((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-14 08:42 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2009-04-04 66840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2008-10-18 221184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\Osa9.exe [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE c:\windows\SYSTEM32\TWEAKUI.CPL,TweakMeUp
"LoadQM"=loadqm.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [5/21/2009 6:04 PM 55152]
S2 gupdate1c9eae1d64e61d0;Google Update Service (gupdate1c9eae1d64e61d0);c:\program files\Google\Update\GoogleUpdate.exe [6/11/2009 7:13 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder
2009-03-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\SYMANTEC\LIVEUPDATE\NDETECT.EXE [2008-11-12 15:23]
2009-06-13 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.0.5.17\DriverRobot.exe [2009-05-21 20:59]
2009-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-789336058-1202660629-1003.job
- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 20:32]
2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 22:13]
2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.ca/mLocal Page = c:\windows\SYSTEM\blank.htm
DPF: DirectAnimation Java Classes -
file://c:\windows\SYSTEM\dajava.cabDPF: Internet Explorer Classes for Java -
file://c:\windows\SYSTEM\iejava.cabDPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso4.cabDPF: Win32 Classes
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-13 18:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(372)
c:\windows\system32\COMRes.dll
.
Completion time: 2009-06-13 18:54
ComboFix-quarantined-files.txt 2009-06-13 21:54
ComboFix2.txt 2009-06-13 20:36
ComboFix3.txt 2009-06-13 19:54
Pre-Run: 26,660,864,000 bytes free
Post-Run: 26,656,145,408 bytes free
199