Tech Support Forum - View Single Post

juliofesanz · 01-21-2008, 08:06 AM

ComboFix 08-01-20.1 - Julio F. Sanz 2008-01-21 9:23:26.1 - NTFSx86
Running from: C:\Documents and Settings\Julio F. Sanz\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\Julio F. Sanz\Application Data\antivirus.exe
C:\Documents and Settings\Julio F. Sanz\Application Data\install.dat
C:\Documents and Settings\Julio F. Sanz\Local Settings\Application Data.\n.ini
C:\Documents and Settings\Julio F. Sanz\Local Settings\Application Data\n.ini
C:\Program Files\eliteprotector
C:\Program Files\eliteprotector\EliteProtector.db
C:\Program Files\eliteprotector\EliteProtector.pkg
C:\Program Files\eliteprotector\program.info
C:\WINDOWS\.protected
C:\WINDOWS\Help\agt037b.hlp
C:\WINDOWS\ntfyapp.config
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\fSy3Bo1jsO.exe
C:\WINDOWS\PerfInfo\n6Zsuo1jsOud.exe
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\Dll.dll
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\icqmlib.exe
C:\WINDOWS\system32\iepref32.dll
C:\WINDOWS\system32\ierplc.dll
C:\WINDOWS\system32\ips.dll
C:\WINDOWS\system32\k.dat
C:\WINDOWS\system32\KernelDrv.exe
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\lanmandrv.sys
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\laprxy.dllexe
C:\WINDOWS\system32\mscore.dll
C:\WINDOWS\system32\msguppi.dll
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\n2.ini
C:\WINDOWS\system32\newmaxxsv234.exe
C:\WINDOWS\system32\ocxapi.dll
C:\WINDOWS\system32\ocxloader.exe
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vhosts.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\windisk.dll
C:\WINDOWS\wsystmp_cel.exe
C:\WINDOWS\wsystmp_dma.exe
C:\windows\xpupdate.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LANMANDRV
-------\LEGACY_MSUPDATE
-------\lanmandrv
-------\msupdate
-------\runtime
-------\smtpdrv

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 09:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 12:06 . 2008-01-17 12:06 <DIR> d-------- C:\Documents and Settings\Julio F. Sanz\Application Data\Apple Computer
2008-01-17 10:01 . 2008-01-21 09:12 25,245 --a------ C:\WINDOWS\system32\kcopt.dll
2008-01-15 09:41 . 2008-01-15 09:42 <DIR> d-------- C:\Program Files\QuickTime
2008-01-15 09:41 . 2008-01-15 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 09:39 . 2008-01-15 09:39 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-15 09:39 . 2008-01-15 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-15 09:08 . 2008-01-17 11:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 09:08 . 2008-01-15 09:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-14 11:52 . 2008-01-14 11:52 <DIR> d-------- C:\Documents and Settings\Julio F. Sanz\Application Data\vlc
2008-01-14 11:43 . 2008-01-14 11:43 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-09 15:57 . 2004-05-04 05:19 <DIR> d-------- C:\Documents and Settings\Administrator.FERNANDO.000\WINDOWS
2008-01-09 15:57 . 2004-05-04 05:19 <DIR> d-------- C:\Documents and Settings\Administrator.FERNANDO.000\Application Data\Symantec
2008-01-09 14:56 . 2008-01-09 14:56 1,890,143 -ra------ C:\My Money2 BackupDefault_2008-01-09_145644.mbf
2008-01-09 14:23 . 2008-01-09 14:23 1,883,355 -ra------ C:\My Money2 BackupDefault.mbf
2008-01-09 13:28 . 2008-01-08 09:21 8,654,848 --a------ C:\My Money2.M12
2008-01-09 13:13 . 2008-01-09 13:41 <DIR> d-------- C:\Program Files\Microsoft Money Plus
2008-01-09 09:56 . 2008-01-09 09:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-09 09:56 . 2008-01-09 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-09 09:53 . 2008-01-09 09:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 18:09 . 2008-01-05 18:09 8,632,758 -ra------ C:\OLDMy Money2 Backup 3.mbf
