View Single Post

wiwazevedo · 02-21-2008, 03:38 AM

ComboFix 08-02-20.2 - Eli 2008-02-20 20:07:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT -8:00]
Running from: C:..Documents and Settings..Eli..Desktop..ComboFix.exe
Command switches used :: C:..Documents and Settings..Eli..Desktop..CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 04:13 . 2008-02-20 04:13 .. d-------- C:..WINNT..ERUNT
2008-02-20 04:08 . 2008-02-20 05:06 .. d-------- C:..SDFix
2008-02-19 21:41 . 2008-02-19 21:41 .. d-------- C:..Program Files..Trend Micro
2008-02-16 16:49 . 2008-02-16 16:50 .. d-------- C:..Program Files..Any Video Converter Professional
2008-02-16 16:49 . 2008-02-16 17:56 .. d-------- C:..Documents and Settings..Eli..Application Data..Any Video Converter Professional
2008-02-16 16:17 . 2008-02-16 16:17 147,456 --a------ C:..WINNT..system32..vbzip10.dll
2008-02-16 11:28 . 2008-02-16 11:28 .. d-------- C:..Program Files..Any Video Converter
2008-02-16 11:28 . 2008-02-16 12:33 .. d-------- C:..Documents and Settings..Eli..Application Data..Any Video Converter
2008-02-14 22:09 . 2008-02-14 22:09 .. d-------- C:..Documents and Settings..All Users..Application Data..Tavultesoft
2008-02-14 22:04 . 2008-02-14 22:04 .. d-------- C:..Program Files..Common Files..Tavultesoft
2008-02-14 22:03 . 2008-02-14 22:04 .. d-------- C:..Program Files..Tavultesoft
2008-02-14 22:01 . 2008-02-14 22:02 .. d-------- C:..Program Files..Microsoft Silverlight
2008-02-14 21:35 . 2008-02-14 21:38 .. d-------- C:..Program Files..AIM Invader
2008-02-11 20:43 . 2008-02-11 20:43 .. d-------- C:..Documents and Settings..Owner..Application Data..acccore
2008-02-11 19:56 . 2008-02-13 07:45 1,374 --a------ C:..WINNT..imsins.BAK
2008-02-09 03:34 . 2008-02-15 18:54 54,156 --ah----- C:..WINNT..QTFont.qfn
2008-02-09 03:34 . 2008-02-09 03:34 1,409 --a------ C:..WINNT..QTFont.for
2008-02-05 07:46 . 2008-02-05 07:46 .. d-------- C:..windows
2008-02-05 01:37 . 2008-02-17 20:44 .. d-------- C:..Program Files..Counter-Strike 1.6
2008-01-31 23:00 . 2008-01-31 23:02 .. d-------- C:..Program Files..AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-21 03:51 --------- d-----w C:..Documents and Settings..All Users..Application Data..Viewpoint
2008-02-21 03:50 --------- d-----w C:..Program Files..Viewpoint
2008-02-17 17:41 --------- d-----w C:..Documents and Settings..Eli..Application Data..LimeWire
2008-02-16 07:44 --------- d-----w C:..Program Files..Zune
2008-02-12 12:38 --------- d-----w C:..Program Files..AIM
2008-02-12 12:28 --------- d-----w C:..Program Files..Common Files..Adobe
2008-02-11 22:37 --------- d-----w C:..Program Files..Common Files..Symantec Shared
2008-02-03 17:09 --------- d-----w C:..Program Files..Bulent's Screen Recorder 4
2008-02-01 07:00 --------- d-----w C:..Program Files..Common Files..AOL
2008-02-01 07:00 --------- d-----w C:..Documents and Settings..All Users..Application Data..AOL
2008-01-27 01:15 --------- d-----w C:..Documents and Settings..Eli..Application Data..Apple Computer
2008-01-13 21:46 165 ----a-w C:..Program Files..fun_maze_cbble.txt
2008-01-12 10:53 518,204 ----a-w C:..Program Files..fun_maze_cbble.bsp
2007-12-26 08:55 0 ---ha-w C:..WINNT..system32..drivers..MsftWdf_Kernel_01005 _Coinstall
er_Critical.Wdf
2007-12-26 08:55 0 ---ha-w C:..WINNT..system32..drivers..Msft_Kernel_zumbus_0 1005.Wdf
2006-07-01 21:38 70,920 ----a-w C:..Documents and Settings..Eli..Application Data..GDIPFONTCACHEV1.DAT
2006-06-17 05:59 70,920 ----a-w C:..Documents and Settings..Guest..Application Data..GDIPFONTCACHEV1.DAT
2006-06-09 04:12 70,920 ----a-w C:..Documents and Settings..Owner..Application Data..GDIPFONTCACHEV1.DAT
2005-01-10 22:35 69,984 ----a-w C:..Documents and Settings..All Users..Application Data..GDIPFONTCACHEV1.DAT
2004-08-04 08:56 561,179 ----a-w C:..Program Files..Common Files..dao360.dll
1998-04-27 07:00 570,128 ----a-w C:..Program Files..Common Files..DAO350.DLL
2004-02-29 01:42 32 --sha-w C:..WINNT..{5A1DE60E-63D4-411F-819C-8A27E968C34B}.dat
2004-02-29 01:44 32 --sha-w C:..WINNT..{77F34DDC-BE64-4C66-968A-710FD450DF9B}.dat
2004-02-29 01:42 32 --sha-w C:..WINNT..{9383845D-FCDF-4F3E-B9ED-6D7A80014D9B}.dat
2004-02-29 01:43 32 --sha-w C:..WINNT..{9AB54738-7DF1-4C00-9904-724052B1CBA3}.dat
2004-02-29 01:42 32 --sha-w C:..WINNT..{B473FFAC-ADCC-4471-ACAB-22211CD3B66C}.dat
2004-02-29 01:44 32 --sha-w C:..WINNT..{B83C3FD1-AF69-4C98-860F-8B93571A7A20}.dat
2007-10-19 13:26 8,434 --sha-w C:..WINNT..system32..rrrqr.bak1
2007-10-19 22:11 6,717 --sha-w C:..WINNT..system32..rrrqr.bak2
2007-10-20 09:38 7,666 --sha-w C:..WINNT..system32..rrrqr.ini2
2004-02-29 01:44 32 --sha-w C:..WINNT..system32..{4ED47025-B944-4999-B941-BA0A8CCD7C5C}.
dat
2004-02-29 01:42 32 --sha-w C:..WINNT..system32..{9D4A8C51-12B5-4B1B-B280-4A82ADDC6A20}.
dat
2004-02-29 01:43 32 --sha-w C:..WINNT..system32..{B4E78FFD-5507-47A5-AABD-7063002FED4B}.
dat
2004-02-29 01:42 32 --sha-w C:..WINNT..system32..{BFE21B32-E04B-47C5-B65E-E7678177DA9D}.
dat
2004-02-29 01:44 32 --sha-w C:..WINNT..system32..{C3FFBBD3-535C-4BB1-B187-47AD9BAC05D8}.
dat
2004-02-29 01:42 32 --sha-w C:..WINNT..system32..{FAF8EF9A-AE41-4381-8369-AB595EC8BC08}.
dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER..SOFTWARE..Microsoft..Windows..C urrentVer
sion..Run]
"Aim6"="" []
"ctfmon.exe"="C:..WINNT..system32..ctfmon.exe" [2004-08-03 23:56 15360]
"swg"="C:..Program Files..Google..GoogleToolbarNotifier..GoogleToolba rNotifier.
exe" [2007-03-29 15:10 68856]
"desktop_light.pxx"="C:..Program Files..Tavultesoft..Keyman Desktop Light 7.0..kmshell.exe" [2007-11-27 14:49 1288048]

