Tech Support Forum - View Single Post

Xagest · 11-18-2008, 11:24 PM

The zip file was submitted successfully.

COMBO FIX

ComboFix 08-11-18.04 - Thang 2008-11-18 23:08:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.232 [GMT -7:00]
Running from: c:\documents and settings\Thang\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Thang\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\cakyjumyb.vbs
c:\documents and settings\All Users\Application Data\kukofukali.com
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\10.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\4.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\5.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\6.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\7.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\8.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\9.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1219786667jtun_sav10ennful25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1220278818jtun_sav10enncur25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1220711038jtun_sav10en80901003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1220796032jtun_sav10en80906003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221146376jtun_sav10en80907003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221316415jtun_sav10en80911003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221400883jtun_sav10en80913003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221748907jtun_sav10en80914003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221748907jtun_sav10enn08m25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221921616jtun_sav10en80918008.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1222264899jtun_sav10en80920003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1222610524jtun_sav10en80924003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1222957378jtun_sav10en80928003.m25.seg1.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1223217095jtun_sav10enncur25.m25.seg1.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1223561222jtun_sav10enncur25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1223735723jtun_sav10en81009003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1223820413jtun_sav10en81011003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1224166060jtun_sav10enn09m25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1224339422jtun_sav10enncur25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1224684340jtun_sav10en81018004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1225034527jtun_sav10en81022006.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1225724352jtun_sav10enncur25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1226156829jtun_sav10en81103003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.oct_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.old_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.sep_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\minitri.flg
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LUINSTALL.LOG
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\Thang\Application Data\exega.exe
c:\documents and settings\Thang\Application Data\ozefoge.dll
c:\documents and settings\Thang\Application Data\ujumag.pif
c:\documents and settings\Thang\Cookies\hpothb07.dat
c:\documents and settings\Thang\Cookies\hpothb07.tif
c:\documents and settings\Thang\Cookies\iwufadoc.dl
c:\program files\AntivirusPro2009
c:\program files\AntivirusPro2009\AntivirusPro2009.cfg
c:\program files\AntivirusPro2009\data\daily.cvd
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro2009\pthreadVC2.dll
c:\program files\AskTBar
c:\program files\AskTBar\bar\History\search2
c:\program files\AskTBar\PopSwatr\History\notallow
c:\program files\Common Files\keni.db
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
c:\program files\Common Files\zekuwiq.exe
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\AUPDATERES.DLL
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LUALLRES.DLL
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuComServer_3_1.EXE
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LuInsRes.dll
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\MFC71.DLL
c:\program files\Symantec\LiveUpdate\MSVCP71.DLL
c:\program files\Symantec\LiveUpdate\MSVCR71.DLL
c:\program files\Symantec\LiveUpdate\NetDetectController_3_1.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom_3_1.DLL
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\ResLuComServer_3_1.DLL
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1RES.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP2.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SETUPRES.DLL
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
c:\program files\Symantec\LiveUpdate\UNRAR.DLL
c:\windows\anejuzy._sy
c:\windows\cuwe._sy
c:\windows\ehyleka.db
c:\windows\ropov.reg
c:\windows\system32\yfaq.pif
c:\windows\usuzusa.sys

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-18 19:37 . 2008-11-18 19:37 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 17:52 . 2008-11-15 17:52 <DIR> d-------- c:\program files\RealVNC
2008-11-15 16:01 . 2008-11-15 16:01 <DIR> d-------- c:\program files\Lavasoft
2008-11-15 16:01 . 2008-11-15 16:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-15 15:53 . 2008-11-15 15:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-14 18:34 . 2008-11-14 18:34 <DIR> d-------- c:\documents and settings\Administrator.DADCOMP\Application Data\Share-to-Web Upload Folder
2008-11-13 21:34 . 2008-11-13 21:34 <DIR> d-------- c:\documents and settings\Administrator.DADCOMP
2008-11-04 17:49 . 2008-11-04 17:49 <DIR> d-------- c:\documents and settings\Thang\Application Data\Kodak
2008-11-04 17:47 . 2008-11-04 17:47 <DIR> d-------- c:\program files\Kodak
2008-10-31 18:59 . 2008-10-31 18:59 291 --a------ c:\documents and settings\Thang\Application Data\mdbu.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 15:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2008-11-07 04:47 --------- d-----w c:\documents and settings\Thang\Application Data\ArcSoft
2008-11-06 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-01 03:10 --------- d-----w c:\program files\Greeting Card Creator 32
2008-11-01 03:07 --------- d-----w c:\program files\VideoLAN
2008-11-01 03:05 --------- d-----w c:\documents and settings\All Users\Application Data\PictureMover
2008-11-01 03:03 --------- d-----w c:\program files\ArcSoft
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 00:53 --------- d-----w c:\program files\Common Files\ArcSoft
2008-10-15 00:46 --------- d-----w c:\program files\OVT
2008-09-30 23:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-20 05:33 667,648 ----a-w c:\windows\system32\wininet.dll
2008-05-28 03:34 0 --sha-w c:\documents and settings\Thang\Application Data\00483ca7064b0f0d91a71d6018ec157bc3aad48c768f757348.dat
2008-04-05 03:53 321 ---ha-w c:\documents and settings\Thang\hpothb07.dat
2007-09-09 03:25 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-11-18_19.22.28.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-19 05:54:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"WG511WLU"="c:\program files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-11-09 475136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-08-27 282624]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-10-17 162304]
"LTWinModem1"="ltmsg.exe" [2003-10-28 c:\windows\system32\ltmsg.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-10-21 278528]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-27 78416]
R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-10-14 109056]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-27 20560]
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2006-10-24 16194]
R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [2007-05-13 393472]
S3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]
S3 JL2004A;JL2004A Photo Viewer;c:\windows\system32\Drivers\pv_wdm.sys [2007-02-13 63289]
.
Contents of the 'Scheduled Tasks' folder

