Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware Pop-ups: Zedo, Mevio, Internet Speed Monitor, Etd.


  • This topic is locked This topic is locked
12 replies to this topic

#1 Bombdiggity

Bombdiggity

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 23 June 2008 - 11:38 PM

ugh what do i need to do to make these pop-ups disappear??


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:45 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule19.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CORYRE~1\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe
C:\DOCUME~1\CORYRE~1\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {073101CF-2539-4BAB-AB42-BE9AA89A1B9E} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GetPack19] "C:\Program Files\GetPack\GetPack19.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule19] "C:\Program Files\GetModule\GetModule19.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O20 - Winlogon Notify: ljjijhh - ljjijhh.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8886 bytes

Edited by Bombdiggity, 23 June 2008 - 11:39 PM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:38 PM

Posted 24 June 2008 - 04:28 PM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Bombdiggity

Bombdiggity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 25 June 2008 - 12:17 AM

Hello! :thumbsup:

ComboFix 08-06-20.4 - Cory Reed 2008-06-25 22:06:22.2 - NTFSx86
Running from: C:\Documents and Settings\Cory Reed\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\mrofinu11.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-24 20:36 . 2008-06-24 20:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-24 20:35 . 2008-06-24 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 20:33 . 2008-06-24 20:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 20:23 . 2008-06-24 20:23 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\TrojanHunter
2008-06-24 20:06 . 2008-06-24 20:06 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-24 19:42 . 2008-06-24 19:42 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-06-24 19:21 . 2008-06-24 19:21 <DIR> d-------- C:\ProgramData
2008-06-24 19:21 . 2008-06-24 19:21 105,984 --a------ C:\WINDOWS\system32\ijckyonh(2).dll
2008-06-24 19:20 . 2008-06-24 19:20 321,536 --a------ C:\WINDOWS\system32\cbXNDTjG(2).dll
2008-06-24 19:19 . 2008-06-24 19:19 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\SecuROM
2008-06-24 19:15 . 2008-06-24 19:15 25,088 --a------ C:\WINDOWS\system32\urqQiHxW.dll
2008-06-24 15:18 . 2008-06-24 15:18 <DIR> d-------- C:\WINDOWS\Logs
2008-06-24 15:13 . 2008-06-24 19:43 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-23 23:21 . 2008-06-23 23:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 23:21 . 2008-06-23 23:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 20:50 . 2008-06-24 23:03 <DIR> d-------- C:\Program Files\Diner Dash 2
2008-06-23 20:49 . 2008-06-23 20:49 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-23 20:46 . 2008-06-24 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-21 23:25 . 2006-10-04 19:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-21 23:25 . 2006-10-04 19:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-21 23:24 . 2008-06-23 00:22 <DIR> d-------- C:\Program Files\Picasa2
2008-06-21 23:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-16 19:21 . 2008-06-25 14:29 <DIR> d-------- C:\Program Files\GetModule
2008-06-16 19:20 . 2008-06-16 19:20 <DIR> d-------- C:\Program Files\iCheck
2008-06-16 19:20 . 2008-06-18 13:40 <DIR> d-------- C:\Program Files\GetPack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 05:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-25 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-25 02:57 --------- d-----w C:\Program Files\Yahoo!
2008-06-25 02:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 02:55 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-06-25 02:54 --------- d-----w C:\Program Files\GemMaster
2008-06-22 06:47 --------- d-----w C:\Program Files\AIM
2008-06-22 06:44 --------- d-----w C:\Program Files\AOD
2008-06-22 06:27 --------- d-----w C:\Program Files\Google
2008-06-22 06:09 --------- d-----w C:\Program Files\Java
2008-06-22 06:04 --------- d-----w C:\Program Files\LimeWire
2008-06-17 10:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-06 02:52 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-20 23:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-20 23:57 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-10 01:55 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\Snapfish
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-08-01 16:44 251 ----a-w C:\Program Files\wt3d.ini
2007-01-07 10:45 753,664 --sha-w C:\Program Files\ehthumbs.db
.
<pre>
----a-w			67,112 2008-02-24 03:43:13  C:\Program Files\AIM\aim .exe
----a-w			81,920 2008-03-14 00:49:19  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   249,856 2008-02-24 03:42:31  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm		   .exe
----a-w		   615,936 2008-02-24 03:41:36  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm		  .exe
----a-w		   615,936 2008-02-21 01:38:28  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm		 .exe
----a-w		   615,936 2008-02-20 01:13:53  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm		.exe
----a-w		   249,856 2008-03-08 01:59:58  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	   .exe
----a-w		   615,936 2008-03-08 01:58:58  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	  .exe
----a-w		   249,856 2008-03-14 00:49:12  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	 .exe
----a-w		   615,936 2008-03-14 00:48:17  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	.exe
----a-w		   615,936 2008-03-13 03:18:18  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
----a-w		   615,936 2008-03-12 17:36:51  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe
----a-w		   615,936 2008-03-12 05:30:16  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w			40,960 2008-03-14 00:49:27  C:\Program Files\Hewlett-Packard\Default Settings\cpqset .exe
----a-w			49,152 2008-03-14 00:49:09  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   102,400 2008-03-14 00:49:06  C:\Program Files\HP\QuickPlay\QPService .exe
----a-w		   458,752 2008-03-14 00:48:53  C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
----a-w		   267,048 2008-03-14 00:50:02  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,609,728 2008-02-01 04:07:32  C:\Program Files\Microsoft ActiveSync\wcescomm						  .exe
----a-w		 1,609,728 2008-02-01 02:25:27  C:\Program Files\Microsoft ActiveSync\wcescomm						 .exe
----a-w		 1,609,728 2008-01-28 15:29:37  C:\Program Files\Microsoft ActiveSync\wcescomm						.exe
----a-w		 1,609,728 2008-01-23 23:48:31  C:\Program Files\Microsoft ActiveSync\wcescomm					   .exe
----a-w		 1,609,728 2008-01-21 00:41:24  C:\Program Files\Microsoft ActiveSync\wcescomm					  .exe
----a-w		 1,609,728 2008-01-20 16:27:37  C:\Program Files\Microsoft ActiveSync\wcescomm					 .exe
----a-w		 1,609,728 2008-01-19 16:49:15  C:\Program Files\Microsoft ActiveSync\wcescomm					.exe
----a-w		 1,609,728 2008-01-18 23:56:13  C:\Program Files\Microsoft ActiveSync\wcescomm				   .exe
----a-w		 1,207,080 2008-03-14 00:50:21  C:\Program Files\Microsoft ActiveSync\wcescomm				  .exe
----a-w		 1,609,728 2008-03-13 03:18:13  C:\Program Files\Microsoft ActiveSync\wcescomm				.exe
----a-w		 1,609,728 2008-03-12 17:36:46  C:\Program Files\Microsoft ActiveSync\wcescomm			   .exe
----a-w		 1,609,728 2008-03-12 05:30:12  C:\Program Files\Microsoft ActiveSync\wcescomm			  .exe
----a-w		 1,609,728 2008-03-10 03:48:54  C:\Program Files\Microsoft ActiveSync\wcescomm			 .exe
----a-w		 1,609,728 2008-03-08 01:58:55  C:\Program Files\Microsoft ActiveSync\wcescomm			.exe
----a-w		 1,609,728 2008-03-07 01:38:41  C:\Program Files\Microsoft ActiveSync\wcescomm		   .exe
----a-w		 1,609,728 2008-03-05 20:47:23  C:\Program Files\Microsoft ActiveSync\wcescomm		  .exe
----a-w		 1,609,728 2008-03-05 01:32:32  C:\Program Files\Microsoft ActiveSync\wcescomm		 .exe
----a-w		 1,609,728 2008-03-04 14:42:43  C:\Program Files\Microsoft ActiveSync\wcescomm		.exe