2008-01-05 17:41 . 2008-01-05 17:41 8,632,758 -ra------ C:\OLDMy Money2 Backup 2.mbf
2008-01-05 17:38 . 2008-01-05 17:38 8,632,758 -ra------ C:\OLDMy Money2 Backup 1.mbf
2008-01-05 17:35 . 2008-01-05 17:35 8,632,758 -ra------ C:\OLDMy Money2 Backup 0.mbf
2007-12-28 13:15 . 2007-12-28 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-12-28 13:14 . 2007-12-28 13:17 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-12-28 13:14 . 2007-12-28 13:14 18,141,278 --a------ C:\BellSouthIW.re~
2007-12-28 13:14 . 2005-07-12 01:28 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2007-12-28 13:14 . 2002-02-13 20:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2007-12-28 13:14 . 2005-07-12 01:28 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2007-12-26 23:57 . 2007-12-26 23:57 <DIR> d-------- C:\Program Files\InterMute
2007-12-26 19:49 . 2007-12-26 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 10:45 . 2007-12-21 13:15 14,336 --a------ C:\WINDOWS\system32\svchost.exe.tmp
2007-12-24 10:44 . 2007-12-21 13:15 14,336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe.tmp
2007-12-21 14:28 . 2007-12-21 14:28 29,184 --a------ C:\WINDOWS\windisk.exe
2007-12-21 14:28 . 2008-01-21 09:33 14,336 --a------ C:\WINDOWS\system32\svchost.exe
2007-12-21 14:28 . 2008-01-21 09:33 14,336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe
2007-12-21 14:25 . 2007-12-21 14:19 89,088 ---h----- C:\Documents and Settings\Julio F. Sanz\Julio F. Sanz.exe
2007-12-21 14:24 . 2007-12-21 14:19 89,088 ---h----- C:\Documents and Settings\All Users\All Users.exe
2007-12-21 13:17 . 2007-12-21 13:18 <DIR> d-------- C:\WINDOWS\rgspjnbm
2007-12-21 13:17 . 2008-01-09 10:16 <DIR> d-------- C:\Program Files\Gnpitnkz
2007-12-21 13:16 . 2008-01-09 10:16 <DIR> d-------- C:\Program Files\Cvwgqyez
2007-12-21 13:16 . 2007-12-21 13:16 200,704 --a------ C:\WINDOWS\system32\osqznsmOkZ.dll
2007-12-21 13:15 . 2008-01-09 13:02 <DIR> d-------- C:\Program Files\orepqrkl
2007-12-21 10:00 . 2003-03-31 07:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2007-12-21 09:00 . 2007-12-21 09:00 <DIR> d-------- C:\Documents and Settings\Julio F. Sanz\Application Data\EliteProtector
2007-12-21 03:46 . 2007-12-21 03:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 14:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-21 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-15 17:09 --------- d-----w C:\Program Files\Plaxo
2008-01-09 18:12 --------- d-----w C:\Program Files\Microsoft Money
2007-12-27 04:14 --------- d-----w C:\Program Files\RogueRemover FREE
2007-12-21 14:37 28,929 ----a-w C:\Documents and Settings\Julio F. Sanz\wn852.exe
2007-12-21 04:22 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-21 04:19 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-21 04:17 --------- d-----w C:\Program Files\Windows Live
2007-12-21 03:30 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-21 03:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-21 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-18 17:30 --------- d-----w C:\Program Files\Norton 360
2007-12-07 16:19 27,648 --sh--w C:\Documents and Settings\Julio F. Sanz\scvhost.exe
2007-12-06 17:26 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-06 17:26 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-06 17:26 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-06 17:26 --------- d-----w C:\Program Files\Symantec
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-10-23 22:06 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-08-20 21:03 0 ----a-w C:\Program Files\error.dat
.