2008-10-31 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 23:13:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-18 23:15:20
ComboFix-quarantined-files.txt 2008-11-19 06:14:57
ComboFix2.txt 2008-11-19 02:23:31

Pre-Run: 25,608,617,984 bytes free
Post-Run: 25,603,399,680 bytes free

235 --- E O F --- 2008-11-12 04:24:18

HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161124745673
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

--
End of file - 6880 bytes

11-18-2008, 11:24 PM	#5 (permalink)
Xagest Registered User Join Date: Nov 2008 Posts: 5 OS: XP SP2	Re: AntiVirus Pro 2009 The zip file was submitted successfully. COMBO FIX ComboFix 08-11-18.04 - Thang 2008-11-18 23:08:48.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.232 [GMT -7:00] Running from: c:\documents and settings\Thang\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Thang\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\cakyjumyb.vbs c:\documents and settings\All Users\Application Data\kukofukali.com c:\documents and settings\All Users\Application Data\Symantec c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\10.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\4.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\5.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\6.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\7.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\8.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\9.Settings.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1219786667jtun_sav10ennful25.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1220278818jtun_sav10enncur25.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1220711038jtun_sav10en80901003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1220796032jtun_sav10en80906003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221146376jtun_sav10en80907003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221316415jtun_sav10en80911003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221400883jtun_sav10en80913003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221748907jtun_sav10en80914003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221748907jtun_sav10enn08m25.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1221921616jtun_sav10en80918008.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1222264899jtun_sav10en80920003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1222610524jtun_sav10en80924003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1222957378jtun_sav10en80928003.m25.seg1.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1223217095jtun_sav10enncur25.m25.seg1.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1223561222jtun_sav10enncur25.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1223735723jtun_sav10en81009003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1223820413jtun_sav10en81011003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1224166060jtun_sav10enn09m25.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1224339422jtun_sav10enncur25.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1224684340jtun_sav10en81018004.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1225034527jtun_sav10en81022006.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1225724352jtun_sav10enncur25.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1226156829jtun_sav10en81103003.m25.full.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.oct_symalllanguages_livetri.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.old_symalllanguages_livetri.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.sep_symalllanguages_livetri.zip c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\minitri.flg c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LUINSTALL.LOG c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate c:\documents and settings\Thang\Application Data\exega.exe c:\documents and settings\Thang\Application Data\ozefoge.dll c:\documents and settings\Thang\Application Data\ujumag.pif c:\documents and settings\Thang\Cookies\hpothb07.dat c:\documents and settings\Thang\Cookies\hpothb07.tif c:\documents and settings\Thang\Cookies\iwufadoc.dl c:\program files\AntivirusPro2009 c:\program files\AntivirusPro2009\AntivirusPro2009.cfg c:\program files\AntivirusPro2009\data\daily.cvd c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll c:\program files\AntivirusPro2009\pthreadVC2.dll c:\program files\AskTBar c:\program files\AskTBar\bar\History\search2 c:\program files\AskTBar\PopSwatr\History\notallow c:\program files\Common Files\keni.db c:\program files\Common Files\Symantec Shared c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm c:\program files\Common Files\zekuwiq.exe c:\program files\Symantec c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE c:\program files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll c:\program files\Symantec\LiveUpdate\AUPDATE.EXE c:\program files\Symantec\LiveUpdate\AUPDATERES.DLL c:\program files\Symantec\LiveUpdate\LSETUP.EXE c:\program files\Symantec\LiveUpdate\LUALL.EXE c:\program files\Symantec\LiveUpdate\LUALLRES.DLL c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe c:\program files\Symantec\LiveUpdate\LuComServer_3_1.EXE c:\program files\Symantec\LiveUpdate\ludirloc.dat c:\program files\Symantec\LiveUpdate\LUINFO.INF c:\program