[HKEY_USERS...DEFAULT..Software..Microsoft..Windows ..Current
Version..Run]
"DWQueuedReporting"="C:..PROGRA~1..COMMON~1..MICRO S~1..DW..d
wtrig20.exe" [2007-02-26 01:01 437160]

[HKEY_LOCAL_MACHINE..software..microsoft..windows nt..currentversion..winlogon..notify..Sebring]
C:..WINNT..System32..LgNotify.dll 2003-02-28 14:01 110592 C:..WINNT..system32..LgNotify.dll

[HKEY_LOCAL_MACHINE..system..currentcontrolset..con trol..lsa
]
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Acrobat Assistant.lnk
backup=C:..WINNT..pss..Acrobat Assistant.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Adobe Gamma Loader.lnk
backup=C:..WINNT..pss..Adobe Gamma Loader.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Adobe Reader Speed Launch.lnk
backup=C:..WINNT..pss..Adobe Reader Speed Launch.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Adobe Reader Synchronizer.lnk
backup=C:..WINNT..pss..Adobe Reader Synchronizer.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autos.exe]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..autos.exe
backup=C:..WINNT..pss..autos.exeCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..eFax Tray Menu.lnk
backup=C:..WINNT..pss..eFax Tray Menu.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Google Updater.lnk
backup=C:..WINNT..pss..Google Updater.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Kodak EasyShare software.lnk
backup=C:..WINNT..pss..Kodak EasyShare software.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..KODAK Software Updater.lnk
backup=C:..WINNT..pss..KODAK Software Updater.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Live Menu.lnk
backup=C:..WINNT..pss..Live Menu.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Microsoft Office.lnk
backup=C:..WINNT..pss..Microsoft Office.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..officejet 6100.lnk
backup=C:..WINNT..pss..officejet 6100.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RingCentral Call Controller.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..RingCentral Call Controller.lnk
backup=C:..WINNT..pss..RingCentral Call Controller.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Service Manager.lnk
backup=C:..WINNT..pss..Service Manager.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..WinZip Quick Pick.lnk
backup=C:..WINNT..pss..WinZip Quick Pick.lnkCommon Startup

[HKLM..~..startupfolder..C:^Documents and Settings^Eli^Start Menu^Programs^Startup^Xfire.lnk]
path=C:..Documents and Settings..Eli..Start Menu..Programs..Startup..Xfire.lnk
backup=C:..WINNT..pss..Xfire.lnkStartup

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..AdaptecDirectCD]
--a------ 2002-10-03 16:50 684032 C:..Program Files..Roxio..Easy CD Creator 5..DirectCD..DirectCD.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..AGRSMMSG]

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..AIM]
C:..Program Files..AIM..aim.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..BitTorrent]
C:..Program Files..BitTorrent..bittorrent.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ccApp]
--a------ 2007-06-04 18:05 116328 C:..Program Files..Common Files..Symantec Shared..ccApp.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ClientGW]

