Tech Support Forum - View Single Post

WJW · 10-13-2007, 10:29 PM

Thanks!

ComboFix 07-10-14.1 - Compaq_Owner 2007-10-14 0:03:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.75 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE::
c:\windows\cdmxtras
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RXToolBar
c:\program files\RXToolBar\CacheCatalog.rx
c:\program files\RXToolBar\RXToolBar.dll
c:\program files\RXToolBar\sfcont.bin
C:\Program Files\TBONBin
C:\Program Files\TBONBin\bak\tbon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\TBONBin\tboninst.cfg
C:\Program Files\TBONBin\TBONUnst.htm
C:\Program Files\TBONBin\Uninstall.exe
C:\WINDOWS\Fonts\acrsecI.fon
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
C:\WINDOWS\system32\_000006_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 00:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-12 12:44 <DIR> d-------- C:\Deckard
2007-10-12 12:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-12 11:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-05 21:23 <DIR> d-------- C:\WINDOWS\system32\bak
2007-10-01 23:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InstallShield
2007-10-01 22:59 1,118,208 --a------ C:\common.dll
2007-10-01 22:59 26,624 --a------ C:\english.dll
2007-10-01 22:59 21,504 --a------ C:\spanish.dll
2007-10-01 22:59 21,504 --a------ C:\italian.dll
2007-10-01 22:59 21,504 --a------ C:\german.dll
2007-10-01 22:59 20,992 --a------ C:\french.dll
2007-10-01 22:59 16,384 --a------ C:\japanese.dll
2007-10-01 22:55 68,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-10-01 22:23 <DIR> d-------- C:\Program Files\SanDisk
2007-09-29 00:11 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-09-29 00:11 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-09-17 21:53 <DIR> d-------- C:\Program Files\HP Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 03:53 --------- d-----w C:\Program Files\Java
2007-10-12 15:59 --------- d-----w C:\Program Files\Symantec
2007-10-12 15:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-12 15:21 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
2007-10-12 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-12 14:56 --------- d-----w C:\Program Files\Viewpoint
2007-10-12 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-12 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-12 14:54 --------- d-----w C:\Program Files\Kazaa
2007-10-12 14:52 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2007-10-12 13:25 --------- d-----w C:\Program Files\Google
2007-10-10 08:34 --------- d-----w C:\Program Files\QuickTime
2007-10-10 08:33 --------- d-----w C:\Program Files\FilmLoop Player
2007-10-10 08:32 --------- d-----w C:\Program Files\REGSHAVE
2007-10-10 08:32 --------- d-----w C:\Program Files\iTunes
2007-10-10 08:29 --------- d-----w C:\Program Files\RitzPix E-Z Print & Share
2007-10-05 21:14 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-02 02:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-28 13:09 --------- d-----w C:\Program Files\EvidenceEraser
2007-09-18 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-09-13 01:38 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Image Zone Express
2007-09-13 01:33 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Printer Info Cache
2007-09-13 01:31 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\HP
2007-09-13 01:15 --------- d-----w C:\Program Files\HP
2007-09-13 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-09-13 01:14 --------- d-----w C:\Program Files\Common Files\HP
2007-09-13 01:13 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-13 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-09-13 01:11 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-09-13 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-09-12 23:17 --------- d-----w C:\Program Files\LexmarkX83
2007-09-11 19:36 --------- d-----w C:\Program Files\Yahoo! Games
2007-09-07 20:09 --------- d-----w C:\Program Files\WildTangent
2006-12-31 00:28 7,914,224 ----a-w C:\Program Files\yahoo_polarbowler_tm1-1.exe
2006-09-05 17:58 636 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2001-06-20 20:19 40,960 ----a-w C:\Program Files\ACMonitor_X83.exe
2006-02-26 22:31:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 55,368 2007-05-02 23:00:36 C:\Documents and Settings\Compaq_Owner\Desktop\bak\SansaDispatch.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Documents and Settings\Compaq_Owner\Desktop\SansaDispatch.exe

----a-w 253,952 2005-05-11 00:50:42 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
----a-w 27,660 2007-10-10 08:08:42 C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

----a-r 313,472 2006-03-30 20:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

----a-r 61,440 2007-02-13 20:00:14 C:\Program Files\Adobe\Adobe Photoshop Lightroom\bak\apdproxy.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe

----a-w 81,920 2004-07-27 23:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

----a-w 221,184 2004-07-27 23:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

----a-w 180,269 2005-08-10 23:57:43 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

----a-w 3,203,072 2006-04-09 18

28 C:\Program Files\FilmLoop Player\bak\FilmLoop.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\FilmLoop Player\FilmLoop.exe

----a-w 68,856 2007-06-20 13:56:38 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

----a-w 245,760 2005-02-25 22:34:02 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

----a-w 49,152 2006-12-11 01:52:38 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

----a-w 278,528 2005-10-18 16:58:54 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

----a-w 8,192 2006-11-07 20:41:44 C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe

----a-w 155,648 2006-12-05 22:07:38 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\QuickTime\qttask.exe

----a-w 53,248 2002-02-05 03:32:10 C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\REGSHAVE\REGSHAVE.EXE

----a-w 4,796,416 2006-06-19 22:30:00 C:\Program Files\RitzPix E-Z Print & Share\bak\OurPictures.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe

----a-w 327,680 2002-05-18 16:04:06 C:\Program Files\Verizon Online\SupportCenter\SmartBridge\bak\MotiveSB.exe
----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe

----a-w 83,456 2006-03-23 00:37:35 C:\qoobox\Quarantine\C\Program Files\TBONBin\bak\tbon.exe.vir
----a-w 27,660 2007-10-10 08:08:42 C:\qoobox\Quarantine\C\Program Files\TBONBin\tbon.exe.vir

----a-w 15,360 2004-08-04 05:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 05:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2007-10-10 04:08]
"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" []
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2007-10-10 04:08]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-10 04:08]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-10 04:08]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2007-10-10 04:08]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2007-10-10 04:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-10-10 04:08]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"FilmLoop"="C:\Program Files\FilmLoop Player\FilmLoop.exe" [2007-10-10 04:08]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-10-10 04:08]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2007-10-10 04:08]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2007-10-10 04:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-10 04:08]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-10-10 04:08]
"SansaDispatch"="C:\Documents and Settings\Compaq_Owner\Desktop\SansaDispatch.exe" [2007-10-10 04:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00]
"OurPictures"="C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" [2007-10-10 04:08]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 04:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-10-10 04:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-08-10 20:21:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-12-26 11:17:39]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-28 13:09:10]

S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\system32\Drivers\usbscan.sys
S2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e26798-02ad-11da-8aef-806d6172696f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-13 04:27:25 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job"
"2007-10-14 04:13:51 C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 00:14:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 0:23:01 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:20 AM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Documents and Settings\Compaq_Owner\Desktop\SansaDispatch.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OurPictures] "C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10129 bytes

