Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo/downloader/trojan Horse


  • Please log in to reply
21 replies to this topic

#1 Deek

Deek

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 18 September 2007 - 01:46 PM

Norton keeps picking up Trojan.Horse; Trojan.Vundo and Downloader. All my icons on my desktop disappear. Here is my HiJack This Log (I did clean out temp files, ran AdAware; ran Spybot and Avert Stinger, etc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:17 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLHOS~1.EXE
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLServiceHost.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\enivrmin.dll",forkonce
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCAL
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9435 bytes


Thank you for your assistance

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:10 PM

Posted 26 September 2007 - 04:11 PM

Hi Deek sorry for the delay in answering your post.
If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now.
But before you post a new log, i need you do something for me:

Something seems to be trying to hide from us in your log so.....
Please do the following:
Click on Start...... My Computer...... Your main drive ( usually 'C'
Then click on Program files..... Trend Micro.......HijackThis
Right click on Hijackthis.exe and select Rename, rename it to starbuck.exe
Double click on starbuck.exe (which is still Hijackthis.exe),Run another scan and post that log into your next reply please.
Thanks

Starbuck

BBPP6nz.png


#3 Deek

Deek
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 27 September 2007 - 07:10 AM

Thank you for your reply. But I'm confused, why would I have to rename the HiJack this program? How would that show what is "Hiding"

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:10 PM

Posted 27 September 2007 - 12:39 PM

Hi Deek,
Certain malware can hide it's self from Hjt, if we rename the program the malware doesn't realise that it's really Hjt that's running.
What i'm looking at in your log... is the lack of 02 and 020 lines.
Vundo will use these lines, but in hiding itself from hjt..... it tends to hide all the 02 lines. ( so it's a bit of a give away)
By renaming the hijackthis.exe to something else..... it'll still be the same program running, but with a different name.So the chances are that the malware will show in the new log.
Has that helped to make things clearer for you?
If you have any questions at all ... just ask.

Edited by Starbuck, 27 September 2007 - 12:41 PM.

BBPP6nz.png


#5 Deek

Deek
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 29 September 2007 - 09:45 AM

Here you go and thanks for the explanation:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:56 AM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLHOS~1.EXE
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLServiceHost.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Trend Micro\HijackThis\starbuck.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {745356F7-2799-429D-9B5B-5D59BF969FD8} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\tuvuvvu.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\enyncweo.dll
O2 - BHO: (no name) - {F0BE6075-0EC9-4CF0-9FAC-B73DF4721D6F} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\skpeopkm.dll",sitypnow
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCAL
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: tuvuvvu - C:\WINDOWS\SYSTEM32\tuvuvvu.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10770 bytes

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:10 PM

Posted 29 September 2007 - 11:33 AM

Thanks for the new log Deek

thanks for the explanation:

You're very welcome.
Can you see the difference in the 02 & 020 lines now?
Give me some time to look over the new log and i'll get back to you as soon as possible.

BBPP6nz.png


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:10 PM

Posted 29 September 2007 - 05:28 PM

Hi Deek,

Please download ComboFix

Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. This may cause it to stall

Could you also let me have an uninstall list:
Open HijackThis....then click Config.....then Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
More information with a screenshot, can be found here.

So in your next reply, please supply:
Combofix report
Uninstall list
And a new Hjt log

thx

BBPP6nz.png


#8 Deek

Deek
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 October 2007 - 09:23 AM

