hey, I installed combo fix a few weeks ago. I tried scanning 4 times today. Twice on normal mode, this lead to my computer crashing before it could finish. Twice on safe mode with networking. In safe mode it found a root kit causing it to reboot my comp.
Heres a combofix log from a few days ago (I was still having the same problems back then, hopefully this is good enough. Thank you in advance for all your help.)
ComboFix 10-01-30.07 - Saqib 31/01/2010 12:01:47.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.3071.1434 [GMT -7:00]
Running from: c:\users\Saqib\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1269665831-4724830-4121108689-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2331971223-1396865169-3388170851-500
c:\$recycle.bin\S-1-5-21-953789392-149394006-1689920443-500
c:\program files\Mozilla Firefox\plc4.dll
c:\windows\E88D4.exe
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\drivers\H8SRTtmlegtcaex.sys
c:\windows\system32\H8SRTfvhgedmeuj.dll
c:\windows\system32\H8SRThmujwgcmon.dat
c:\windows\system32\H8SRTrkcmshcocq.dll
c:\windows\system32\H8SRTujybyfcopp.dll
c:\windows\system32\krl32mainweq.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.
2100-02-23 21:35 . 2001-02-22 16:54 768 ----a-w- c:\windows\x73_lut.dat
2100-02-23 21:35 . 2001-02-22 16:54 768 ----a-w- c:\program files\x73_lut.dat
2100-02-08 23:03 . 2001-05-11 18:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2010-01-31 19:15 . 2010-01-31 19:16 -------- d-----w- c:\users\Saqib\AppData\Local\temp
2010-01-31 19:15 . 2010-01-31 19:16 -------- d-----w- c:\users\Izn\AppData\Local\temp
2010-01-31 19:15 . 2010-01-31 19:15 -------- d-----w- c:\users\Sian\AppData\Local\temp
2010-01-31 19:15 . 2010-01-31 19:15 -------- d-----w- c:\users\Sami\AppData\Local\temp
2010-01-31 19:15 . 2010-01-31 19:15 -------- d-----w- c:\users\Izzah\AppData\Local\temp
2010-01-31 19:15 . 2010-01-31 19:15 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-01-31 19:15 . 2010-01-31 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-31 18:39 . 2010-01-31 18:39 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-31 18:39 . 2010-01-31 18:39 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-31 18:39 . 2010-01-31 18:39 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-31 18:39 . 2010-01-31 18:39 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-31 17:55 . 2010-01-07 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.003\NAVENG32.DLL
2010-01-31 17:55 . 2010-01-07 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.003\NAVEX32A.DLL
2010-01-31 17:55 . 2010-01-07 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.003\NAVEX15.SYS
2010-01-31 17:55 . 2010-01-07 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.003\NAVENG.SYS
2010-01-31 17:55 . 2010-01-07 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.003\EECTRL.SYS
2010-01-31 17:55 . 2010-01-07 09:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.003\ECMSVR32.DLL
2010-01-31 17:55 . 2010-01-07 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.003\ERASER.SYS
2010-01-31 17:55 . 2010-01-07 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.003\CCERASER.DLL
2010-01-30 01:15 . 2009-12-31 04:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-01-30 01:15 . 2009-12-31 04:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-01-30 01:15 . 2009-12-31 04:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-01-30 01:15 . 2009-12-31 04:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-01-30 01:15 . 2009-12-31 04:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-01-30 01:04 . 2009-08-22 08:14 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-26 22:39 . 2010-01-26 22:39 -------- d-----w- c:\users\Izn\AppData\Local\Xenocode
2010-01-26 00:46 . 2010-01-26 22:46 -------- d-----w- c:\program files\Mixed In Key 4
2010-01-22 01:33 . 2010-01-22 01:33 -------- d-----w- c:\users\Sian\AppData\Roaming\TeamViewer
2010-01-22 01:12 . 2010-01-22 01:12 -------- d-----w- c:\users\Saqib\AppData\Roaming\TeamViewer
2010-01-22 01:12 . 2010-01-22 01:12 -------- d-----w- c:\program files\TeamViewer
2010-01-21 23:36 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-21 23:36 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-21 23:36 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-21 23:36 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-21 23:36 . 2010-01-19 11:43 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-21 23:36 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-21 23:36 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-21 23:35 . 2010-01-21 23:35 -------- d-----w- c:\programdata\Alwil Software
2010-01-21 23:35 . 2010-01-21 23:35 -------- d-----w- c:\program files\Alwil Software
2010-01-21 23:20 . 2010-01-21 23:20 -------- d-----w- c:\programdata\Yahoo! Companion
2010-01-21 23:20 . 2010-01-21 23:21 -------- d-----w- c:\program files\CCleaner
2010-01-21 22:59 . 2009-12-18 12:52 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 22:55 . 2010-01-07 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100121.005\NAVEX32A.DLL
2010-01-21 22:55 . 2010-01-07 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100121.005\NAVENG.SYS
