I'm getting tons of Antivirus 2009 popups, some registry defender popups, and tons of other annoying fake security program popups. I already used ComboFix but the popups still continue.
Here is the Combofix log!
ComboFix 08-12-25.04 - Owner 2008-12-26 1:03:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.204 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\sakalimo.dll
c:\windows\system32\tudotipi.dll
\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.
2008-12-26 01:31 . 2003-08-26 03:28 96,256 -ra------ c:\windows\system32\drivers\LSIPNDS.sys
2008-12-26 01:26 . 2004-08-04 14:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-26 01:25 . 2004-08-27 04:54 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-12-26 01:25 . 2004-08-27 04:54 <DIR> d-------- c:\documents and settings\Default User\WINDOWS
2008-12-26 01:25 . 2003-01-10 13:58 351,526 --a------ c:\windows\WBDDA34I.DLL
2008-12-26 01:25 . 2008-12-26 01:25 29 --a------ c:\windows\wwwbatch.ini
2008-12-26 01:23 . 2008-12-26 01:23 8,192 --a------ c:\windows\REGLOCS.OLD
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\McAfee.com
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\McAfee
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\SampleView
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee.com
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-26 01:21 . 2004-10-20 12:08 341,064 --a------ c:\windows\system32\mcinsctl.dll
2008-12-26 01:21 . 2004-10-20 12:08 279,624 --a------ c:\windows\system32\mcgdmgr.dll
2008-12-26 01:21 . 2008-12-26 01:21 0 --a------ c:\windows\system32\eMachines_W3050_Versionxx_CA74C10006533.MRK
2008-12-26 01:20 . 2008-12-26 01:20 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-26 01:20 . 2008-12-26 01:20 <DIR> d-------- c:\program files\Digital Media Reader
2008-12-26 01:19 . 2003-03-25 08:00 67,072 --a------ c:\windows\POWERCFG.EXE
2008-12-26 01:19 . 2004-09-03 19:07 20,480 --a------ c:\windows\system32\Marker32.exe
2008-12-26 01:18 . 2008-12-26 01:18 <DIR> d-------- c:\program files\CyberLink
2008-12-26 01:18 . 2008-12-26 01:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-26 01:17 . 2008-12-26 01:17 <DIR> d-------- c:\program files\Microsoft Works
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\windows\occache
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Viewpoint
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Pure Networks
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Learn2.com
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\BigFix
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\AOL Companion
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Ahead
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pure Networks
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\windows\system32\QuickTime
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Real
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\QuickTime
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Common Files\Real
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Common Files\Nullsoft
2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\aolshare
2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\AOL Toolbar
2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\America Online 9.0
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2008-12-26 01:14 . 2008-12-26 01:14 <DIR> d-------- c:\windows\system32\URTTemp
2008-12-26 01:14 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\AOL
2008-12-26 01:14 . 2008-12-26 01:16 837 --ah----- C:\IPH.PH
2008-12-26 01:14 . 2008-12-26 01:14 335 --a------ c:\windows\nsreg.dat
2008-12-26 01:13 . 2008-12-26 01:13 <DIR> d-------- c:\program files\MSN Encarta Plus
2008-12-26 01:13 . 2008-12-26 01:14 <DIR> d-------- c:\program files\Microsoft Money
2008-12-26 01:12 . 2008-12-26 01:12 <DIR> d-------- c:\program files\NVIDIA Corporation
2008-12-26 01:12 . 2008-12-26 01:18 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-12-26 01:12 . 2008-12-26 01:12 <DIR> d-------- c:\program files\Common Files\NVIDIA Shared
2008-12-26 01:11 . 2008-12-26 01:20 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-12-26 01:10 . 2008-12-25 23:36 <DIR> d-------- c:\program files\Java