Infected C:\WINDOWS\system32\svchost.exe hex repaired

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCCC63D1-D8E4-458D-BC4F-B0C3CABF31AB}]
2007-06-25 11:16 743424 --------- C:\CMA\bin\BHODownload.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 22:43 68856]
"Windows Defender Monitor"="C:\WINDOWS\wdm7.exe" [ ]
"Windows Defender Updater"="C:\WINDOWS\wdu8.exe" [ ]
"Windows Defender"="C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc5.exe" [ ]
"Windows Defender Adds"="C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda6.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"MotiveReportAgent"="C:\Program Files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 13:14 204800]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"Windows Defender"="C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc1.exe" [2008-01-15 09:07 13824]
"Windows Defender Adds"="C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda2.exe" [2008-01-15 09:07 13824]
"Windows Defender Monitor"="C:\WINDOWS\wdm3.exe" [ ]
"Windows Defender Updater"="C:\WINDOWS\wdu4.exe" [ ]
"KernelDrv.exe"="C:\WINDOWS\System32\KernelDrv.exe" [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwc40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rwc40.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-07-17 20:54 116072 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
--------- 2004-07-20 09:34 851968 C:\Program Files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-07-26 16:52 184408 C:\Program Files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 12:21 116224 C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 14:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 13:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
--a------ 2007-03-06 10:24 183367 C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--------- 2004-05-25 09:16 49152 C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 09:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-03-12 00:18 135168 C:\Program Files\eMachines Bay Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-16 22:43 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-06 10:48 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

S3 CA500AV;GSmart Mini WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [2002-07-19 04:05]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 13:05]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 18:34:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-21 14:44:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 09:49:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Defender = C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc1.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Windows Defender Adds = C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda2.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Windows Defender Monitor = C:\WINDOWS\wdm3.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Windows Defender Updater = C:\WINDOWS\wdu4.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Defender Monitor = C:\WINDOWS\wdm7.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Windows Defender Updater = C:\WINDOWS\wdu8.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Windows Defender = C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc5.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Windows Defender Adds = C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda6.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

C:\WINDOWS\system32\svchost.exe.tmp:exm.exe 51712 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-01-21 9:52:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 14:52:55
ComboFix2.txt 2007-12-18 15:42:55
.
2008-01-09 08:02:43 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 10:05:57 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Julio F. Sanz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FCCC63D1-D8E4-458D-BC4F-B0C3CABF31AB} - C:\CMA\bin\BHODownload.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hidden
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc1.exe
O4 - HKLM\..\Run: [Windows Defender Adds] C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda2.exe
O4 - HKLM\..\Run: [Windows Defender Monitor] C:\WINDOWS\wdm3.exe
O4 - HKLM\..\Run: [Windows Defender Updater] C:\WINDOWS\wdu4.exe
O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Defender Monitor] C:\WINDOWS\wdm7.exe
O4 - HKCU\..\Run: [Windows Defender Updater] C:\WINDOWS\wdu8.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: PUFLITE - http://juliofsanz1.point2agent.com/O...ol/PUFLITE.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187314109625