2010-01-21 22:55 . 2010-01-07 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100121.005\NAVENG32.DLL
2010-01-21 22:55 . 2010-01-07 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100121.005\NAVEX15.SYS
2010-01-21 22:55 . 2010-01-07 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100121.005\ERASER.SYS
2010-01-21 22:55 . 2010-01-07 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100121.005\EECTRL.SYS
2010-01-21 22:55 . 2010-01-07 09:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100121.005\ECMSVR32.DLL
2010-01-21 22:55 . 2010-01-07 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100121.005\CCERASER.DLL
2010-01-21 22:41 . 2010-01-21 22:41 142 ----a-w- c:\programdata\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\uninst.bat
2010-01-21 01:09 . 2010-01-21 01:09 -------- d-----w- c:\program files\Common Files\Skype
2010-01-20 19:16 . 2010-01-31 18:39 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-20 01:41 . 2008-06-16 20:11 81920 ----a-w- c:\windows\system32\emfxp.dll
2010-01-20 01:41 . 2010-01-21 01:49 -------- d-----w- c:\programdata\TalkAndWrite
2010-01-20 01:41 . 2010-01-20 01:41 -------- d-----w- c:\program files\TalkAndWrite
2010-01-16 18:26 . 2009-12-31 04:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\Scxpx86.dll
2010-01-16 18:26 . 2009-12-31 04:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSxpx86.dll
2010-01-16 18:26 . 2009-12-31 04:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSvix86.sys
2010-01-16 18:26 . 2009-12-31 04:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSXpx86.sys
2010-01-16 18:26 . 2009-12-31 04:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSviA64.sys
2010-01-15 22:20 . 2010-01-15 22:20 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-13 22:38 . 2010-01-17 22:26 -------- d-----w- c:\program files\VirtualDJ
2010-01-12 22:23 . 2009-10-19 14:42 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 22:23 . 2009-10-19 14:39 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-12 22:23 . 2009-10-19 14:37 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 22:23 . 2009-10-19 14:37 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-12 22:23 . 2009-10-19 14:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-12 22:23 . 2009-10-19 11:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-08 22:36 . 2010-01-07 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100108.002\NAVENG.SYS
2010-01-08 22:36 . 2010-01-07 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100108.002\NAVENG32.DLL
2010-01-08 22:36 . 2010-01-07 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100108.002\NAVEX32A.DLL
2010-01-08 22:36 . 2010-01-07 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100108.002\NAVEX15.SYS
2010-01-08 22:36 . 2010-01-07 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100108.002\ERASER.SYS
2010-01-08 22:36 . 2010-01-07 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100108.002\EECTRL.SYS
2010-01-08 22:36 . 2010-01-07 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100108.002\CCERASER.DLL
2010-01-08 22:36 . 2010-01-07 09:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100108.002\ECMSVR32.DLL
2010-01-08 01:25 . 2009-12-31 04:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2010-01-08 01:25 . 2009-12-31 04:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2010-01-08 01:25 . 2009-12-31 04:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2010-01-08 01:25 . 2009-12-31 04:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2010-01-08 01:25 . 2009-12-31 04:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2010-01-07 22:59 . 2010-01-11 23:03 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-07 22:29 . 2010-01-07 22:57 -------- d-----w- C:\Combo-Fix26869C
2010-01-07 22:28 . 2010-01-07 22:28 -------- d-----w- C:\Combo-Fix
2010-01-07 02:50 . 2009-01-15 19:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-07 02:50 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-07 02:49 . 2009-08-22 08:13 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-07 02:49 . 2010-01-11 23:04 -------- d-----w- c:\program files\Symantec
2010-01-07 02:49 . 2010-01-11 23:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-07 02:49 . 2010-01-07 02:49 1290592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-07 02:49 . 2010-01-07 02:49 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-07 02:49 . 2010-01-07 02:49 796016 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-07 02:49 . 2010-01-07 02:49 -------- d-----w- c:\program files\Norton 360
2010-01-07 02:40 . 2010-01-07 02:40 -------- d-----w- c:\program files\NortonInstaller
