Jotti's says:
Found Nothing.
File OK
Combofix log:
ComboFix 09-02-24.02 - Mike 2009-02-25 17:35:59.2 - NTFSx86
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.
2009-02-25 16:21 . 2009-02-25 17:12 250 --a------ c:\windows\gmer.ini
2009-02-25 16:11 . 2009-02-25 16:14 1,434 --ah-c--- C:\aaw7boot.cmd
2009-02-25 15:00 . 2009-02-25 15:00 <DIR> d-------- c:\program files\Trend Micro
2009-02-25 10:59 . 2009-02-25 10:59 <DIR> d--hs---- c:\documents and settings\Default User\Temporary Internet Files
2009-02-25 10:59 . 2009-02-25 10:59 <DIR> d--hs---- c:\documents and settings\Default User\History
2009-02-25 10:39 . 2009-02-25 10:39 <DIR> d-------- c:\documents and settings\TEST\Application Data\Malwarebytes
2009-02-25 10:16 . 2009-02-25 10:16 <DIR> d-------- c:\documents and settings\Mike\Application Data\Malwarebytes
2009-02-25 10:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 10:15 . 2009-02-25 10:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 10:15 . 2009-02-25 10:15 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 10:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 22:18 . 2009-02-24 22:18 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-22 18:17 . 2009-02-22 18:17 <DIR> d-------- c:\program files\Norton Support
2009-02-22 18:08 . 2009-02-22 18:08 23,503 --a------ c:\windows\system32\AAWService_2009_02_22_18_08_22.dmp
2009-02-22 18:06 . 2009-02-22 18:06 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-02-22 18:06 . 2009-02-22 18:06 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-22 18:06 . 2009-02-22 18:06 <DIR> d-------- c:\program files\Symantec
2009-02-22 18:06 . 2009-02-22 18:06 <DIR> d-------- c:\program files\Norton Internet Security
2009-02-22 18:06 . 2009-02-22 18:06 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-22 18:06 . 2009-02-22 18:06 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-22 18:06 . 2009-02-22 18:06 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-22 18:06 . 2009-02-22 18:06 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-22 18:06 . 2009-02-22 18:06 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-22 18:05 . 2009-02-22 18:05 <DIR> d-------- c:\program files\NortonInstaller
2009-02-22 18:05 . 2009-02-22 18:05 <DIR> d----c--- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-22 18:05 . 2009-02-22 18:06 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Norton
2009-02-22 17:39 . 2009-02-22 17:39 25,613 --a------ c:\windows\system32\AAWService_2009_02_22_17_39_24.dmp
2009-02-21 22:52 . 2009-02-21 22:52 <DIR> d----c--- c:\documents and settings\All Users\Symantec Temporary Files
2009-02-21 22:18 . 2009-02-21 22:18 25,613 --a------ c:\windows\system32\AAWService_2009_02_21_22_18_34.dmp
2009-02-21 21:59 . 2009-02-21 21:59 25,605 --a------ c:\windows\system32\AAWService_2009_02_21_21_59_46.dmp
2009-02-21 21:58 . 2009-02-21 19:46 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-21 19:46 . 2009-02-21 19:46 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-21 19:43 . 2009-02-21 19:43 <DIR> d-------- c:\program files\Lavasoft
2009-02-21 19:43 . 2009-02-21 19:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-21 19:43 . 2009-02-21 19:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-18 22:31 . 2009-02-18 22:31 <DIR> d-------- c:\program files\Microsoft User Agent String Utility
2009-02-18 22:02 . 2009-02-18 22:02 <DIR> d-------- c:\program files\WOT
2009-02-18 21:58 . 2009-02-18 21:58 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-18 21:58 . 2009-02-18 21:58 <DIR> d----c--- C:\6d7c73ee5a114a3818da18a02674
2009-02-14 12:57 . 2009-02-14 12:57 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-14 12:38 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-14 12:38 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-14 12:38 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-14 11:59 . 2009-02-14 11:59 <DIR> d--h-c--- C:\TEMP
2009-02-14 11:59 . 2009-02-14 12:00 1,664 --ah-c--- C:\IPH.PH
2009-02-14 11:20 . 2009-02-15 12:18 925 --a------ c:\windows\Active Setup Log.BAK
2009-02-13 19:18 . 2009-02-13 19:18 0 --a------ c:\windows\nsreg.dat
2009-02-13 18:35 . 2009-02-13 19:03 <DIR> d----c--- C:\
08a8f798d77c1cd918
2009-02-13 18:09 . 2008-12-20 18:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-02-13 18:09 . 2007-04-17 04:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-13 18:09 . 2007-03-08 00:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-13 18:09 . 2008-12-20 18:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-13 18:09 . 2008-12-20 18:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-13 18:09 . 2008-12-20 18:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-02-13 18:09 . 2008-12-20 18:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-02-13 18:09 . 2008-12-20 18:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-13 18:09 . 2008-12-19 04:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-13 18:04 . 2007-08-13 18:54 33,792 --a------ c:\windows\system32\dllcache\custsat.dll
2009-01-27 09:20 . 2009-01-27 09:20 <DIR> d-------- c:\documents and settings\TEST\Application Data\PureEdge
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 23:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-19 22:14 --------- dc----w c:\documents and settings\All Users\Application Data\PureEdge
2009-01-19 22:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 22:14 --------- d-----w c:\program files\PureEdge
2009-01-19 22:14 --------- d-----w c:\documents and settings\Mike\Application Data\PureEdge
2009-01-19 07:09 --------- d-----w c:\documents and settings\TEST\Application Data\gtk-2.0
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-07 23:32 --------- d-----w c:\program files\LEGO Company
2009-01-07 23:32 --------- d-----w c:\documents and settings\Mike\Application Data\LEGO Company
2008-12-26 03:39 73,216 -c--a-w c:\windows\ST6UNST.EXE