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ctfmon.exe]
--a------ 2004-08-03 23:56 15360 C:..WINNT..system32..ctfmon.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..eSnips]
C:..PROGRA~1..eSnips..ClientGW.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Gateway Ink Monitor]
--a------ 2003-11-05 10:23 303180 C:..Program Files..Gateway..Gateway Ink Monitor..GWInkMonitor.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..GhostStartTrayApp]
--a------ 2002-08-14 15:21 94208 C:..Program Files..Norton SystemWorks..Norton Ghost..GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Google Desktop Search]
C:..Program Files..Google..Google Desktop Search..GoogleDesktop.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..H/PC Connection Agent]
C:..Program Files..Microsoft ActiveSync..WCESCOMM.EXE

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..HotKeysCmds]
--a------ 2003-10-02 12:19 118784 C:..WINNT..System32..hkcmd.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..HPDJ Taskbar Utility]
--a------ 2003-01-30 18:55 196608 C:..WINNT..system32..spool..drivers..w32x86..3..hp ztsb04.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..HPHmon03]
--a------ 2003-01-30 18:55 311296 C:..WINNT..system32..hphmon03.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..HPHmon04]
C:..WINNT..System32..hphmon04.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..IgfxTray]
--a------ 2003-10-02 12:37 155648 C:..WINNT..System32..igfxtray.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ISUSPM Startup]
--a------ 2004-08-09 06:03 221184 C:..PROGRA~1..COMMON~1..INSTAL~1..UPDATE~1..ISUSPM .exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ISUSScheduler]
--a------ 2004-08-09 06:03 81920 C:..PROGRA~1..COMMON~1..INSTAL~1..UPDATE~1..issch. exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..iTunesHelper]
--a------ 2007-06-28 08:14 270648 C:..Program Files..iTunes..iTunesHelper.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..KernelFaultCheck]
C:..WINNT..system32..dumprep 0 -k

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..LtMoh]
C:..Program Files..ltmoh..Ltmoh.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..mmtask]
c:..Program Files..MusicMatch..MusicMatch Jukebox..mmtask.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..MSMSGS]
--------- 2004-10-13 08:24 1694208 C:..Program Files..Messenger..msmsgs.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..msnmsgr]
C:..Program Files..MSN Messenger..msnmsgr.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..osCheck]
--a------ 2007-06-25 21:00 771440 C:..Program Files..Norton AntiVirus..osCheck.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..PhotoShow Deluxe Media Manager]
C:..PROGRA~1..SIMPLE~1..PHOTOS~1..data..Xtras..mss ysmgr.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..PlaxoUpdate]
C:..Program Files..Plaxo..2.0.3.16..InstallStub.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Projector Manager]
C:..Program Files..InFocus..Projector Manager..Projmgr.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..QD FastAndSafe]

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:..Program Files..QuickTime..qttask.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..RAMBooster.Net]
C:..Program Files..RAMBooster.Net..RAMBooster.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..RCHotKey]
--a------ 2006-05-02 16:48 14848 C:..Program Files..RingCentral..RingCentral Call Controller..RCHotKey.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Simple Star PhotoShow Media Manager]
C:..PROGRA~1..SIMPLE~1..PHOTOS~1..data..Xtras..mss ysmgr.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Spyware Doctor]
C:..Program Files..Spyware Doctor..swdoctor.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..SSC_UserPrompt]
C:..Program Files..Common Files..Symantec Shared..Security Center..UsrPrmpt.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Steam]
C:..Program Files..Valve..Steam..Steam.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..SunJavaUpdateSched]
--a------ 2005-04-13 02:48 36975 C:..Program Files..Java..jre1.5.0_03..bin..jusched.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..swg]
--a------ 2007-03-29 15:10 68856 C:..Program Files..Google..GoogleToolbarNotifier..GoogleToolba rNotifier.
exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Symantec NetDriver Monitor]
C:..PROGRA~1..SYMNET~1..SNDMon.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..SynTPEnh]
--a------ 2003-01-02 18:11 577536 C:..Program Files..Synaptics..SynTP..SynTPEnh.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..SynTPLpr]
--a------ 2003-01-02 18:12 126976 C:..Program Files..Synaptics..SynTP..SynTPLpr.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..TkBellExe]
C:..Program Files..Common Files..Real..Update_OB..realsched.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..UserFaultCheck]
C:..WINNT..system32..dumprep 0 -u

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ViewMgr]
C:..Program Files..Viewpoint..Viewpoint Manager..ViewMgr.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..vptray]
C:..PROGRA~1..SYMANT~1..VPTray.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Windows Defender]
--a------ 2006-11-03 17:20 866584 C:..Program Files..Windows Defender..MSASCui.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:..PROGRA~1..Yahoo!..MESSEN~1..YAHOOM~1.exe

[HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..services]
"SPIAgent5"=2 (0x2)
"SAVScan"=3 (0x3)
"gusvc"=2 (0x2)
"SQLAgent$PARAMOUNT"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$PARAMOUNT"=2 (0x2)
"iPod Service"=3 (0x3)
"Speed Disk service"=2 (0x2)
"NProtectService"=2 (0x2)
"GhostStartService"=2 (0x2)

