evilfantasy -
ComboFix 09-06-13.09 - Bob 06/14/2009 15:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1525.915 [GMT -5:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090614-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: avast! antivirus 4.8.1335 [VPS 090614-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 17:46 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-14 17:46 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-14 17:46 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-14 17:46 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-14 17:46 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-14 17:46 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-14 17:46 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-14 17:46 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-14 17:46 . 2009-06-14 17:46 -------- d-----w- c:\program files\Alwil Software
2009-06-13 16:54 . 2009-06-13 16:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 16:17 . 2009-06-13 16:17 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2009-06-13 16:17 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 16:17 . 2009-06-13 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 16:17 . 2009-06-13 16:17 -------- d-----w- c:\programdata\Malwarebytes
2009-06-13 16:17 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 15:25 . 2009-06-14 18:20 117760 ----a-w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-13 15:25 . 2009-06-13 15:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-13 15:23 . 2009-06-13 15:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-13 15:23 . 2009-06-13 15:23 -------- d-----w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2009-06-13 15:22 . 2009-06-13 15:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-13 11:05 . 2009-06-13 11:10 116842 ----a-w- c:\windows\hpqins00.dat
2009-06-12 09:59 . 2009-06-13 17:55 -------- d-----w- c:\program files\trend micro
2009-06-12 09:59 . 2009-06-12 10:04 -------- d-----w- C:\rsit
2009-06-11 23:56 . 2009-06-11 23:56 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-11 15:35 . 2009-06-11 15:35 -------- d-----w- c:\program files\CCleaner
2009-06-11 11:09 . 2009-06-11 11:09 268800 ----a-w- c:\windows\system32\es.dll
2009-06-11 00:22 . 2009-06-14 00:37 -------- d-----w- c:\programdata\Symantec
2009-06-11 00:22 . 2009-06-14 00:37 -------- d-----w- c:\programdata\Norton
2009-06-11 00:18 . 2009-06-11 00:22 -------- d-----w- c:\programdata\NortonInstaller
2009-06-10 23:48 . 2009-06-10 23:54 -------- d-----w- c:\users\Bob\AppData\Local\Microsoft Games
2009-06-10 23:30 . 2009-06-10 23:30 -------- d-----w- c:\program files\Internet Saving Optimizer
2009-06-10 23:29 . 2009-06-10 23:29 -------- d-----w- c:\program files\DoubleD
2009-06-10 21:19 . 2009-06-10 21:19 -------- d-----w- c:\users\Bob\AppData\Roaming\WildTangent
2009-06-10 20:52 . 2006-12-22 02:51 771672 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.exe
2009-06-10 20:52 . 2006-12-22 02:47 472664 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2009-06-10 20:40 . 2009-06-10 20:40 -------- d-----w- c:\programdata\WEBREG
2009-06-10 20:39 . 2009-06-10 20:50 -------- d-----w- c:\users\Bob\AppData\Roaming\HP
2009-06-10 20:35 . 2009-06-10 20:35 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-10 20:35 . 2009-06-10 20:35 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-10 20:35 . 2009-06-10 20:38 -------- d-----w- c:\program files\Common Files\HP
2009-06-10 20:00 . 2009-06-10 20:53 -------- d-----w- c:\program files\HP
2009-06-10 19:58 . 2009-06-10 20:45 148928 ----a-w- c:\windows\hpoins19.dat
2009-06-10 19:58 . 2009-06-10 20:50 -------- d-----w- c:\programdata\HP
2009-06-10 19:58 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll
2009-06-10 19:58 . 2006-12-16 06:19 675840 ----a-w- c:\windows\system32\hpowiav1.dll
2009-06-10 19:58 . 2006-12-16 06:19 303104 ----a-w- c:\windows\system32\hpovst01.dll
2009-06-10 19:58 . 2006-12-16 06:19 573440 ----a-w- c:\windows\system32\hpotscl1.dll
2009-06-10 19:58 . 2007-03-13 19:52 26952 ----a-w- c:\windows\hpomdl19.dat
2009-06-10 18:43 . 2009-06-10 18:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-10 18:41 . 2009-02-12 09:35 38208 ----a-w- c:\users\Bob\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-10 18:40 . 2009-06-10 18:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-10 18:39 . 2009-06-10 18:44 -------- d-----w- c:\users\Bob\AppData\Local\Adobe
2009-06-10 18:39 . 2009-06-10 18:39 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-10 18:38 . 2009-06-10 18:52 -------- d-----w- c:\programdata\NOS
2009-06-10 18:38 . 2009-06-10 18:52 -------- d-----w- c:\program files\NOS
