Here it is!:
ComboFix 08-01-14.4 - Eve 2008-01-15 13:13:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.645 [GMT -5:00]
Running from: C:\Documents and Settings\Eve\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eve\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\redbookk.sys
C:\WINDOWS\system32\EBEAD39BB3.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\redbookk.sys
C:\WINDOWS\system32\EBEAD39BB3.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_REDBOOKK
-------\redbookk
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-15 10:30 . 2008-01-15 10:30 754 --a--c--- C:\WINDOWS\WORDPAD.INI
2008-01-14 17:08 . 2008-01-14 17:08 <DIR> d----c--- C:\Documents and Settings\Eve\DoctorWeb
2008-01-14 17:07 . 2008-01-14 17:07 <DIR> d----c--- C:\Program Files\Windows Installer Clean Up
2008-01-14 17:06 . 2008-01-14 17:06 <DIR> d----c--- C:\Program Files\MSECACHE
2008-01-14 16:28 . 2008-01-14 16:28 <DIR> d----c--- C:\WINDOWS\ERUNT
2008-01-14 16:10 . 2008-01-14 17:05 <DIR> d----c--- C:\Program Files\SDFix
2008-01-14 16:03 . 2008-01-14 16:03 1,550 --a--c--- C:\WINDOWS\system32\tmp.reg
2008-01-14 13:32 . 2008-01-14 15:50 <DIR> d----c--- C:\Program Files\QooBox
2008-01-14 13:31 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-14 12:19 . 2008-01-14 12:19 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 12:18 . 2008-01-14 20:40 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-01-14 12:18 . 2008-01-14 12:18 <DIR> d----c--- C:\Documents and Settings\Eve\Application Data\SUPERAntiSpyware.com
2008-01-14 09:27 . 2008-01-14 09:27 <DIR> d----c--- C:\Program Files\Lavasoft
2008-01-14 09:27 . 2008-01-14 09:27 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 09:24 . 2008-01-14 12:16 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 22:05 . 2008-01-13 22:05 <DIR> d----c--- C:\Program Files\Trend Micro
2008-01-13 21:38 . 2008-01-13 21:38 <DIR> d----c--- C:\Documents and Settings\Eve\Application Data\Grisoft
2008-01-13 21:38 . 2008-01-13 21:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 21:38 . 2007-05-30 07:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-13 21:25 . 2008-01-13 21:25 <DIR> d----c--- C:\Program Files\SmitfraudFix
2008-01-13 21:24 . 2008-01-13 21:23 1,062,501 --a--c--- C:\Program Files\SmitfraudFix.zip
2008-01-11 17:36 . 2008-01-11 18:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-11 17:14 . 2008-01-11 17:14 <DIR> d----c--- C:\Program Files\Plato Video To PSP Converter
2008-01-11 12:04 . 2008-01-11 15:52 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-01-11 12:04 . 2008-01-11 12:04 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-01-11 12:03 . 2008-01-11 12:03 <DIR> d----c--- C:\Program Files\iPod
2008-01-11 10:11 . 2008-01-11 15:12 <DIR> d----c--- C:\Program Files\uTorrent
2008-01-11 10:10 . 2008-01-14 08:50 <DIR> d----c--- C:\Documents and Settings\Eve\Application Data\uTorrent
2008-01-10 12:40 . 2008-01-10 12:40 <DIR> d----c--- C:\Program Files\MAPILab Ltd
2008-01-10 12:40 . 2008-01-10 12:40 <DIR> d----c--- C:\Program Files\Common Files\MAPILab Ltd
2008-01-03 19:26 . 2008-01-03 19:26 <DIR> d----c--- C:\Program Files\iDumpPro
2008-01-03 19:26 . 2008-01-03 19:26 1,521,113 --a--c--- C:\WINDOWS\iDumpPro Uninstaller.exe
2008-01-03 19:26 . 2008-01-03 19:26 3,120 --a--c--- C:\WINDOWS\system32\2bad2884-02a9-488c-9f8c-13fecc7c77f9.dll
2008-01-03 19:26 . 2008-01-03 19:26 3,120 --a--c--- C:\WINDOWS\db7a9e38-547e-4544-bf7c-a4beabe1c61a.ocx
2007-12-25 21:31 . 2007-12-25 21:31 <DIR> d----c--- C:\Documents and Settings\Eve\Application Data\EPSON
2007-12-23 14:35 . 2007-11-02 09:36 1,763,248 --a--c--- C:\WINDOWS\system32\Codejock.CommandBars.v11.2.1.ocx
2007-12-23 14:35 . 2007-11-02 09:37 518,064 --a--c--- C:\WINDOWS\system32\Codejock.SkinFramework.v11.2.1.ocx
2007-12-23 14:33 . 2007-10-02 05:47 849,920 --a--c--- C:\WINDOWS\system32\AdjMmsEng.dll
2007-12-23 14:33 . 2007-10-01 07:38 827,392 --a--c--- C:\WINDOWS\system32\asrecmms.ocx
2007-12-23 14:33 . 2007-10-01 05:43 425,984 --a--c--- C:\WINDOWS\system32\amp3dj.ocx
2007-12-20 09:16 . 2007-12-20 09:16 <DIR> d----c--- C:\Program Files\MailWasher Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 15:18 --------- dc----w C:\Documents and Settings\Eve\Application Data\MailWasherPro
2008-01-14 15:19 --------- dc----w C:\Documents and Settings\Eve\Application Data\Symantec
2008-01-11 18:03 --------- dc----w C:\Program Files\itunes