----a-w		 1,609,728 2008-03-04 02:32:25  C:\Program Files\Microsoft ActiveSync\wcescomm	   .exe
----a-w		 1,609,728 2008-03-03 21:25:19  C:\Program Files\Microsoft ActiveSync\wcescomm	  .exe
----a-w		 1,609,728 2008-03-01 01:50:50  C:\Program Files\Microsoft ActiveSync\wcescomm	 .exe
----a-w		 1,609,728 2008-02-29 05:13:12  C:\Program Files\Microsoft ActiveSync\wcescomm	.exe
----a-w		 1,609,728 2008-02-28 01:50:50  C:\Program Files\Microsoft ActiveSync\wcescomm   .exe
----a-w		 1,609,728 2008-02-26 23:52:08  C:\Program Files\Microsoft ActiveSync\wcescomm  .exe
----a-w		 1,609,728 2008-02-25 20:52:05  C:\Program Files\Microsoft ActiveSync\wcescomm .exe
----a-w		 5,354,792 2008-01-05 20:18:29  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		   536,576 2008-03-14 00:50:29  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree  .exe
----a-w		   282,624 2008-03-08 02:00:20  C:\Program Files\QuickTime\qttask																  .exe
----a-w		   649,216 2008-03-08 01:58:59  C:\Program Files\QuickTime\qttask																 .exe
----a-w		   649,216 2008-03-07 01:38:47  C:\Program Files\QuickTime\qttask																.exe
----a-w		   649,216 2008-03-05 20:47:28  C:\Program Files\QuickTime\qttask															   .exe
----a-w		   649,216 2008-03-05 01:32:40  C:\Program Files\QuickTime\qttask															  .exe
----a-w		   649,216 2008-03-04 14:42:50  C:\Program Files\QuickTime\qttask															 .exe
----a-w		   649,216 2008-03-04 02:32:31  C:\Program Files\QuickTime\qttask															.exe
----a-w		   649,216 2008-03-03 21:25:27  C:\Program Files\QuickTime\qttask														   .exe
----a-w		   649,216 2008-03-01 01:50:56  C:\Program Files\QuickTime\qttask														  .exe
----a-w		   649,216 2008-02-29 05:13:19  C:\Program Files\QuickTime\qttask														 .exe
----a-w		   649,216 2008-02-28 01:50:56  C:\Program Files\QuickTime\qttask														.exe
----a-w		   649,216 2008-02-26 23:52:14  C:\Program Files\QuickTime\qttask													   .exe
----a-w		   649,216 2008-02-25 20:52:12  C:\Program Files\QuickTime\qttask													  .exe
----a-w		   649,216 2008-02-24 03:41:37  C:\Program Files\QuickTime\qttask													 .exe
----a-w		   649,216 2008-02-21 01:38:30  C:\Program Files\QuickTime\qttask													.exe
----a-w		   649,216 2008-02-20 01:13:55  C:\Program Files\QuickTime\qttask												   .exe
----a-w		   649,216 2008-02-19 23:11:23  C:\Program Files\QuickTime\qttask												  .exe
----a-w		   649,216 2008-02-19 23:00:35  C:\Program Files\QuickTime\qttask												 .exe
----a-w		   649,216 2008-02-19 18:01:31  C:\Program Files\QuickTime\qttask												.exe
----a-w		   649,216 2008-02-19 00:40:31  C:\Program Files\QuickTime\qttask											   .exe
----a-w		   649,216 2008-02-18 15:51:09  C:\Program Files\QuickTime\qttask											  .exe
----a-w		   649,216 2008-02-17 22:53:23  C:\Program Files\QuickTime\qttask											 .exe
----a-w		   649,216 2008-02-17 21:32:41  C:\Program Files\QuickTime\qttask											.exe
----a-w		   649,216 2008-02-17 16:16:47  C:\Program Files\QuickTime\qttask										   .exe
----a-w		   649,216 2008-02-17 01:39:49  C:\Program Files\QuickTime\qttask										  .exe
----a-w		   649,216 2008-02-16 23:23:24  C:\Program Files\QuickTime\qttask										 .exe
----a-w		   649,216 2008-02-16 22:33:25  C:\Program Files\QuickTime\qttask										.exe
----a-w		   649,216 2008-02-16 22:04:48  C:\Program Files\QuickTime\qttask									   .exe
----a-w		   649,216 2008-02-16 01:51:18  C:\Program Files\QuickTime\qttask									  .exe
----a-w		   649,216 2008-02-16 01:15:58  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   649,216 2008-02-14 10:16:59  C:\Program Files\QuickTime\qttask									.exe
----a-w		   649,216 2008-02-14 02:47:48  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   649,216 2008-02-12 01:55:15  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   649,216 2008-02-09 20:21:41  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   649,216 2008-02-09 03:35:48  C:\Program Files\QuickTime\qttask								.exe
----a-w		   649,216 2008-02-04 20:20:39  C:\Program Files\QuickTime\qttask							   .exe
----a-w		   649,216 2008-02-03 21:26:27  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   649,216 2008-02-03 17:34:26  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   649,216 2008-02-03 03:50:26  C:\Program Files\QuickTime\qttask							.exe
----a-w		   649,216 2008-02-02 01:48:50  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   649,216 2008-02-01 04:07:38  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   649,216 2008-02-01 02:25:31  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   649,216 2008-01-28 15:29:42  C:\Program Files\QuickTime\qttask						.exe
----a-w		   649,216 2008-01-23 23:49:19  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   649,216 2008-01-21 00:41:31  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   649,216 2008-01-20 16:27:45  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   649,216 2008-01-19 16:49:21  C:\Program Files\QuickTime\qttask					.exe
----a-w		   649,216 2008-01-18 23:56:20  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   649,216 2008-01-17 22:50:10  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   649,216 2008-01-17 04:44:31  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   649,216 2008-01-17 01:27:21  C:\Program Files\QuickTime\qttask				.exe
----a-w		   649,216 2008-01-15 23:53:52  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   649,216 2008-01-15 03:31:32  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   649,216 2008-01-14 16:10:25  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   649,216 2008-01-14 07:29:47  C:\Program Files\QuickTime\qttask			.exe
----a-w		   649,216 2008-01-14 07:20:53  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   649,216 2008-01-10 22:53:46  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   649,216 2008-01-09 01:26:32  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   649,216 2008-01-07 20:34:05  C:\Program Files\QuickTime\qttask		.exe
----a-w		   649,216 2008-01-05 20:16:12  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   385,024 2008-03-14 00:49:56  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   751,616 2008-03-14 00:48:20  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   751,616 2008-03-13 03:18:20  C:\Program Files\QuickTime\qttask	.exe
----a-w		   751,616 2008-03-12 17:36:55  C:\Program Files\QuickTime\qttask   .exe
----a-w		   751,616 2008-03-12 05:30:19  C:\Program Files\QuickTime\qttask  .exe
----a-w		   751,616 2008-03-10 03:49:03  C:\Program Files\QuickTime\qttask .exe
----a-w		   794,713 2008-03-14 00:49:07  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w		   643,072 2008-03-14 00:49:41  C:\WINDOWS\CREATOR\Remind_XP .exe
----a-w			64,512 2008-02-01 02:26:00  C:\WINDOWS\ehome\ehtray .exe
----a-w		 1,187,840 2008-03-14 00:49:36  C:\WINDOWS\SMINST\RecGuard .exe
----a-w			77,824 2008-03-14 00:48:57  C:\WINDOWS\system32\hkcmd .exe
----a-w		   118,784 2008-03-14 00:49:03  C:\WINDOWS\system32\igfxpers .exe
----a-w			94,208 2008-03-14 00:48:56  C:\WINDOWS\system32\igfxtray .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{073101CF-2539-4BAB-AB42-BE9AA89A1B9E}]
C:\WINDOWS\system32\ssqpo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2006-08-01 15:35 67112]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [ ]
"GetPack19"="C:\Program Files\GetPack\GetPack19.exe" [2008-06-17 02:56 350208]
"GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [2008-06-10 02:08 350208]
"GetModule19"="C:\Program Files\GetModule\GetModule19.exe" [2008-06-17 02:58 351744]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"MsmqIntCert"="regsvr32" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-14 17:27:37 124400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-01-07 03:53:44 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjijhh]
ljjijhh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 05:15:42 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Cory Reed.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 22:11:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-25 22:14:05
ComboFix-quarantined-files.txt 2008-06-26 05:13:33
ComboFix2.txt 2008-06-25 04:20:45