2010-01-06 22:54 . 2010-01-06 22:54 -------- d-----w- c:\users\Saqib\AppData\Local\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 18:40 . 2009-12-20 19:18 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-31 18:39 . 2009-12-20 19:18 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-31 18:39 . 2009-12-20 19:18 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-31 18:39 . 2009-12-20 19:18 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-31 18:39 . 2009-12-20 19:18 389272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-31 18:39 . 2009-12-20 19:18 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-31 18:39 . 2009-12-20 19:16 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-31 18:39 . 2009-12-20 19:16 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-31 18:39 . 2009-12-20 19:16 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-31 18:39 . 2009-12-20 19:16 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-31 18:39 . 2009-12-20 19:15 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-31 18:39 . 2009-12-20 19:15 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-31 18:38 . 2009-12-20 19:15 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-30 05:06 . 2009-02-28 03:14 -------- d-----w- c:\users\Sian\AppData\Roaming\Skype
2010-01-30 01:07 . 2009-01-31 23:53 -------- d-----w- c:\users\Sian\AppData\Roaming\skypePM
2010-01-29 02:10 . 2009-09-27 17:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-26 22:51 . 2009-05-31 22:03 -------- d-----w- c:\users\Izn\AppData\Roaming\uTorrent
2010-01-24 06:02 . 2008-06-30 05:22 -------- d-----w- c:\users\Izn\AppData\Roaming\Roxio
2010-01-23 17:50 . 2008-04-16 00:08 8268 ----a-w- c:\users\Izn\AppData\Local\d3d9caps.dat
2010-01-22 22:57 . 2009-09-12 19:18 69 ----a-w- c:\users\Izn\jagex_runescape_preferences2.dat
2010-01-22 22:57 . 2008-07-01 18:37 39 ----a-w- c:\users\Izn\jagex_runescape_preferences.dat
2010-01-21 23:21 . 2008-01-24 23:53 -------- d-----w- c:\program files\Yahoo!
2010-01-21 01:10 . 2009-02-28 01:42 -------- d-----r- c:\program files\Skype
2010-01-21 01:09 . 2009-01-31 23:49 -------- d-----w- c:\programdata\Skype
2010-01-20 18:58 . 2009-05-03 17:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 04:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 23:04 . 2008-01-24 23:53 -------- d--h--w- c:\programdata\yahoo!
2010-01-12 23:00 . 2009-03-03 04:25 -------- d-----w- c:\program files\AskBarDis
2010-01-11 23:04 . 2009-10-04 01:48 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-01-11 23:04 . 2010-01-07 02:49 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-11 23:04 . 2010-01-07 02:49 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-07 23:38 . 2009-04-28 01:54 -------- d-----w- c:\users\Saqib\AppData\Roaming\LimeWire
2010-01-07 03:40 . 2008-01-24 23:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-07 03:36 . 2008-04-15 03:43 1356 ----a-w- c:\users\Saqib\AppData\Local\d3d9caps.dat
2010-01-07 02:50 . 2009-10-04 01:32 -------- d-----w- c:\programdata\NortonInstaller
2010-01-07 02:49 . 2008-01-24 23:54 -------- d-----w- c:\programdata\Symantec
2010-01-04 19:05 . 2009-12-06 00:37 -------- d-----w- c:\program files\M-Audio
2010-01-03 07:12 . 2008-05-11 22:34 -------- d-----w- c:\users\Izn\AppData\Roaming\LimeWire
2009-12-30 19:16 . 2009-12-30 19:16 73728 ----a-w- c:\users\Saqib\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
2009-12-30 19:15 . 2009-12-30 19:15 -------- d-----w- c:\program files\LimeWire
2009-12-24 18:16 . 2009-05-31 22:04 -------- d-----w- c:\program files\uTorrent
2009-12-24 03:18 . 2009-12-24 01:37 -------- d-----w- c:\users\Izn\AppData\Roaming\GetRightToGo
2009-12-24 03:16 . 2009-12-24 03:48 258352 ----a-w- c:\windows\system32\unicows.dll
2009-12-23 23:48 . 2009-05-31 22:04 -------- d-----w- c:\users\Saqib\AppData\Roaming\uTorrent
2009-12-21 23:42 . 2009-12-21 23:42 367686 ----a-r- c:\users\Izn\AppData\Roaming\Microsoft\Installer\{E2BF2060-D1DB-441A-8739-30E7BAA534BA}\_C22EE15BDC4445E6B3F0CD.exe
2009-12-21 23:42 . 2009-12-20 00:37 -------- d-----w- c:\program files\DENON_DJ
2009-12-21 22:47 . 2008-01-24 23:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 04:55 . 2009-12-20 04:55 -------- d-----w- c:\program files\PCDJ Reflex LE
2009-12-20 00:47 . 2009-12-20 00:47 -------- d-----w- c:\programdata\DDJ_ASIO_Driver
2009-12-18 12:48 . 2010-01-21 22:58 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48 . 2010-01-21 22:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:48 . 2010-01-21 22:58 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-12-18 12:46 . 2010-01-21 22:58 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18 . 2010-01-21 22:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45 . 2010-01-21 22:58 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-18 02:35 . 2009-12-18 02:35 -------- d-----w- c:\program files\Lame for Audacity
2009-12-16 02:52 . 2008-07-31 05:39 -------- d-----w- c:\users\Sian\AppData\Roaming\Apple Computer
2009-12-16 02:34 . 2008-07-19 01:17 -------- d-----w- c:\users\Saqib\AppData\Roaming\Apple Computer
2009-12-13 19:15 . 2009-12-13 19:13 -------- d-----w- c:\programdata\Lavasoft
2009-12-13 19:14 . 2009-12-13 19:14 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-13 19:13 . 2009-12-13 19:13 -------- d-----w- c:\program files\Lavasoft
2009-12-13 07:21 . 2009-12-13 07:21 -------- d-----r- c:\program files\Norton Support
2009-12-13 02:04 . 2009-12-13 02:04 -------- d-----w- c:\program files\Audacity
2009-12-09 00:36 . 2009-12-09 00:36 -------- d-----w- c:\users\Izn\AppData\Roaming\M-Audio
2009-12-08 01:01 . 2009-12-08 01:01 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC534.tmp.exe
