Thread: Possible Malware Issue
View Single Post
Old 06-14-2008, 10:47 AM   #7 (permalink)
kiranaus
Registered User
 
Join Date: Jun 2008
Posts: 26
OS: xp sp2


Re: Possible Malware Issue
Nothing has really improved; the same conditions exist as initially described.

ComboFix 08-06-10.5 - HP_Owner 06/13/2008 14:10:29.4 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner.AE066C3A9B\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\alot
C:\Documents and Settings\Mom and Dad.AE066C3A9B\Application Data\alot
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_0\Button_0.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_0\Button_0.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_1\Button_1.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_1\Button_1.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_10\Button_10.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_10\Button_10.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_11\Button_11.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_11\Button_11.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_2\Button_2.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_2\Button_2.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_3\Button_3.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_3\Button_3.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_4\Button_4.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_4\Button_4.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_5\Button_5.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_5\Button_5.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_6\Button_6.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_6\Button_6.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_7\Button_7.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_7\Button_7.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_8\Button_8.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_8\Button_8.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_9\Button_9.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Button_9\Button_9.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\configurator\configurator.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\configurator\configurator.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\ErrorSearch\ErrorSearch.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\postInstallLayout\postInstallLayout.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\products\products.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\products\products.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_2\images\default_296_alot_hea_heasearch.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_3\images\active_default_297_alot_hea_news.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_3\images\default_297_alot_hea_news.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_4\images\default_298_alot_hea_fitness.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_5\images\default_299_alot_mrkt_firstaid.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_5\images\default_299_alot_mrkt_readers_digest3.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Button_5\images\default_299_alot_mrkt_readersdigestorange.bmp
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Resources\Shared\images\alot_brand.png
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\TimerManager\TimerManager.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\toolbar.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Updater\Updater.xml
C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot\Updater\Updater.xml.backup
C:\Documents and Settings\Natalia.AE066C3A9B\Local Settings\Application Data\Mozilla\Firefox\Profiles\cp5fpd5o.default\Cache\3A802488d01
C:\Documents and Settings\Natalia.AE066C3A9B\Local Settings\Application Data\Mozilla\Firefox\Profiles\cp5fpd5o.default\Cache\3A912488d01
c:\windows\hh.ico

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IIM9COTMOHU
-------\Service_iim9cotmohu


((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 20:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 19:50 --------- d-----w C:\Program Files\LimeWire
2008-06-12 19:50 --------- d-----w C:\Program Files\Incomplete
2008-06-12 06:37 --------- d-----w C:\Program Files\Trend Micro
2008-06-10 21:49 --------- d-----w C:\Program Files\Winamp
2008-06-10 05:13 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Azureus
2008-06-10 02:24 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Media Player Classic
2008-06-10 02:16 --------- d-----w C:\Program Files\AC3Filter
2008-06-09 23:36 --------- d-----w C:\Program Files\MP3Parse
2008-06-09 23:22 --------- d-----w C:\Program Files\Xvid
2008-06-09 22:51 --------- d-----w C:\Program Files\ffdshow
2008-06-09 22:50 --------- d-----w C:\Program Files\SHOUTcast Source
2008-06-09 22:50 --------- d-----w C:\Program Files\DSP-worx
2008-06-09 22:49 49,604 ----a-w C:\WINDOWS\system32\RadLightOFRUninstall.exe
2008-06-09 22:49 --------- d-----w C:\Program Files\OpenSource OGG Splitter
2008-06-09 22:49 --------- d-----w C:\Program Files\CDXA Image Reader Filter (SVCDXCD)
2008-06-09 22:36 --------- d-----w C:\Program Files\CD Audio Reader Filter
2008-06-09 22:33 33,533 ----a-w C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2008-06-09 22:33 --------- d-----w C:\Program Files\DirectVobSub
2008-06-09 21:28 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2008-06-09 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 02:29 47,360 ----a-w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\pcouffin.sys
2008-06-09 02:29 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Vso
2008-06-09 02:27 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-09 02:21 --------- d-----w C:\Program Files\LucasArts
2008-06-09 02:04 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\SSH
2008-06-08 04:10 --------- d-----w C:\Program Files\Panda Security
2008-06-08 03:48 --------- d-----w C:\Program Files\Windows Live
2008-06-07 21:00 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-07 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 19:04 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Lavasoft
2008-06-07 19:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-07 19:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-07 06:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-07 06:39 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-07 06:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-07 06:39 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-07 06:39 --------- d-----w C:\Program Files\Symantec
2008-06-06 13:58 27,136 ----a-w C:\WINDOWS\CYK36.tmp
2008-06-04 02:47 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\ZoomBrowser EX
2008-06-04 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-04 01:48 27,136 ----a-w C:\WINDOWS\CYK3B.tmp
2008-06-01 23:26 --------- d-----w C:\Program Files\Canon
2008-06-01 23:18 --------- d-----w C:\Program Files\Common Files\Canon
2008-05-29 04:32 27,136 ----a-w C:\WINDOWS\CYK139.tmp
2008-05-25 23:19 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\PE Explorer
2008-05-16 02:16 27,136 ----a-w C:\WINDOWS\CYK51.tmp
2008-04-30 22:52 --------- d-----w C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\LimeWire
2008-04-25 21:22 --------- d-----w C:\Program Files\QuickTime
2008-04-25 21:08 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 05:53 27,136 ----a-w C:\WINDOWS\CYK97F.tmp
2008-04-24 05:40 27,136 ----a-w C:\WINDOWS\CYK97D.tmp
2008-04-24 05:35 --------- d-----w C:\Program Files\DVDVideoSoft
2008-04-24 05:35 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-04-22 05:15 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\LimeWire
2008-04-17 05:42 --------- d-----w C:\Program Files\Azureus
2008-04-16 05:29 --------- d-----w C:\Program Files\Chessmaster 8000
2008-04-09 13:17 27,136 ----a-w C:\WINDOWS\CYK3A.tmp
2008-04-05 02:12 27,136 ----a-w C:\WINDOWS\CYK3C.tmp
2008-04-01 04:34 27,136 ----a-w C:\WINDOWS\CYK39.tmp
2008-03-30 20:09 27,136 ----a-w C:\WINDOWS\CYK125.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2005-01-09 22:46 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

