Jay, that worked quite well. here is the log but I think all is well. I am running Malwarebytes now.
Let me know if there is anything else you see or that I should do based on this log file.
Jason
ComboFix 10-02-09.03 - Jason 02/09/2010 20:06:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.624 [GMT -5:00]
Running from: c:\documents and settings\Jason\desktop\blackpudding.bat
Command switches used :: /StepDel
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}
c:\recycler\S-1-5-21-1482476501-776561741-839522115-1003
c:\recycler\S-1-5-21-1612468630-89685085-3473688403-1003
c:\recycler\S-1-5-21-2380657726-3734598010-3631447877-1003
c:\recycler\S-1-5-21-2674361505-969318620-4082022749-1003
c:\recycler\S-1-5-21-2882666047-2457012616-4229916381-1003
c:\recycler\S-1-5-21-3160922839-1615166866-22790272-1003
c:\recycler\S-1-5-21-3484941415-612704084-3895702923-1003
c:\recycler\S-1-5-21-375101726-2659221895-3492569785-1003
c:\windows\system32\drivers\geyekrobmcpdvx.sys
c:\windows\system32\drivers\H8SRTlqjoewsftj.sys
c:\windows\system32\geyekrdayabxxf.dat
c:\windows\system32\geyekruowaqycu.dat
c:\windows\system32\geyekrwiyxamfy.dll
c:\windows\system32\geyekrxbryfibv.dll
c:\windows\system32\H8SRTpjdabwitmq.dll
c:\windows\system32\H8SRTpuhtappxtb.dat
c:\windows\system32\H8SRTqvpxvtwjbf.dll
c:\windows\system32\H8SRTuytkltqfwq.dll
c:\windows\system32\H8SRTxbvdoyqquw.dll
c:\windows\system32\lowsec
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}\install.rdf
c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}\chrome.manifest
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}\chrome\content\_cfg.js
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}\chrome\content\overlay.xul
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}\install.rdf
c:\recycler\S-1-5-21-1482476501-776561741-839522115-1003\desktop.ini
c:\recycler\S-1-5-21-1482476501-776561741-839522115-1003\INFO2
c:\recycler\S-1-5-21-1612468630-89685085-3473688403-1003\desktop.ini
c:\recycler\S-1-5-21-1612468630-89685085-3473688403-1003\INFO2
c:\recycler\S-1-5-21-2380657726-3734598010-3631447877-1003\desktop.ini
c:\recycler\S-1-5-21-2380657726-3734598010-3631447877-1003\INFO2
c:\recycler\S-1-5-21-2674361505-969318620-4082022749-1003\desktop.ini
c:\recycler\S-1-5-21-2674361505-969318620-4082022749-1003\INFO2
c:\recycler\S-1-5-21-2882666047-2457012616-4229916381-1003\desktop.ini
c:\recycler\S-1-5-21-2882666047-2457012616-4229916381-1003\INFO2
c:\recycler\S-1-5-21-3160922839-1615166866-22790272-1003\desktop.ini
c:\recycler\S-1-5-21-3160922839-1615166866-22790272-1003\INFO2
c:\recycler\S-1-5-21-3484941415-612704084-3895702923-1003\desktop.ini
c:\recycler\S-1-5-21-3484941415-612704084-3895702923-1003\INFO2
c:\recycler\S-1-5-21-375101726-2659221895-3492569785-1003\desktop.ini
c:\recycler\S-1-5-21-375101726-2659221895-3492569785-1003\INFO2
C:\s
c:\windows\setup.exe
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\caybejjp.ini
c:\windows\system32\cxhkxtmn.ini
c:\windows\system32\drivers\geyekrobmcpdvx.sys
c:\windows\system32\drivers\H8SRTlqjoewsftj.sys
c:\windows\system32\geyekrdayabxxf.dat
c:\windows\system32\geyekruowaqycu.dat
c:\windows\system32\geyekrwiyxamfy.dll
c:\windows\system32\geyekrxbryfibv.dll
c:\windows\system32\guttcxac.ini
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTpjdabwitmq.dll
c:\windows\system32\H8SRTpuhtappxtb.dat
c:\windows\system32\H8SRTqvpxvtwjbf.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTuytkltqfwq.dll
c:\windows\system32\H8SRTxbvdoyqquw.dll
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mcrh.tmp
c:\windows\system32\nobjyqwa.ini
c:\windows\system32\orAaHRqr.ini
c:\windows\system32\orAaHRqr.ini2
c:\windows\system32\qsrfooeh.ini
c:\windows\system32\spool\prtprocs\w32x86\00001bd6.tmp
c:\windows\system32\spool\prtprocs\w32x86\0000788d.tmp
c:\windows\system32\tmp.reg
c:\windows\system32\tsklnkwi.ini
c:\windows\system32\twain_32.dll
c:\windows\system32\warning.html
c:\windows\system32\wfnygyep.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_geyekruiwatgfu
-------\Legacy_geyekruiwatgfu
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 01:08 . 2010-02-10 01:08 -------- d-----w- c:\windows\LastGood.Tmp
2010-02-10 00:58 . 2010-02-10 01:00 -------- d-----w- C:\32788R22FWJFW
2010-02-10 00:39 . 2010-02-10 00:39 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Mozilla
2010-02-09 04:50 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-09 04:50 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-09 04:50 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-09 04:50 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-09 04:50 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-09 04:50 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-09 04:50 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-09 04:50 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-09 04:50 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-09 04:50 . 2010-02-09 04:50 -------- d-----w- c:\program files\Alwil Software
2010-02-09 04:00 . 2010-02-09 04:00 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Google
2010-02-09 02:33 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 02:31 . 2010-02-09 02:31 -------- d-----w- c:\documents and settings\Jason\Application Data\Yahoo!
