here’s the combofix log:
“Tara & Paul” - 2007-07-13 16:19:52 - ComboFix 07-07-13.8 - Service Pack 2, v.2096 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\poolsv
C:\Program Files\poolsv\is67389.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\svhost
C:\WINDOWS\poolsv.exe
C:\WINDOWS\svhost.exe
((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))
2007-07-13 15:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 10:56 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NetZero
2007-07-12 12:18 d-------- C:\Program Files\NetZero
2007-07-10 08:50 d-------- C:\VundoFix Backups
2007-07-04 09:24 126,976 --a------ C:\WINDOWS\xhelper.dll
2007-06-30 19:26 d-------- C:\WINDOWS\SxsCaPendDel
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-13 17:56:18 -------- d-----w C:\Program Files\Connection Wizard
2007-07-04 16:13:17 -------- d-----w C:\Program Files\mobile PhoneTools
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
Note empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{52706EF7-D7A2-49AD-A615-E903858CF284}]
2005-06-27 17:06 175560 --a------ C:\Program Files\NetZero\qsacc\X1IEBHO.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 15:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-07-04 09:24 126976 --a------ C:\WINDOWS\xhelper.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 08:42]
“WatchDog”=“C:\Program Files\mobile PhoneTools\WatchDog.exe” [2004-08-14 04:42]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [2006-11-09 15:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NetZero_uoltray”=“C:\Program Files\NetZero\exec.exe” [2005-06-28 12:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
“untd_recovery”=“C:\Program Files\NetZero\qsacc\x1exec.exe”
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“MySpaceIM”=C:\Program Files\MySpace\IM\MySpaceIM.exe
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 16:23:10
Windows 5.1.2600 Service Pack 2, v.2096 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
Completion time: 2007-07-13 16:24:50
C:\ComboFix-quarantined-files.txt … 2007-07-13 16:24
--- E O F ---