Tech Support Forum - View Single Post - Disappearing e-mails, spam from hell, possible hijacking, and sloooowww

not_again_AGAIN · 05-02-2008, 04:21 PM

Combo:

ComboFix 08-05-01.3 - Michelle 2008-05-02 16:52:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.737 [GMT -5:00]
Running from: C:\Documents and Settings\Michelle\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michelle\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.

2008-04-27 20:03 . 2008-04-27 20:03 <DIR> d----c--- C:\Documents and Settings\Michelle\Application Data\Amazon
2008-04-27 02:29 . 2008-05-02 16:35 <DIR> d----c--- C:\fixwareout
2008-04-24 20:51 . 2008-04-24 20:51 <DIR> d----c--- C:\Deckard
2008-04-20 21:06 . 2008-04-20 23:40 <DIR> d----c--- C:\Program Files\RegCure
2008-04-19 15:56 . 2008-04-20 21:25 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 00:42 . 2008-04-19 00:42 <DIR> d----c--- C:\Program Files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 21:42 --------- dc----w C:\Program Files\Lx_cats
2008-04-21 04:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-21 02:19 --------- dc----w C:\Program Files\Java
2008-03-14 19:35 --------- dc----w C:\Program Files\Wal-Mart Music Downloads Store
2005-05-24 16:17 487,424 -c--a-w C:\Documents and Settings\Michelle\chatlnk.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 00:35 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16 4670968]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" [ ]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 20:45 4898816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3codecp.acm
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"VIDC.I263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]
backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
backup=C:\WINDOWS\pss\PowerPanel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]
backup=C:\WINDOWS\pss\Remocon Driver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a--c--- 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a--c--- 2003-06-13 17:52 114688 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_CC]
--a------ 2004-06-22 06:00 345661 D:\PROGRAMS\avgcc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a--c--- 2005-01-10 09:35 73728 C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmsod.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 12:29 40960 C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fix-It AV]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
--a--c--- 2003-06-26 18:00 90112 C:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-03-20 18:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-04-27 11:25 257088 D:\ipod\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjamon]
--a--c--- 2007-04-30 15:19 20480 C:\Program Files\Lexmark 1400 Series\lxdjamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjmon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MISAggregator]
C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a--c--- 2002-03-14 18:46 45056 C:\WINDOWS\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-05-02 17:51 4612096 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
--a--c--- 2004-11-15 11:49 98304 C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
--a--c--- 2003-04-19 07:53 148480 C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a--c--- 2004-06-22 15:45 3243520 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Nuker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-07-13 00:35 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
--a--c--- 2003-04-20 00:08 28672 C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2007-06-11 18:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardDrv"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ScsiAccess"=2 (0x2)
"NISUM"=2 (0x2)
"ccPxySvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"D:\\ipod\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\lxdjcoms.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=

R2 AvgServ;AVG6 Service;D:\PROGRAMS\avgserv.exe [2004-06-22 06:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-03-13 16:19]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 14:59]
S2 AvgCore;AVG6 Kernel;D:\PROGRAMS\avgcore.sys [2004-06-22 06:00]
S2 AvgFsh;AVG6 Rezident Driver;D:\PROGRAMS\avgfsh.sys [2004-06-22 06:00]
S2 DNS;DNS Server DNS Server;c:\winnt\microsoftdrivers\etc\FireDaemon.exe [2003-04-11 00:00]
S2 DPPSUSB;DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver;C:\WINDOWS\system32\Drivers\DPPSUSB.sys [2000-09-25 13:28]
S2 indexing;Indexing Server indexing Server;c:\winnt\microsoftdrivers\etc\FireDaemon.exe [2003-04-11 00:00]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-06-11 18:17]
S2 PSPShuffleIndexer;PSPShuffleIndexer;d:\program files\psp shuffle\pspshuffleindexer.exe [2005-07-29 18:53]
S2 Wlogin;Windows Login Windows Login;c:\winnt\microsoftdrivers\etc\FireDaemon.exe [2003-04-11 00:00]
S3 FTD2XX;VAGUSB.SYS VAG-COM USB Driver;C:\WINDOWS\system32\Drivers\VAGUSB.sys [2005-12-15 16:27]
S3 P1171VID;Creative WebCam Notebook #2;C:\WINDOWS\system32\DRIVERS\P1171Vid.sys []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;C:\WINDOWS\system32\DRIVERS\SACMXP1.sys [2003-09-04 10:05]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 17:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-02 21:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Earl).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-05-02 21:54:00 C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Michelle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-05-02 21:55:00 C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Shlep).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-05-02 21:32:34 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-21 02

15 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 16:55:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-02 16:58:59
ComboFix-quarantined-files.txt 2008-05-02 21:58:00

Pre-Run: 2,544,955,392 bytes free
Post-Run: 2,529,931,264 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

