As instructed I will list each log on a separate post.
Combofix Log
ComboFix 09-01-05.02 - Lanny L. Maxwell 2009-01-05 17:14:57.2 - NTFSx86
Running from: c:\documents and settings\Lanny L. Maxwell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lanny L. Maxwell\Desktop\CFScript.txt
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.
2009-01-04 17:04 . 2009-01-04 17:04 <DIR> d---s---- c:\windows\Cookies
2009-01-04 15:07 . 2009-01-04 15:07 <DIR> d-------- C:\rsit
2009-01-04 15:03 . 2009-01-04 15:02 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-01-04 15:03 . 2009-01-04 15:02 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-01-04 09:51 . 2009-01-04 15:38 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-04 09:51 . 2009-01-04 09:51 1,409 --a------ c:\windows\QTFont.for
2009-01-03 21:48 . 2009-01-03 21:48 <DIR> d-------- C:\fsaua.data
2009-01-03 21:01 . 2009-01-03 21:01 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-03 21:01 . 2009-01-03 21:01 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-03 21:01 . 2009-01-03 21:01 <DIR> d-------- c:\documents and settings\Lanny L. Maxwell\Application Data\SUPERAntiSpyware.com
2009-01-03 21:01 . 2009-01-03 21:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-03 21:00 . 2009-01-03 21:01 5,824,544 --a------ C:\SUPERAntiSpyware.exe
2009-01-03 20:47 . 2009-01-03 20:47 <DIR> d-------- C:\avz4
2009-01-03 20:47 . 2009-01-03 20:47 3,639,856 --a------ C:\avz4.zip
2009-01-03 20:29 . 2008-12-12 00:57 78,336 --a------ c:\windows\SYSTEM32\Agent.OMZ.Fix.exe
2009-01-03 20:13 . 2009-01-03 20:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-03 20:12 . 2009-01-03 20:12 <DIR> d-------- c:\program files\CCleaner
2009-01-03 20:10 . 2009-01-03 20:11 <DIR> d-------- C:\rogueremoval
2009-01-03 20:10 . 2009-01-03 20:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipswitch
2009-01-03 20:07 . 2004-09-23 17:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-01-03 20:07 . 2004-09-23 17:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-01-03 20:07 . 2005-06-12 21:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2009-01-03 20:07 . 2009-01-03 20:25 <DIR> d-------- c:\documents and settings\Administrator
2009-01-03 19:57 . 2009-01-03 19:57 <DIR> d-------- c:\program files\RogueRemover FREE
2009-01-03 19:56 . 2009-01-03 19:56 <DIR> d-------- C:\Rogue Remover
2009-01-03 18:24 . 2009-01-03 18:24 15,611,407 --a------ C:\rogueremoval.zip
2009-01-03 18:23 . 2009-01-03 18:23 <DIR> d-------- c:\program files\7-Zip
2009-01-03 16:41 . 2009-01-03 16:41 <DIR> d-------- c:\documents and settings\Lanny L. Maxwell\DoctorWeb
2009-01-02 11:44 . 2009-01-03 20:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 11:44 . 2009-01-02 11:44 <DIR> d-------- c:\documents and settings\Lanny L. Maxwell\Application Data\Malwarebytes
2009-01-02 11:44 . 2009-01-02 11:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 11:44 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-02 11:44 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-02 10:00 . 2009-01-02 10:00 <DIR> d-------- c:\program files\Trend Micro
2009-01-02 09:34 . 2009-01-02 09:35 144 --a------ C:\install.dat
2009-01-01 22:49 . 2009-01-02 10:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:10 --------- d-----w c:\program files\Weather Watcher
2009-01-05 00:11 --------- d-----w c:\program files\Google
2009-01-04 20:02 --------- d-----w c:\program files\Java
2009-01-04 00:46 --------- d-----w c:\program files\SpywareBlaster
2009-01-02 16:09 --------- d-----w c:\program files\Microsoft.NET
2009-01-02 16:07 --------- d-----w c:\program files\Microsoft Small Business
2009-01-02 16:04 --------- d-----w c:\program files\HHD Software
2009-01-02 15:52 --------- d-----w c:\program files\Banner Maker Pro 6
2008-12-14 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-12 17:01 3,067,904 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-10 08:08 --------- d-----w c:\program files\McAfee
2008-11-17 20:04 2,306,113 ----a-w c:\windows\SYSTEM32\GPhotos.scr
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-10-16 01:00 666,112 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2008-10-16 01:00 619,520 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2008-10-16 01:00 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2007-12-29 18:01 56,912 ----a-w c:\documents and settings\Lanny L. Maxwell\g2mdlhlpx.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-04_17.03.06.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-05 22:19:16 16,384 ----a-w c:\windows\Cookies\index.dat
- 2009-01-04 19:19:10 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-01-05 21:10:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2009-01-04 19:19:10 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-01-05 21:10:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2007-03-12 1019904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lanny L. Maxwell^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-03-16 05:33 127037 c:\windows\SYSTEM32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 11:43 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 00:42 401491 c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-09-20 09:32 77824 c:\windows\SYSTEM32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 09:35 94208 c:\windows\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 20:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2003-08-18 17:46 53248 c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-04-19 14:45 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-04-19 14:45 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-04-11 20:15 290816 c:\program files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-09-23 17:54 26112 c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-12 12:24 106557 c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"xmlprov"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"w32time"=2 (0x2)
"UPS"=3 (0x3)
"SysmonLog"=3 (0x3)
"RDSessMgr"=3 (0x3)
"Nla"=3 (0x3)
"mnmsrvc"=3 (0x3)
"lanmanserver"=2 (0x2)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"iPod Service"=3 (0x3)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"MSSQL$MSSMLBIZ"=2 (0x2)
"IJPLMSVC"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R3 VisorUsb;Handspring USB;c:\windows\system32\DRIVERS\VisorUsb.sys [2001-08-30 19968]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
--- Other Services/Drivers In Memory ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - ASCTRM
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - CCALib8
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - drvnddm
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - i2omgmt
*Deregistered* - IpFilterDriver
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mcmscsvc
*Deregistered* - McNASvc
*Deregistered* - McProxy
*Deregistered* - McShield
*Deregistered* - McSysmon
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfehidk
*Deregistered* - mfesmfk
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MPFP
*Deregistered* - MpfService
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASENUM
*Deregistered* - SASKUTIL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - ssrtln
*Deregistered* - StillCam
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - tfsnboio
*Deregistered* - tfsncofs
*Deregistered* - tfsndrct
*Deregistered* - tfsndres
*Deregistered* - tfsnifs
*Deregistered* - tfsnopio
*Deregistered* - tfsnpool
*Deregistered* - tfsnudf
*Deregistered* - tfsnudfa
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - Wanarp
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
.
Contents of the 'Scheduled Tasks' folder
2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://weather.noaa.gov/cgi-bin/iwszone?Sites=:wvz023uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/iemDefault_Search_URL =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext =
hxxp://www.dell4me.com/mywayuInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
mSearchAssistant =
hxxp://www.google.com/ieIE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.htmlWinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-05 17:19:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-01-05 17:21:35
ComboFix-quarantined-files.txt 2009-01-05 22:21:01
ComboFix2.txt 2009-01-04 22:04:35
Pre-Run: 32,876,331,008 bytes free
Post-Run: 32,830,242,816 bytes free
369 --- E O F --- 2008-12-19 08:01:29