2010-02-09 02:31 . 2010-02-09 02:45 -------- d-----w- c:\program files\Yahoo!
2010-02-09 02:31 . 2010-02-09 02:31 -------- d-----w- c:\program files\CCleaner
2010-02-09 02:28 . 2010-02-09 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-09 02:28 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 19:51 . 2010-01-30 19:51 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{9CCD5FB9-BEF2-4366-85A6-BE1338698EC2}
2010-01-29 03:04 . 2010-02-09 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 02:33 . 2010-02-09 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-15 16:01 . 2010-02-08 23:07 0 ----a-w- c:\windows\Upadakiwikis.bin
2010-01-15 16:01 . 2010-01-15 18:02 120 ----a-w- c:\windows\Vhenewiyohupofuy.dat
2010-01-15 16:01 . 2010-01-15 16:01 -------- d-----w- c:\documents and settings\KCarlson\Local Settings\Application Data\{742AA653-FF45-405D-B6BA-A473CBC09DEB}
2010-01-15 15:57 . 2010-01-15 15:57 -------- d-----w- c:\windows\system32\msapps
2010-01-15 01:55 . 2010-01-15 01:55 -------- d-----w- c:\program files\MSSOAP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 00:41 . 2010-01-30 20:55 -------- d-----w- c:\documents and settings\Jason\Application Data\Apple Computer
2010-02-09 23:22 . 2006-03-07 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-09 12:41 . 2007-09-10 17:02 -------- d-----w- c:\program files\Google
2010-02-09 12:41 . 2006-03-07 14:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-09 03:44 . 2007-11-01 02:50 -------- d-----w- c:\program files\LimeWire
2010-02-09 01:21 . 2010-01-30 20:55 91744 ----a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-15 01:57 . 2010-01-15 01:57 775168 ----a-w- c:\windows\isRS-000.tmp
2010-01-15 01:22 . 2009-01-19 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-07 12:32 . 2007-11-01 02:50 -------- d-----w- c:\documents and settings\KCarlson\Application Data\LimeWire
2010-01-06 21:45 . 2006-10-03 14:56 91744 ----a-w- c:\documents and settings\KCarlson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 19:59 . 2007-09-10 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-05 09:42 . 2010-01-05 09:42 -------- d-----w- c:\program files\MSXML 6.0
2010-01-05 05:42 . 2006-03-02 08:56 -------- d-----w- c:\program files\Java
2010-01-05 05:18 . 2010-01-05 05:18 152576 ----a-w- c:\documents and settings\KCarlson\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-05 05:16 . 2010-01-05 05:16 79488 ----a-w- c:\documents and settings\KCarlson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-30 14:08 . 2009-06-29 07:01 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-18 04:20 . 2009-12-16 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-11 01:29 . 2009-12-16 17:03 1782128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2009-11-21 16:36 . 2006-03-02 06:20 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-13 22:57 . 2004-08-03 22:59 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'\0aswBoot.exe /M:2e95457852
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^KCarlson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\KCarlson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 00:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 05:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 -c----w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-08-05 17:56 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-08-05 17:56 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-08-05 17:57 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2007-01-14 07:11 771704 ----a-w- c:\program files\Norton Internet Security\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2005-10-20 06:07 184320 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 10:36 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Partseal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 05:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/8/2010 11:50 PM 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/8/2010 11:50 PM 19024]
R2 COMServer;COMServer;c:\windows\system32\msapps\comsrvr.exe [1/15/2010 10:57 AM 12800]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/3/2009 11:38 AM 102448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\7xpkyi75.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {742AA653-FF45-405D-B6BA-A473CBC09DEB} - c:\documents and settings\KCarlson\Local Settings\Application Data\{742AA653-FF45-405D-B6BA-A473CBC09DEB}
FF - HiddenExtension: XULRunner: {9CCD5FB9-BEF2-4366-85A6-BE1338698EC2} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{9CCD5FB9-BEF2-4366-85A6-BE1338698EC2}\
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-smss32 - c:\windows\system32\smss32.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-09 20:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-753292386-3990352988-2974378246-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
.
**************************************************************************
.
Completion time: 2010-02-09 20:30:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-10 01:30
Pre-Run: 38,954,151,936 bytes free
Post-Run: 39,102,414,848 bytes free
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 886B04E05296F18D51DCE76D83D55AA1