Combo fix is not working. It keeps coming up with a freeware implementation of reg.exe has encountered a problem and needs to close. Send error report or don't send. I keep hitting don't send and then it will come back. The message repeats itself frequently. Once I get it to stop, then it says I don't have administration rights?? Here's the rest of the stuff you wanted.
This is the Uninstall List:
ABBYY FineReader 6.0 Sprint
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
AIM 6
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ATI Display Driver
AudibleManager
Bass Tournament Tycoon
Battlefield 1942
Bejeweled 2 Deluxe
Belkin Wireless Utility
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Browser Address Error Redirector
ccCommon
ClickClickClick Browser Optimizer
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
Dell Digital Jukebox Driver
Digital Media Reader
Diner Dash
DVD Shrink 3.2
DVD Solution
FATE
FrostWire 4.13.3
Gateway Game Console
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
InterActual Player
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 2
Lexmark 2400 Series
Lexmark Fax Solutions
LifeGlobe Sharks, Terrors of the Deep 2
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mini Golf Mayhem
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
MySpaceIM
Napster
Napster Burn Engine
Nero 7 Demo
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
Railroad Tycoon II - Gold Edition
RealArcade
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
SCRABBLE
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SereneScreen Marine Aquarium 2.6
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPBBC
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stronghold Crusader
Symantec
Symantec Script Blocking Installer
SymNet
Tradewinds
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
Viewpoint Media Player
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB886185
Windows XP Media Center Edition 2005 KB925766
Yahoo! Music Jukebox
ZENcast Organizer

This is the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22, on 2007-10-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\starbuck.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FDE94AE-8420-4D2D-8C5A-C44FCE8876B1} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nqinhphf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\tuvuvvu.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {F0BE6075-0EC9-4CF0-9FAC-B73DF4721D6F} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\qelkyjxq.dll",sitypnow
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCAL
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: tuvuvvu - C:\WINDOWS\SYSTEM32\tuvuvvu.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10735 bytes


Thank you.

#9 Deek

Deek
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 October 2007 - 10:38 AM

Starbuck - I got Combo Fix to work!! Here is the log from Combo Fix:

