Thread: combofix for friend
View Single Post
Old 05-07-2008, 04:06 AM   #7 (permalink)
koolkid12349
Bronze Member
 
Join Date: Oct 2007
Posts: 93
Default
ComboFix 08-05-01.3 - 2008-05-06 22:46:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.588 [GMT -4:00]
Running from: C:\Documents and Settings\Chris Scanlon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris Scanlon\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Chris Scanlon\Application Data\hsqt.exe
C:\Documents and Settings\Chris Scanlon\Application Data\nuupo .exe
C:\Documents and Settings\Chris Scanlon\Application Data\qbdsqxfkb.exe
C:\Documents and Settings\Chris Scanlon\Application Data\yuj.exe
C:\Documents and Settings\Chris Scanlon\installer.exe
C:\info.exe
C:\Program Files\BellSouth Internet Tools\blsloader .exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
C:\Program Files\Internet Explorer\5384 .EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot .exe
C:\Program Files\NCH Swift Sound\RecordPad\recordpad .exe
C:\Program Files\Support.com\BellSouth\hcenter .exe
C:\Program Files\wt3d.ini
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\9092929A94969A9.exe
C:\WINDOWS\system32\drivers\beepp.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\hdfile.sys
C:\WINDOWS\system32\hdport.sys
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\ieupdates .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\LVCOMSX .EXE
c:\windows\system32\znntzs.dll
C:\WINDOWS\Fonts :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chris Scanlon\Application Data\hsqt.exe
C:\Documents and Settings\Chris Scanlon\Application Data\nuupo .exe
C:\Documents and Settings\Chris Scanlon\Application Data\qbdsqxfkb.exe
C:\Documents and Settings\Chris Scanlon\Application Data\yuj.exe
C:\Documents and Settings\Chris Scanlon\installer.exe
C:\info.exe
C:\Program Files\BellSouth Internet Tools\blsloader .exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
C:\Program Files\Internet Explorer\5384 .EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot .exe
C:\Program Files\NCH Swift Sound\RecordPad\recordpad .exe
C:\Program Files\QuickTime\bak
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\SUPERAntiSpyware\bak
C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe
C:\Program Files\Support.com\BellSouth\hcenter .exe
C:\Program Files\wt3d.ini
C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\9092929A94969A9.exe
C:\WINDOWS\system32\drivers\beepp.sys
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\hdfile.sys
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\ieupdates .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\LVCOMSX .EXE
C:\WINDOWS\system32\updater
C:\WINDOWS\system32\updater\explorer .exe
c:\windows\system32\znntzs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_BEEPP
-------\Legacy_CKVC
-------\Legacy_DISK_DRIVE32
-------\Legacy_HDFILE
-------\Legacy_HDPORT
-------\Legacy_NWSAPAGENT
-------\Legacy_ZNNTZS
-------\Service_6to4
-------\Service_beepp
-------\Service_CKVC
-------\Service_DISK_DRIVE32
-------\Service_hdfile
-------\Service_NwSapAgent
-------\Service_znntzs


