ComboFix Log have run script provided.....
________________________________________
ComboFix 10-09-22.02 - HP_Owner 23/09/2010 21:37:07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3071.2530 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\windows\Dqovet.bin"
"c:\windows\Icuwaf.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Dqovet.bin
c:\windows\Icuwaf.dat
.
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.
2010-09-23 01:38 . 2010-09-23 02:14 -------- d-----w- c:\program files\eMusic Download Manager
2010-09-22 23:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-22 01:26 . 2010-09-23 20:31 -------- d-----w- C:\_malware logs
2010-09-21 18:04 . 2010-09-21 18:04 -------- d-----w- C:\rsit
2010-09-20 22:43 . 2010-09-21 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-20 22:43 . 2010-09-20 22:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-20 21:51 . 2010-09-22 22:12 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-20 16:23 . 2010-09-21 18:06 -------- d-----w- c:\program files\Trend Micro
2010-09-14 01:33 . 2010-09-14 07:47 -------- d-----w- C:\ccleaner
2010-09-13 22:26 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-13 18:24 . 2010-09-13 18:24 -------- d-----w- c:\windows\Options
2010-09-13 01:44 . 2010-09-13 01:44 10134 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-09-12 20:39 . 2010-09-12 20:39 310208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-12 20:35 . 2010-09-12 20:35 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Motive
2010-08-27 21:21 . 2006-08-24 05:44 477696 ----a-r- c:\windows\system32\drivers\ZD1211BU.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 20:32 . 2010-05-02 14:57 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\TeraCopy
2010-09-23 02:14 . 2008-11-28 18:35 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\eMusic
2010-09-22 22:13 . 2006-01-20 08:30 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-09-22 20:09 . 2007-09-29 20:11 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Azureus
2010-09-19 20:13 . 2009-07-23 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\vlc
2010-09-14 10:58 . 2010-08-10 09:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Foxix
2010-09-14 10:58 . 2006-08-23 15:39 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Huasq
2010-09-13 18:24 . 2008-09-18 20:59 -------- d-----w- c:\program files\iTunes
2010-09-13 18:16 . 2006-11-18 09:52 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Udfyr
2010-09-13 15:15 . 2006-01-20 04:18 -------- d-----w- c:\program files\UTILS
2010-09-13 15:07 . 2008-10-13 13:22 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Yfwy
2010-09-12 22:32 . 2010-09-12 22:32 396 ----a-w- c:\program files\.js
2010-08-24 13:57 . 2010-04-15 21:10 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 13:57 . 2010-04-15 21:09 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 13:57 . 2010-04-15 21:09 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 13:57 . 2010-04-15 21:09 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 13:57 . 2010-04-15 21:09 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 13:57 . 2010-04-15 21:09 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 13:57 . 2010-04-15 21:09 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 13:57 . 2010-04-15 21:09 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 13:57 . 2010-04-15 21:09 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 13:57 . 2010-04-15 21:09 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-17 13:17 . 2006-01-20 08:32 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2006-01-20 08:32 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 19:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2006-01-20 08:32 149504 ----a-w- c:\windows\system32\schannel.dll
2010-08-24 13:57 . 2010-04-15 21:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2005-01-03 22:30 . 2006-01-20 08:54 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\HP_Owner\Application Data\Foxix ----
---- Directory of c:\documents and settings\HP_Owner\Application Data\Huasq ----
---- Directory of c:\documents and settings\HP_Owner\Application Data\Udfyr ----
---- Directory of c:\documents and settings\HP_Owner\Application Data\Yfwy ----
2010-09-13 15:00 . 2010-09-13 15:00 661159 ----a-w- c:\documents and settings\HP_Owner\Application Data\Yfwy\dehye.tmp
------- Sigcheck -------
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . 3B58675ED2C6A68C38624681C2548862 . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
[7] 2004-08-03 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-20 249856]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 2550272]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2010-2-20 604008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
2004-07-30 10:34 155648 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 14:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-02 22:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
2006-10-18 20:58 8704 ------w- c:\program files\Windows Media Connect 2\WMCCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
2004-07-30 10:41 192512 ----a-w- c:\program files\InterVideo\Common\Bin\WinRemote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [15/04/2010 22:09 84072]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [05/10/2009 12:09 20992]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [20/01/2006 09:32 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/05/2010 01:17 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/01/2010 23:35 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [15/04/2010 22:09 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [15/04/2010 22:09 271480]
R2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [05/10/2009 12:09 81920]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [15/04/2010 22:10 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [15/04/2010 22:09 141792]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [07/10/2009 14:48 376680]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [15/04/2010 22:09 55840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/05/2010 01:17 20952]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [15/04/2010 22:09 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [15/04/2010 22:09 88544]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2004 03:19 24608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 03:46 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [15/04/2010 22:09 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [15/04/2010 22:09 84264]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [03/01/2001 00:53 19677]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 02:46]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 02:46]
2008-09-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]
2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{BEDA1DC8-9CAF-4902-8B5F-2FB3702C6673}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.facebook.com/uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: &Download with &DAP - c:\program files\UTILS\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\UTILS\DAP\dapextie2.htm
IE: Download All by FlashGet - c:\progra~1\UTILS\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\UTILS\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\UTILS\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\UTILS\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6ncxoaj9.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://flvdirect.iamwired.net/websearch ... ps&search=FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-23 21:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-372253836-758569873-2018747408-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-23 21:56:57
ComboFix-quarantined-files.txt 2010-09-23 20:56
Pre-Run: 134,338,965,504 bytes free
Post-Run: 134,378,242,048 bytes free
- - End Of File - - 1C508C4AB5F523F2A4368D855EAE3CC7