227

05-02-2008, 04:21 PM	#5 (permalink)
not_again_AGAIN Registered User Join Date: Apr 2008 Posts: 5 OS: XP	Re: Disappearing e-mails, spam from hell, possible hijacking, and sloooowww Combo: ComboFix 08-05-01.3 - Michelle 2008-05-02 16:52:58.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.737 [GMT -5:00] Running from: C:\Documents and Settings\Michelle\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Michelle\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\setup.exe . ((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))) . 2008-04-27 20:03 . 2008-04-27 20:03 <DIR> d----c--- C:\Documents and Settings\Michelle\Application Data\Amazon 2008-04-27 02:29 . 2008-05-02 16:35 <DIR> d----c--- C:\fixwareout 2008-04-24 20:51 . 2008-04-24 20:51 <DIR> d----c--- C:\Deckard 2008-04-20 21:06 . 2008-04-20 23:40 <DIR> d----c--- C:\Program Files\RegCure 2008-04-19 15:56 . 2008-04-20 21:25 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-19 00:42 . 2008-04-19 00:42 <DIR> d----c--- C:\Program Files\Panda Security . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-02 21:42 --------- dc----w C:\Program Files\Lx_cats 2008-04-21 04:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-21 02:19 --------- dc----w C:\Program Files\Java 2008-03-14 19:35 --------- dc----w C:\Program Files\Wal-Mart Music Downloads Store 2005-05-24 16:17 487,424 -c--a-w C:\Documents and Settings\Michelle\chatlnk.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 00:35 68856] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16 4670968] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" [ ] "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 20:45 4898816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= L3codecp.acm "VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll "VIDC.I263"= i263_32.drv [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK] backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk] backup=C:\WINDOWS\pss\PowerPanel.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk] backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk] backup=C:\WINDOWS\pss\Remocon Driver.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk] backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a--c--- 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a--c--- 2003-06-13 17:52 114688 C:\Program Files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_CC] --a------ 2004-06-22 06:00 345661 D:\PROGRAMS\avgcc32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol] --a--c--- 2005-01-10 09:35 73728 C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\CookiePatrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmsod.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px] --a------ 2002-08-20 12:29 40960 C:\WINDOWS\System32\ezSP_Px.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fix-It AV] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE] --a--c--- 2003-06-26 18:00 90112 C:\Program Files\Sony\HotKey Utility\HKserv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a--c--- 2006-03-20 18:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-04-27 11:25 257088 D:\ipod\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjamon] --a--c--- 2007-04-30 15:19 20480 C:\Program Files\Lexmark 1400 Series\lxdjamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjmon.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MISAggregator] C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon] --a--c--- 2002-03-14 18:46 45056 C:\WINDOWS\system32\ico.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2003-05-02 17:51 4612096 C:\WINDOWS\System32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center] --a--c--- 2004-11-15 11:49 98304 C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\PPControl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck] --a--c--- 2003-04-19 07:53 148480 C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\PPMemCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 09:41 282624 D:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] --a--c--- 2004-06-22 15:45 3243520 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Nuker] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a--c--- 2007-07-13 00:35 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery] --a--c--- 2003-04-20 00:08 28672 C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a--c--- 2007-06-11 18:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SCardDrv"=3 (0x3) "ccPwdSvc"=3 (0x3) "Adobe LM Service"=3 (0x3) "ScsiAccess"=2 (0x2) "NISUM"=2 (0x2) "ccPxySvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\AIM\\aim.exe"= "D:\\ipod\\iTunes.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\WINDOWS\\system32\\lxdjcoms.exe"= "C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"= "C:\\Program Files\\Lexmark 1400 Series\\App4R.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"= R2 AvgServ;AVG6 Service;D:\PROGRAMS\avgserv.exe [2004-06-22 06:00] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38] R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-03-13 16:19] R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 14:59] S2 AvgCore;AVG6 Kernel;D:\PROGRAMS\avgcore.sys [2004-06-22 06:00] S2 AvgFsh;AVG6 Rezident Driver;D:\PROGRAMS\avgfsh.sys [2004-06-22 06:00] S2 DNS;DNS Server DNS Server;c:\winnt\microsoftdrivers\etc\FireDaemon.exe [2003-04-11 00:00] S2 DPPSUSB;DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver;C:\WINDOWS\system32\Drivers\DPPSUSB.sys [2000-09-25 13:28] S2 indexing;Indexing Server indexing Server;c:\winnt\microsoftdrivers\etc\FireDaemon.exe [2003-04-11 00:00] S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-06-11 18:17] S2 PSPShuffleIndexer;PSPShuffleIndexer;d:\program files\psp shuffle\pspshuffleindexer.exe [2005-07-29 18:53] S2 Wlogin;Windows Login Windows Login;c:\winnt\microsoftdrivers\etc\FireDaemon.exe [2003-04-11 00:00] S3 FTD2XX;VAGUSB.SYS VAG-COM USB Driver;C:\WINDOWS\system32\Drivers\VAGUSB.sys [2005-12-15 16:27] S3 P1171VID;Creative WebCam Notebook #2;C:\WINDOWS\system32\DRIVERS\P1171Vid.sys [] S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21] S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34] S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;C:\WINDOWS\system32\DRIVERS\SACMXP1.sys [2003-09-04 10:05] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-30 17:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-02 21:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Earl).job" - C:\PROGRA~1\mcafee.com\agent\mcupdate.ex - C:\PROGRA~1\mcafee.com\agent "2008-05-02 21:54:00 C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Michelle).job" - C:\PROGRA~1\mcafee.com\agent\mcupdate.ex - C:\PROGRA~1\mcafee.com\agent "2008-05-02 21:55:00 C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Shlep).job" - C:\PROGRA~1\mcafee.com\agent\mcupdate.ex - C:\PROGRA~1\mcafee.com\agent "2008-05-02 21:32:34 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-04-21 0215 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 16:55:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-02 16:58:59 ComboFix-quarantined-files.txt 2008-05-02 21:58:00 Pre-Run: 2,544,955,392 bytes free Post-Run: 2,529,931,264 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 227