R1 GhPciScan;GhostPciScanner;C:..Program Files..Norton SystemWorks..Norton Ghost..ghpciscan.sys [2002-08-14 15:11]
R1 oreans32;oreans32;C:..WINNT..system32..drivers..or eans32.sys
[2006-09-07 16:52]
R2 zumbus;Zune Bus Enumerator Driver;C:..WINNT..system32..DRIVERS..zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:..WINNT..system32..ZuneBusEnum.exe [2007-11-15 21:51]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:..WINNT..system32..drivers..hphius09.sys [2003-01-30 18:55]
S3 dump_wmimmc;dump_wmimmc;C:..Program Files..Bots..GameGuard..dump_wmimmc.sys []
S3 IFCUSB;IFCUSB;C:..WINNT..system32..drivers..IFCUSB .SYS [2001-05-22 21:55]
S3 NPDriver;Norton Unerase Protection Driver;C:..WINNT..System32..Drivers..NPDRIVER.SYS [2002-08-14 06:03]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:..WINNT..system32..ZuneWlanCfgSvc.exe [2007-11-15 21:51]
S4 MSSQL$PARAMOUNT;MSSQL$PARAMOUNT;C:..Program Files..Microsoft SQL Server..MSSQL$PARAMOUNT..Binn..sqlservr.exe [2002-12-17 17:26]
S4 SQLAgent$PARAMOUNT;SQLAgent$PARAMOUNT;C:..Program Files..Microsoft SQL Server..MSSQL$PARAMOUNT..Binn..sqlagent.EXE [2002-12-17 17:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 20:45:02 C:..WINNT..Tasks..AppleSoftwareUpdate.job"
- C:..Program Files..Apple Software Update..SoftwareUpdate.exe
"2008-02-21 04:20:59 C:..WINNT..Tasks..MP Scheduled Scan.job"
- C:..Program Files..Windows Defender..MpCmdRun.exe
"2008-02-12 04:00:00 C:..WINNT..Tasks..Norton AntiVirus - Run Full System Scan - Eli.job"
- C:..Program Files..Norton AntiVirus..Navw32.exeh/TASK:
"2008-02-02 01:30:00 C:..WINNT..Tasks..Norton SystemWorks One Button Checkup.job"
- C:..Program Files..Norton SystemWorks..OBC.exe
"2008-02-20 11:00:00 C:..WINNT..Tasks..SpywareBot Scheduled Scan.job"
- C:..Program Files..SpywareBot..SpywareBot.ex
- C:..Program Files..SpywareBot
"2008-02-16 00:00:00 C:..WINNT..Tasks..{271C803A-1298-428D-ADB0-440CC94F98D3}_ASO
USASTU_Annette Sousa.job"
- C:..WINNT..system32..mobsync.exeL /Schedule=
"2008-02-20 00:00:00 C:..WINNT..Tasks..{2D186DD2-FA0F-48F7-A7DD-1473C92EB67A}_ASO
USASTU_Annette Sousa.job"
- C:..WINNT..system32..mobsync.exeL /Schedule=
"2008-02-20 17:00:00 C:..WINNT..Tasks..{A7FD14B9-2705-4CE2-A53C-23060B45984D}_ASO
USASTU_Annette Sousa.job"
- C:..WINNT..system32..mobsync.exeL /Schedule=
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 20:21:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:..Program Files..Windows Defender..MsMpEng.exe
C:..WINNT..System32..S24EvMon.exe
C:..Program Files..Common Files..Symantec Shared..ccSvcHst.exe
C:..Program Files..Common Files..Symantec Shared..AppCore..AppSvc32.exe
C:..WINNT..system32..ZCfgSvc.exe
C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
C:..WINNT..System32..RegSrvc.exe
C:..WINNT..System32..RoamMgr.exe
C:..Program Files..Intel..Switching..User..RoamSvc.exe
C:..WINNT..System32..imapi.exe
C:..WINNT..system32..wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-02-20 20:29:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 04:29:07
ComboFix2.txt 2008-02-20 12:07:02
.
2008-02-14 20:25:36 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:26 AM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:..WINNT..System32..smss.exe
C:..WINNT..system32..winlogon.exe
C:..WINNT..system32..services.exe
C:..WINNT..system32..lsass.exe
C:..WINNT..system32..svchost.exe
C:..Program Files..Windows Defender..MsMpEng.exe
C:..WINNT..System32..svchost.exe
C:..WINNT..system32..svchost.exe
C:..WINNT..System32..S24EvMon.exe
C:..Program Files..Common Files..Symantec Shared..ccSvcHst.exe
C:..Program Files..Common Files..Symantec Shared..AppCore..AppSvc32.exe
C:..WINNT..system32..spoolsv.exe
C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
C:..Program Files..Symantec..LiveUpdate..ALUSchedulerSvc.exe
C:..Program Files..Common Files..Microsoft Shared..VS7Debug..mdm.exe
C:..WINNT..System32..RegSrvc.exe
C:..WINNT..System32..RoamMgr.exe
C:..WINNT..System32..svchost.exe
C:..Program Files..Viewpoint..Common..ViewpointService.exe
c:..WINNT..system32..ZuneBusEnum.exe
C:..Program Files..Intel..Switching..User..RoamSvc.exe
C:..WINNT..system32..ZCfgSvc.exe
C:..WINNT..Explorer.EXE
C:..WINNT..system32..wscntfy.exe
C:..WINNT..system32..ctfmon.exe
C:..Program Files..Google..GoogleToolbarNotifier..GoogleToolba rNotifier.
exe
C:..WINNT..system32..wuauclt.exe
C:..Program Files..Trend Micro..HijackThis..HijackThis.exe