------- Sigcheck -------

08/04/2004 01:00 PM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
08/04/2004 01:00 PM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

03/02/2005 12:19 PM 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
03/08/2007 09:48 AM 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
08/04/2004 01:00 PM 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
03/02/2005 12:09 PM 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
03/08/2007 09:36 AM 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
03/08/2007 09:36 AM 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

08/04/2004 01:00 PM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
08/04/2004 01:00 PM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

09/29/2004 12:27 PM 656896 2c07195588d69a067c2afdaa31759295 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
01/27/2005 11:08 AM 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
05/02/2005 02:57 PM 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
03/10/2005 01:43 AM 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
09/02/2005 05:53 PM 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
07/02/2005 08:09 PM 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
10/20/2005 09:38 PM 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
03/03/2006 09:58 PM 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
05/09/2006 11:25 PM 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
06/23/2006 05:25 AM 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
09/14/2006 02:31 AM 664576 d207370287cf769aebebf03837784963 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
10/23/2006 09:34 AM 664576 231ef4179acabe486376b5ca893f1076 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
01/04/2007 08:05 AM 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
02/20/2007 03:52 AM 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
04/18/2007 06:46 AM 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
06/26/2007 08:35 AM 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
08/22/2007 06:55 AM 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
10/10/2007 11:57 PM 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
12/06/2007 06:44 PM 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
02/16/2008 03:32 AM 666112 bb1eacd6ab47e78ebca02eb781550d55 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
08/04/2004 01:00 PM 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
09/29/2004 12:47 PM 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
03/10/2005 02:02 AM 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
01/27/2005 11:13 AM 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
07/02/2005 08:11 PM 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
05/02/2005 02:52 PM 657920 1a078af3f85d10ba56444c23b3a18e74 C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
09/02/2005 05:52 PM 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
10/20/2005 09:39 PM 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
03/03/2006 09:33 PM 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
05/09/2006 11:23 PM 658432 38ab7a56f566d9aaad31812494944824 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
06/23/2006 05:02 AM 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
09/14/2006 02:39 AM 658944 621af3f6174a3f60677f5230e28bcc07 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
10/23/2006 09:17 AM 658944 6b2735adff5a5d3b9130ca4a794722f0 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
01/04/2007 07:37 AM 658944 8c393df5234cbcbff1ee31902d6b40ae C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
08/04/2004 01:00 PM 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
04/18/2007 06:31 AM 658944 b7156cd97e739f3014bc4d61758f868a C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
06/26/2007 08:09 AM 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
08/22/2007 07:12 AM 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
10/11/2007 12:13 AM 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
12/06/2007 07:07 PM 659456 57d1b5150cf6331fac6b3e04c1fcb966 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
02/16/2008 02:59 AM 659456 0c690e77c0e924c45b4d7045b182fff1 C:\WINDOWS\system32\wininet.dll
02/16/2008 02:59 AM 659456 0c690e77c0e924c45b4d7045b182fff1 C:\WINDOWS\system32\dllcache\wininet.dll