((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-06 22:43 . 2008-05-06 22:44 6,010 --a------ C:\Documents and Settings\Chris Scanlon\CFScript.txt
2008-05-06 22:11 . 2008-05-06 22:12 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-06 22:01 . 2008-05-06 22:28 <DIR> d-------- C:\SDFix
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Program Files\Canon
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\5e1a9adccaf11c7134470508668e0e
2008-04-29 19:10 . 2008-04-29 21:14 <DIR> d-------- C:\RECYCLER(2)
2008-04-27 02:34 . 2008-04-29 21:14 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-04-26 23:17 . 2007-11-15 22:51 155,552 --a------ C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-26 23:17 . 2007-11-15 22:51 80,288 --a------ C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-26 23:17 . 2007-11-15 22:51 72,608 --a------ C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-26 23:17 . 2007-11-15 22:51 45,472 --a------ C:\WINDOWS\system32\ZuneUsbConnection.dll
2008-04-20 19:35 . 2008-04-20 19:35 <DIR> d-------- C:\Program Files\AIM Search
2008-04-17 22:22 . 2008-04-17 22:23 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-04-17 22:22 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-04-15 20:14 . 2008-04-15 20:14 <DIR> d-------- C:\Program Files\DAP
2008-04-15 20:14 . 2008-04-15 20:14 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-04-15 20:14 . 2008-04-15 20:14 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-04-15 20:14 . 2008-04-15 20:14 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-04-14 18:50 . 2008-04-14 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SwiftKit
2008-04-14 18:38 . 2008-04-14 18:38 <DIR> d-------- C:\Program Files\Ascentive
2008-04-14 18:38 . 2008-04-14 18:38 <DIR> d-------- C:\Documents and Settings\Chris Scanlon\Application Data\InstallShield
2008-04-14 18:38 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-04-14 18:38 . 2008-03-12 14:13 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-04-14 18:38 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-07 02:50 --------- d-----w C:\Program Files\BellSouth Internet Tools
2008-05-07 02:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-07 02:47 --------- d-----w C:\Program Files\QuickTime
2008-05-07 02:46 --------- d-----w C:\Program Files\Zune
2008-05-07 02:46 --------- d-----w C:\Program Files\iTunes
2008-05-07 02:46 --------- d-----w C:\Program Files\DellSupport
2008-05-07 02:46 --------- d-----w C:\Program Files\AOL 9.1
2008-05-07 02:31 --------- d-----w C:\Program Files\AIMTunes
2008-05-06 19:28 --------- d-----w C:\Documents and Settings\Chris Scanlon\Application Data\LimeWire
2008-05-04 16:13 --------- d-----w C:\Documents and Settings\Chris Scanlon\Application Data\teamspeak2
2008-04-30 01:14 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-04-30 00:56 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-21 20:14 --------- d-----w C:\Documents and Settings\Chris Scanlon\Application Data\uTorrent
2008-04-20 23:42 --------- d-----w C:\Program Files\LimeWire
2008-04-20 23:35 --------- d-----w C:\Program Files\AIM6
2008-04-20 19:28 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-20 19:28 --------- d-----w C:\Documents and Settings\Chris Scanlon\Application Data\NCH Swift Sound
2008-04-16 00:14 --------- d-----w C:\Program Files\Google
2008-04-14 22:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 18:22 --------- d-----w C:\Program Files\HyCam2
2008-04-03 06:37 7,606 ----a-w C:\Documents and Settings\Chris Scanlon\Application Data\wklnhst.dat
2008-04-02 17:58 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-02 05:51 --------- d-----w C:\Documents and Settings\Chris Scanlon\Application Data\acccore
2008-04-02 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-28 03:46 --------- d-----w C:\Program Files\uTorrent
2008-03-25 19:48 --------- d-----w C:\Program Files\Java
2008-03-16 19:08 --------- d-----w C:\Documents and Settings\Chris Scanlon\Application Data\Move Networks
2008-02-21 01:57 60,968 ----a-w C:\Documents and Settings\Lisa Scanlon\GoToAssistDownloadHelper.exe
2008-01-14 23:47 10 ----a-w C:\Program Files\.autoreg
2007-12-13 21:31 75,232 ----a-w C:\Documents and Settings\Chris Scanlon\Application Data\GDIPFONTCACHEV1.DAT
2007-08-06 17:12 10,385,200 ----a-w C:\Documents and Settings\Chris Scanlon\HC41Installer.exe
2007-08-06 04:32 212,849 ----a-w C:\Program Files\hijackthis.zip
2007-05-20 18:01 0 ----a-w C:\Documents and Settings\Chris Scanlon\HC4Installer.exe
2007-05-20 01:17 628 ----a-w C:\Documents and Settings\Sean Scanlon\Application Data\wklnhst.dat
2006-12-06 03:14 1,178 ----a-w C:\Documents and Settings\Lisa Scanlon\Application Data\wklnhst.dat
2006-05-16 02:08 56 -csh--r C:\WINDOWS\system32\DA7BA0A167.sys
2006-05-16 02:08 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
Code:
<pre>
----a-w           839,685 2008-01-17 22:37:23  C:\WINDOWS\Fonts\svchost .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2008-03-25 16:49 111968 --a------ C:\Program Files\AIM Search\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-02-27 01:26 67128]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-14 19:37 1318912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-01-15 21:32 171448]
"Uaol"="C:\PROGRA~1\RACLE~1\explorer.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 21:10 385024]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" [2008-03-13 17:35 3239936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"A8AAAAB2ACAEB2B7B"="9092929A94969A9.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 21:10 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-31 21:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-02-20 21:57 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lisa Scanlon^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Lisa Scanlon\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthAlertManager.ex e]
--a------ 2006-01-10 17:56 1896448 C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blspcloader]
--a------ 2006-03-27 18:55 86016 C:\Program Files\BellSouth Internet Tools\blsloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2008-01-25 22:34 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 15:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1149387323\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-04-05 08:19 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-04-05 08:22 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 22:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 12:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-31 21:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-27 01:26 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2008-01-29 23:30 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-29 23:30 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-04-05 08:23 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 21:10 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun]
--a------ 2007-09-09 22:13 512004 C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-18 15:17 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-15 21:32 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2005-08-31 15:14 1277952 C:\Program Files\Support.com\BellSouth\hcenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-06 02:07 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater]
C:\WINDOWS\system32\updater\explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--a------ 2005-02-23 13:08 1159168 C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-01-21 14:26 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Gh'þ9Óœû3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Gh'þ9Óœû3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Gh'þ9Óœû3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Gh'þ9Óœû3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ogrycvw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ogrycvw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ogrycvw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 22:51]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
qzbjwn REG_MULTI_SZ qzbjwn
znntzs REG_MULTI_SZ znntzs

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 21:29:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 22:51:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1149387323\ee\AOLDesktop.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\taskmgr.exe
.
************************************************** ************************
.
Completion time: 2008-05-06 23:00:43 - machine was rebooted [Chris Scanlon]
ComboFix-quarantined-files.txt 2008-05-07 03:00:30
ComboFix2.txt 2008-04-27 19:08:50
ComboFix3.txt 2008-02-03 23:52:22
ComboFix4.txt 2008-02-03 23:37:56

Pre-Run: 33,079,074,816 bytes free
Post-Run: 33,102,811,136 bytes free

365 --- E O F --- 2008-04-12 17:06:11
koolkid12349 is offline   Reply With Quote