R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8.r{}

02-21-2008, 03:38 AM	#6 (permalink)
wiwazevedo Gold Member Join Date: Dec 2006 Location: CA Posts: 269	ComboFix 08-02-20.2 - Eli 2008-02-20 20:07:51.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT -8:00] Running from: C:..Documents and Settings..Eli..Desktop..ComboFix.exe Command switches used :: C:..Documents and Settings..Eli..Desktop..CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))) . 2008-02-20 04:13 . 2008-02-20 04:13 .. d-------- C:..WINNT..ERUNT 2008-02-20 04:08 . 2008-02-20 05:06 .. d-------- C:..SDFix 2008-02-19 21:41 . 2008-02-19 21:41 .. d-------- C:..Program Files..Trend Micro 2008-02-16 16:49 . 2008-02-16 16:50 .. d-------- C:..Program Files..Any Video Converter Professional 2008-02-16 16:49 . 2008-02-16 17:56 .. d-------- C:..Documents and Settings..Eli..Application Data..Any Video Converter Professional 2008-02-16 16:17 . 2008-02-16 16:17 147,456 --a------ C:..WINNT..system32..vbzip10.dll 2008-02-16 11:28 . 2008-02-16 11:28 .. d-------- C:..Program Files..Any Video Converter 2008-02-16 11:28 . 2008-02-16 12:33 .. d-------- C:..Documents and Settings..Eli..Application Data..Any Video Converter 2008-02-14 22:09 . 2008-02-14 22:09 .. d-------- C:..Documents and Settings..All Users..Application Data..Tavultesoft 2008-02-14 22:04 . 2008-02-14 22:04 .. d-------- C:..Program Files..Common Files..Tavultesoft 2008-02-14 22:03 . 2008-02-14 22:04 .. d-------- C:..Program Files..Tavultesoft 2008-02-14 22:01 . 2008-02-14 22:02 .. d-------- C:..Program Files..Microsoft Silverlight 2008-02-14 21:35 . 2008-02-14 21:38 .. d-------- C:..Program Files..AIM Invader 2008-02-11 20:43 . 2008-02-11 20:43 .. d-------- C:..Documents and Settings..Owner..Application Data..acccore 2008-02-11 19:56 . 2008-02-13 07:45 1,374 --a------ C:..WINNT..imsins.BAK 2008-02-09 03:34 . 2008-02-15 18:54 54,156 --ah----- C:..WINNT..QTFont.qfn 2008-02-09 03:34 . 2008-02-09 03:34 1,409 --a------ C:..WINNT..QTFont.for 2008-02-05 07:46 . 2008-02-05 07:46 .. d-------- C:..windows 2008-02-05 01:37 . 2008-02-17 20:44 .. d-------- C:..Program Files..Counter-Strike 1.6 2008-01-31 23:00 . 2008-01-31 23:02 .. d-------- C:..Program Files..AIM6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-21 03:51 --------- d-----w C:..Documents and Settings..All Users..Application Data..Viewpoint 2008-02-21 03:50 --------- d-----w C:..Program Files..Viewpoint 2008-02-17 17:41 --------- d-----w C:..Documents and Settings..Eli..Application Data..LimeWire 2008-02-16 07:44 --------- d-----w C:..Program Files..Zune 2008-02-12 12:38 --------- d-----w C:..Program Files..AIM 2008-02-12 12:28 --------- d-----w C:..Program Files..Common Files..Adobe 2008-02-11 22:37 --------- d-----w C:..Program Files..Common Files..Symantec Shared 2008-02-03 17:09 --------- d-----w C:..Program Files..Bulent's Screen Recorder 4 2008-02-01 07:00 --------- d-----w C:..Program Files..Common Files..AOL 2008-02-01 07:00 --------- d-----w C:..Documents and Settings..All Users..Application Data..AOL 2008-01-27 01:15 --------- d-----w C:..Documents and Settings..Eli..Application Data..Apple Computer 2008-01-13 21:46 165 ----a-w C:..Program Files..fun_maze_cbble.txt 2008-01-12 10:53 518,204 ----a-w C:..Program Files..fun_maze_cbble.bsp 2007-12-26 08:55 0 ---ha-w C:..WINNT..system32..drivers..MsftWdf_Kernel_01005 _Coinstall er_Critical.Wdf 2007-12-26 08:55 0 ---ha-w C:..WINNT..system32..drivers..Msft_Kernel_zumbus_0 1005.Wdf 2006-07-01 21:38 70,920 ----a-w C:..Documents and Settings..Eli..Application Data..GDIPFONTCACHEV1.DAT 2006-06-17 05:59 70,920 ----a-w C:..Documents and Settings..Guest..Application Data..GDIPFONTCACHEV1.DAT 2006-06-09 04:12 70,920 ----a-w C:..Documents and Settings..Owner..Application Data..GDIPFONTCACHEV1.DAT 2005-01-10 22:35 69,984 ----a-w C:..Documents and Settings..All Users..Application Data..GDIPFONTCACHEV1.DAT 2004-08-04 08:56 561,179 ----a-w C:..Program Files..Common Files..dao360.dll 1998-04-27 07:00 570,128 ----a-w C:..Program Files..Common Files..DAO350.DLL 2004-02-29 01:42 32 --sha-w C:..WINNT..{5A1DE60E-63D4-411F-819C-8A27E968C34B}.dat 2004-02-29 01:44 32 --sha-w C:..WINNT..{77F34DDC-BE64-4C66-968A-710FD450DF9B}.dat 2004-02-29 01:42 32 --sha-w C:..WINNT..{9383845D-FCDF-4F3E-B9ED-6D7A80014D9B}.dat 2004-02-29 01:43 32 --sha-w C:..WINNT..{9AB54738-7DF1-4C00-9904-724052B1CBA3}.dat 2004-02-29 01:42 32 --sha-w C:..WINNT..{B473FFAC-ADCC-4471-ACAB-22211CD3B66C}.dat 2004-02-29 01:44 32 --sha-w C:..WINNT..{B83C3FD1-AF69-4C98-860F-8B93571A7A20}.dat 2007-10-19 13:26 8,434 --sha-w C:..WINNT..system32..rrrqr.bak1 2007-10-19 22:11 6,717 --sha-w C:..WINNT..system32..rrrqr.bak2 2007-10-20 09:38 7,666 --sha-w C:..WINNT..system32..rrrqr.ini2 2004-02-29 01:44 32 --sha-w C:..WINNT..system32..{4ED47025-B944-4999-B941-BA0A8CCD7C5C}. dat 2004-02-29 01:42 32 --sha-w C:..WINNT..system32..