2008-01-11 17:01 --------- dc----w C:\Program Files\QuickTime
2008-01-11 16:35 --------- dc----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2008-01-11 16:34 --------- dc----w C:\Program Files\Jasc Software Inc
2008-01-11 16:00 --------- dc----w C:\Program Files\Dell
2008-01-11 15:35 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-01-11 15:35 --------- dc----w C:\Program Files\Common Files\Nikon
2008-01-11 15:30 --------- dc----w C:\Documents and Settings\Eve\Application Data\ArcSoft
2008-01-11 15:18 --------- dc----w C:\Program Files\Azureus
2008-01-11 15:18 --------- dc----w C:\Documents and Settings\Eve\Application Data\Azureus
2008-01-09 20:41 --------- dc----w C:\Program Files\Google
2007-12-07 17:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\SiComponents
2007-12-07 17:05 --------- dc----w C:\Documents and Settings\Eve\Application Data\Jasc Software Inc
2007-12-06 19:37 --------- dc----w C:\Documents and Settings\Eve\Application Data\Final Draft
2007-12-06 14:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Final Draft
2007-12-04 19:00 --------- dc----w C:\Program Files\Eusing Free Registry Cleaner
2007-12-04 18:59 --------- dc----w C:\Program Files\Skype
2007-12-04 16:33 --------- dc----w C:\Documents and Settings\Eve\Application Data\Skype
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:56 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-04 14:56 --------- dc----w C:\Program Files\Common Files\Skype
2007-12-04 14:56 --------- dc----w C:\Documents and Settings\Eve\Application Data\skypePM
2007-12-04 14:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-04 14:55 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-25 15:59 688 -c--a-w C:\WINDOWS\Fonts\CompleteinHim-TOU.txt
2007-11-20 23:47 --------- dc----w C:\Program Files\Soulseek
2007-10-17 11:24 2,526,800 -c--a-w C:\WINDOWS\Install_B4Playing.exe
2006-12-21 03:27 92,064 -c--a-w C:\Documents and Settings\Eve\mqdmmdm.sys
2006-12-21 03:27 9,232 -c--a-w C:\Documents and Settings\Eve\mqdmmdfl.sys
2006-12-21 03:27 79,328 -c--a-w C:\Documents and Settings\Eve\mqdmserd.sys
2006-12-21 03:27 66,656 -c--a-w C:\Documents and Settings\Eve\mqdmbus.sys
2006-12-21 03:27 6,208 -c--a-w C:\Documents and Settings\Eve\mqdmcmnt.sys
2006-12-21 03:27 5,936 -c--a-w C:\Documents and Settings\Eve\mqdmwhnt.sys
2006-12-21 03:27 4,048 -c--a-w C:\Documents and Settings\Eve\mqdmcr.sys
2006-12-21 03:27 25,600 -c--a-w C:\Documents and Settings\Eve\usbsermptxp.sys
2006-12-21 03:27 22,768 -c--a-w C:\Documents and Settings\Eve\usbsermpt.sys
2006-03-24 15:18 2,516 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe" [2007-12-04 08:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
C:\Documents and Settings\Eve\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\MailWasher Pro\MailWasher.exe [2007-12-20 09:16:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SAC-Desktop-Alert.lnk]
backup=C:\WINDOWS\pss\SAC-Desktop-Alert.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Eve^Start Menu^Programs^Startup^Norton Disk Doctor.LNK]
backup=C:\WINDOWS\pss\Norton Disk Doctor.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a--c--- 2007-06-11 04:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2007-04-27 16:17 50736 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a--c--- 2004-07-30 11:04 245760 C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 16:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a--c--- 2007-02-15 06:00 179200 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-07-19 23:06 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-07-19 23:10 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-07-19 23:09 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCamPro.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a--c--- 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-07-18 20:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
R2 NMSAccessU;NMSAccessU;C:\Program Files\iDumpPro\NMSAccessU.exe [2007-10-12 04:34]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-29 20:55]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 20:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-15 13:19:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 13:23:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 18:23:35
ComboFix2.txt 2008-01-14 20:50:02
.
2008-01-09 20:46:04 --- E O F ---