Pre-Run: 43,698,679,808 bytes free
Post-Run: 43,673,665,536 bytes free

274 --- E O F --- 2008-06-21 15:41:29


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:34 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\GetPack\GetPack19.exe
C:\Program Files\GetModule\GetModule19.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CORYRE~1\LOCALS~1\Temp\Rar$EX00.593\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {073101CF-2539-4BAB-AB42-BE9AA89A1B9E} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GetPack19] "C:\Program Files\GetPack\GetPack19.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule19] "C:\Program Files\GetModule\GetModule19.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O20 - Winlogon Notify: ljjijhh - ljjijhh.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8689 bytes

#4 Bombdiggity

Bombdiggity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 25 June 2008 - 12:18 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:34 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\GetPack\GetPack19.exe
C:\Program Files\GetModule\GetModule19.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CORYRE~1\LOCALS~1\Temp\Rar$EX00.593\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {073101CF-2539-4BAB-AB42-BE9AA89A1B9E} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GetPack19] "C:\Program Files\GetPack\GetPack19.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule19] "C:\Program Files\GetModule\GetModule19.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O20 - Winlogon Notify: ljjijhh - ljjijhh.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8689 bytes

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:38 PM

Posted 25 June 2008 - 01:36 AM

Hi,

I see you didn't install the Recovery console.
The first step required before you run it is to install the Recovery Console.
Read here how to do this with Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.



Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree  .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm		   .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm		  .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm		 .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm		.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	   .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	  .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	 .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm						 .exe
C:\Program Files\Microsoft ActiveSync\wcescomm						.exe
C:\Program Files\Microsoft ActiveSync\wcescomm					   .exe
C:\Program Files\Microsoft ActiveSync\wcescomm					  .exe
C:\Program Files\Microsoft ActiveSync\wcescomm					 .exe
C:\Program Files\Microsoft ActiveSync\wcescomm					.exe
C:\Program Files\Microsoft ActiveSync\wcescomm				   .exe
C:\Program Files\Microsoft ActiveSync\wcescomm				  .exe
C:\Program Files\Microsoft ActiveSync\wcescomm				.exe
C:\Program Files\Microsoft ActiveSync\wcescomm			   .exe
C:\Program Files\Microsoft ActiveSync\wcescomm			  .exe
C:\Program Files\Microsoft ActiveSync\wcescomm			 .exe
C:\Program Files\Microsoft ActiveSync\wcescomm			.exe
C:\Program Files\Microsoft ActiveSync\wcescomm		   .exe
C:\Program Files\Microsoft ActiveSync\wcescomm		  .exe
C:\Program Files\Microsoft ActiveSync\wcescomm		 .exe
C:\Program Files\Microsoft ActiveSync\wcescomm		.exe
C:\Program Files\Microsoft ActiveSync\wcescomm	   .exe
C:\Program Files\Microsoft ActiveSync\wcescomm	  .exe
C:\Program Files\Microsoft ActiveSync\wcescomm	 .exe
C:\Program Files\Microsoft ActiveSync\wcescomm	.exe
C:\Program Files\Microsoft ActiveSync\wcescomm   .exe
C:\Program Files\Microsoft ActiveSync\wcescomm  .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\WINDOWS\system32\ijckyonh(2).dll
C:\WINDOWS\system32\cbXNDTjG(2).dll
C:\WINDOWS\system32\urqQiHxW.dll
Folder::
C:\Program Files\GetModule
C:\Program Files\iCheck
C:\Program Files\GetPack
C:\Program Files\QuickTime
RENV::
C:\Program Files\AIM\aim .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Hewlett-Packard\Default Settings\cpqset .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\HP\QuickPlay\QPService .exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Microsoft ActiveSync\wcescomm						  .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\SMINST\RecGuard .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\CREATOR\Remind_XP .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{073101CF-2539-4BAB-AB42-BE9AA89A1B9E}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GetPack19"=-
"GetPack18"=-
"GetModule19"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjijhh]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

