--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, April 26, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 26, 2010 01:14:31
Records in database: 3981267
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 178961
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 04:55:09
File name / Threat / Threats count
C:\Qoobox\Quarantine\[4]-Submit_2010-04-23_10.08.08.zip Infected: Trojan-Downloader.Win32.Banload.aubi 1
C:\System Volume Information\_restore{EABCAB45-42A4-472A-8674-85AD723A5F23}\RP735\A0244093.exe Infected: Trojan-Downloader.Win32.Agent.dklk 1
C:\System Volume Information\_restore{EABCAB45-42A4-472A-8674-85AD723A5F23}\RP762\A0246277.dll Infected: Trojan-Downloader.Win32.Banload.aubi 1
Selected area has been scanned.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Pop at 2:42:32.00 on Mon 04/26/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.978 [GMT -7:00]
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxeecoms.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Common Files\AOL\1201318185\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\AMD\AMD Power Monitor\AMD Power Monitor.exe
C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files\Lexmark Pro700 Series\ezprint.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Pop\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://qus8l.hpwis.com/
uInternet Settings,ProxyOverride = *.local
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: NASDAQ Quote Toolbar: {a057a204-bacc-4d26-ccd1-7fbe89e33dc9} - c:\progra~1\nasdaq\nasdaq.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: NASDAQ Quote Toolbar: {a057a204-bacc-4d26-ccd1-7fbe89e33dc9} - c:\progra~1\nasdaq\nasdaq.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe
mRun: [HostManager] c:\program files\common files\aol\1201318185\ee\AOLSoftware.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Power Monitor] c:\program files\amd\amd power monitor\AMD Power Monitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [lxeemon.exe] "c:\program files\lexmark pro700 series\lxeemon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro700 series\ezprint.exe"
mRun: [Lexmark Pro700 Series Fax Server] "c:\program files\lexmark pro700 series\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\pop\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\pop\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: rightcareertools.com\resume-builder
Trusted Zone: rightcareertools.com\www
Trusted Zone: righteverywhere.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258954287250
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSXpx86.sys [2010-4-16 329592]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-18 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100425.019\NAVENG.SYS [2010-4-25 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100425.019\NAVEX15.SYS [2010-4-25 1324720]
S2 gupdate1c9e246c3ab871a;Google Update Service (gupdate1c9e246c3ab871a);c:\program files\google\update\GoogleUpdate.exe [2009-5-31 133104]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2010-4-6 98984]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2005-11-4 169984]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
=============== Created Last 30 ================
2010-04-24 00:42:23 0 d-----w- c:\program files\Sun
2010-04-24 00:42:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-24 00:42:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 17:05:55 0 d-----w- C:\ComboFix
2010-04-23 06:05:25 0 d-sha-r- C:\cmdcons
2010-04-23 06:03:44 98816 ----a-w- c:\windows\sed.exe
2010-04-23 06:03:44 77312 ----a-w- c:\windows\MBR.exe
2010-04-23 06:03:44 261632 ----a-w- c:\windows\PEV.exe
2010-04-23 06:03:44 161792 ----a-w- c:\windows\SWREG.exe
2010-04-23 05:41:43 0 d-----w- c:\program files\iTunes
2010-04-23 05:41:43 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-23 05:29:07 0 d-----w- c:\program files\Bonjour
2010-04-17 01:33:31 0 ----a-w- c:\documents and settings\pop\defogger_reenable
2010-04-16 23:46:06 0 d-----w- c:\program files\Seagate
2010-04-16 23:46:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Seagate
2010-04-16 23:44:24 0 d-sh--w- c:\windows\ftpcache
2010-04-14 01:31:41 0 d-----w- c:\program files\Norton Support
2010-04-13 21:15:00 0 d-----w- c:\documents and settings\pop\Tracing
2010-04-13 21:14:16 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-04-13 21:12:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications
2010-04-07 17:11:31 0 d-----w- c:\docume~1\pop\applic~1\Pro700 Series
2010-04-07 04:12:10 0 d-----w- c:\documents and settings\all users\Lx_cats
2010-04-07 03:58:42 40960 ----a-w- c:\windows\system32\lxeevs.dll
2010-04-07 03:58:38 438272 ----a-w- c:\windows\system32\lxeecoin.dll
2010-04-07 03:58:30 983121 ----a-w- c:\windows\system32\lxk_gf.dll
2010-04-07 03:58:30 86016 ----a-w- c:\windows\system32\lxeegcfg.dll
2010-04-07 03:58:30 65106 ----a-w- c:\windows\system32\lxeeprpr.chm
2010-04-07 03:58:29 8694 ----a-w- c:\windows\system32\lxeecommuilogo_rtl.bmp
2010-04-07 03:58:29 8694 ----a-w- c:\windows\system32\lxeecommuilogo.bmp
