ComboFix 08-02-14.2 - Dad 2008-02-15 21:19:10.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.252 [GMT -6:00] Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\#SharedObjects\ES42GTZ8\www.broadcaster.com C:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\WINDOWS\system32\3_exception.nls C:\WINDOWS\system32\drivers\Rwc83.sys C:\WINDOWS\system32\suspend.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_MSDIRECTX -------\LEGACY_RWC83 -------\msdirectx -------\runtime -------\Rwc83 ((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))) . 2008-02-15 21:01 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe 2008-02-15 20:13 . 2008-02-15 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-15 20:13 . 2008-02-15 20:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-15 20:12 . 2008-02-15 21:10 6,656 --a------ C:\WINDOWS\SYSTEM32\WLCtrl32.dll 2008-02-15 20:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe 2008-02-15 20:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2008-02-15 20:05 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe 2008-02-15 20:05 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe 2008-02-15 20:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2008-02-15 20:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2008-02-15 20:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe 2008-02-15 19:55 . 2008-02-15 19:55 d-------- C:\Program Files\Trend Micro 2008-02-13 20:17 . 2008-02-15 21:41 1,333,280 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat 2008-02-13 20:17 . 2008-02-15 21:39 16,652 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx 2008-02-13 20:13 . 2008-02-13 20:13 d-------- C:\Program Files\ZoneAlarmSB 2008-02-13 20:10 . 2008-02-13 20:10 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-02-13 20:08 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-13 20:08 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll 2008-02-13 20:05 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\SYSTEM32\zpeng24.dll 2008-02-13 20:04 . 2008-02-13 20:09 d-------- C:\WINDOWS\SYSTEM32\ZoneLabs 2008-02-13 20:04 . 2008-02-13 20:04 d-------- C:\Program Files\Zone Labs 2008-02-13 20:04 . 2008-02-15 21:41 353,366 --a------ C:\WINDOWS\SYSTEM32\vsconfig.xml 2008-02-13 19:48 . 2008-02-13 19:48 27,648 --a------ C:\WINDOWS\expacc.exe 2008-02-13 19:48 . 2008-02-13 20:17 8,704 --a------ C:\WINDOWS\SYSTEM32\LogCrypt.dll 2008-02-13 03:26 . 2008-02-13 03:26 80 --a------ C:\WINDOWS\SYSTEM32\suspend.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-16 02:52 --------- d-----w C:\Program Files\America Online 7.0 2008-02-14 15:06 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-02-13 09:23 --------- d-----w C:\Program Files\QuickTime 2008-02-13 09:23 --------- d-----w C:\Program Files\Lexmark X74-X75 2008-02-13 09:23 --------- d-----w C:\Program Files\iTunes 2008-02-10 19:54 --------- d-----w C:\Documents and Settings\Dad\Application Data\OpenOffice.org2 2008-02-06 00:02 92,968 ----a-w C:\Documents and Settings\Dad\Application Data\GDIPFONTCACHEV1.DAT 2008-01-29 00:12 90,112 ----a-w C:\WINDOWS\updreg.exe 2008-01-07 14:38 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-11-17 23:46 1,370 ----a-w C:\setup.ZIP 2006-05-10 22:38 23,040 ----a-w C:\Program Files\My Camping Trip.doc 2004-02-18 23:15 9,266,701 ----a-w C:\Documents and Settings\Dad\RenAlertPublictools.exe 2003-01-28 13:49 5,397,365 ----a-w C:\Documents and Settings\Dad\renalert.exe 2003-01-28 13:49 5,397,365 ----a-w C:\Documents and Settings\Dad\Game.exe 2005-11-12 02:29 356,523 --sh--w C:\WINDOWS\SYSTEM32\xycdd.bak1 . [color=red]Files Infected - Win32.Agent.zb[/color] C:\WINDOWS\UpdReg.EXE C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\AIM95\aim.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-02-13 20:13 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {A472C4DE-F280-4842-B6BC-9B4E0002871E} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_CLASSES_ROOT\clsid\{a472c4de-f280-4842-b6bc-9b4e0002871e}] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-13 20:13 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2006-02-25 15:02 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2006-02-25 15:02 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2006-02-25 15:02 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2006-02-25 15:02 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2006-02-25 15:02 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2006-02-25 15:02 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2006-02-25 15:02 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\AIM95\aim.exe" [2008-01-28 18:12 67160] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ] "pcdlib32"="C:\WINDOWS\System32\pcdlib32.exe" [ ] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2008-01-28 18:12 3739648] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 18:12 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208] "Google Update"="C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe" [2008-02-15 09:00 21488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 13:16 5058560] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-28 18:12 90112] "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2008-01-28 18:12 323584] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224] "nwiz"="nwiz.exe" [2003-10-06 13:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe] "EarthLink Installer"=" /C" [] "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2008-01-28 18:12 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-28 18:12 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-28 18:12 267064] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016] C:\Documents and Settings\Dad\Start Menu\Programs\Startup\ YouTube Uploader.lnk - C:\Documents and Settings\Dad\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt] LogCrypt.dll 2008-02-13 20:17 8704 C:\WINDOWS\SYSTEM32\LogCrypt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32] WLCtrl32.dll 2008-02-15 21:10 6656 C:\WINDOWS\SYSTEM32\WLCtrl32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe backup=C:\WINDOWS\pss\autorun.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^Office Startup.lnk] path=C:\Documents and Settings\Dad\Start Menu\Programs\Startup\Office Startup.lnk backup=C:\WINDOWS\pss\Office Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk] path=C:\Documents and Settings\Dad\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] --a------ 2002-04-10 16:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] --a------ 2002-04-03 01:01 135264 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2006-01-14 15:54 211456 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-28 18:12 267064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75] --a------ 2008-01-28 18:12 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2001-08-16 22:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] --a------ 2001-07-25 10:00 184376 C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2003-10-06 13:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-28 18:12 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2002-11-22 16:35 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-28 18:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPN] --a------ 2004-08-27 10:16 229376 C:\Program Files\Linksys\Linksys VPN Client\VPNClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] --a------ 2005-03-28 19:24 28616 C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SBService"=2 (0x2) "navapsvc"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Adobe LM Service"=3 (0x3) "OracleServiceORCL"=3 (0x3) "OracleDBConsoleorcl"=3 (0x3) "OracleOraDb10g_home1iSQL*Plus"=3 (0x3) "C-DillaCdaC11BA"=2 (0x2) R0 Ejn40;Ejn40;C:\WINDOWS\system32\Drivers\Ejn40.sys [2008-02-15 21:46] R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-01-08 14:18] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38] S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [] S0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys [] S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 11:30] S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 11:29] S3 OracleCSService;OracleCSService;C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe service [] S3 OracleOraDb10g_home1SNMPPeerEncapsulator;OracleOraDb10g_home1SNMPPeerEncapsulator;C:\oracle\product\10.1.0\Db_1\BIN\ENCSVC.EXE [2004-12-11 10:19] S3 OracleOraDb10g_home1SNMPPeerMasterAgent;OracleOraDb10g_home1SNMPPeerMasterAgent;C:\oracle\product\10.1.0\Db_1\BIN\AGNTSVC.EXE [2004-12-11 10:19] S3 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR [] S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.1.0\db_1\Bin\extjob.exe ORCL [] S4 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.1.0\db_1\bin\ORACLE.EXE ORCL [] *Newly Created Service* - EJN40 . Contents of the 'Scheduled Tasks' folder "2008-02-12 19:19:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2002-11-27 03:27:51 C:\WINDOWS\Tasks\ISP signup reminder 1.job" - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE "2008-02-16 03:49:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-15 21:42:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\LogCrypt.dll -> C:\WINDOWS\system32\WLCtrl32.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-02-15 21:50:37 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-16 03:50:30 . 2008-02-14 01:55:38 --- E O F ---