Ok, I've finished doing the combofix scan while it said my Norton 360 scanner was running in the background. Here is the report, have a good night and thanks for all the help again.
ComboFix 09-05-03.1 - Brad 05/03/2009 21:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1661 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\jestertb.dll
c:\windows\system32\tmp32.tmp
c:\windows\system32\tmp46.tmp
c:\windows\system32\tmp67.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISEXENG
-------\Legacy_ZESOFT
-------\Service_ISEXEng
-------\Service_ZESOFT
((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-02 18:57 . 2009-05-02 18:57 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-05-02 18:57 . 2009-05-02 18:57 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-05-01 12:38 . 2009-05-01 12:38 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-01 02:56 . 2009-05-01 02:56 -------- d-----w c:\documents and settings\Brad\Application Data\Malwarebytes
2009-05-01 02:56 . 2009-04-06 21:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 02:56 . 2009-04-06 21:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 02:56 . 2009-05-01 02:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 02:56 . 2009-05-01 02:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 00:50 . 2009-05-01 00:50 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-01 00:50 . 2009-05-01 00:50 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-01 00:50 . 2009-05-01 00:50 -------- d-----w c:\documents and settings\Brad\Application Data\SUPERAntiSpyware.com
2009-04-30 02:38 . 2009-04-30 02:49 -------- d-----w c:\program files\SpeedFan
2009-04-30 00:59 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-30 00:59 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-30 00:59 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-30 00:59 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-30 00:59 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-30 00:59 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-30 00:59 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-30 00:59 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-30 00:59 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-30 00:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-30 00:52 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-30 00:37 . 2009-04-30 00:37 -------- d-----w C:\Joe Dirt
2009-04-30 00:30 . 2009-04-30 00:30 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-30 00:10 . 2009-04-30 00:10 -------- d-----w c:\program files\Trend Micro
2009-04-27 03:36 . 2009-04-27 03:36 -------- d-----w c:\documents and settings\Brad\Application Data\GlarySoft
2009-04-27 03:35 . 2009-04-30 00:29 -------- d-----w c:\program files\Glary Registry Repair
2009-04-17 04:18 . 2008-05-16 17:58 12632 ----a-w c:\windows\system32\lsdelete.exe
2009-04-17 03:56 . 2009-04-30 00:37 -------- dc----w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-17 03:17 . 2009-04-30 00:37 -------- d--h--w c:\documents and settings\Brad\Recent(2)
2009-04-13 18:05 . 2009-04-13 18:05 -------- d-----w c:\documents and settings\Brad\Application Data\Wal-Mart Digital Photo Manager
2009-04-13 18:02 . 2009-04-30 00:39 -------- d-----w c:\documents and settings\Brad\Application Data\Wal-Mart Digital Photo Viewer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 03:22 . 2004-05-01 17:54 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 03:12 . 2006-05-31 21:07 366 ----a-w c:\windows\Tasks\Symantec NetDetect.job
2009-05-04 03:04 . 2007-07-15 19:04 189472 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-04 00:54 . 2009-03-25 09:59 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-04 00:48 . 2007-07-15 19:04 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-05-02 18:57 . 2007-06-22 23:31 -------- d-----w c:\program files\OpenAL
2009-05-01 12:43 . 2004-05-02 22:55 -------- d-----w c:\program files\Java
2009-05-01 03:58 . 2009-04-17 03:59 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-05-01 02:49 . 2007-07-15 19:05 138168 -c--a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-01 00:50 . 2004-07-21 23:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-30 09:15 . 2009-04-30 09:15 3042 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-04-30 05:56 . 2009-01-02 01:11 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-30 02:42 . 2004-05-02 23:06 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-30 02:21 . 2007-06-23 00:31 8140 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-30 00:45 . 2007-05-13 06:18 -------- d-----w c:\program files\Lx_cats
2009-04-30 00:37 . 2004-09-05 19:34 -------- d-----w c:\program files\Lavasoft
2009-04-19 16:20 . 2009-03-20 02:00 -------- d-----w c:\program files\ATI Technologies
2009-04-19 00:03 . 2007-11-21 02:49 -------- d-----w c:\program files\ASUS
2009-04-19 00:03 . 2004-05-02 23:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 22:40 . 2008-08-07 00:28 -------- d-----w c:\program files\CCleaner
2009-03-20 01:57 . 2009-03-20 01:46 -------- d-----w c:\program files\RegCleaner
2009-03-06 14:22 . 2004-05-14 03:38 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-02-07 08:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 22:58 . 2004-08-04 05:29 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2004-08-04 07:56 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2004-08-04 07:56 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:15 . 2009-03-20 02:00 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2004-08-04 07:56 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2004-08-04 07:56 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-05-01 17:39 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-05-14 03:34 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-05-01 18:06 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-05-01 17:39 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2004-05-01 17:39 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-05-14 03:38 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-05-01 17:39 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-05-14 03:38 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2002-08-29 08:04 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-05-14 03:38 56832 ----a-w c:\windows\system32\secur32.dll
2006-04-24 01:10 . 2006-01-09 01:58 6144 -csha-w c:\program files\Thumbs.db
2004-09-08 15:52 . 2004-09-04 22:32 1840 -c--a-w c:\program files\GameCfg.wc
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ZESOFT"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"lxci_device"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISEXEng"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Sierra\\Half-Life\\voice_tweak.exe"=
"c:\\Program Files\\aim\\aim.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Diablo II\\Game.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\SteamApps\\
0351usmc\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\WINDOWS\\system32\\lxcicoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6990:TCP"= 6990:TCP:Blizzard Downloader
"6991:TCP"= 6991:TCP:Blizzard Downloader
"6992:TCP"= 6992:TCP:Blizzard Downloader
"6993:TCP"= 6993:TCP:Blizzard Downloader
"6994:TCP"= 6994:TCP:Blizzard Downloader
"6995:TCP"= 6995:TCP:Blizzard Downloader
"6996:TCP"= 6996:TCP:Blizzard Downloader
"6997:TCP"= 6997:TCP:Blizzard Downloader
"6998:TCP"= 6998:TCP:Blizzard Downloader
"6999:TCP"= 6999:TCP:Blizzard Downloader
R3 cdrmkaun;cdrmkaun;
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
R4 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 537520]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
S1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2005-02-20 53760]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b7ef2c7-ac6a-11dd-b96d-001d601f4501}]
\Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
2009-05-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-25 09:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k00719/sb02a.cab
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\zn9ubmel.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-03 21:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16?
?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1711984991-2007991492-3285484933-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1711984991-2007991492-3285484933-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1711984991-2007991492-3285484933-1006)
@Allowed: (Read) (S-1-5-21-1711984991-2007991492-3285484933-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1711984991-2007991492-3285484933-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:da,b6,7e,a2,67,e6,7c,97,d4,a6,34,69,26,46,db,cd,43,ae,b4,ef,9d,2d,e4,
bb,ae,ee,60,5d,96,e0,d3,aa,6f,6b,f1,79,6a,a2,a4,fa,01,35,22,e3,cd,5e,12,8d,\
"??"=hex:bb,62,58,20,7b,47,80,6b,92,56,94,ab,a0,01,50,7b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
.
**************************************************************************
.
Completion time: 2009-05-04 21:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 03:31
Pre-Run: 24,391,655,424 bytes free
Post-Run: 24,372,113,408 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect /NoExecute=OptIn /usepmtimer
317 --- E O F --- 2009-05-02 09:01