10-13-2007, 10:29 PM	#3 (permalink)
WJW Registered User Join Date: Oct 2007 Posts: 12 OS: xp	Re: howaboutadog Thanks! ComboFix 07-10-14.1 - Compaq_Owner 2007-10-14 0:03:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.75 [GMT -4:00] Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt * Created a new restore point FILE:: c:\windows\cdmxtras c:\windows\smdat32a.sys c:\windows\smdat32m.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\RXToolBar c:\program files\RXToolBar\CacheCatalog.rx c:\program files\RXToolBar\RXToolBar.dll c:\program files\RXToolBar\sfcont.bin C:\Program Files\TBONBin C:\Program Files\TBONBin\bak\tbon.exe C:\Program Files\TBONBin\tbon.exe C:\Program Files\TBONBin\tboninst.cfg C:\Program Files\TBONBin\TBONUnst.htm C:\Program Files\TBONBin\Uninstall.exe C:\WINDOWS\Fonts\acrsecI.fon c:\windows\smdat32a.sys c:\windows\smdat32m.sys C:\WINDOWS\system32\_000006_.tmp.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-14 00:02 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-12 12:44 <DIR> d-------- C:\Deckard 2007-10-12 12:33 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-12 11:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-05 21:23 <DIR> d-------- C:\WINDOWS\system32\bak 2007-10-01 23:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InstallShield 2007-10-01 22:59 1,118,208 --a------ C:\common.dll 2007-10-01 22:59 26,624 --a------ C:\english.dll 2007-10-01 22:59 21,504 --a------ C:\spanish.dll 2007-10-01 22:59 21,504 --a------ C:\italian.dll 2007-10-01 22:59 21,504 --a------ C:\german.dll 2007-10-01 22:59 20,992 --a------ C:\french.dll 2007-10-01 22:59 16,384 --a------ C:\japanese.dll 2007-10-01 22:55 68,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys 2007-10-01 22:23 <DIR> d-------- C:\Program Files\SanDisk 2007-09-29 00:11 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-09-29 00:11 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-09-17 21:53 <DIR> d-------- C:\Program Files\HP Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-14 03:53 --------- d-----w C:\Program Files\Java 2007-10-12 15:59 --------- d-----w C:\Program Files\Symantec 2007-10-12 15:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-12 15:21 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Symantec 2007-10-12 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-12 14:56 --------- d-----w C:\Program Files\Viewpoint 2007-10-12 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-12 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-12 14:54 --------- d-----w C:\Program Files\Kazaa 2007-10-12 14:52 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows 2007-10-12 13:25 --------- d-----w C:\Program Files\Google 2007-10-10 08:34 --------- d-----w C:\Program Files\QuickTime 2007-10-10 08:33 --------- d-----w C:\Program Files\FilmLoop Player 2007-10-10 08:32 --------- d-----w C:\Program Files\REGSHAVE 2007-10-10 08:32 --------- d-----w C:\Program Files\iTunes 2007-10-10 08:29 --------- d-----w C:\Program Files\RitzPix E-Z Print & Share 2007-10-05 21:14 --------- d-----w C:\Program Files\Norton Internet Security 2007-10-02 02:29 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-09-28 13:09 --------- d-----w C:\Program Files\EvidenceEraser 2007-09-18 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2007-09-13 01:38 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Image Zone Express 2007-09-13 01:33 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Printer Info Cache 2007-09-13 01:31 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\HP 2007-09-13 01:15 --------- d-----w C:\Program Files\HP 2007-09-13 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2007-09-13 01:14 --------- d-----w C:\Program Files\Common Files\HP 2007-09-13 01:13 --------- d-----w C:\Program Files\Hewlett-Packard 2007-09-13 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2007-09-13 01:11 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-09-13 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-09-12 23:17 --------- d-----w C:\Program Files\LexmarkX83 2007-09-11 19:36 --------- d-----w C:\Program Files\Yahoo! Games 2007-09-07 20:09 --------- d-----w C:\Program Files\WildTangent 2006-12-31 00:28 7,914,224 ----a-w C:\Program Files\yahoo_polarbowler_tm1-1.exe 2006-09-05 17:58 636 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat 2001-06-20 20:19 40,960 ----a-w C:\Program Files\ACMonitor_X83.exe 2006-02-26 22:31:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 55,368 2007-05-02 23:00:36 C:\Documents and Settings\Compaq_Owner\Desktop\bak\SansaDispatch.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Documents and Settings\Compaq_Owner\Desktop\SansaDispatch.exe ----a-w 253,952 2005-05-11 00:50:42 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe ----a-w 27,660 2007-10-10 08:08:42 C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe ----a-r 313,472 2006-03-30 20:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ----a-r 61,440 2007-02-13 20:00:14 C:\Program Files\Adobe\Adobe Photoshop Lightroom\bak\apdproxy.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe ----a-w 81,920 2004-07-27 23:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ----a-w 221,184 2004-07-27 23:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ----a-w 180,269 2005-08-10 23:57:43 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Common Files\Real\Update_OB\realsched.exe ----a-w 3,203,072 2006-04-09 1828 C:\Program Files\FilmLoop Player\bak\FilmLoop.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\FilmLoop Player\FilmLoop.exe ----a-w 68,856 2007-06-20 13:56:38 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ----a-w 245,760 2005-02-25 22:34:02 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ----a-w 49,152 2006-12-11 01:52:38 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe ----a-w 278,528 2005-10-18 16:58:54 C:\Program Files\iTunes\bak\iTunesHelper.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\iTunes\iTunesHelper.exe ----a-w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe ----a-w 8,192 2006-11-07 20:41:44 C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe ----a-w 155,648 2006-12-05 22:07:38 C:\Program Files\QuickTime\bak\qttask.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\QuickTime\qttask.exe ----a-w 53,248 2002-02-05 03:32:10 C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\REGSHAVE\REGSHAVE.EXE ----a-w 4,796,416 2006-06-19 22:30:00 C:\Program Files\RitzPix E-Z Print & Share\bak\OurPictures.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe ----a-w 327,680 2002-05-18 16:04:06 C:\Program Files\Verizon Online\SupportCenter\SmartBridge\bak\MotiveSB.exe ----a-w 27,660 2007-10-10 08:08:42 C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe ----a-w 83,456 2006-03-23 00:37:35 C:\qoobox\Quarantine\C\Program Files\TBONBin\bak\tbon.exe.vir ----a-w 27,660 2007-10-10 08:08:42 C:\qoobox\Quarantine\C\Program Files\TBONBin\tbon.exe.vir ----a-w 15,360 2004-08-04 05:00:00 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 05:00:00 C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCDrProfiler"="" [] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2007-10-10 04:08] "_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" [] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2007-10-10 04:08] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-10 04:08] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-10 04:08] "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2007-10-10 04:08] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2007-10-10 04:08] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-10-10 04:08] "SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" [] "FilmLoop"="C:\Program Files\FilmLoop Player\FilmLoop.exe" [2007-10-10 04:08] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-10-10 04:08] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2007-10-10 04:08] "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2007-10-10 04:08] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-10 04:08] "PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-10-10 04:08] "SansaDispatch"="C:\Documents and Settings\Compaq_Owner\Desktop\SansaDispatch.exe" [2007-10-10 04:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00] "OurPictures"="C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" [2007-10-10 04:08] "Aim6"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 04:08] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-10-10 04:08] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-08-10 20:21:50] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-12-26 11:17:39] ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-28 13:09:10] S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\system32\Drivers\usbscan.sys S2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e26798-02ad-11da-8aef-806d6172696f}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-10-13 04:27:25 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job" "2007-10-14 04:13:51 C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 00:14:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-14 0:23:01 - machine was rebooted . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:27:20 AM, on 10/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" O4 - HKLM\..\Run: [SansaDispatch] C:\Documents and Settings\Compaq_Owner\Desktop\SansaDispatch.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OurPictures] "C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10129 bytes