2009-06-10 18:08 . 2009-06-10 18:08 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-06-10 18:08 . 2009-06-10 18:08 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-06-10 18:08 . 2009-06-10 18:08 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-06-10 18:08 . 2009-06-10 18:08 272896 ----a-w- c:\windows\system32\polstore.dll
2009-06-10 18:07 . 2009-06-10 18:07 8192 ----a-w- c:\windows\system32\riched32.dll
2009-06-10 18:07 . 2009-06-10 18:07 48640 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2009-06-10 18:07 . 2009-06-10 18:07 20480 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2009-06-10 18:07 . 2009-06-10 18:07 77824 ----a-w- c:\windows\system32\rascfg.dll
2009-06-10 18:07 . 2009-06-10 18:07 61952 ----a-w- c:\windows\system32\drivers\wanarp.sys
2009-06-10 18:07 . 2009-06-10 18:07 52736 ----a-w- c:\windows\system32\rasdiag.dll
2009-06-10 18:07 . 2009-06-10 18:07 32768 ----a-w- c:\windows\system32\rasmxs.dll
2009-06-10 18:07 . 2009-06-10 18:07 22016 ----a-w- c:\windows\system32\rasser.dll
2009-06-10 18:06 . 2009-06-10 18:06 384000 ----a-w- c:\windows\system32\netcfgx.dll
2009-06-10 18:06 . 2009-06-10 18:06 286208 ----a-w- c:\windows\system32\ipnathlp.dll
2009-06-10 18:06 . 2009-06-10 18:06 13824 ----a-w- c:\windows\system32\icsunattend.exe
2009-06-10 18:06 . 2009-06-10 18:06 70144 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-06-10 18:06 . 2009-06-10 18:06 33280 ----a-w- c:\windows\system32\traffic.dll
2009-06-10 18:06 . 2009-06-10 18:06 13824 ----a-w- c:\windows\system32\wshqos.dll
2009-06-10 18:06 . 2009-06-10 18:06 619008 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-10 18:06 . 2009-06-10 18:06 36864 ----a-w- c:\windows\system32\cdd.dll
2009-06-10 18:06 . 2009-06-10 18:06 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-06-10 18:06 . 2009-06-10 18:06 134656 ----a-w- c:\windows\system32\dps.dll
2009-06-10 18:05 . 2009-06-10 18:05 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-06-10 18:05 . 2009-06-10 18:05 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-06-10 18:05 . 2009-06-10 18:05 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-06-10 18:04 . 2009-06-10 18:04 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-06-10 18:04 . 2009-06-10 18:04 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-06-10 18:04 . 2009-06-10 18:04 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-06-10 18:02 . 2009-06-10 18:02 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-06-10 18:02 . 2009-06-10 18:02 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-06-10 18:02 . 2009-06-10 18:02 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-06-10 18:02 . 2009-06-10 18:02 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2009-06-10 18:02 . 2009-06-10 18:02 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-06-10 18:02 . 2009-06-10 18:02 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-06-10 18:02 . 2009-06-10 18:02 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-06-10 18:02 . 2009-06-10 18:02 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-06-10 18:02 . 2009-06-10 18:02 502784 ----a-w- c:\windows\system32\wlansvc.dll
2009-06-10 18:02 . 2009-06-10 18:02 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-06-10 18:02 . 2009-06-10 18:02 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-06-10 18:02 . 2009-06-10 18:02 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-06-10 18:00 . 2009-06-10 18:00 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-06-10 18:00 . 2009-06-10 18:00 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-06-10 17:59 . 2009-06-10 17:59 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 17:58 . 2009-06-10 17:58 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-06-10 17:58 . 2009-06-10 17:58 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-06-10 17:54 . 2009-06-10 17:54 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-10 17:51 . 2009-06-10 17:51 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-06-10 17:50 . 2009-06-10 17:50 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-06-10 17:50 . 2009-06-10 17:50 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-06-10 17:48 . 2009-06-10 17:48 -------- d-----w- c:\windows\system32\x64
2009-06-10 17:47 . 2009-06-10 17:47 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-10 17:46 . 2009-06-10 17:46 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-06-10 17:44 . 2009-06-10 17:44 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-06-10 17:44 . 2009-06-10 17:44 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-06-10 17:43 . 2009-06-10 17:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-10 17:43 . 2009-06-10 17:43 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-10 17:43 . 2009-06-10 17:43 1687040 ----a-w- c:\windows\system32\gameux.dll