2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\program files\Common Files\New Boundary
2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\program files\Common Files\Java
2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Prism Deploy
2008-12-26 01:07 . 2008-12-26 01:19 <DIR> d-------- c:\program files\Norton AntiVirus
2008-12-26 01:06 . 2008-12-26 01:07 <DIR> d-------- c:\program files\Symantec
2008-12-26 01:06 . 2008-12-26 00:16 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-26 01:06 . 2008-12-26 01:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-26 01:06 . 2004-08-09 13:59 103,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-26 01:06 . 2004-08-09 13:59 83,168 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-26 01:06 . 2004-08-04 03:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-26 01:06 . 2004-08-04 01:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-26 01:05 . 2008-12-26 01:05 <DIR> d-------- c:\program files\CONEXANT
2008-12-26 01:05 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-26 01:05 . 2004-08-04 02:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-26 01:05 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-26 01:05 . 2001-08-17 17:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-26 01:04 . 2004-08-04 02:08 26,624 --a------ c:\windows\system32\drivers\usbehci.sys
2008-12-26 01:04 . 2004-08-04 02:08 17,024 --a------ c:\windows\system32\drivers\usbohci.sys
2008-12-26 01:04 . 2004-08-04 03:56 7,168 --a------ c:\windows\system32\hccoin.dll
2008-12-26 00:54 . 2008-12-26 00:54 <DIR> d-------- c:\documents and settings\Owner\Application Data\Template
2008-12-26 00:54 . 2005-08-02 17:45 1,552 -ra------ c:\windows\system32\lxce.loc
2008-12-26 00:54 . 2008-12-26 00:54 0 --a------ c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-12-26 00:52 . 2008-12-26 01:06 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-12-26 00:52 . 2008-12-26 00:53 <DIR> d-------- c:\program files\Lexmark 4300 Series
2008-12-26 00:52 . 2005-02-23 10:48 1,267,333 --a------ c:\windows\system32\lxcehelp.hlp
2008-12-26 00:52 . 2005-02-23 05:33 983,091 --a------ c:\windows\system32\lxcegf.dll
2008-12-26 00:52 . 2005-07-28 03:24 172,032 --a------ c:\windows\system32\lxceinsb.dll
2008-12-26 00:52 . 2005-07-28 03:24 131,072 --a------ c:\windows\system32\lxceins.dll
2008-12-26 00:52 . 2005-07-28 03:25 98,304 --a------ c:\windows\system32\lxceinsr.dll
2008-12-26 00:52 . 2005-07-28 03:24 86,016 --a------ c:\windows\system32\lxcecub.dll
2008-12-26 00:52 . 2005-07-28 03:24 73,728 --a------ c:\windows\system32\lxcecu.dll
2008-12-26 00:52 . 2005-07-28 03:25 36,864 --a------ c:\windows\system32\lxcecur.dll
2008-12-26 00:52 . 2005-01-13 06:52 7,720 --a------ c:\windows\system32\lxcehelp.cnt
2008-12-26 00:52 . 2008-12-26 00:55 1,125 --a------ C:\LXCEINST.csv
2008-12-26 00:52 . 2008-12-26 00:52 0 --a------ C:\lxcefire.csv
2008-12-26 00:46 . 2008-12-26 01:06 <DIR> d-------- c:\windows\SMINST
2008-12-26 00:46 . 2008-12-26 01:06 <DIR> d-------- c:\windows\creator
2008-12-26 00:46 . 2008-12-26 01:02 <DIR> d-------- c:\windows\CACHE
2008-12-26 00:46 . 2008-12-26 00:52 <DIR> dr------- C:\Program Files
2008-12-26 00:46 . 2008-12-26 01:15 <DIR> dr------- c:\documents and settings\All Users\Documents
2008-12-26 00:46 . 2004-06-17 15:55 1,041,536 --a------ c:\windows\system32\drivers\HSF_DP.sys
2008-12-26 00:46 . 2004-06-17 15:55 685,056 --a------ c:\windows\system32\drivers\HSF_CNXT.sys
2008-12-26 00:46 . 2004-06-17 15:56 220,032 --a------ c:\windows\system32\drivers\HSFHWBS2.sys
2008-12-26 00:46 . 2004-06-17 15:30 129,045 --a------ c:\windows\system32\drivers\HSFProf.cty
2008-12-26 00:46 . 2004-03-17 12:00 86,016 --a------ c:\windows\system32\mdmxsdk.dll
2008-12-26 00:46 . 2004-08-04 15:34 39,018 --a------ c:\windows\system32\HSFCI011.dll
2008-12-26 00:46 . 2004-03-17 12:04 13,059 --a------ c:\windows\system32\drivers\mdmxsdk.sys
2008-12-26 00:46 . 2008-12-26 00:46 60 --a------ c:\windows\system32\SYSDRV.DAT
2008-12-26 00:43 . 2008-12-26 00:53 <DIR> dr-hsc--- c:\windows\system32\dllcache