{9D4A8C51-12B5-4B1B-B280-4A82ADDC6A20}. dat 2004-02-29 01:43 32 --sha-w C:..WINNT..system32..{B4E78FFD-5507-47A5-AABD-7063002FED4B}. dat 2004-02-29 01:42 32 --sha-w C:..WINNT..system32..{BFE21B32-E04B-47C5-B65E-E7678177DA9D}. dat 2004-02-29 01:44 32 --sha-w C:..WINNT..system32..{C3FFBBD3-535C-4BB1-B187-47AD9BAC05D8}. dat 2004-02-29 01:42 32 --sha-w C:..WINNT..system32..{FAF8EF9A-AE41-4381-8369-AB595EC8BC08}. dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER..SOFTWARE..Microsoft..Windows..C urrentVer sion..Run] "Aim6"="" [] "ctfmon.exe"="C:..WINNT..system32..ctfmon.exe" [2004-08-03 23:56 15360] "swg"="C:..Program Files..Google..GoogleToolbarNotifier..GoogleToolba rNotifier. exe" [2007-03-29 15:10 68856] "desktop_light.pxx"="C:..Program Files..Tavultesoft..Keyman Desktop Light 7.0..kmshell.exe" [2007-11-27 14:49 1288048] [HKEY_USERS...DEFAULT..Software..Microsoft..Windows ..Current Version..Run] "DWQueuedReporting"="C:..PROGRA~1..COMMON~1..MICRO S~1..DW..d wtrig20.exe" [2007-02-26 01:01 437160] [HKEY_LOCAL_MACHINE..software..microsoft..windows nt..currentversion..winlogon..notify..Sebring] C:..WINNT..System32..LgNotify.dll 2003-02-28 14:01 110592 C:..WINNT..system32..LgNotify.dll [HKEY_LOCAL_MACHINE..system..currentcontrolset..con trol..lsa ] Notification Packages REG_MULTI_SZ scecli scecli scecli [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Acrobat Assistant.lnk backup=C:..WINNT..pss..Acrobat Assistant.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Adobe Gamma Loader.lnk backup=C:..WINNT..pss..Adobe Gamma Loader.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Adobe Reader Speed Launch.lnk backup=C:..WINNT..pss..Adobe Reader Speed Launch.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Adobe Reader Synchronizer.lnk backup=C:..WINNT..pss..Adobe Reader Synchronizer.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autos.exe] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..autos.exe backup=C:..WINNT..pss..autos.exeCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..eFax Tray Menu.lnk backup=C:..WINNT..pss..eFax Tray Menu.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Google Updater.lnk backup=C:..WINNT..pss..Google Updater.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Kodak EasyShare software.lnk backup=C:..WINNT..pss..Kodak EasyShare software.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..KODAK Software Updater.lnk backup=C:..WINNT..pss..KODAK Software Updater.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Live Menu.lnk backup=C:..WINNT..pss..Live Menu.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Microsoft Office.lnk backup=C:..WINNT..pss..Microsoft Office.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..officejet 6100.lnk backup=C:..WINNT..pss..officejet 6100.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RingCentral Call Controller.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..RingCentral Call Controller.lnk backup=C:..WINNT..pss..RingCentral Call Controller.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..Service Manager.lnk backup=C:..WINNT..pss..Service Manager.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:..Documents and Settings..All Users..Start Menu..Programs..Startup..WinZip Quick Pick.lnk backup=C:..WINNT..pss..WinZip Quick Pick.lnkCommon Startup [HKLM..~..startupfolder..C:^Documents and Settings^Eli^Start Menu^Programs^Startup^Xfire.lnk] path=C:..Documents and Settings..Eli..Start Menu..Programs..Startup..Xfire.lnk backup=C:..WINNT..pss..Xfire.lnkStartup [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..AdaptecDirectCD] --a------ 2002-10-03 16:50 684032 C:..Program Files..Roxio..Easy CD Creator 5..DirectCD..DirectCD.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..AGRSMMSG] [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..AIM] C:..Program Files..AIM..aim.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..BitTorrent] C:..Program Files..BitTorrent..bittorrent.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ccApp] --a------ 2007-06-04 18:05 116328 C:..Program Files..Common Files..Symantec Shared..ccApp.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ClientGW] [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ctfmon.exe] --a------ 2004-08-03 23:56 15360 C:..WINNT..system32..ctfmon.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..eSnips] C:..PROGRA~1..eSnips..ClientGW.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Gateway Ink Monitor] --a------ 2003-11-05 10:23 303180 C:..Program Files..Gateway..Gateway Ink Monitor..GWInkMonitor.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..GhostStartTrayApp] --a------ 2002-08-14 15:21 94208 C:..Program Files..Norton SystemWorks..Norton Ghost..GhostStartTrayApp.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Google Desktop Search] C:..Program Files..Google..Google Desktop Search..GoogleDesktop.