ComboFix 07-10-02.2 - Owner 2007-10-02 9:28:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.70 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.Andrew\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Owner.Andrew\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner.Andrew\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner.Andrew\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Seekmo Programs
C:\WINDOWS\cookies.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
C:\WINDOWS\system32\aunrwkop.ini
C:\WINDOWS\system32\aupbboiu.ini
C:\WINDOWS\system32\bewilgjh.ini
C:\WINDOWS\system32\bgiopyuc.dll
C:\WINDOWS\system32\bwxxtxqg.dll
C:\WINDOWS\system32\byxvtrs.dll
C:\WINDOWS\system32\ceonlcci.ini
C:\WINDOWS\system32\cqnqmrfh.ini
C:\WINDOWS\system32\cuypoigb.ini
C:\WINDOWS\system32\cwevjdfq.ini
C:\WINDOWS\system32\dakfqiev.ini
C:\WINDOWS\system32\dcyucmcf.ini
C:\WINDOWS\system32\ddalelhv.ini
C:\WINDOWS\system32\enyncweo.dll
C:\WINDOWS\system32\fcmcuycd.dll
C:\WINDOWS\system32\fqsvhxnq.ini
C:\WINDOWS\system32\gdeinvdy.ini
C:\WINDOWS\system32\ghbrdrwj.dll
C:\WINDOWS\system32\gnyojcki.dll
C:\WINDOWS\system32\gqhrvdqu.dll
C:\WINDOWS\system32\gqxtxxwb.ini
C:\WINDOWS\system32\gvemmhuk.dll
C:\WINDOWS\system32\gysqgslj.ini
C:\WINDOWS\system32\hbwjxhej.ini
C:\WINDOWS\system32\hfrmqnqc.dll
C:\WINDOWS\system32\hggfedd.dll
C:\WINDOWS\system32\hjgliweb.dll
C:\WINDOWS\system32\hvaiaciy.ini
C:\WINDOWS\system32\icclnoec.dll
C:\WINDOWS\system32\iifcbax.dll
C:\WINDOWS\system32\iiffdba.dll
C:\WINDOWS\system32\ikcjoyng.ini
C:\WINDOWS\system32\imrxymys.dll
C:\WINDOWS\system32\issylavp.ini
C:\WINDOWS\system32\jboxewsv.tmp
C:\WINDOWS\system32\jehxjwbh.dll
C:\WINDOWS\system32\jlsgqsyg.dll
C:\WINDOWS\system32\juyvlaqo.ini
C:\WINDOWS\system32\jwrdrbhg.ini
C:\WINDOWS\system32\keuelluv.ini
C:\WINDOWS\system32\kuhmmevg.ini
C:\WINDOWS\system32\ljjgefc.dll
C:\WINDOWS\system32\lotndwqm.dll
C:\WINDOWS\system32\mkpoepks.ini
C:\WINDOWS\system32\mljjhhf.dll
C:\WINDOWS\system32\mqwdntol.ini
C:\WINDOWS\system32\mxuydpms.dll
C:\WINDOWS\system32\nktgqevt.ini
C:\WINDOWS\system32\nnnlmlj.dll
C:\WINDOWS\system32\nseyavpo.ini
C:\WINDOWS\system32\okdnftds.dll
C:\WINDOWS\system32\opvayesn.dll
C:\WINDOWS\system32\oqalvyuj.dll
C:\WINDOWS\system32\orgpbjhs.ini
C:\WINDOWS\system32\pcawdcwp.dll
C:\WINDOWS\system32\phfbyjht.dll
C:\WINDOWS\system32\pmnmlji.dll
C:\WINDOWS\system32\pokwrnua.dll
C:\WINDOWS\system32\pvalyssi.dll
C:\WINDOWS\system32\pwcdwacp.ini
C:\WINDOWS\system32\qelkyjxq.dll
C:\WINDOWS\system32\qfdjvewc.dll
C:\WINDOWS\system32\qihuqojs.ini
C:\WINDOWS\system32\qnxhvsqf.dll
C:\WINDOWS\system32\qomkhec.dll
C:\WINDOWS\system32\qomkhig.dll
C:\WINDOWS\system32\qomnllm.dll
C:\WINDOWS\system32\qxjykleq.ini
C:\WINDOWS\system32\rqrolkj.dll
C:\WINDOWS\system32\rqrroop.dll
C:\WINDOWS\system32\sdtfndko.ini
C:\WINDOWS\system32\shjbpgro.dll
C:\WINDOWS\system32\sjoquhiq.dll
C:\WINDOWS\system32\skpeopkm.dll
C:\WINDOWS\system32\smpdyuxm.ini
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\symyxrmi.ini
C:\WINDOWS\system32\thjybfhp.ini
C:\WINDOWS\system32\tiyfpeox.ini
C:\WINDOWS\system32\tktlculh.dll
C:\WINDOWS\system32\tuvtsts.dll
C:\WINDOWS\system32\tuvutus.dll
C:\WINDOWS\system32\tuvuvvu.dll
C:\WINDOWS\system32\tveqgtkn.dll
C:\WINDOWS\system32\ugogbonu.ini
C:\WINDOWS\system32\uiobbpua.dll
C:\WINDOWS\system32\unobgogu.dll
C:\WINDOWS\system32\uqdvrhqg.ini
C:\WINDOWS\system32\urqnopn.dll
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\uttss.tmp
C:\WINDOWS\system32\veiqfkad.dll
C:\WINDOWS\system32\vhleladd.dll
C:\WINDOWS\system32\vswexobj.dll
C:\WINDOWS\system32\vulleuek.dll
C:\WINDOWS\system32\wkqrsgxw.dll
C:\WINDOWS\system32\wmjsjyjr.dll
C:\WINDOWS\system32\wptgglyy.dll
C:\WINDOWS\system32\wxgsrqkw.ini
C:\WINDOWS\system32\xoepfyit.dll
C:\WINDOWS\system32\xxyyyaa.dll
C:\WINDOWS\system32\ydvniedg.dll
C:\WINDOWS\system32\yicaiavh.dll
C:\WINDOWS\system32\yylggtpw.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.