2008-12-26 03:39 249,856 -c----w c:\windows\Setup1.exe
2008-12-26 03:00 --------- d-----w c:\documents and settings\Mike\Application Data\BluEdit
2008-12-26 02:45 --------- d-----w c:\program files\ComfileTools
2008-12-25 04:24 --------- d-----w c:\program files\GIMP-2.0
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys
2008-12-08 02:30 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-05-05 01:41 68,136 ----a-w c:\documents and settings\Mike\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\
08a8f798d77c1cd918 ----
2008-10-05 00:47 66896 --a------ c:\
08a8f798d77c1cd918\uaclauncher.exe
---- Directory of C:\6d7c73ee5a114a3818da18a02674 ----
2009-01-15 01:42 48976 --a--c--- c:\6d7c73ee5a114a3818da18a02674\uaclauncher.exe
---- Directory of c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} ----
2009-02-21 19:43 9018 --a--c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.par
2009-02-21 19:43 90 --a--c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\instance.dat
2009-02-21 19:43 9 --a--c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.lan
2009-02-21 19:43 491 --a--c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.dat
2009-01-18 16:43 578782 --a--c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib
2009-01-18 16:43 569856 --a--c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.msi
2009-01-18 16:43 5113482 --a--c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.res
2009-01-18 16:43 2892112 --a--c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
---- Directory of c:\documents and settings\Mike\Application Data\BluEdit ----
2008-12-25 22:00 528 --a------ c:\documents and settings\Mike\Application Data\BluEdit\Settings.bin
2008-12-25 21:55 22 --a------ c:\documents and settings\Mike\Application Data\BluEdit\Backup\Backup_20081225_215528.txt
((((((((((((((((((((((((((((( SnapShot@2009-02-25_11.16.05.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-25 21:21:21 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 02:13:02 811,008 ----a-r c:\windows\gmer.exe
+ 2009-02-25 21:21:21 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2009-02-25 15:44:43 66,888 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-25 19:07:18 66,888 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-25 15:44:43 417,616 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-25 19:07:18 417,616 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-25 19:03:49 16,384 ----atw c:\windows\temp\Perflib_Perfdata_728.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-04-04 1193984]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-04-04 394240]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2008-04-04 1879552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-15 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-21 509784]
"nwiz"="nwiz.exe" [2006-08-18 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 c:\windows\system32\CHDAudPropShortcut.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-21 950096]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-21 64160]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SYMEFA.SYS [2009-02-22 309296]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-22 255536]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\ccHPx86.sys [2009-02-22 362544]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090217.002\IDSxpx86.sys [2009-01-29 276344]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-22 115560]
S2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-04-04 868864]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-22 99376]
--- Other Services/Drivers In Memory ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AliIde
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BHDrvx86
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - ccHP
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - COMSysApp
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - eabfiltr
*Deregistered* - eeCtrl
*Deregistered* - ehRecvr
*Deregistered* - ehSched
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - hpqwmiex
*Deregistered* - HTTP
*Deregistered* - i2omgmt
*Deregistered* - IDSxpx86
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lavasoft Ad-Aware Service
*Deregistered* - Lbd
*Deregistered* - LightScribeService
*Deregistered* - LmHosts
*Deregistered* - McrdSvc
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MQAC
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - MSDTC
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - MSMQ
*Deregistered* - MSMQTriggers
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Norton Internet Security
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - NtLmSsp
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - Pcmcia
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RMCAST
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - Sentinel
*Deregistered* - Serial
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - SRTSP
*Deregistered* - SRTSPX
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - SYMDNS
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SymIMMP
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TivoBeacon2
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - ViaIde
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e5f9df-897d-11dd-a4c1-001636d7ab77}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-21 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.live.com/uInternet Connection Wizard,ShellNext =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-25 17:37:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????^??????Y?@?????<?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-02-25 17:39:03
ComboFix-quarantined-files.txt 2009-02-25 22:39:01
ComboFix2.txt 2009-02-25 16:17:15
Pre-Run: 55,648,161,792 bytes free
Post-Run: 55,656,775,680 bytes free
353 --- E O F --- 2009-02-25 03:50:21