2010-04-07 03:58:29 294912 ----a-w- c:\windows\system32\lxeecui.dll
2010-04-07 03:58:29 110592 ----a-w- c:\windows\system32\lxeecuir.dll
2010-04-07 03:58:19 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-04-07 03:58:19 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-04-07 03:57:13 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2010-04-07 03:56:15 49152 ----a-w- c:\windows\system32\LXEEPMON.DLL
2010-04-07 03:56:15 32768 ----a-w- c:\windows\system32\LXEEFXPU.DLL
2010-04-07 03:56:14 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2010-04-07 03:56:14 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2010-04-07 03:56:14 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2010-04-07 03:56:14 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2010-04-07 03:56:14 4485120 ----a-w- c:\windows\system32\LXEEoem.dll
2010-04-07 03:56:14 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2010-04-07 03:56:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Pro700 Series
2010-04-07 03:55:20 7533 ----a-w- c:\windows\system32\dopdf6.ctm
2010-04-07 03:55:20 20632 ----a-w- c:\windows\system32\dopdfmn6.dll
2010-04-07 03:55:20 18072 ----a-w- c:\windows\system32\dopdfmi6.dll
2010-04-07 03:55:17 0 d-----w- c:\program files\Softland
2010-04-07 03:55:03 0 d-----w- c:\program files\Lexmark Toolbar
2010-04-07 03:55:00 372736 ----a-w- c:\windows\system32\LXEEwupd.dll
2010-04-07 03:55:00 213672 ----a-w- c:\windows\system32\LXEEwupd.exe
2010-04-07 03:54:05 0 d-----w- c:\program files\Lexmark Printable Web
2010-04-07 03:53:42 0 d-----w- c:\program files\Lexmark
2010-04-07 03:32:18 0 d-----w- c:\program files\Lexmark Pro700 Series
2010-04-07 03:32:17 299008 ----a-w- c:\windows\system32\LXEEsm.dll
2010-04-07 03:32:17 23552 ----a-w- c:\windows\system32\LXEEsmr.dll
2010-04-07 03:17:08 0 d-----w- c:\windows\system32\NtmsData
2010-04-07 02:14:52 266240 ----a-w- c:\windows\system32\hpdj3600
2010-04-07 02:14:14 121781 ----a-w- c:\windows\hpdj3600.hi1
2010-04-07 02:14:13 7317 ----a-w- c:\windows\hpdj3600.bu1
==================== Find3M ====================
2010-03-10 13:18:21 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-28 23:48:23 98992 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:20:02 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2010-02-17 16:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-17 16:10:28 2189952 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 18:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\dllcache\tcpip6.sys
2009-07-07 17:21:32 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-06-21 23:41:03 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062120080622\index.dat
============= FINISH: 2:43:11.06 ===============
ComboFix 10-04-21.01 - Pop 04/23/2010 10:08:24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.980 [GMT -7:00]
Running from: c:\documents and settings\Pop\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pop\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
file zipped: c:\windows\system32\pi79751.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Pop\Local Settings\Application Data\rwmwrcjmg
c:\windows\system32\pi79751.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.
2010-04-23 16:52 . 2010-02-04 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100423.002\NAVENG.SYS
2010-04-23 16:52 . 2010-02-04 09:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100423.002\NAVEX15.SYS
2010-04-23 16:52 . 2009-11-22 17:44 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100423.002\NAVENG32.DLL
2010-04-23 16:52 . 2009-11-22 17:44 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100423.002\NAVEX32A.DLL
2010-04-23 16:52 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100423.002\CCERASER.DLL
2010-04-23 16:52 . 2009-11-22 17:44 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100423.002\EECTRL.SYS
2010-04-23 16:52 . 2009-11-22 17:44 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100423.002\ECMSVR32.DLL
2010-04-23 16:52 . 2009-11-22 17:44 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100423.002\ERASER.SYS
2010-04-23 16:40 . 2010-02-13 01:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-04-23 05:41 . 2010-04-23 05:43 -------- d-----w- c:\program files\iTunes
2010-04-23 05:41 . 2010-04-23 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-23 05:34 . 2010-04-23 05:36 -------- d-----w- c:\program files\QuickTime
2010-04-23 05:29 . 2010-04-23 05:29 -------- d-----w- c:\program files\Bonjour
2010-04-23 05:23 . 2010-04-23 05:23 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-16 23:46 . 2010-04-16 23:46 -------- d-----w- c:\program files\Seagate
2010-04-16 23:46 . 2010-04-16 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-04-16 23:44 . 2010-04-16 23:44 -------- d-sh--w- c:\windows\ftpcache
2010-04-16 21:35 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-16 21:35 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-16 21:35 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-16 21:35 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-16 21:35 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-15 05:10 . 2010-04-15 23:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 04:52 . 2010-04-15 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-14 01:31 . 2010-04-14 01:31 -------- d-----w- c:\program files\Norton Support