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/3.0.09.83/Control/IRCSharc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother XP spl Service - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ccEvtMgr - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ccSetMgr - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CLTNetCnService - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: comHost - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Ex - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: RasMan - Unknown owner - C:\WINDOWS\TEMP\46698609.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)

01-21-2008, 08:06 AM	#6 (permalink)
juliofesanz Registered User Join Date: Jan 2008 Location: Miami Posts: 20 OS: XP	Re: Restrictions on my computer please help! ComboFix 08-01-20.1 - Julio F. Sanz 2008-01-21 9:23:26.1 - NTFSx86 Running from: C:\Documents and Settings\Julio F. Sanz\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\.protected C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\Julio F. Sanz\Application Data\antivirus.exe C:\Documents and Settings\Julio F. Sanz\Application Data\install.dat C:\Documents and Settings\Julio F. Sanz\Local Settings\Application Data.\n.ini C:\Documents and Settings\Julio F. Sanz\Local Settings\Application Data\n.ini C:\Program Files\eliteprotector C:\Program Files\eliteprotector\EliteProtector.db C:\Program Files\eliteprotector\EliteProtector.pkg C:\Program Files\eliteprotector\program.info C:\WINDOWS\.protected C:\WINDOWS\Help\agt037b.hlp C:\WINDOWS\ntfyapp.config C:\WINDOWS\PerfInfo C:\WINDOWS\PerfInfo\fSy3Bo1jsO.exe C:\WINDOWS\PerfInfo\n6Zsuo1jsOud.exe C:\WINDOWS\system32\8_exception.nls C:\WINDOWS\system32\Dll.dll C:\WINDOWS\system32\dllgh8jkd1q1.exe C:\WINDOWS\system32\dllgh8jkd1q6.exe C:\WINDOWS\system32\drivers\etc\.protected C:\WINDOWS\system32\icqmlib.exe C:\WINDOWS\system32\iepref32.dll C:\WINDOWS\system32\ierplc.dll C:\WINDOWS\system32\ips.dll C:\WINDOWS\system32\k.dat C:\WINDOWS\system32\KernelDrv.exe C:\WINDOWS\system32\kernelwind32.exe C:\WINDOWS\system32\ksvcl.dll C:\WINDOWS\system32\lanmandrv.sys C:\WINDOWS\system32\lanmanwrk.exe C:\WINDOWS\system32\laprxy.dllexe C:\WINDOWS\system32\mscore.dll C:\WINDOWS\system32\msguppi.dll C:\WINDOWS\system32\n.ini C:\WINDOWS\system32\n2.ini C:\WINDOWS\system32\newmaxxsv234.exe C:\WINDOWS\system32\ocxapi.dll C:\WINDOWS\system32\ocxloader.exe C:\WINDOWS\system32\qmopt.dll C:\WINDOWS\system32\vedxg4am1et2.exe C:\WINDOWS\system32\vedxg6ame4.exe C:\WINDOWS\system32\vedxga1me4t1.exe C:\WINDOWS\system32\vhosts.exe C:\WINDOWS\system32\wowfx.dll C:\WINDOWS\system32\xpdx.sys C:\WINDOWS\windisk.dll C:\WINDOWS\wsystmp_cel.exe C:\WINDOWS\wsystmp_dma.exe C:\windows\xpupdate.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_LANMANDRV -------\LEGACY_MSUPDATE -------\lanmandrv -------\msupdate -------\runtime -------\smtpdrv ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 09:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-17 12:06 . 2008-01-17 12:06 <DIR> d-------- C:\Documents and Settings\Julio F. Sanz\Application Data\Apple Computer 2008-01-17 10:01 . 2008-01-21 09:12 25,245 --a------ C:\WINDOWS\system32\kcopt.dll 2008-01-15 09:41 . 2008-01-15 09:42 <DIR> d-------- C:\Program Files\QuickTime 2008-01-15 09:41 . 2008-01-15 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-15 09:39 . 2008-01-15 09:39 <DIR> d-------- C:\Program Files\Apple Software Update 2008-01-15 09:39 . 2008-01-15 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-01-15 09:08 . 2008-01-17 11:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-15 09:08 . 2008-01-15 09:08 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-14 11:52 . 2008-01-14 11:52 <DIR> d-------- C:\Documents and Settings\Julio F. Sanz\Application Data\vlc 2008-01-14 11:43 . 2008-01-14 11:43 <DIR> d-------- C:\Program Files\VideoLAN 2008-01-09 15:57 . 2004-05-04 05:19 <DIR> d-------- C:\Documents and Settings\Administrator.FERNANDO.000\WINDOWS 2008-01-09 15:57 . 2004-05-04 05:19 <DIR> d-------- C:\Documents and Settings\Administrator.FERNANDO.000\Application Data\Symantec 2008-01-09 14:56 . 2008-01-09 14:56 1,890,143 -ra------ C:\My Money2 BackupDefault_2008-01-09_145644.mbf 2008-01-09 14:23 . 2008-01-09 14:23 1,883,355 -ra------ C:\My Money2 BackupDefault.mbf 2008-01-09 13:28 . 2008-01-08 09:21 8,654,848 --a------ C:\My Money2.M12 2008-01-09 13:13 . 2008-01-09 13:41 <DIR> d-------- C:\Program Files\Microsoft Money Plus 2008-01-09 09:56 . 2008-01-09 09:56 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-09 09:56 . 2008-01-09 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-09 09:53 . 2008-01-09 09:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-05 18:09 . 