You'll also have to reinstall Quicktime afterwards, since the files inside that folder are infected, so it's better to delete the entire quicktime folder instead. But that's for afterwards.
Please don't remove the extra spaces in the above files (present in the script), because it's supposed to be like that.

Edited by miekiemoes, 25 June 2008 - 01:37 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Bombdiggity

Bombdiggity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 25 June 2008 - 03:22 PM

alright, i messed this up a little bit. i had still forgotten to install the recovery program before i did the scan with combofix. so ill post the combofix log before and after i installed the recovery program, if thats alright. sorry, im just a little forgetful!

BEFORE:

ComboFix 08-06-20.4 - Cory Reed 2008-06-26 0:20:53.3 - NTFSx86
Running from: C:\Documents and Settings\Cory Reed\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cory Reed\My Documents\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
C:\WINDOWS\system32\cbXNDTjG(2).dll
C:\WINDOWS\system32\ijckyonh(2).dll
C:\WINDOWS\system32\urqQiHxW.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cory Reed\Start Menu\Programs\StartUp\DW_Start.lnk
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\GetModule
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\GetModule\GetModule19.exe
C:\Program Files\GetModule\kwdik.gz
C:\Program Files\GetModule\pckik.dat
C:\Program Files\GetPack
C:\Program Files\GetPack\dictame.gz
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetPack\GetPack19.exe
C:\Program Files\GetPack\trgtame.gz
C:\Program Files\iCheck
C:\Program Files\iCheck\Uninstall.exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
C:\Program Files\QuickTime
C:\Program Files\QuickTime\PictureViewer.exe
C:\Program Files\QuickTime\PictureViewer.Resources\PictureViewer.dll
C:\Program Files\QuickTime\PictureViewer.Resources\PictureViewer.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\pt_PT.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\pt_PT.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\Plugins\npqtplugin.dll
C:\Program Files\QuickTime\Plugins\npqtplugin2.dll
C:\Program Files\QuickTime\Plugins\npqtplugin3.dll
C:\Program Files\QuickTime\Plugins\npqtplugin4.dll
C:\Program Files\QuickTime\Plugins\npqtplugin5.dll
C:\Program Files\QuickTime\Plugins\npqtplugin6.dll
C:\Program Files\QuickTime\Plugins\npqtplugin7.dll
C:\Program Files\QuickTime\Plugins\nsIQTScriptablePlugin.xpt
C:\Program Files\QuickTime\Plugins\QuickTimePlugin.class
C:\Program Files\QuickTime\PropertyPanels\annoanno.pdef
C:\Program Files\QuickTime\PropertyPanels\moovaudi.pdef
C:\Program Files\QuickTime\PropertyPanels\moovpres.pdef
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.qpa
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropertyPanels.plist
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.qpa
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\rsrcrsrc.pdef
C:\Program Files\QuickTime\PropertyPanels\trakaudi.pdef
C:\Program Files\QuickTime\PropertyPanels\trakhint.pdef
C:\Program Files\QuickTime\PropertyPanels\trakothr.pdef
C:\Program Files\QuickTime\PropertyPanels\trakstrm.pdef
C:\Program Files\QuickTime\PropertyPanels\trakvisl.pdef
C:\Program Files\QuickTime\QTInfo.exe
C:\Program Files\QuickTime\QTOControl.dll
C:\Program Files\QuickTime\QTOLibrary.dll
C:\Program Files\QuickTime\QTPlugin.ocx
C:\Program Files\QuickTime\QTSystem\CFCharacterSetBitmaps.bitmap
C:\Program Files\QuickTime\QTSystem\CFUniCharPropertyDatabase.data
C:\Program Files\QuickTime\QTSystem\CFUnicodeData-B.mapping
C:\Program Files\QuickTime\QTSystem\CFUnicodeData-L.mapping
C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\CoreVideo.qtr
C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\pt_PT.lproj\CoreVideoLocalized.qtr
C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.qtr
C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr
C:\Program Files\QuickTime\QTSystem\ExportController.exe
C:\Program Files\QuickTime\QTSystem\ExportControllerPS.dll
C:\Program Files\QuickTime\QTSystem\Indeo4.qtx
C:\Program Files\QuickTime\QTSystem\Ir41_qc.dll
C:\Program Files\QuickTime\QTSystem\Ir41_qcx.dll
C:\Program Files\QuickTime\QTSystem\QTJava.zip
C:\Program Files\QuickTime\QTSystem\QTJavaNative.dll
C:\Program Files\QuickTime\QTSystem\QTJNative.dll
C:\Program Files\QuickTime\QTSystem\QTMLClient.dll
C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
C:\Program Files\QuickTime\QTSystem\QuickTime.qts
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.qtxs
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\pt_PT.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj\QuickTime3GPPAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTime3GPPAuthoring.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTime3GPPAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt_PT.lproj\QuickTimeAudioSupportLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt_PT.lproj\QuickTimeAudioSupportLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeAuthoringLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\QuickTimeAuthoring.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\pt_PT.lproj\QuickTimeCaptureLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\QuickTimeCapture.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeCaptureLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx
C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\pt_PT.lproj\QuickTimeEffectsLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\QuickTimeEffects.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeEffectsLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj\QuickTimeEssentialsLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\pt_PT.lproj\QuickTimeH264Localized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeH264Localized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\pt_PT.lproj\QuickTimeImageLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\zh_CN.lproj\QuickTimeImageLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\QuickTimeImageLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pt_PT.lproj\QuickTimeInternetExtrasLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj\QuickTimeInternetExtrasLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeInternetExtrasLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeJavaExtras.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt_PT.lproj\QuickTimeMPEGLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\QuickTimeMPEG.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj\QuickTimeMPEGLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj\QuickTimeMPEGLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pt_PT.lproj\QuickTimeMPEG4Localized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj\QuickTimeMPEG4Localized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\QuickTimeMPEG4Localized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt_PT.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\QuickTimeMPEG4Authoring.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\pt_PT.lproj\QuickTimeMusicLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj\QuickTimeMusicLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\QuickTimeMusicLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeMusicalInstruments.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.Resources\pt_PT.lproj\QuickTimeQD3DLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.Resources\QuickTimeQD3D.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.Resources\zh_CN.lproj\QuickTimeQD3DLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.Resources\zh_TW.lproj\QuickTimeQD3DLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\QuickTimeStreamingLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\QuickTimeStreamingLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt_PT.lproj\QuickTimeStreamingAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\QuickTimeStreamingAuthoring.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj\QuickTimeStreamingAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeStreamingAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pt_PT.lproj\QuickTimeStreamingExtrasLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj\QuickTimeStreamingExtrasLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj\QuickTimeStreamingExtrasLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe
C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\pt_PT.lproj\QuickTimeVRLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\zh_CN.lproj\QuickTimeVRLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\zh_TW.lproj\QuickTimeVRLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt_PT.lproj\QuickTimeVRAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\QuickTimeVRAuthoring.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj\QuickTimeVRAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj\QuickTimeVRAuthoringLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.qtx
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.dll
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.qtr
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\QTUIPanelControl.dll
C:\Program Files\QuickTime\QuickTime Read Me.htm
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\QuickTime\QuickTimePlayer.Resources\pt_PT.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\QuickTimePlayer.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\zh_CN.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\zh_TW.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\Sample.mov
C:\Program Files\QuickTime\Sample.qtif
C:\WINDOWS\84.exe
C:\WINDOWS\system32\cbXNDTjG(2).dll
C:\WINDOWS\system32\ijckyonh(2).dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\urqQiHxW.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Program Files\GameHouse
2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\GameHouse
2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-06-25 22:33 . 2008-06-25 22:37 <DIR> d-------- C:\Program Files\Diner Dash Flo on the Go
2008-06-25 22:25 . 2008-06-25 22:25 <DIR> d-------- C:\Program Files\BFG
2008-06-25 22:24 . 2008-06-25 22:24 223,076 --a------ C:\WINDOWS\ism611.exe
2008-06-25 22:24 . 2008-06-25 22:24 178,616 --a------ C:\WINDOWS\plate611.exe
2008-06-25 22:24 . 2008-06-25 22:26 63,904 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll-uninst.exe
2008-06-25 22:24 . 2008-06-25 22:24 49,152 --a------ C:\WINDOWS\dw611.exe
2008-06-24 20:36 . 2008-06-24 20:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-24 20:35 . 2008-06-24 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 20:33 . 2008-06-24 20:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 20:23 . 2008-06-24 20:23 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\TrojanHunter
2008-06-24 20:06 . 2008-06-24 20:06 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-24 19:42 . 2008-06-24 19:42 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-06-24 19:21 . 2008-06-24 19:21 <DIR> d-------- C:\ProgramData
2008-06-24 19:19 . 2008-06-24 19:19 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\SecuROM
2008-06-24 15:18 . 2008-06-24 15:18 <DIR> d-------- C:\WINDOWS\Logs
2008-06-24 15:13 . 2008-06-24 19:43 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-23 23:21 . 2008-06-23 23:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 23:21 . 2008-06-23 23:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 20:50 . 2008-06-24 23:03 <DIR> d-------- C:\Program Files\Diner Dash 2
2008-06-23 20:49 . 2008-06-23 20:49 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-23 20:46 . 2008-06-24 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-21 23:25 . 2006-10-04 19:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-21 23:25 . 2006-10-04 19:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-21 23:24 . 2008-06-23 00:22 <DIR> d-------- C:\Program Files\Picasa2
2008-06-21 23:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-26 05:31 . 2008-05-26 05:31 365,568 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 07:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-26 05:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 05:42 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\PlayFirst
2008-06-26 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-26 05:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-26 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-25 02:57 --------- d-----w C:\Program Files\Yahoo!
2008-06-25 02:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 02:55 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-06-25 02:54 --------- d-----w C:\Program Files\GemMaster
2008-06-22 06:47 --------- d-----w C:\Program Files\AIM
2008-06-22 06:44 --------- d-----w C:\Program Files\AOD
2008-06-22 06:27 --------- d-----w C:\Program Files\Google
2008-06-22 06:09 --------- d-----w C:\Program Files\Java
2008-06-22 06:04 --------- d-----w C:\Program Files\LimeWire
2008-06-06 02:52 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-20 23:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-20 23:57 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-10 01:55 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\Snapfish
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2007-08-01 16:44 251 ----a-w C:\Program Files\wt3d.ini
2007-01-07 10:45 753,664 --sha-w C:\Program Files\ehthumbs.db
.
<pre>
----a-w			67,112 2008-02-24 03:43:13  C:\Program Files\AIM\aim .exe
----a-w			81,920 2008-03-14 00:49:19  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			40,960 2008-03-14 00:49:27  C:\Program Files\Hewlett-Packard\Default Settings\cpqset .exe
----a-w			49,152 2008-03-14 00:49:09  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   102,400 2008-03-14 00:49:06  C:\Program Files\HP\QuickPlay\QPService .exe
----a-w		   458,752 2008-03-14 00:48:53  C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
----a-w		   267,048 2008-03-14 00:50:02  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,609,728 2008-02-01 04:07:32  C:\Program Files\Microsoft ActiveSync\wcescomm						  .exe
----a-w		 5,354,792 2008-01-05 20:18:29  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		   794,713 2008-03-14 00:49:07  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w		   643,072 2008-03-14 00:49:41  C:\WINDOWS\CREATOR\Remind_XP .exe
----a-w			64,512 2008-02-01 02:26:00  C:\WINDOWS\ehome\ehtray .exe
----a-w		 1,187,840 2008-03-14 00:49:36  C:\WINDOWS\SMINST\RecGuard .exe
----a-w			77,824 2008-03-14 00:48:57  C:\WINDOWS\system32\hkcmd .exe
----a-w		   118,784 2008-03-14 00:49:03  C:\WINDOWS\system32\igfxpers .exe
----a-w			94,208 2008-03-14 00:48:56  C:\WINDOWS\system32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cbb75ba2-ecdf-4e01-4ad8-5e8d2bc88893}]
2008-05-26 05:31 365568 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2006-08-01 15:35 67112]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"MsmqIntCert"="regsvr32" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]
"{EB-BE-EC-C0-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]
"{1e0ca5a3-00e7-1556-66ff-b8365fbfda9b}"="C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll" [2008-05-26 05:31 365568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-14 17:27:37 124400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-01-07 03:53:44 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 05:15:42 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Cory Reed.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 00:30:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1596] 0x81696020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-26 0:46:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 07:46:10
ComboFix2.txt 2008-06-26 05:14:06
ComboFix3.txt 2008-06-25 04:20:45

