Tech Support Forum - View Single Post

Systikk · 07-24-2009, 10:49 PM

After trying many times and getting blue screen, i got the Combofix log. Hopefully someone can help.
although it bluescreened it gave me a log.

ComboFix 09-07-14.08 - Ellie 07/17/2009 0:06.10.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.347 [GMT -4:00]
Running from: c:\documents and settings\Ellie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFC
-------\Service_sfc

((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 03:51 . 2009-07-17 03:51 10752 ----a-w- c:\windows\DCEBoot.exe
2009-07-16 02:51 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 02:51 . 2009-07-16 02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 02:51 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 21:02 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-07-15 21:02 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-15 21:02 . 2009-07-16 03:06 -------- d-----w- c:\program files\Common Files\Uninstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 02:07 . 2009-06-13 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-14 23:57 . 2009-06-04 00:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-14 01:34 . 2006-01-21 17:05 -------- d-----w- c:\program files\Trend Micro
2009-06-13 02:47 . 2006-01-21 16:59 -------- d-----w- c:\program files\Common Files\AOL
2009-06-13 02:45 . 2006-01-21 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-13 02:42 . 2005-08-17 02:58 -------- d-----w- c:\program files\RGB
2009-06-13 02:42 . 2009-05-30 01:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-13 02:42 . 2009-05-30 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-13 02:37 . 2006-01-21 16:57 -------- d-----w- c:\program files\MUSICMATCH
2009-06-13 02:35 . 2006-01-21 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2009-06-13 02:29 . 2009-06-29 02:27 179922 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-06-04 00:40 . 2009-06-04 00:40 -------- d-----w- c:\documents and settings\Ellie\Application Data\Malwarebytes
2009-06-04 00:40 . 2009-06-04 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 02:41 . 2009-05-30 02:41 -------- d-----w- c:\program files\Alwil Software
2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 07:04 . 2009-06-04 00:36 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-10-05 00:29 . 2006-02-17 22:50 56 --sh--r- c:\windows\system32\69DE0D4F45.sys
2008-10-05 00:29 . 2006-02-17 22:50 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2004-08-10 11:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-21 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-21 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-02 29744]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-21 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/4/2008 10:02 PM 24652]
S0 tehe;tehe;c:\windows\system32\drivers\lkhz.sys --> c:\windows\system32\drivers\lkhz.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/21/2006 1:06 PM 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 00:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-07-17 0:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-17 04:22

Pre-Run: 139,072,512,000 bytes free
Post-Run: 139,428,179,968 bytes free

163 --- E O F --- 2009-06-29 01:54

07-24-2009, 10:49 PM	#4 (permalink)
Systikk Registered User Join Date: May 2009 Posts: 4 OS: xp	Re: BSoD, Viruses. After trying many times and getting blue screen, i got the Combofix log. Hopefully someone can help. although it bluescreened it gave me a log. ComboFix 09-07-14.08 - Ellie 07/17/2009 0:06.10.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.347 [GMT -4:00] Running from: c:\documents and settings\Ellie\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\kb913800.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SFC -------\Service_sfc ((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 ))))))))))))))))))))))))))))))) . 2009-07-17 03:51 . 2009-07-17 03:51 10752 ----a-w- c:\windows\DCEBoot.exe 2009-07-16 02:51 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-16 02:51 . 2009-07-16 02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-16 02:51 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-15 21:02 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2009-07-15 21:02 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll 2009-07-15 21:02 . 2009-07-16 03:06 -------- d-----w- c:\program files\Common Files\Uninstall . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 02:07 . 2009-06-13 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-06-14 23:57 . 2009-06-04 00:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-14 01:34 . 2006-01-21 17:05 -------- d-----w- c:\program files\Trend Micro 2009-06-13 02:47 . 2006-01-21 16:59 -------- d-----w- c:\program files\Common Files\AOL 2009-06-13 02:45 . 2006-01-21 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2009-06-13 02:42 . 2005-08-17 02:58 -------- d-----w- c:\program files\RGB 2009-06-13 02:42 . 2009-05-30 01:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-13 02:42 . 2009-05-30 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-13 02:37 . 2006-01-21 16:57 -------- d-----w- c:\program files\MUSICMATCH 2009-06-13 02:35 . 2006-01-21 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek 2009-06-13 02:29 . 2009-06-29 02:27 179922 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat 2009-06-04 00:40 . 2009-06-04 00:40 -------- d-----w- c:\documents and settings\Ellie\Application Data\Malwarebytes 2009-06-04 00:40 . 2009-06-04 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-30 02:41 . 2009-05-30 02:41 -------- d-----w- c:\program files\Alwil Software 2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 07:04 . 2009-06-04 00:36 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll 2008-10-05 00:29 . 2006-02-17 22:50 56 --sh--r- c:\windows\system32\69DE0D4F45.sys 2008-10-05 00:29 . 2006-02-17 22:50 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2004-08-10 11:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll [7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-21 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-21 98304] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-02 29744] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-21 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\support.com\\bin\\tgcmd.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/4/2008 10:02 PM 24652] S0 tehe;tehe;c:\windows\system32\drivers\lkhz.sys --> c:\windows\system32\drivers\lkhz.sys [?] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/21/2006 1:06 PM 29744] --- Other Services/Drivers In Memory --- Deregistered - NDISRD . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Microsoft Internet Explorer presented by Comcast uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-17 00:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2992) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe c:\windows\ehome\ehmsas.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe . ************************************************************************ . Completion time: 2009-07-17 0:22 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-17 04:22 Pre-Run: 139,072,512,000 bytes free Post-Run: 139,428,179,968 bytes free 163 --- E O F --- 2009-06-29 01:54