files\Symantec\LiveUpdate\LUInit.exe c:\program files\Symantec\LiveUpdate\LUInit.ini c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL c:\program files\Symantec\LiveUpdate\LuInsRes.dll c:\program files\Symantec\LiveUpdate\LuPreCon.DLL c:\program files\Symantec\LiveUpdate\LuResult.txt c:\program files\Symantec\LiveUpdate\MFC71.DLL c:\program files\Symantec\LiveUpdate\MSVCP71.DLL c:\program files\Symantec\LiveUpdate\MSVCR71.DLL c:\program files\Symantec\LiveUpdate\NetDetectController_3_1.DLL c:\program files\Symantec\LiveUpdate\ProductRegCom_3_1.DLL c:\program files\Symantec\LiveUpdate\README.TXT c:\program files\Symantec\LiveUpdate\ResLuComServer_3_1.DLL c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL c:\program files\Symantec\LiveUpdate\S32LUCP1RES.DLL c:\program files\Symantec\LiveUpdate\S32LUCP2.CPL c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL c:\program files\Symantec\LiveUpdate\SETUPRES.DLL c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log c:\program files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll c:\program files\Symantec\LiveUpdate\UNRAR.DLL c:\windows\anejuzy._sy c:\windows\cuwe._sy c:\windows\ehyleka.db c:\windows\ropov.reg c:\windows\system32\yfaq.pif c:\windows\usuzusa.sys . ((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 ))))))))))))))))))))))))))))))) . 2008-11-18 19:37 . 2008-11-18 19:37 <DIR> d-------- c:\program files\Trend Micro 2008-11-15 17:52 . 2008-11-15 17:52 <DIR> d-------- c:\program files\RealVNC 2008-11-15 16:01 . 2008-11-15 16:01 <DIR> d-------- c:\program files\Lavasoft 2008-11-15 16:01 . 2008-11-15 16:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-15 15:53 . 2008-11-15 15:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-14 18:34 . 2008-11-14 18:34 <DIR> d-------- c:\documents and settings\Administrator.DADCOMP\Application Data\Share-to-Web Upload Folder 2008-11-13 21:34 . 2008-11-13 21:34 <DIR> d-------- c:\documents and settings\Administrator.DADCOMP 2008-11-04 17:49 . 2008-11-04 17:49 <DIR> d-------- c:\documents and settings\Thang\Application Data\Kodak 2008-11-04 17:47 . 2008-11-04 17:47 <DIR> d-------- c:\program files\Kodak 2008-10-31 18:59 . 2008-10-31 18:59 291 --a------ c:\documents and settings\Thang\Application Data\mdbu.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-15 21:37 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-15 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-08 15:14 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-08 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft 2008-11-07 04:47 --------- d-----w c:\documents and settings\Thang\Application Data\ArcSoft 2008-11-06 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-11-01 03:10 --------- d-----w c:\program files\Greeting Card Creator 32 2008-11-01 03:07 --------- d-----w c:\program files\VideoLAN 2008-11-01 03:05 --------- d-----w c:\documents and settings\All Users\Application Data\PictureMover 2008-11-01 03:03 --------- d-----w c:\program files\ArcSoft 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-15 00:53 --------- d-----w c:\program files\Common Files\ArcSoft 2008-10-15 00:46 --------- d-----w c:\program files\OVT 2008-09-30 23:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-20 05:33 667,648 ----a-w c:\windows\system32\wininet.dll 2008-05-28 03:34 0 --sha-w c:\documents and settings\Thang\Application Data\00483ca7064b0f0d91a71d6018ec157bc3aad48c768f757348.dat 2008-04-05 03:53 321 ---ha-w c:\documents and settings\Thang\hpothb07.dat 2007-09-09 03:25 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT . ((((((((((((((((((((((((((((( snapshot@2008-11-18_19.22.28.78 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-19 05:54:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 344064] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263] "WG511WLU"="c:\program files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-11-09 475136] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-08-27 282624] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-10-17 162304] "LTWinModem1"="ltmsg.exe" [2003-10-28 c:\windows\system32\ltmsg.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-10-21 278528] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-27 78416] R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-10-14 109056] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-27 20560] R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2006-10-24 16194] R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [2007-05-13 393472] S3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992] S3 JL2004A;JL2004A Photo Viewer;c:\windows\system32\Drivers\pv_wdm.sys [2007-02-13 63289] . Contents of the 'Scheduled Tasks' folder 2008-10-31 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-18 23:13:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2008-11-18 23:15:20 ComboFix-quarantined-files.txt 2008-11-19 06:14:57 ComboFix2.txt 2008-11-19 02:23:31 Pre-Run: 25,608,617,984 bytes free Post-Run: 25,603,399,680 bytes free 235 --- E O F --- 2008-11-12 04:24:18 HIJACK THIS** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:21, on 11/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ltmsg.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161124745673 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) -- End of file - 6880 bytes