2010-04-13 21:15 . 2010-04-16 20:07 -------- d-----w- c:\documents and settings\Pop\Tracing
2010-04-13 21:14 . 2010-03-17 15:51 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
2010-04-13 21:14 . 2010-03-17 15:51 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-04-13 21:12 . 2010-04-13 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
2010-04-12 18:51 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\Scxpx86.dll
2010-04-12 18:51 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSxpx86.dll
2010-04-12 18:51 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSvix86.sys
2010-04-12 18:51 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSXpx86.sys
2010-04-12 18:51 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSviA64.sys
2010-04-07 17:11 . 2010-04-07 17:11 -------- d-----w- c:\documents and settings\Pop\Application Data\Pro700 Series
2010-04-07 04:12 . 2010-04-20 02:48 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2010-04-07 03:58 . 2008-03-05 04:55 40960 ----a-w- c:\windows\system32\lxeevs.dll
2010-04-07 03:58 . 2009-12-16 18:12 438272 ----a-w- c:\windows\system32\lxeecoin.dll
2010-04-07 03:58 . 2009-11-04 15:14 157696 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxeedrpp.dll
2010-04-07 03:58 . 2009-11-09 09:59 86016 ----a-w- c:\windows\system32\lxeegcfg.dll
2010-04-07 03:58 . 2008-04-30 08:32 983121 ----a-w- c:\windows\system32\lxk_gf.dll
2010-04-07 03:58 . 2009-10-21 12:06 110592 ----a-w- c:\windows\system32\lxeecuir.dll
2010-04-07 03:58 . 2009-10-21 12:06 294912 ----a-w- c:\windows\system32\lxeecui.dll
2010-04-07 03:58 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-04-07 03:58 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-04-07 03:57 . 2010-04-07 03:57 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2010-04-07 03:56 . 2009-11-26 08:08 49152 ----a-w- c:\windows\system32\LXEEPMON.DLL
2010-04-07 03:56 . 2009-11-26 08:08 32768 ----a-w- c:\windows\system32\LXEEFXPU.DLL
2010-04-07 03:56 . 2009-11-26 08:02 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2010-04-07 03:56 . 2009-11-26 08:02 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2010-04-07 03:56 . 2009-01-13 15:15 4485120 ----a-w- c:\windows\system32\LXEEoem.dll
2010-04-07 03:56 . 2010-04-07 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Pro700 Series
2010-04-07 03:55 . 2009-02-06 23:02 20632 ----a-w- c:\windows\system32\dopdfmn6.dll
2010-04-07 03:55 . 2009-02-06 23:02 18072 ----a-w- c:\windows\system32\dopdfmi6.dll
2010-04-07 03:55 . 2010-04-07 03:55 -------- d-----w- c:\program files\Softland
2010-04-07 03:55 . 2010-04-07 04:21 -------- d-----w- c:\program files\Lexmark Toolbar
2010-04-07 03:55 . 2010-01-07 22:20 213672 ----a-w- c:\windows\system32\LXEEwupd.exe
2010-04-07 03:55 . 2009-04-23 15:35 372736 ----a-w- c:\windows\system32\LXEEwupd.dll
2010-04-07 03:54 . 2010-04-07 03:54 -------- d-----w- c:\program files\Lexmark Printable Web
2010-04-07 03:32 . 2010-04-07 04:12 -------- d-----w- c:\program files\Lexmark Pro700 Series
2010-04-07 03:32 . 2009-02-20 08:48 23552 ----a-w- c:\windows\system32\LXEEsmr.dll
2010-04-07 03:32 . 2009-02-20 08:48 299008 ----a-w- c:\windows\system32\LXEEsm.dll
2010-04-07 03:17 . 2010-04-07 03:17 -------- d-----w- c:\windows\system32\NtmsData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 05:41 . 2006-06-10 04:30 -------- d-----w- c:\program files\iPod
2010-04-23 05:41 . 2007-08-21 23:32 -------- d-----w- c:\program files\Common Files\Apple
2010-04-19 20:07 . 2009-09-08 02:29 -------- d-----w- c:\documents and settings\Pop\Application Data\HpUpdate
2010-04-16 23:46 . 2004-02-10 22:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 04:52 . 2006-08-03 05:50 -------- d-----w- c:\program files\Google
2010-04-14 01:34 . 2009-05-11 01:23 -------- d-----w- c:\program files\Symantec
2010-04-07 17:15 . 2010-03-11 22:23 -------- d-----w- c:\documents and settings\Pop\Application Data\nasdaq
2010-04-07 03:54 . 2010-04-07 03:53 -------- d-----w- c:\program files\Lexmark
2010-04-07 02:15 . 2004-02-10 22:38 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-07 02:08 . 2009-04-16 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-22 20:32 . 2004-02-10 22:28 -------- d-----w- c:\program files\MUSICMATCH
2010-03-22 19:53 . 2010-03-22 19:53 10134 ----a-r- c:\documents and settings\Pop\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-03-11 22:23 . 2010-03-11 22:23 -------- d-----w- c:\program files\nasdaq