Pre-Run: 43,457,105,920 bytes free
Post-Run: 43,447,087,104 bytes free

555 --- E O F --- 2008-06-21 15:41:29



AFTER:

ComboFix 08-06-20.4 - Cory Reed 2008-06-26 0:57:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT -7:00]
Running from: C:\Documents and Settings\Cory Reed\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cory Reed\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Program Files\GameHouse
2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\GameHouse
2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-06-25 22:33 . 2008-06-25 22:37 <DIR> d-------- C:\Program Files\Diner Dash Flo on the Go
2008-06-25 22:25 . 2008-06-25 22:25 <DIR> d-------- C:\Program Files\BFG
2008-06-25 22:24 . 2008-06-25 22:24 223,076 --a------ C:\WINDOWS\ism611.exe
2008-06-25 22:24 . 2008-06-25 22:24 178,616 --a------ C:\WINDOWS\plate611.exe
2008-06-25 22:24 . 2008-06-25 22:26 63,904 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll-uninst.exe
2008-06-25 22:24 . 2008-06-25 22:24 49,152 --a------ C:\WINDOWS\dw611.exe
2008-06-24 20:36 . 2008-06-24 20:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-24 20:35 . 2008-06-24 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 20:33 . 2008-06-24 20:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 20:23 . 2008-06-24 20:23 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\TrojanHunter
2008-06-24 20:06 . 2008-06-24 20:06 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-24 19:42 . 2008-06-24 19:42 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-06-24 19:21 . 2008-06-24 19:21 <DIR> d-------- C:\ProgramData
2008-06-24 19:19 . 2008-06-24 19:19 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\SecuROM
2008-06-24 15:18 . 2008-06-24 15:18 <DIR> d-------- C:\WINDOWS\Logs
2008-06-24 15:13 . 2008-06-24 19:43 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-23 23:21 . 2008-06-23 23:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 23:21 . 2008-06-23 23:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 20:50 . 2008-06-24 23:03 <DIR> d-------- C:\Program Files\Diner Dash 2
2008-06-23 20:49 . 2008-06-23 20:49 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-23 20:46 . 2008-06-24 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-21 23:25 . 2006-10-04 19:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-21 23:25 . 2006-10-04 19:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-21 23:24 . 2008-06-23 00:22 <DIR> d-------- C:\Program Files\Picasa2
2008-06-21 23:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-26 05:31 . 2008-05-26 05:31 365,568 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-26 07:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-26 05:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 05:42 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\PlayFirst
2008-06-26 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-26 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-25 02:57 --------- d-----w C:\Program Files\Yahoo!
2008-06-25 02:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 02:55 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-06-25 02:54 --------- d-----w C:\Program Files\GemMaster
2008-06-22 06:47 --------- d-----w C:\Program Files\AIM
2008-06-22 06:44 --------- d-----w C:\Program Files\AOD
2008-06-22 06:27 --------- d-----w C:\Program Files\Google
2008-06-22 06:09 --------- d-----w C:\Program Files\Java
2008-06-22 06:04 --------- d-----w C:\Program Files\LimeWire
2008-06-06 02:52 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-20 23:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-20 23:57 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-10 01:55 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\Snapfish
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-08-01 16:44 251 ----a-w C:\Program Files\wt3d.ini
2007-01-07 10:45 753,664 --sha-w C:\Program Files\ehthumbs.db
.
<pre>
----a-w			67,112 2008-02-24 03:43:13  C:\Program Files\AIM\aim .exe
----a-w			81,920 2008-03-14 00:49:19  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			40,960 2008-03-14 00:49:27  C:\Program Files\Hewlett-Packard\Default Settings\cpqset .exe
----a-w			49,152 2008-03-14 00:49:09  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   102,400 2008-03-14 00:49:06  C:\Program Files\HP\QuickPlay\QPService .exe
----a-w		   458,752 2008-03-14 00:48:53  C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
----a-w		   267,048 2008-03-14 00:50:02  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,609,728 2008-02-01 04:07:32  C:\Program Files\Microsoft ActiveSync\wcescomm						  .exe
----a-w		 5,354,792 2008-01-05 20:18:29  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		   794,713 2008-03-14 00:49:07  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w		   643,072 2008-03-14 00:49:41  C:\WINDOWS\CREATOR\Remind_XP .exe
----a-w			64,512 2008-02-01 02:26:00  C:\WINDOWS\ehome\ehtray .exe
----a-w		 1,187,840 2008-03-14 00:49:36  C:\WINDOWS\SMINST\RecGuard .exe
----a-w			77,824 2008-03-14 00:48:57  C:\WINDOWS\system32\hkcmd .exe
----a-w		   118,784 2008-03-14 00:49:03  C:\WINDOWS\system32\igfxpers .exe
----a-w			94,208 2008-03-14 00:48:56  C:\WINDOWS\system32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cbb75ba2-ecdf-4e01-4ad8-5e8d2bc88893}]
2008-05-26 05:31 365568 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2006-08-01 15:35 67112]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"MsmqIntCert"="regsvr32" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]
"{EB-BE-EC-C0-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]
"{1e0ca5a3-00e7-1556-66ff-b8365fbfda9b}"="C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll" [2008-05-26 05:31 365568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-14 17:27:37 124400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-01-07 03:53:44 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 05:15:42 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Cory Reed.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 01:00:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 1:03:13
ComboFix-quarantined-files.txt 2008-06-26 08:02:16
ComboFix2.txt 2008-06-26 07:46:19
ComboFix3.txt 2008-06-26 05:14:06
ComboFix4.txt 2008-06-25 04:20:45

Pre-Run: 43,425,173,504 bytes free
Post-Run: 43,396,993,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

181 --- E O F --- 2008-06-21 15:41:29

Edited by Bombdiggity, 25 June 2008 - 03:28 PM.