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..H/PC Connection Agent] C:..Program Files..Microsoft ActiveSync..WCESCOMM.EXE [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..HotKeysCmds] --a------ 2003-10-02 12:19 118784 C:..WINNT..System32..hkcmd.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..HPDJ Taskbar Utility] --a------ 2003-01-30 18:55 196608 C:..WINNT..system32..spool..drivers..w32x86..3..hp ztsb04.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..HPHmon03] --a------ 2003-01-30 18:55 311296 C:..WINNT..system32..hphmon03.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..HPHmon04] C:..WINNT..System32..hphmon04.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..IgfxTray] --a------ 2003-10-02 12:37 155648 C:..WINNT..System32..igfxtray.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ISUSPM Startup] --a------ 2004-08-09 06:03 221184 C:..PROGRA~1..COMMON~1..INSTAL~1..UPDATE~1..ISUSPM .exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ISUSScheduler] --a------ 2004-08-09 06:03 81920 C:..PROGRA~1..COMMON~1..INSTAL~1..UPDATE~1..issch. exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..iTunesHelper] --a------ 2007-06-28 08:14 270648 C:..Program Files..iTunes..iTunesHelper.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..KernelFaultCheck] C:..WINNT..system32..dumprep 0 -k [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..LtMoh] C:..Program Files..ltmoh..Ltmoh.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..mmtask] c:..Program Files..MusicMatch..MusicMatch Jukebox..mmtask.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..MSMSGS] --------- 2004-10-13 08:24 1694208 C:..Program Files..Messenger..msmsgs.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..msnmsgr] C:..Program Files..MSN Messenger..msnmsgr.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..osCheck] --a------ 2007-06-25 21:00 771440 C:..Program Files..Norton AntiVirus..osCheck.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..PhotoShow Deluxe Media Manager] C:..PROGRA~1..SIMPLE~1..PHOTOS~1..data..Xtras..mss ysmgr.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..PlaxoUpdate] C:..Program Files..Plaxo..2.0.3.16..InstallStub.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Projector Manager] C:..Program Files..InFocus..Projector Manager..Projmgr.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..QD FastAndSafe] [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..QuickTime Task] --a------ 2007-04-27 08:41 282624 C:..Program Files..QuickTime..qttask.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..RAMBooster.Net] C:..Program Files..RAMBooster.Net..RAMBooster.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..RCHotKey] --a------ 2006-05-02 16:48 14848 C:..Program Files..RingCentral..RingCentral Call Controller..RCHotKey.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Simple Star PhotoShow Media Manager] C:..PROGRA~1..SIMPLE~1..PHOTOS~1..data..Xtras..mss ysmgr.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Spyware Doctor] C:..Program Files..Spyware Doctor..swdoctor.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..SSC_UserPrompt] C:..Program Files..Common Files..Symantec Shared..Security Center..UsrPrmpt.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Steam] C:..Program Files..Valve..Steam..Steam.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..SunJavaUpdateSched] --a------ 2005-04-13 02:48 36975 C:..Program Files..Java..jre1.5.0_03..bin..jusched.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..swg] --a------ 2007-03-29 15:10 68856 C:..Program Files..Google..GoogleToolbarNotifier..GoogleToolba rNotifier. exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Symantec NetDriver Monitor] C:..PROGRA~1..SYMNET~1..SNDMon.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..SynTPEnh] --a------ 2003-01-02 18:11 577536 C:..Program Files..Synaptics..SynTP..SynTPEnh.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..SynTPLpr] --a------ 2003-01-02 18:12 126976 C:..Program Files..Synaptics..SynTP..SynTPLpr.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..TkBellExe] C:..Program Files..Common Files..Real..Update_OB..realsched.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..UserFaultCheck] C:..WINNT..system32..dumprep 0 -u [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..ViewMgr] C:..Program Files..Viewpoint..Viewpoint Manager..ViewMgr.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..vptray] C:..PROGRA~1..SYMANT~1..VPTray.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Windows Defender] --a------ 2006-11-03 17:20 866584 C:..Program Files..Windows Defender..MSASCui.