2007-10-02 09:38 85,056 --a------ C:\WINDOWS\system32\laifcrxb.dll
2007-10-02 09:32 75,328 --a------ C:\WINDOWS\system32\dmhfggka.exe
2007-10-02 07:54 77,376 --a------ C:\WINDOWS\system32\nqinhphf.dll
2007-10-02 07:11 77,376 --a------ C:\WINDOWS\system32\axeipsws.dll
2007-09-26 21:42 81,904 --a------ C:\WINDOWS\system32\nouecana.dll
2007-09-26 21:07 81,904 --a------ C:\WINDOWS\system32\bieutygv.dll
2007-09-26 20:06 81,904 --a------ C:\WINDOWS\system32\vifptehv.dll
2007-09-26 19:32 81,904 --a------ C:\WINDOWS\system32\eqpseind.dll
2007-09-26 19:04 81,904 --a------ C:\WINDOWS\system32\gxbvyffp.dll
2007-09-23 19:46 <DIR> d-------- C:\Documents and Settings\Owner.Andrew\Application Data\FrostWire
2007-09-18 10:35 <DIR> d-------- C:\Documents and Settings\Owner.Andrew\.housecall6.6
2007-09-18 07:29 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 08:49 --------- d-------- C:\Program Files\lx_cats
2007-09-26 18:51 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 07:08 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-18 07:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-03 10:23 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-20 14:36 --------- d-------- C:\Program Files\LimeWire
2007-08-20 14:34 --------- d-------- C:\Documents and Settings\Owner.Andrew\Application Data\LimeWire
2007-06-21 19:08 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-05-08 15:21 35 --a------ C:\Documents and Settings\Owner.Andrew\readme.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0BE6075-0EC9-4CF0-9FAC-B73DF4721D6F}]
C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 16:32]
"HostManager"="C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe" [2004-11-03 16:03]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 19:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 03:11]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 19:44 C:\WINDOWS\RTHDCPL.exe]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 06:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 15:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 20:59]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~3.SH!

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2241033]
rundll32 C:\WINDOWS\system32\j2241033.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrisonTycoonSetup.exe]
C:\DOCUME~1\OWNER~1.AND\Desktop\PRISON~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wljkpeumi]
c:\windows\system32\wljkpeumi.exe wljkpeumi

R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c10ab1-249a-11db-9824-00038a000015}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d30f5173-20bb-11db-870b-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-09-30 21:01:09 C:\WINDOWS\Tasks\Norton AntiVirus - scan - Owner.job"
- C:\PROGRA~1\NORTON~1\NAVW32.EXE
"2007-09-22 03:32:03 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 09:51:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-02 10:33:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 10:33
C:\ComboFix2.txt ... 2007-06-18 17:29
.
--- E O F ---


Here is the uninstall list:

ABBYY FineReader 6.0 Sprint
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
AIM 6
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ATI Display Driver
AudibleManager
Bass Tournament Tycoon
Battlefield 1942
Bejeweled 2 Deluxe
Belkin Wireless Utility
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Browser Address Error Redirector
ccCommon
ClickClickClick Browser Optimizer
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
Dell Digital Jukebox Driver
Digital Media Reader
Diner Dash
DVD Shrink 3.2
DVD Solution
FATE
FrostWire 4.13.3
Gateway Game Console
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
InterActual Player
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 2
Lexmark 2400 Series
Lexmark Fax Solutions
LifeGlobe Sharks, Terrors of the Deep 2
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mini Golf Mayhem
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
MySpaceIM
Napster
Napster Burn Engine
Nero 7 Demo
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
Railroad Tycoon II - Gold Edition
RealArcade
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
SCRABBLE
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SereneScreen Marine Aquarium 2.6
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPBBC
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stronghold Crusader
Symantec
Symantec Script Blocking Installer
SymNet
Tradewinds
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
Viewpoint Media Player
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB886185
Windows XP Media Center Edition 2005 KB925766
Yahoo! Music Jukebox
ZENcast Organizer


LASTLY - HERE IS THE HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:27 AM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\starbuck.exe.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {F0BE6075-0EC9-4CF0-9FAC-B73DF4721D6F} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCAL
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10132 bytes



Thanks - Please let me know.

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:10 PM

Posted 03 October 2007 - 12:22 PM

Hi Deek
Please give me some time to go through these logs properly and i'll get back to you as soon as possible.
Thx

BBPP6nz.png


#11 Deek

Deek
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 03 October 2007 - 05:34 PM

No Problem. FYI - the computer seems to be running GREAT now. Much faster and Norton isn't putting up any annoying "virus found" but can't delete messages!~ I believe you got it. But you are the expert and I'll await your advice.