#7 Bombdiggity

Bombdiggity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 25 June 2008 - 03:24 PM

AFTER

ComboFix 08-06-20.4 - Cory Reed 2008-06-26 0:57:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT -7:00]
Running from: C:\Documents and Settings\Cory Reed\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cory Reed\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Program Files\GameHouse
2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\GameHouse
2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-06-25 22:33 . 2008-06-25 22:37 <DIR> d-------- C:\Program Files\Diner Dash Flo on the Go
2008-06-25 22:25 . 2008-06-25 22:25 <DIR> d-------- C:\Program Files\BFG
2008-06-25 22:24 . 2008-06-25 22:24 223,076 --a------ C:\WINDOWS\ism611.exe
2008-06-25 22:24 . 2008-06-25 22:24 178,616 --a------ C:\WINDOWS\plate611.exe
2008-06-25 22:24 . 2008-06-25 22:26 63,904 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll-uninst.exe
2008-06-25 22:24 . 2008-06-25 22:24 49,152 --a------ C:\WINDOWS\dw611.exe
2008-06-24 20:36 . 2008-06-24 20:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-24 20:35 . 2008-06-24 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 20:33 . 2008-06-24 20:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 20:23 . 2008-06-24 20:23 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\TrojanHunter
2008-06-24 20:06 . 2008-06-24 20:06 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-24 19:42 . 2008-06-24 19:42 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-06-24 19:21 . 2008-06-24 19:21 <DIR> d-------- C:\ProgramData
2008-06-24 19:19 . 2008-06-24 19:19 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\SecuROM
2008-06-24 15:18 . 2008-06-24 15:18 <DIR> d-------- C:\WINDOWS\Logs
2008-06-24 15:13 . 2008-06-24 19:43 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-23 23:21 . 2008-06-23 23:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 23:21 . 2008-06-23 23:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 20:50 . 2008-06-24 23:03 <DIR> d-------- C:\Program Files\Diner Dash 2
2008-06-23 20:49 . 2008-06-23 20:49 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-23 20:46 . 2008-06-24 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-21 23:25 . 2006-10-04 19:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-21 23:25 . 2006-10-04 19:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-21 23:24 . 2008-06-23 00:22 <DIR> d-------- C:\Program Files\Picasa2
2008-06-21 23:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-26 05:31 . 2008-05-26 05:31 365,568 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-26 07:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-26 05:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 05:42 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\PlayFirst
2008-06-26 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-26 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-25 02:57 --------- d-----w C:\Program Files\Yahoo!
2008-06-25 02:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 02:55 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-06-25 02:54 --------- d-----w C:\Program Files\GemMaster
2008-06-22 06:47 --------- d-----w C:\Program Files\AIM
2008-06-22 06:44 --------- d-----w C:\Program Files\AOD
2008-06-22 06:27 --------- d-----w C:\Program Files\Google
2008-06-22 06:09 --------- d-----w C:\Program Files\Java
2008-06-22 06:04 --------- d-----w C:\Program Files\LimeWire
2008-06-06 02:52 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-20 23:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-20 23:57 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-10 01:55 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\Snapfish
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-08-01 16:44 251 ----a-w C:\Program Files\wt3d.ini
2007-01-07 10:45 753,664 --sha-w C:\Program Files\ehthumbs.db
.
<pre>
----a-w			67,112 2008-02-24 03:43:13  C:\Program Files\AIM\aim .exe
----a-w			81,920 2008-03-14 00:49:19  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			40,960 2008-03-14 00:49:27  C:\Program Files\Hewlett-Packard\Default Settings\cpqset .exe
----a-w			49,152 2008-03-14 00:49:09  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   102,400 2008-03-14 00:49:06  C:\Program Files\HP\QuickPlay\QPService .exe
----a-w		   458,752 2008-03-14 00:48:53  C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
----a-w		   267,048 2008-03-14 00:50:02  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,609,728 2008-02-01 04:07:32  C:\Program Files\Microsoft ActiveSync\wcescomm						  .exe
----a-w		 5,354,792 2008-01-05 20:18:29  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		   794,713 2008-03-14 00:49:07  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w		   643,072 2008-03-14 00:49:41  C:\WINDOWS\CREATOR\Remind_XP .exe
----a-w			64,512 2008-02-01 02:26:00  C:\WINDOWS\ehome\ehtray .exe
----a-w		 1,187,840 2008-03-14 00:49:36  C:\WINDOWS\SMINST\RecGuard .exe
----a-w			77,824 2008-03-14 00:48:57  C:\WINDOWS\system32\hkcmd .exe
----a-w		   118,784 2008-03-14 00:49:03  C:\WINDOWS\system32\igfxpers .exe
----a-w			94,208 2008-03-14 00:48:56  C:\WINDOWS\system32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cbb75ba2-ecdf-4e01-4ad8-5e8d2bc88893}]
2008-05-26 05:31 365568 --a------ C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2006-08-01 15:35 67112]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"MsmqIntCert"="regsvr32" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]
"{EB-BE-EC-C0-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]
"{1e0ca5a3-00e7-1556-66ff-b8365fbfda9b}"="C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll" [2008-05-26 05:31 365568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-14 17:27:37 124400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-01-07 03:53:44 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 05:15:42 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Cory Reed.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 01:00:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 1:03:13
ComboFix-quarantined-files.txt 2008-06-26 08:02:16
ComboFix2.txt 2008-06-26 07:46:19
ComboFix3.txt 2008-06-26 05:14:06
ComboFix4.txt 2008-06-25 04:20:45

Pre-Run: 43,425,173,504 bytes free
Post-Run: 43,396,993,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

181 --- E O F --- 2008-06-21 15:41:29

#8 Bombdiggity

Bombdiggity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 25 June 2008 - 03:25 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:34 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CORYRE~1\LOCALS~1\Temp\Rar$EX00.079\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: banneradsgalore browser optimizer - {cbb75ba2-ecdf-4e01-4ad8-5e8d2bc88893} - C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [{EB-BE-EC-C0-DW}] c:\windows\system32\rwwnw64d.exe DWrvg
O4 - HKLM\..\Run: [{1e0ca5a3-00e7-1556-66ff-b8365fbfda9b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll" DllStart
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8758 bytes

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:38 PM

Posted 25 June 2008 - 04:29 PM

Hi,

We'll have to give this another run...