2008-12-25 23:49 . 2008-12-26 00:24 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-25 23:49 . 2008-12-25 23:49 <DIR> d-------- c:\documents and settings\Owner\Application Data\PC Tools
2008-12-25 23:49 . 2008-12-26 01:01 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-25 23:49 . 2008-12-26 00:23 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-25 23:49 . 2008-12-26 00:23 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-25 23:49 . 2008-12-26 00:23 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-25 23:49 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-25 23:48 . 2008-12-25 23:48 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-25 23:47 . 2008-12-25 23:47 <DIR> d-------- c:\program files\Lavasoft
2008-12-25 23:47 . 2008-12-25 23:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-25 23:47 . 2008-12-25 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-25 23:40 . 2008-12-25 23:40 1,603,449 ---hs---- c:\windows\system32\elonidiw.ini
2008-12-25 23:36 . 2008-12-25 23:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Yahoo!
2008-12-25 23:36 . 2008-12-25 23:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-25 23:36 . 2008-12-25 23:36 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 23:36 . 2008-12-25 23:36 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-25 23:35 . 2008-12-25 23:36 <DIR> d-------- c:\program files\Yahoo!
2008-12-25 23:35 . 2008-12-25 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-25 23:32 . 2008-12-25 23:32 <DIR> d-------- c:\program files\uTorrent
2008-12-25 23:32 . 2008-12-26 00:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 06:15 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 05:47 160496 --a------ c:\progra~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 58488]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
"NAV CfgWiz"="c:\program files\Norton AntiVirus\CfgWiz.exe" [2004-08-17 132248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2004-08-17 245760]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 184320]
"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-10-19 114688]
"jujewefuma"="c:\windows\system32\rejufopa.dll" [2008-09-25 60928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"nwiz"="nwiz.exe" [2004-07-12 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-12-26 1742384]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-10-19 86016]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\sakalimo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\DRIVERS\LSIPNDS.sys [2008-12-26 96256]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-25 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D30E61EF-1947-476D-396B-417E2F088C78}]
c:\windows\system32:winup32.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]
2008-12-26 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]
2008-12-26 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]
2008-12-26 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 04:00]
2008-12-26 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1 [2008-12-26 01:21]
2008-12-26 c:\windows\Tasks\McAfee.com Update Check (YOUR-F343DF5173-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 19:34]
2008-12-26 c:\windows\Tasks\McAfee.com Update Check (YOUR-F343DF5173-Owner).job
- c:\progra~1\mcafee.com\agent [2008-12-26 01:21]
2008-12-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 20:26]
.
- - - - ORPHANS REMOVED - - - -
BHO-{e348c788-f57b-4bd0-bb63-56b3c17e7fd5} - c:\windows\system32\kewevuro.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Windows/winup32 - c:\windows\system32:winup32.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O16 -: {C932BA85-4374-101B-A56C-00AA003668DC}
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\erhmgqnz.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 01:07:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows/winup32 = c:\windows\system32:winup32.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
c:\windows\system32:winup32.exe 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-26 1:09:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-26 06:09:32
Pre-Run: 71,465,086,976 bytes free
Post-Run: 71,459,741,696 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
275