Thanks again

#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:10 PM

Posted 04 October 2007 - 03:32 PM

Hi Deek

I'm glad to here that there's been an improvement.

We're not quite finished yet though!

Your Java is out of date.... older versions have vunerabilities that malware will use to their advantage.

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Now:
Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
Files::
C:\WINDOWS\system32\laifcrxb.dll
C:\WINDOWS\system32\dmhfggka.exe
C:\WINDOWS\system32\nqinhphf.dll
C:\WINDOWS\system32\axeipsws.dll
C:\WINDOWS\system32\nouecana.dll
C:\WINDOWS\system32\bieutygv.dll
C:\WINDOWS\system32\vifptehv.dll
C:\WINDOWS\system32\eqpseind.dll
C:\WINDOWS\system32\gxbvyffp.dll
C:\WINDOWS\system32\ddcyw.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0BE6075-0EC9-4CF0-9FAC-B73DF4721D6F}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2241033]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wljkpeumi]
Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
Now please wait for ComboFix to finish running

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

To help with the cleaning process:

Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Please post back the new combofix report
The SuperAntiSpyware scan log
and a new hjt log
Thx

BBPP6nz.png


#13 Deek

Deek
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 06 October 2007 - 03:30 PM

Hi again:

THIS IS THE COMBOFIX REPORT:

ComboFix 07-10-02.2 - Owner 2007-10-06 11:16:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.114 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.Andrew\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Owner.Andrew\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bxrcfial.ini
C:\WINDOWS\system32\laifcrxb.dll
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))
.

2007-10-02 07:54 77,376 --a------ C:\WINDOWS\system32\nqinhphf.dll
2007-10-02 07:11 77,376 --a------ C:\WINDOWS\system32\axeipsws.dll
2007-09-26 21:42 81,904 --a------ C:\WINDOWS\system32\nouecana.dll
2007-09-26 21:07 81,904 --a------ C:\WINDOWS\system32\bieutygv.dll
2007-09-26 20:06 81,904 --a------ C:\WINDOWS\system32\vifptehv.dll
2007-09-26 19:32 81,904 --a------ C:\WINDOWS\system32\eqpseind.dll
2007-09-26 19:04 81,904 --a------ C:\WINDOWS\system32\gxbvyffp.dll
2007-09-23 19:46 <DIR> d-------- C:\Documents and Settings\Owner.Andrew\Application Data\FrostWire
2007-09-18 10:35 <DIR> d-------- C:\Documents and Settings\Owner.Andrew\.housecall6.6
2007-09-18 07:29 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 11:03 --------- d-------- C:\Program Files\lx_cats
2007-10-04 18:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 07:08 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-18 07:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-03 10:23 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-20 14:36 --------- d-------- C:\Program Files\LimeWire
2007-08-20 14:34 --------- d-------- C:\Documents and Settings\Owner.Andrew\Application Data\LimeWire
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-21 19:08 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-05-08 15:21 35 --a------ C:\Documents and Settings\Owner.Andrew\readme.bat
.

((((((((((((((((((((((((((((( snapshot@2007-10-02_ 9.54.38.18 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,168 2007-09-25 03:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 03:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 04:31:42 C:\WINDOWS\system32\javaws.exe
.
----a-w 49,248 2005-03-04 09:06:58 C:\WINDOWS\system32\java.exe
----a-w 49,250 2005-03-04 09:07:06 C:\WINDOWS\system32\javaw.exe
----a-w 127,078 2005-03-04 10:36:48 C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 16:32]
"HostManager"="C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe" [2004-11-03 16:03]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 19:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 03:11]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 19:44 C:\WINDOWS\RTHDCPL.exe]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 06:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 15:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 20:59]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~3.SH!