05/25/2005 01:07 PM 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
01/13/2006 11:07 AM 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
04/20/2006 06:18 AM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
10/30/2007 10:53 AM 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
08/04/2004 01:00 PM 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
05/25/2005 01:04 PM 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
08/04/2004 01:00 PM 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
04/20/2006 05:51 AM 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
10/30/2007 11:20 AM 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
10/30/2007 11:20 AM 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

08/04/2004 01:00 PM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
08/04/2004 01:00 PM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

08/04/2004 01:00 PM 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
08/04/2004 01:00 PM 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

08/04/2004 01:00 PM 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
08/04/2004 01:00 PM 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

03/01/2005 06:36 PM 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
12/19/2006 10:12 AM 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
02/28/2007 03:15 AM 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
03/01/2005 06:34 PM 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
12/19/2006 06:55 AM 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
02/28/2007 02:38 AM 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
02/28/2007 02:38 AM 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\system32\ntkrnlpa.exe
08/04/2004 01:00 PM 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntkrnlpa.exe

03/01/2005 07:04 PM 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
12/19/2006 10:51 AM 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
02/28/2007 03:55 AM 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
03/01/2005 06:57 PM 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
12/19/2006 08:15 AM 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
02/28/2007 03:10 AM 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
02/28/2007 03:08 AM 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\system32\ntoskrnl.exe
08/04/2004 01:00 PM 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntoskrnl.exe

06/13/2007 04:23 AM 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
06/13/2007 05:26 AM 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
08/04/2004 01:00 PM 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
06/13/2007 04:23 AM 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

08/04/2004 01:00 PM 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
08/04/2004 01:00 PM 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe

08/04/2004 01:00 PM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
08/04/2004 01:00 PM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe

08/04/2004 01:00 PM 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
08/04/2004 01:00 PM 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@Thu 06-12-2008_14.32.02.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 06:29:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 2058 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-27 02:37:01 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-06-13 02:54:58 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
- 2008-06-12 20:28:16 53,248 ----a-w C:\WINDOWS\Temp\catchme.dll
+ 2008-06-13 20:14:27 53,248 ----a-w C:\WINDOWS\Temp\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 09:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/20/2008 08:16 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/24/2007 10:53 PM 714608]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 11:01 AM 51048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [08/26/2007 06:04 PM 687976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Suitcase Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk
backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.AE066C3A9B^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Owner.AE066C3A9B\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 06/06/2005 11:46 PM 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 10:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 02/28/2007 11:06 PM 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 03/20/2007 05:40 PM 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 06/29/2004 06:06 PM 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 07/03/2004 03:49 AM 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 07/06/2004 02:05 AM 2550272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
-----c--- 05/10/2006 12:12 PM 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 02/14/2008 11:01 AM 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 04/03/2007 04:29 PM 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 08/04/2003 05:28 PM 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 06/07/2004 07:42 PM 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 06/07/2004 07:53 PM 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 05/07/1998 05:04 PM 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 12/11/2007 01:10 PM 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 10/13/2004 10:24 AM 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 10/16/2002 05:57 PM 81920 C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/28/2008 11:37 PM 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 04/14/2004 09:43 PM 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 07/01/2004 07:58 PM 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/14/2007 03:43 AM 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 08/07/2004 03:03 PM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"MDM"=2 (0x2)
"ISPwdSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Capture Device Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"comHost"=3 (0x3)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 14:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 04:18:29 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 14:14:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 06/13/2008 14:18:47
ComboFix-quarantined-files.txt 2008-06-13 20:17:52
ComboFix2.txt 2008-06-12 20:33:06

Pre-Run: 107,630,186,496 bytes free
Post-Run: 107,616,980,992 bytes free

412 --- E O F --- 2008-06-13 09:00:46

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 14, 2008 03:05:40
Records in database: 862537
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 142344
Threat name: 6
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 04:36:47


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\Windows Live\Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cg 1
C:\Program Files\Windows Live\Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1
C:\QooBox\Quarantine\C\Documents and Settings\Natalia.AE066C3A9B\Local Settings\Application Data\Mozilla\Firefox\Profiles\cp5fpd5o.default\Cache\3A802488d01.vir Infected: Trojan-Downloader.Win32.FraudLoad.gen 1
C:\QooBox\Quarantine\C\Documents and Settings\Natalia.AE066C3A9B\Local Settings\Application Data\Mozilla\Firefox\Profiles\cp5fpd5o.default\Cache\3A912488d01.vir Infected: Trojan-Downloader.Win32.FraudLoad.alt 1
C:\temp\srbndl.exe Infected: not-a-virus:AdWare.Win32.EShoper.p 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:17 AM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup.exe" "/REALUPREBOOT /temp /patched"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.lrc.m.../ebraryRdr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7161 bytes
kiranaus is offline