2009-12-07 14:10 . 2009-12-13 19:14 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-03 04:59 . 2008-04-15 02:17 127624 ----a-w- c:\users\Saqib\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 13:19 . 2009-12-13 19:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-02 13:19 . 2009-12-13 22:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-09 13:34 . 2009-12-09 04:05 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30 . 2009-12-09 04:05 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:17 . 2009-12-09 04:05 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 03:28 . 2009-11-06 03:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2001-07-26 23:58 . 2000-01-11 19:50 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 19:46 . 2001-07-20 17:48 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 23:36 . 2000-12-05 22:56 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 21:22 . 2100-02-08 22:53 1437 ----a-w- c:\program files\gtx73.ini
2009-04-01 04:47 . 2009-08-24 23:37 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-01-24 22:59 . 2008-01-24 22:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
------- Sigcheck -------
[-] 2008-04-16 00:23 . BA0787C5520D54733BA409B62BBA9A53 . 21560 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2008-04-16 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[7] 2008-01-19 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-16 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-24 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-11 88608]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"PrinTray"="c:\windows\system32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-12 36864]
"Lexmark X73 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X73.exe" [2001-10-08 53248]
"Lexmark X73 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X73.exe" [2001-07-11 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TalkAndWrite"="c:\programdata\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe" [2009-02-28 3062784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\users\Saqib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [13/12/2009 12:15 PM 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [11/01/2010 4:03 PM 310320]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [21/01/2010 4:36 PM 162640]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [11/01/2010 4:03 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [11/01/2010 4:03 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys [29/01/2010 6:15 PM 343088]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [21/01/2010 4:36 PM 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [21/01/2010 4:36 PM 51792]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [24/01/2008 4:46 PM 198240]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [11/01/2010 4:03 PM 117640]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [12/01/2010 7:57 AM 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [29/06/2008 12:43 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/01/2010 6:26 PM 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [26/02/2008 8:17 AM 493568]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [11/01/2010 4:03 PM 48688]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [02/11/2006 3:25 AM 16896]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [07/09/2007 5:36 AM 156928]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 11:32 AM 208896]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 10:13 AM 29696]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 6:19 AM 1181328]
S3 MADFU;MADFU;c:\windows\System32\drivers\MADFU.sys [05/12/2009 1:45 AM 16512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1269665831-4724830-4121108689-1002Core.job
- c:\users\Izn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-07 01:04]
2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1269665831-4724830-4121108689-1002UA.job
- c:\users\Izn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-07 01:04]
2010-01-31 c:\windows\Tasks\User_Feed_Synchronization-{0DF703CF-8A20-4FC2-AB2D-3B7F609F968B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
2010-01-31 c:\windows\Tasks\User_Feed_Synchronization-{9D23CA72-CD71-44E2-BFDA-BE3B3D39E8DE}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
2010-01-31 c:\windows\Tasks\User_Feed_Synchronization-{A28E1254-1A9E-448F-9BBB-C22291493DAC}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=13818&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Saqib\AppData\Roaming\Mozilla\Firefox\Profiles\nqfgqqgp.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-31 12:16
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87885E07]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82c56d1f
\Driver\ACPI -> acpi.sys @ 0x804699d6
\Driver\atapi -> ataport.SYS @ 0x8078d9c6
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x8259727f
SecurityProcedure -> ntkrnlpa.exe @ 0x825964a3
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x8259727f
SecurityProcedure -> ntkrnlpa.exe @ 0x825964a3
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-31 12:19:46
ComboFix-quarantined-files.txt 2010-01-31 19:19
Pre-Run: 203,572,072,448 bytes free
Post-Run: 203,772,313,600 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 722FC9ADAD8A10CD68683CF98D202423