2010-03-11 12:38 . 2006-02-24 21:26 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-05-09 20:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-03-31 02:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-03-31 02:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 23:48 . 2010-01-17 04:18 98992 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 13:11 . 2003-03-31 02:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 20:27 . 2010-02-04 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-02-22 16:44 . 2010-02-04 21:24 1025984 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-02-19 15:29 . 2010-02-04 21:24 503808 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-02-19 15:27 . 2010-02-04 21:24 90112 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-02-17 16:10 . 2003-03-31 02:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2003-03-31 02:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2003-03-31 02:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-03-31 02:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 19:57 . 2004-11-02 21:49 127672 -c--a-w- c:\documents and settings\Pop\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 19:55 . 2010-02-04 19:55 53248 ----a-r- c:\documents and settings\Pop\Application Data\Microsoft\Installer\{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}\ARPPRODUCTICON.exe
2010-02-01 03:05 . 2010-02-01 03:05 65536 -c--a-r- c:\documents and settings\Pop\Application Data\Microsoft\Installer\{E89D78B8-28F7-412F-8B26-C684739CBBDC}\PalmDesktopShortcut.exe
2010-02-01 03:05 . 2010-02-01 03:05 65536 ----a-r- c:\documents and settings\Pop\Application Data\Microsoft\Installer\{E89D78B8-28F7-412F-8B26-C684739CBBDC}\ARPPRODUCTICON.exe
2010-01-28 20:11 . 2010-01-28 20:11 503808 ----a-w- c:\documents and settings\Pop\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-73be6030-n\msvcp71.dll
2010-01-28 20:11 . 2010-01-28 20:11 499712 ----a-w- c:\documents and settings\Pop\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-73be6030-n\jmc.dll
2010-01-28 20:11 . 2010-01-28 20:11 348160 ----a-w- c:\documents and settings\Pop\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-73be6030-n\msvcr71.dll
2010-01-28 20:11 . 2010-01-28 20:11 61440 ----a-w- c:\documents and settings\Pop\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3e385bb0-n\decora-sse.dll
2010-01-28 20:11 . 2010-01-28 20:11 12800 ----a-w- c:\documents and settings\Pop\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3e385bb0-n\decora-d3d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-15 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1495040]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-10-17 196670]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-04-26 311296]
"HostManager"="c:\program files\Common Files\AOL\1201318185\ee\AOLSoftware.exe" [2008-06-24 41824]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Power Monitor"="c:\program files\AMD\AMD Power Monitor\AMD Power Monitor.exe" [2009-05-21 470016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 172032]
"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2010-01-18 139944]
"Lexmark Pro700 Series Fax Server"="c:\program files\Lexmark Pro700 Series\fm3032.exe" [2010-01-18 316072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
c:\documents and settings\Pop\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Share-to-Web Namespace Daemon"=c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\1201318185\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\lxeecoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [2/3/2010 11:43 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [2/3/2010 11:43 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [2/3/2010 11:42 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [4/16/2010 2:35 PM 329592]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2/3/2010 11:43 AM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/18/2007 8:47 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 5:35 PM 102448]
S2 gupdate1c9e246c3ab871a;Google Update Service (gupdate1c9e246c3ab871a);c:\program files\Google\Update\GoogleUpdate.exe [5/31/2009 4:22 PM 133104]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [4/6/2010 8:58 PM 98984]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [11/4/2005 6:45 PM 169984]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
.
Contents of the 'Scheduled Tasks' folder
2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 19:34]
2010-04-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-24 20:09]
2010-04-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-15 04:52]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 23:21]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 23:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://qus8l.hpwis.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: rightcareertools.com\resume-builder
Trusted Zone: rightcareertools.com\www
Trusted Zone: righteverywhere.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-23 10:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?5?8?8??????? ?(?B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2173686692-1629258888-1520541149-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-04-23 10:31:09
ComboFix-quarantined-files.txt 2010-04-23 17:31
ComboFix2.txt 2010-04-23 06:40
Pre-Run: 20,997,976,064 bytes free
Post-Run: 20,954,284,032 bytes free
- - End Of File - - 06E5F036B03492C41DE9B55395E6182E
Upload was successful
This topic is locked
Attach.txt 13.72KB
6 downloads
Back to top