2008-01-05 18:09 8,632,758 -ra------ C:\OLDMy Money2 Backup 3.mbf 2008-01-05 17:41 . 2008-01-05 17:41 8,632,758 -ra------ C:\OLDMy Money2 Backup 2.mbf 2008-01-05 17:38 . 2008-01-05 17:38 8,632,758 -ra------ C:\OLDMy Money2 Backup 1.mbf 2008-01-05 17:35 . 2008-01-05 17:35 8,632,758 -ra------ C:\OLDMy Money2 Backup 0.mbf 2007-12-28 13:15 . 2007-12-28 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive 2007-12-28 13:14 . 2007-12-28 13:17 <DIR> d-------- C:\Program Files\Common Files\Motive 2007-12-28 13:14 . 2007-12-28 13:14 18,141,278 --a------ C:\BellSouthIW.re~ 2007-12-28 13:14 . 2005-07-12 01:28 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll 2007-12-28 13:14 . 2002-02-13 20:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd 2007-12-28 13:14 . 2005-07-12 01:28 6,048 --a------ C:\WINDOWS\system32\MCC16.dll 2007-12-26 23:57 . 2007-12-26 23:57 <DIR> d-------- C:\Program Files\InterMute 2007-12-26 19:49 . 2007-12-26 19:49 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-24 10:45 . 2007-12-21 13:15 14,336 --a------ C:\WINDOWS\system32\svchost.exe.tmp 2007-12-24 10:44 . 2007-12-21 13:15 14,336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe.tmp 2007-12-21 14:28 . 2007-12-21 14:28 29,184 --a------ C:\WINDOWS\windisk.exe 2007-12-21 14:28 . 2008-01-21 09:33 14,336 --a------ C:\WINDOWS\system32\svchost.exe 2007-12-21 14:28 . 2008-01-21 09:33 14,336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe 2007-12-21 14:25 . 2007-12-21 14:19 89,088 ---h----- C:\Documents and Settings\Julio F. Sanz\Julio F. Sanz.exe 2007-12-21 14:24 . 2007-12-21 14:19 89,088 ---h----- C:\Documents and Settings\All Users\All Users.exe 2007-12-21 13:17 . 2007-12-21 13:18 <DIR> d-------- C:\WINDOWS\rgspjnbm 2007-12-21 13:17 . 2008-01-09 10:16 <DIR> d-------- C:\Program Files\Gnpitnkz 2007-12-21 13:16 . 2008-01-09 10:16 <DIR> d-------- C:\Program Files\Cvwgqyez 2007-12-21 13:16 . 2007-12-21 13:16 200,704 --a------ C:\WINDOWS\system32\osqznsmOkZ.dll 2007-12-21 13:15 . 2008-01-09 13:02 <DIR> d-------- C:\Program Files\orepqrkl 2007-12-21 10:00 . 2003-03-31 07:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys 2007-12-21 09:00 . 2007-12-21 09:00 <DIR> d-------- C:\Documents and Settings\Julio F. Sanz\Application Data\EliteProtector 2007-12-21 03:46 . 2007-12-21 03:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 14:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-21 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-15 17:09 --------- d-----w C:\Program Files\Plaxo 2008-01-09 18:12 --------- d-----w C:\Program Files\Microsoft Money 2007-12-27 04:14 --------- d-----w C:\Program Files\RogueRemover FREE 2007-12-21 14:37 28,929 ----a-w C:\Documents and Settings\Julio F. Sanz\wn852.exe 2007-12-21 04:22 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-21 04:19 --------- d-----w C:\Program Files\Windows Live Favorites 2007-12-21 04:17 --------- d-----w C:\Program Files\Windows Live 2007-12-21 03:30 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-21 03:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-21 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-18 17:30 --------- d-----w C:\Program Files\Norton 360 2007-12-07 16:19 27,648 --sh--w C:\Documents and Settings\Julio F. Sanz\scvhost.exe 2007-12-06 17:26 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-06 17:26 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-06 17:26 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-06 17:26 --------- d-----w C:\Program Files\Symantec 2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-10-23 22:06 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-08-20 21:03 0 ----a-w C:\Program Files\error.dat . Infected C:\WINDOWS\system32\svchost.exe hex repaired ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCCC63D1-D8E4-458D-BC4F-B0C3CABF31AB}] 2007-06-25 11:16 743424 --------- C:\CMA\bin\BHODownload.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 22:43 68856] "Windows Defender Monitor"="C:\WINDOWS\wdm7.exe" [ ] "Windows Defender Updater"="C:\WINDOWS\wdu8.exe" [ ] "Windows Defender"="C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc5.exe" [ ] "Windows Defender Adds"="C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda6.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "MotiveReportAgent"="C:\Program Files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 13:14 204800] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "Windows Defender"="C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc1.exe" [2008-01-15 09:07 13824] "Windows Defender Adds"="C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda2.exe" [2008-01-15 09:07 13824] "Windows Defender Monitor"="C:\WINDOWS\wdm3.exe" [ ] "Windows Defender Updater"="C:\WINDOWS\wdu4.exe" [ ] "KernelDrv.exe"="C:\WINDOWS\System32\KernelDrv.exe" [ ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwc40.