760ec6ee7360c6c15762f9fe9e74f27dcb2419408169840305ec8e10010875e966879e240ac040b2f88e19f366e86eae4f47f9b3ee00d3eb0bd1c5fa22375f24d3835f2cd777e4977b06cf06c504b576ee30707f3d7e38678836e7b1867b3125db6b1a256110b8dea96ff686b199c5d6eb1a330cddb770039408a3d626b5733af3717c2d0a69812a1304183515b50e3c38c67e4341d47cd1fafdb6f5dc2785b91826352c3e494fd4bf2b9def1637e87526f0c0a85e1cfb0ff6e7deeb44554c1947fe7a248c4398b3354d807fa91ac2af0d2c0a88909519812a22478a0af1d7247430edd8c1bcd071c848932be785edc860b26444b0593295cd17ad56f96725adaa39e1c0610c78f20a2ae42d011f0a01db1c44ae637c4cf0af452189b42b06b95b76840659eeb50aca778ee40dd3f9a73d9c7d499358d2ec444eda5d2004631aa445a9bc23cf38fe419ccf23309ae756966da6b622da7d7dea4b36cca8293a0ec21eb40583ac871adc2de6761237d855984c0c6b74b075bf4e0a8952eb4e206c38312e31ed52aadd1cb5e11e418200c6d4e4f52615bacf1aa538d327a70d5c0de56230c969cc34aef24890291231bdc8bda4e7c48119a02b123bec90955bc5415662585816796107fcd8330b1c5339849c70cad6e6e11f2e287a9c4e368a2474f8375a00b3bcc65a4f541513773693d8f5d11a34b8e21c765cefd9ce6875a2996b45cd0dc71b7442fa8c44cceecd4c4b1a5c4e4bf6ed1c441bbae2097bfd459298d1abda17d850857d1612b0d98914cddd3230d6fd727116ff2c2bc3f517e3bade921e4c557f54d20c668f56678035109a961a315c590cbb5d8bb60f94606ffd6bcbae36e66a2b69263b4a78676f4bd04fe966b83286364b8635db05e14a600338b9e3f43364c696815ffa0129a6e357d44c2bba4dfff169b23f722dc7311f928583f161fc930ba0eaac68f0892ca8c38d1df1875b2b47217fd7e5009c0a6c6204fbe6aab8abab64c5e5dae068ef1c296b43bf50782ae3f814ef6df3061ce39d78f20f2e20c0d3d06cb8ec2a2c28f4b9f40f4c09a81da5545801f020a0c2433f21ed1c1c66ada22733441dcb3651c40eade99544e0c3f114bbd77cf26324afde0756c155dec7ae7cfc52f80952b17be386d17ace15bd03b4a1bdf5e2ecbfac9fd693bf8d5f0bb74aec46352d450fffc9bee94334e07f455687b8fdc07438c289d54197ee9c7ff50263879bf826c465ed136fd399a839ba116d33475fa42d411ef446bb605392adf979ee818cf85c5136c420df9c3685efe04f40e38bfc7c7b1a75a74bb95ad6183d0809de98bc6a38faf573a30dbe59a34a931d081347e6493d7f14638cf362db31483331f94fa2d50e2ae76874b88e2956a8df344f75f50f2e007727f9bf1a16aba381f36c024a31333f108baf2d34799c936a330434a23bbbfbf4511c6cdf1cc9c78acaa1512b80e33aa01769cccc2fcec782ea75d0cfde005598827b5f9d30522e3ca42423ccb57f9706526f58260e9d6a0fd6993fb7e7019d6e98035dc0ac5b3b6b749c7dd5767adada5828dbbb2f6a169299d4f99b8d7b93f5d6bb857167a1ac93ec629029fbf2597884af12b20c20c93fa3cc339ea10a5be169438e4502beaaaa37f4ab82b0a78fe2adbda99599711f67cbe2c39392f1be02aef66a33126ef1e9f0c6a14b429404a2cbbe0a79d0d39ef101635f1624e3e03ebc101ab5e62729ff0a110f0bd406a826762e2bf00e5b18c2af12b7c7cd1444428025470db8a1754e58bf8449a188f07f84768ca8a898806d28b3527344f6a4ac8df166f1be3521e24c6f2aa7a145ab7c32793fa70029e40a77d09b281a2bf57765824da153e628ef9dafdaff8f3aeea9d3b6e20d931d168f5469553cb3f7b73ab36da551ec7b4616fba6ad58e28ffbb317d7eff632de0c784a32f02927aec44a6f0aed1c2980df7c94ebea2cf70ff2a934b366f4ad4d5289f998078f7f772c2f98c1dbf4eef10cea59f1e8bfb9b3abda219f0ace55e36d99dbebf811e0ba8999f73f26d484a36878b0a94d2b899edffccca52288a25bcb3ceebfd7a1d55f628801d0be6933fd438d90115215231f18e50ae5af18629cc2d622d9a3bb29c5d49e90ffdbdd2c9b531eb5e910a55814bae32d5cdf05100f2cf0d018d6172c4ac0aa2f41ef1771132b56ac2c25bb46c708cb20330fd8e21062e1c55115702bdc99f1cd785901f944096c87cae9cf1873c27f3d883de67f110ef4f2203c305aaae3c721f5f3c80107966d2e8ca28b21518f94b6afddf18c2f5359ce7b6ab54b2c08eea73344aab92e92d3b77bd6d87a8296dfc31183cecf649fa5e7c3214d02a611a466edfffb7f7ef0c1b6bf130735986970b6ef57dfcebce45f456ccc53a7000e4ec682c688b4e6d09baca1eca430ef8895b097ed427de98fe7f947e72f10fd74809f53f2216cf97560992c1c534e4904627e63693c4c6b7f04e859d0ec3feed2e6c245b89b28bbaf03329b6b0155ec5b89a335bfef5df5d1e5d90d9445f68f44d78c52429e3c59f84b00912a516bae497960acae185107dba6a5227b0eaef370b7b957402ca52872e59a7ba3e6ddfffed279e3431f1bda5b51b55d38ac61a731902ebba5d33a6d84fb941c2a1d01735aeb47ff8b109a361367b901aa7cfa289250828a11e9d2d88c1eaeaa6aba2956665c485d59ecb976bb825d02887e744e355bf36df292a80a048e735fdfdab86759616e2c7afe661bcb36b63489f3a74d1092673cf616cf49578bb2ee26e3e2369ecd08c137db26a313f58ee7c16ec31fcfb4b25299750cb501056a73923f87107731b0e5f202f00
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
2009-04-27 19:16 1742848 -c--a-w- c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:wildtangent games
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2010 1:51 AM 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/12/2011 3:46 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/12/2011 3:46 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/12/2011 3:46 PM 19544]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 1:55 AM 2146496]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:14]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-05-14 18:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-14 18:13:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-15 01:13
.
Pre-Run: 58,615,099,392 bytes free
Post-Run: 58,515,841,024 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 24007FFF84F1A88612423586EE6815A8