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrisonTycoonSetup.exe]
C:\DOCUME~1\OWNER~1.AND\Desktop\PRISON~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c10ab1-249a-11db-9824-00038a000015}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d30f5173-20bb-11db-870b-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 21:59:10 C:\WINDOWS\Tasks\Norton AntiVirus - scan - Owner.job"
"2007-09-22 03:32:03 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 11:22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 13:14:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-06 13:14
C:\ComboFix2.txt ... 2007-10-02 10:33
C:\ComboFix3.txt ... 2007-06-18 17:29
.
--- E O F ---


THIS IS THE SUPERANTISPYWARE SCAN LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/06/2007 at 02:27 PM

Application Version : 3.9.1008

Core Rules Database Version : 3320
Trace Rules Database Version: 1321

Scan type : Complete Scan
Total Scan Time : 01:04:18

Memory items scanned : 501
Memory threats detected : 0
Registry items scanned : 7134
Registry threats detected : 0
File items scanned : 72379
File threats detected : 244

Adware.Tracking Cookie
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adopt.hbmediapro[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@rotator.its.adjuggler[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.stilemedia[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@little-girl[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@advertising[6].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad1.clickhype[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantivirus[8].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cgi-bin[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adserver.weakgame[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@127968809[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@justsexyvideos[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@enhance[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@s1[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@image.masterstats[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.winantispyware[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.porndocs[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@sexbuddies[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@stats.gamestop[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@top2[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@stats.drivecleaner[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@audit.median[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@twelvefifteen[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@stats1.reliablestats[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultfriendfinder[7].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@entrepreneur[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@toseeka[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.babes2sexy[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@icc.intellisrv[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.tossoffmedia[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@topbootypics[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cgi-bin[8].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@stilemedia[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@counter5.sextracker[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultadworld[5].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.adgoto[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@screensavers[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad2.adecn[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@hitcounter.yourpaysite[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@_[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@sextracker[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@drivecleaner[6].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adlegend[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cpvfeed[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@interclick[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@pornfidelity[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.bigtitpornstars[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.screensavers[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@i.screensavers[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@eroticlick[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cgi-bin[9].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cgi-bin[12].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@html[8].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@wt.sexsearch[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@counter12.sextracker[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@AdRotator[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantispyware[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@commonsensemedia[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.winantiviruspro[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.allporntoons[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.hqualityporn[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@vod.porntube[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.lesbo-porn[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@click-new-download[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cock-seducing-teens.thumblogger[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cgi-bin[6].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad.yieldmanager[5].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.pornsitejourney[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.hqzoosex[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.sexmaxx[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@alladultchannel[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@humornsex[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cgi-bin[7].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@beporn[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@569498225[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@join.porntube[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@limewire[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@xxx-niches[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@xxxpower[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@st[16].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@pornaccess[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cgi-bin[10].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@porntube[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad.interepads[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultlisting[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@exchange.ggmedia[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@goclick[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.porntube[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cgi-bin[13].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.rowise[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@view-8908[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.incestxxx[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.banner-farm[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.freepornster[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad.abum[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@tgp.xxxkey[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@xiti[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.realtechnetwork[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@toplist[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@shagsporn[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cfree=tmedia[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@tracker.e-sport[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@stats[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@family.bestcutesex[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.xxxpower[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@brightcove.112.2o7[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@st[31].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.pornoamateurs[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.amaporn[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@sexmovies[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ragazza-tettona-fa-sesso-amatoriale[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@id11359[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@19searchfeed[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@2.marketbanker[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@3d-sexgames[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@67.15.239[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad.contentmedianetwork[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad.yieldmanager[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ad.yieldmanager[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.glispa[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.intentmediaworks[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultadworld[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultadworld[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultadworld[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultadworld[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultfriendfinder[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultfriendfinder[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultfriendfinder[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultfriendfinder[5].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultfriendfinder[6].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@adultgames[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@advertising[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@advertising[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@audit.median[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@banners[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@banners[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@belnk[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@c.alladultchannel[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@click-fr[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@click.revsharecash[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@click.zoopartners[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@count2.exitexchange[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@couplesseduceteens[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@crazyxxx3dworld[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@drivecleaner[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@drivecleaner[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@drivecleaner[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@drivecleaner[5].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@elite.advertarium.com[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@emarketmakers[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@enhance[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@exchange.ggmedia[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@exchange.ggmedia[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@geo.precisionclick[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@kinxxx[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@medias[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@momsteachingteens[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@mtr.splash.sexsearch[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@partners.agamimedia[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@popunderadvertise[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@pornaccess[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@pornaccess[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@porngata[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@pornoinside[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@questionmarket[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@realsexcash[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@serving.rpowermedia[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@sex-video[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@sexy-videos[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@stats[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@stats[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@vidisex[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@vod.sextoytv[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantispyware[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantispyware[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantispyware[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantivirus[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantivirus[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantivirus[3].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantivirus[4].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantivirus[5].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@winantivirus[6].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.3d-sexgames[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.pornstarheaven[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.sextronix[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.winantispyware[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.winantiviruspro[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.xctrk[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.xxxmilfpics[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@www.xxxseek[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@yadro[2].txt
C:\Documents and Settings\Owner.Andrew\Cookies\owner@yourpornmovies[2].txt

Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HGGFEDD.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RQROLKJ.DLL.VIR

Adware.eZula
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP74\A0111666.EXE



THIS IS THE NEW HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:18 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\System32\wltrysvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\System32\bcmwltry.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\starbuck.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCAL
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\windows\System32\wltrysvc.exe

--
End of file - 10757 bytes



THERE YOU GO STARBUCK; Please continue to do your magic!! Thanks again.

#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:10 PM

Posted 08 October 2007 - 04:38 PM

Hi Deek

You have a dubious program installed on your system
ClickClickClick Browser Optimizer
It has some dodgy things in the licence agreement:

This application will pop advertisements on your computer every 30 to 60 minutes.


Plus allowing third party usage.

Clickclickclick.biz may be included in this installation. You acknowledge and agree to be bound by the software licensing agreement and terms of use of http://www.clickclickclick.biz which can be located here: http://www.clickclickclick.biz/tc.html. To uninstall the cpmadz.com application, please go to Add/Remove Software control panel and uninstall "ClickClickClick Browser Optimizer".


I would really recommend uninstalling this program.

Click on start... settings.... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

ClickClickClick Browser Optimizer

Now:
The new Combofix report is showing a possible 'flash drive' infection:

Please download Flash_Disinfector by sUBs and save it to your desktop:

* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
* Wait until the program has finished scanning, then please exit the program and reboot.

You didn't run the CFScript properly.

Please follow these instructions:
Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
Files::
C:\WINDOWS\system32\nqinhphf.dll
C:\WINDOWS\system32\axeipsws.dll
C:\WINDOWS\system32\nouecana.dll
C:\WINDOWS\system32\bieutygv.dll
C:\WINDOWS\system32\vifptehv.dll
C:\WINDOWS\system32\eqpseind.dll
C:\WINDOWS\system32\gxbvyffp.dll
Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Now please wait for ComboFix to finish running

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

Run Hijackthis again, click scan, and Put a checkmark next to this line.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Then close all other windows, browers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Now please reboot your computer to complete the process.

Please post back a new Combofix report
and a new Hjt log.
Thx

How are things running now?

BBPP6nz.png


#15 Deek

Deek
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 09 October 2007 - 11:06 AM

Hi Starbuck:

Sorry about not running the CFS Script right with Combo Fix. I hope I did it right this time. First off, I removed ClickClickClick. It did say there was a problem with removal, but it's no longer on my list of programs.