I'm going to attach the CFScript for you instead, because you indeed messed things up with the previous run and the script.

Download CFScript.txt from here: Attached File  CFScript.txt   1.28KB   31 downloads

Drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Bombdiggity

Bombdiggity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 26 June 2008 - 12:40 AM

ComboFix 08-06-20.4 - Cory Reed 2008-06-26 15:24:18.5 - NTFSx86
Running from: C:\Documents and Settings\Cory Reed\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cory Reed\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\dw611.exe
C:\WINDOWS\ism611.exe
C:\WINDOWS\plate611.exe
C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll
C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll-uninst.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dw611.exe
C:\WINDOWS\ism611.exe
C:\WINDOWS\plate611.exe
C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll-uninst.exe
C:\WINDOWS\system32\{b1928487-56e9-0364-bc1e-c9f38b9fd0a5}.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Program Files\GameHouse
2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\GameHouse
2008-06-25 22:42 . 2008-06-25 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-06-25 22:33 . 2008-06-25 22:37 <DIR> d-------- C:\Program Files\Diner Dash Flo on the Go
2008-06-25 22:25 . 2008-06-25 22:25 <DIR> d-------- C:\Program Files\BFG
2008-06-24 20:36 . 2008-06-24 20:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-24 20:35 . 2008-06-24 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 20:33 . 2008-06-24 20:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 20:23 . 2008-06-24 20:23 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\TrojanHunter
2008-06-24 20:06 . 2008-06-24 20:06 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-24 19:42 . 2008-06-24 19:42 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-06-24 19:21 . 2008-06-24 19:21 <DIR> d-------- C:\ProgramData
2008-06-24 19:19 . 2008-06-24 19:19 <DIR> d-------- C:\Documents and Settings\Cory Reed\Application Data\SecuROM
2008-06-24 15:18 . 2008-06-24 15:18 <DIR> d-------- C:\WINDOWS\Logs
2008-06-24 15:13 . 2008-06-24 19:43 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-23 23:21 . 2008-06-23 23:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 23:21 . 2008-06-23 23:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 20:50 . 2008-06-24 23:03 <DIR> d-------- C:\Program Files\Diner Dash 2
2008-06-23 20:49 . 2008-06-23 20:49 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-23 20:46 . 2008-06-24 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-21 23:25 . 2006-10-04 19:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-21 23:25 . 2006-10-04 19:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-21 23:24 . 2008-06-23 00:22 <DIR> d-------- C:\Program Files\Picasa2
2008-06-21 23:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 19:28 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 22:30 --------- d-----w C:\Program Files\AIM
2008-06-26 22:24 --------- d-----w C:\Program Files\MSN Messenger
2008-06-26 22:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-26 22:24 --------- d-----w C:\Program Files\iTunes
2008-06-26 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-26 05:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 05:42 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\PlayFirst
2008-06-26 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-26 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-25 02:57 --------- d-----w C:\Program Files\Yahoo!
2008-06-25 02:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 02:55 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-06-25 02:54 --------- d-----w C:\Program Files\GemMaster
2008-06-22 06:44 --------- d-----w C:\Program Files\AOD
2008-06-22 06:27 --------- d-----w C:\Program Files\Google
2008-06-22 06:09 --------- d-----w C:\Program Files\Java
2008-06-22 06:04 --------- d-----w C:\Program Files\LimeWire
2008-06-06 02:52 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-20 23:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-20 23:57 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-10 01:55 --------- d-----w C:\Documents and Settings\Cory Reed\Application Data\Snapfish
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2007-08-01 16:44 251 ----a-w C:\Program Files\wt3d.ini
2007-01-07 10:45 753,664 --sha-w C:\Program Files\ehthumbs.db
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 ----

2008-06-25 23:24 50 --a------ C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9\profile.ini

---- Directory of C:\Program Files\BFG ----

2006-01-23 11:51 4286 --a------ C:\Program Files\BFG\CMT.ico
2006-01-23 11:45 4286 --a------ C:\Program Files\BFG\VH1.ico
2005-12-19 19:17 4538 --a------ C:\Program Files\BFG\NEOPETS.ico
2005-06-05 16:22 19166 --a------ C:\Program Files\BFG\NICK.ico
2005-04-02 16:03 21174 --a------ C:\Program Files\BFG\PLAIN.ico
2005-04-02 16:03 21174 --a------ C:\Program Files\BFG\KABOOSE.ico
2005-03-12 10:27 21174 --a------ C:\Program Files\BFG\BFG.ico


((((((((((((((((((((((((((((( snapshot@2008-06-26_ 0.45.40.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 07:30:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 22:30:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-14 00:49:41 643,072 ----a-w C:\WINDOWS\CREATOR\Remind_XP.exe
+ 2008-02-01 02:26:00 64,512 ----a-w C:\WINDOWS\ehome\ehtray.exe
+ 2008-03-14 00:49:36 1,187,840 ----a-w C:\WINDOWS\SMINST\RecGuard.exe
+ 2008-02-01 02:26:00 64,512 ----a-w C:\WINDOWS\system32\dllcache\ehtray.exe
+ 2008-03-14 00:48:57 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2008-03-14 00:49:03 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
+ 2008-03-14 00:48:56 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2008-02-23 20:43 67112]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2008-01-05 13:18 5354792]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2008-01-31 19:26 64512]
"MsmqIntCert"="regsvr32" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-14 17:27:37 124400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-01-07 03:53:44 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 05:15:42 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Cory Reed.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 15:31:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-26 15:42:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 22:41:53
ComboFix2.txt 2008-06-26 08:03:14
ComboFix3.txt 2008-06-26 07:46:19
ComboFix4.txt 2008-06-26 05:14:06
ComboFix5.txt 2008-06-25 04:20:45

Pre-Run: 43,342,020,608 bytes free
Post-Run: 43,349,127,168 bytes free

201 --- E O F --- 2008-06-21 15:41:29

#11 Bombdiggity

Bombdiggity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 26 June 2008 - 12:41 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:37 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CORYRE~1\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8416 bytes

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:38 PM

Posted 26 June 2008 - 06:27 AM

Hi,

Much better...

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

As a final check.... Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:38 PM

Posted 04 July 2008 - 07:28 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users