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rwc40.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-09 10:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-07-17 20:54 116072 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] --------- 2004-07-20 09:34 851968 C:\Program Files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] --a------ 2005-07-26 16:52 184408 C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3] --a------ 2007-03-06 12:21 116224 C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2004-04-14 14:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2004-04-14 13:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] --a------ 2007-03-06 10:24 183367 C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] --------- 2004-05-25 09:16 49152 C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 09:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] --a------ 2004-03-12 00:18 135168 C:\Program Files\eMachines Bay Reader\shwiconem.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-16 22:43 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-06 10:48 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe S3 CA500AV;GSmart Mini WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [2002-07-19 04:05] S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 13:05] Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-01-18 18:34:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-21 14:44:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-21 09:49:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Windows Defender = C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc1.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Windows Defender Adds = C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda2.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Windows Defender Monitor = C:\WINDOWS\wdm3.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Windows Defender Updater = C:\WINDOWS\wdu4.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Defender Monitor = C:\WINDOWS\wdm7.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Windows Defender Updater = C:\WINDOWS\wdu8.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Windows Defender = C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc5.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Windows Defender Adds = C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda6.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... C:\WINDOWS\system32\svchost.exe.tmp:exm.exe 51712 bytes executable scan completed successfully hidden files: 1 ************************************************************************ . Completion time: 2008-01-21 9:52:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-21 14:52:55 ComboFix2.txt 2007-12-18 15:42:55 . 2008-01-09 08:02:43 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 10:05:57 AM, on 1/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Motive\BellSouthBrowser.exe C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc1.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Julio F. Sanz\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {FCCC63D1-D8E4-458D-BC4F-B0C3CABF31AB} - C:\CMA\bin\BHODownload.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hidden O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wdc1.exe O4 - HKLM\..\Run: [Windows Defender Adds] C:\DOCUME~1\JULIOF~1.SAN\LOCALS~1\Temp\wda2.exe O4 - HKLM\..\Run: [Windows Defender Monitor] C:\WINDOWS\wdm3.exe O4 - HKLM\..\Run: [Windows Defender Updater] C:\WINDOWS\wdu4.exe O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Windows Defender Monitor] C:\WINDOWS\wdm7.exe O4 - HKCU\..\Run: [Windows Defender Updater] C:\WINDOWS\wdu8.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: PUFLITE - http://juliofsanz1.point2agent.com/O...ol/PUFLITE.CAB O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187314109625 O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/3.0.09.83/Control/IRCSharc.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Brother XP spl Service - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: ccEvtMgr - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: ccSetMgr - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: CLTNetCnService - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: comHost - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Ex - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: RasMan - Unknown owner - C:\WINDOWS\TEMP\46698609.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)