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..startupreg..Yahoo! Pager] --a------ 2006-11-30 21:49 4662776 C:..PROGRA~1..Yahoo!..MESSEN~1..YAHOOM~1.exe [HKEY_LOCAL_MACHINE..software..microsoft..shared tools..msconfig..services] "SPIAgent5"=2 (0x2) "SAVScan"=3 (0x3) "gusvc"=2 (0x2) "SQLAgent$PARAMOUNT"=3 (0x3) "MSSQLServerADHelper"=3 (0x3) "MSSQL$PARAMOUNT"=2 (0x2) "iPod Service"=3 (0x3) "Speed Disk service"=2 (0x2) "NProtectService"=2 (0x2) "GhostStartService"=2 (0x2) R1 GhPciScan;GhostPciScanner;C:..Program Files..Norton SystemWorks..Norton Ghost..ghpciscan.sys [2002-08-14 15:11] R1 oreans32;oreans32;C:..WINNT..system32..drivers..or eans32.sys [2006-09-07 16:52] R2 zumbus;Zune Bus Enumerator Driver;C:..WINNT..system32..DRIVERS..zumbus.sys [2007-11-15 21:38] R2 ZuneBusEnum;Zune Bus Enumerator;c:..WINNT..system32..ZuneBusEnum.exe [2007-11-15 21:51] S3 Dot4Usb HPH09;Dot4Usb HPH09;C:..WINNT..system32..drivers..hphius09.sys [2003-01-30 18:55] S3 dump_wmimmc;dump_wmimmc;C:..Program Files..Bots..GameGuard..dump_wmimmc.sys [] S3 IFCUSB;IFCUSB;C:..WINNT..system32..drivers..IFCUSB .SYS [2001-05-22 21:55] S3 NPDriver;Norton Unerase Protection Driver;C:..WINNT..System32..Drivers..NPDRIVER.SYS [2002-08-14 06:03] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:..WINNT..system32..ZuneWlanCfgSvc.exe [2007-11-15 21:51] S4 MSSQL$PARAMOUNT;MSSQL$PARAMOUNT;C:..Program Files..Microsoft SQL Server..MSSQL$PARAMOUNT..Binn..sqlservr.exe [2002-12-17 17:26] S4 SQLAgent$PARAMOUNT;SQLAgent$PARAMOUNT;C:..Program Files..Microsoft SQL Server..MSSQL$PARAMOUNT..Binn..sqlagent.EXE [2002-12-17 17:23] . Contents of the 'Scheduled Tasks' folder "2008-02-14 20:45:02 C:..WINNT..Tasks..AppleSoftwareUpdate.job" - C:..Program Files..Apple Software Update..SoftwareUpdate.exe "2008-02-21 04:20:59 C:..WINNT..Tasks..MP Scheduled Scan.job" - C:..Program Files..Windows Defender..MpCmdRun.exe "2008-02-12 04:00:00 C:..WINNT..Tasks..Norton AntiVirus - Run Full System Scan - Eli.job" - C:..Program Files..Norton AntiVirus..Navw32.exeh/TASK: "2008-02-02 01:30:00 C:..WINNT..Tasks..Norton SystemWorks One Button Checkup.job" - C:..Program Files..Norton SystemWorks..OBC.exe "2008-02-20 11:00:00 C:..WINNT..Tasks..SpywareBot Scheduled Scan.job" - C:..Program Files..SpywareBot..SpywareBot.ex - C:..Program Files..SpywareBot "2008-02-16 00:00:00 C:..WINNT..Tasks..{271C803A-1298-428D-ADB0-440CC94F98D3}_ASO USASTU_Annette Sousa.job" - C:..WINNT..system32..mobsync.exeL /Schedule= "2008-02-20 00:00:00 C:..WINNT..Tasks..{2D186DD2-FA0F-48F7-A7DD-1473C92EB67A}_ASO USASTU_Annette Sousa.job" - C:..WINNT..system32..mobsync.exeL /Schedule= "2008-02-20 17:00:00 C:..WINNT..Tasks..{A7FD14B9-2705-4CE2-A53C-23060B45984D}_ASO USASTU_Annette Sousa.job" - C:..WINNT..system32..mobsync.exeL /Schedule= . ************************************************ ******************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-20 20:21:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . ------------------------ Other Running Processes ------------------------ . C:..Program Files..Windows Defender..MsMpEng.exe C:..WINNT..System32..S24EvMon.exe C:..Program Files..Common Files..Symantec Shared..ccSvcHst.exe C:..Program Files..Common Files..Symantec Shared..AppCore..AppSvc32.exe C:..WINNT..system32..ZCfgSvc.exe C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe C:..WINNT..System32..RegSrvc.exe C:..WINNT..System32..RoamMgr.exe C:..Program Files..Intel..Switching..User..RoamSvc.exe C:..WINNT..System32..imapi.exe C:..WINNT..system32..wscntfy.exe . ********************************************** ********************** . Completion time: 2008-02-20 20:29:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-21 04:29:07 ComboFix2.txt 2008-02-20 12:07:02 . 2008-02-14 20:25:36 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:13:26 AM, on 2/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:..WINNT..System32..smss.exe C:..WINNT..system32..winlogon.exe C:..WINNT..system32..services.exe C:..WINNT..system32..lsass.exe C:..WINNT..system32..svchost.exe C:..Program Files..Windows Defender..MsMpEng.exe C:..WINNT..System32..svchost.exe C:..WINNT..system32..svchost.exe C:..WINNT..System32..S24EvMon.exe C:..Program Files..Common Files..Symantec Shared..ccSvcHst.exe C:..Program Files..Common Files..Symantec Shared..AppCore..AppSvc32.exe C:..WINNT..system32..spoolsv.exe C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe C:..Program Files..Symantec..LiveUpdate..ALUSchedulerSvc.exe C:..Program Files..Common Files..Microsoft Shared..VS7Debug..mdm.exe C:..WINNT..System32..RegSrvc.exe C:..WINNT..System32..RoamMgr.exe C:..WINNT..System32..svchost.exe C:..Program Files..Viewpoint..Common..ViewpointService.exe c:..WINNT..system32..ZuneBusEnum.exe C:..Program Files..Intel..Switching..User..RoamSvc.exe C:..WINNT..system32..ZCfgSvc.exe C:..WINNT..Explorer.EXE C:..WINNT..system32..wscntfy.exe C:..WINNT..system32..ctfmon.exe C:..Program Files..Google..GoogleToolbarNotifier..GoogleToolba rNotifier. exe C:..WINNT..system32..wuauclt.exe C:..Program Files..Trend Micro..HijackThis..HijackThis.exe R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8.r{} __________________ "Did you hear about the new ubuntu release?" "Sorry, I'm not into pokemon."