OK - will go do that now. I'm guessing I need to tell him what the password is set to on the zip file?
Anyway - new logfiles:
ComboFix 08-01-03.3 - Asha 2008-01-03 22:28:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.640 [GMT 0:00]
Running from: C:\Documents and Settings\Asha\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Asha\Desktop\CFscript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-03 21:05 . 2008-01-03 22:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-03 21:05 . 2008-01-03 21:05 <DIR> d-------- C:\Documents and Settings\Asha\Application Data\SUPERAntiSpyware.com
2008-01-03 21:05 . 2008-01-03 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-03 20:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 02:37 . 2008-01-03 05:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 02:37 . 2008-01-03 02:37 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 02:19 . 2007-12-31 02:19 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-22 19:00 . 2007-12-22 19:00 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-22 19:00 . 2007-12-22 19:00 741,632 --a------ C:\WINDOWS\system32\ggempgum.dat
2007-12-22 19:00 . 2007-12-22 19:00 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-22 19:00 . 2007-12-25 19:23 120,576 --a------ C:\WINDOWS\system32\vastqgrq.dat
2007-12-22 19:00 . 2007-12-22 19:00 42,240 --a------ C:\WINDOWS\system32\kwlondop.dat
2007-12-22 19:00 . 2007-12-22 19:00 36,096 --a------ C:\WINDOWS\system32\ebegvisf.dat
2007-12-22 19:00 . 2007-12-22 19:00 35,072 --a------ C:\WINDOWS\system32\zdmrqigk.dat
2007-12-22 17:31 . 2005-10-29 06:49 84,480 --a------ C:\WINDOWS\system32\bcsprsrcc.dll.bak
2007-12-22 17:30 . 2007-12-22 17:30 15,872 --a------ C:\WINDOWS\system32\538cy1.exe
2007-12-13 17:29 . 2007-12-13 17:29 244 --ah----- C:\sqmnoopt00.sqm
2007-12-13 17:29 . 2007-12-13 17:29 232 --ah----- C:\sqmdata00.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 21:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 16:45 --------- d-----w C:\Program Files\XP Repair Pro 2007
2007-12-08 12:44 --------- d-----w C:\Documents and Settings\Asha\Application Data\Canon
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-22 16:06 --------- d-----w C:\Program Files\Java
2007-11-13 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2007-11-13 14:56 --------- d-----w C:\Program Files\Nokia
2007-11-13 14:56 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-13 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-13 14:52 --------- d-----w C:\Documents and Settings\Asha\Application Data\Nokia Multimedia Player
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-01-01 22:58 57,143 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_01_22_56_39_small.dmp.zip
2006-07-15 12:09 17,654,084 -c--a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_07_15_13_00_07_full.dmp.zip
2006-05-15 18:39 40,055 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_05_15_18_06_47_small.dmp.zip
2001-11-23 12:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-01-03_20.53.47.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-03 21:05:14 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-03 21:05:14 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-03 21:05:14 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-01-03 21:36:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_498.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-06-28 11:53 258048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 22:02 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-12-19 11:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 05:06 5181440]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 14:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-03 22:29:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 22:30:04
ComboFix-quarantined-files.txt 2008-01-03 22:29:55
ComboFix2.txt 2008-01-03 20:54:00
.
2007-12-21 12:25:48 --- E O F ---