2009-06-10 17:41 . 2009-06-10 17:41 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-06-10 17:40 . 2009-06-10 17:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-06-10 17:40 . 2009-06-10 17:40 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-06-10 17:38 . 2009-06-10 17:38 414208 ----a-w- c:\windows\system32\msscp.dll
2009-06-10 17:37 . 2009-06-10 17:37 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-06-10 17:36 . 2009-06-10 17:36 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-06-10 17:36 . 2009-06-10 17:36 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-06-10 17:36 . 2009-06-10 17:36 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-06-10 17:36 . 2009-06-10 17:36 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-06-10 17:36 . 2009-06-10 17:36 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-06-10 17:36 . 2009-06-10 17:36 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-06-10 17:36 . 2009-06-10 17:36 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-06-10 17:36 . 2009-06-10 17:36 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 18:15 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-06-10 18:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-10 18:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-06-10 18:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-10 18:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-10 17:09 . 2009-06-10 17:09 40960 ----a-w- c:\windows\system32\srclient.dll
2009-06-10 17:06 . 2009-06-10 17:06 549888 ----a-w- c:\windows\system32\rpcss.dll
2009-06-10 17:06 . 2009-06-10 17:06 3503584 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-10 17:06 . 2009-06-10 17:06 3469280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-10 17:06 . 2009-06-10 17:06 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-06-10 17:06 . 2009-06-10 17:06 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-06-10 17:06 . 2009-06-10 17:06 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-06-10 17:06 . 2009-06-10 17:06 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-06-10 17:06 . 2009-06-10 17:06 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-10 17:06 . 2009-06-10 17:06 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-06-10 17:06 . 2009-06-10 17:06 97280 ----a-w- c:\windows\system32\iasrecst.dll
2009-06-10 17:06 . 2009-06-10 17:06 53248 ----a-w- c:\windows\system32\iasads.dll
2009-06-10 17:06 . 2009-06-10 17:06 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2009-06-10 17:06 . 2009-06-10 17:06 158720 ----a-w- c:\windows\system32\sdohlp.dll
2009-06-10 17:05 . 2009-06-10 17:05 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-10 17:05 . 2009-06-10 17:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 17:05 . 2009-06-10 17:05 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-10 17:05 . 2009-06-10 17:05 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-06-10 17:05 . 2009-06-10 17:05 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-10 17:05 . 2009-06-10 17:05 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 17:02 . 2009-06-10 17:02 0 ----a-w- c:\windows\system32\drivers\EMACHINES_W3609__GCY7110063644.MRK
2009-06-10 15:21 . 2009-06-10 15:21 -------- d-----w- c:\users\Bob\AppData\Roaming\SampleView
2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Templates
2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Start Menu
2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Favorites
2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Documents
2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Desktop
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-11-02 303104]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3206373129-98774604-3863853047-1000]
"EnableNotificationsRef"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3206373129-98774604-3863853047-500]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3B7DEAAA-1CC5-4686-A134-28C43700D33E}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/14/2009 12:46 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/14/2009 12:46 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/14/2009 12:46 PM 51792]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
uInternet Settings,ProxyOverride = <local>
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-14 15:21
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-14 15:22
ComboFix-quarantined-files.txt 2009-06-14 20:22
Pre-Run: 80,566,763,520 bytes free
Post-Run: 80,382,128,128 bytes free
267 --- E O F --- 2009-06-14 15:01