Here is my Combo Fix Log:

ComboFix 07-10-02.2 - Owner 2007-10-09 10:47:05.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.93 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.Andrew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.Andrew\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 10:30 <DIR> drahs---- C:\autorun.inf
2007-10-09 10:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-07 19:44 <DIR> d-------- C:\GIRL_NEXT_DOOR_UNRATED_169
2007-10-06 13:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-06 13:20 <DIR> d-------- C:\Documents and Settings\Owner.Andrew\Application Data\SUPERAntiSpyware.com
2007-10-06 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-02 07:54 77,376 --a------ C:\WINDOWS\system32\nqinhphf.dll
2007-10-02 07:11 77,376 --a------ C:\WINDOWS\system32\axeipsws.dll
2007-09-26 21:42 81,904 --a------ C:\WINDOWS\system32\nouecana.dll
2007-09-26 21:07 81,904 --a------ C:\WINDOWS\system32\bieutygv.dll
2007-09-26 20:06 81,904 --a------ C:\WINDOWS\system32\vifptehv.dll
2007-09-26 19:32 81,904 --a------ C:\WINDOWS\system32\eqpseind.dll
2007-09-26 19:04 81,904 --a------ C:\WINDOWS\system32\gxbvyffp.dll
2007-09-23 19:46 <DIR> d-------- C:\Documents and Settings\Owner.Andrew\Application Data\FrostWire
2007-09-18 10:35 <DIR> d-------- C:\Documents and Settings\Owner.Andrew\.housecall6.6
2007-09-18 07:29 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 10:34 --------- d-------- C:\Program Files\lx_cats
2007-10-07 19:43 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-06 13:19 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 18:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 07:08 9344 --a------ C:\windows\system32\drivers\NSDriver.sys
2007-09-18 07:08 8320 --a------ C:\windows\system32\drivers\AWRTRD.sys
2007-08-20 14:36 --------- d-------- C:\Program Files\LimeWire
2007-08-20 14:34 --------- d-------- C:\Documents and Settings\Owner.Andrew\Application Data\LimeWire
2007-07-30 19:19 92504 --a------ C:\windows\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\windows\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\windows\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\windows\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\windows\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\windows\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\windows\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\windows\system32\wups.dll
2007-06-21 19:08 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-05-08 15:21 35 --a------ C:\Documents and Settings\Owner.Andrew\readme.bat
.

((((((((((((((((((((((((((((( snapshot@2007-10-02_ 9.54.38.18 )))))))))))))))))))))))))))))))))))))))))
.
----a-r 29,696 2007-10-06 18:20:07 C:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r 18,944 2007-10-06 18:20:07 C:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r 65,024 2007-10-06 18:20:07 C:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
----a-w 135,168 2007-09-25 03:30:28 C:\windows\system32\java.exe
----a-w 135,168 2007-09-25 03:30:30 C:\windows\system32\javaw.exe
----a-w 139,264 2007-09-25 04:31:42 C:\windows\system32\javaws.exe
.
----a-w 49,248 2005-03-04 09:06:58 C:\WINDOWS\system32\java.exe
----a-w 49,250 2005-03-04 09:07:06 C:\WINDOWS\system32\javaw.exe
----a-w 127,078 2005-03-04 10:36:48 C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 16:32]
"HostManager"="C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe" [2004-11-03 16:03]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 19:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 03:11]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 19:44 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"LXCRCATS"="C:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 06:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 15:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 20:59]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~3.SH!

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrisonTycoonSetup.exe]
C:\DOCUME~1\OWNER~1.AND\Desktop\PRISON~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c10ab1-249a-11db-9824-00038a000015}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d30f5173-20bb-11db-870b-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 22:59:01 C:\windows\Tasks\Norton AntiVirus - scan - Owner.job"
"2007-09-22 03:32:03 C:\windows\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 10:50:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 10:51:30
C:\ComboFix-quarantined-files.txt ... 2007-10-09 10:51
.
--- E O F ---


Here is my HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:43 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\System32\wltrysvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\System32\bcmwltry.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLServiceHost.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\starbuck.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\2NCZCZQL\456625~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IGDFM3YN\AIM_UA~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\IVZPQGN4\NONVOI~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456626~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456625~4.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~1.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~2.SH! C:\DOCUME~1\OWNER~1.AND\LOCALS~1\TEMPOR~1\Content.IE5\CA2QVWOP\456DE3~3.SH! C:\DOCUME~1\OWNER~1.AND\LOCAL
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\windows\System32\wltrysvc.exe

--
End of file - 10752 bytes


The computer seems to be running great now. Nice and fast. Please let me know your thoughts.

Thank you!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users