ComboFix 08-05-29.1 - HP_Administrator 2008-06-01 1:29:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1264 [GMT -4:00] Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\default.htm C:\WINDOWS\explore.exe C:\WINDOWS\IA C:\WINDOWS\iexplorer.exe C:\WINDOWS\mainms.vpi C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\_000011_.tmp.dll C:\WINDOWS\system32\_000012_.tmp.dll C:\WINDOWS\system32\AJPsvGgh.ini C:\WINDOWS\system32\AJPsvGgh.ini2 C:\WINDOWS\system32\liapxgqy.ini C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\x.exe C:\WINDOWS\y.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-05-30 12:16 . 2008-05-30 12:16 27,648 --a------ C:\WINDOWS\winajbm.dll 2008-05-30 12:16 . 2008-05-30 12:16 23,552 --a------ C:\WINDOWS\astctl32.ocx 2008-05-30 12:16 . 2008-05-30 12:16 16,640 --a------ C:\WINDOWS\xplugin.dll 2008-05-30 12:16 . 2008-05-30 12:16 11,776 --a------ C:\WINDOWS\mtwirl32.dll 2008-05-30 12:16 . 2008-05-30 12:16 10,496 --a------ C:\WINDOWS\accesss.exe 2008-05-30 12:14 . 2008-05-30 12:14 26,880 --a------ C:\WINDOWS\msupdate.exe 2008-05-30 12:14 . 2008-05-30 12:14 25,856 --a------ C:\WINDOWS\mssys.exe 2008-05-30 12:14 . 2008-05-30 12:14 8,704 --a------ C:\WINDOWS\notepad32.exe 2008-05-30 03:00 . 2008-05-30 03:00 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-30 01:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-30 01:54 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-30 01:25 . 2008-05-30 01:25 d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-30 01:25 . 2008-05-30 01:27 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-29 23:04 . 2008-05-29 23:05 d-------- C:\Program Files\Panda Security 2008-05-29 20:44 . 2008-05-29 20:46 d-------- C:\Program Files\SUPERAntiSpyware 2008-05-29 20:44 . 2008-05-29 20:44 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2008-05-29 20:44 . 2008-05-29 20:44 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-29 17:14 . 2008-05-29 20:29 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-29 17:14 . 2008-05-29 17:14 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes 2008-05-29 17:14 . 2008-05-29 17:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-29 17:14 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-29 17:14 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-29 16:54 . 2008-05-29 20:29 d-------- C:\Program Files\Common Files\Download Manager 2008-05-29 16:33 . 2008-05-29 16:33 d-------- C:\Program Files\Enigma Software Group 2008-05-29 16:12 . 2008-05-29 16:59 31,232 --a------ C:\WINDOWS\msconfd.dll 2008-05-29 16:12 . 2008-05-29 16:59 23,808 --a------ C:\WINDOWS\internet.exe 2008-05-29 16:12 . 2008-05-29 16:59 23,552 --a------ C:\WINDOWS\quicken.exe 2008-05-29 16:12 . 2008-05-30 12:14 16,128 --a------ C:\WINDOWS\window.exe 2008-05-29 16:12 . 2008-05-29 16:59 8,704 --a------ C:\WINDOWS\editpad.exe 2008-05-29 15:21 . 2008-05-29 11:45 1,681,135 --a------ C:\SDFix.exe 2008-05-29 14:08 . 2008-05-29 14:54 d-------- C:\Program Files\Spyware Doctor 2008-05-29 14:08 . 2008-05-29 14:08 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools 2008-05-29 14:08 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-05-29 14:08 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-05-29 14:08 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-05-29 14:08 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-05-29 14:00 . 2008-05-30 15:00 d-------- C:\Program Files\Norton Security Scan 2008-05-29 13:40 . 2008-05-29 13:38 18,473,000 --a------ C:\sdsetup.exe 2008-05-29 13:05 . 2008-05-29 13:05 d-------- C:\Program Files\UnH Solutions 2008-05-29 13:05 . 2008-05-29 13:05 d-------- C:\Documents and Settings\All Users\Application Data\UnH Solutions 2008-05-29 12:44 . 2008-05-29 12:44 d-------- C:\Program Files\Lavasoft 2008-05-29 12:44 . 2008-05-29 20:44 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-29 12:44 . 2008-05-29 12:53 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-29 12:36 . 2008-05-29 12:36 401,972 --a------ C:\WINDOWS\system32\g67.exe 2008-05-29 11:55 . 2008-05-29 11:55 d-------- C:\WINDOWS\ERUNT 2008-05-29 11:48 . 2008-05-29 15:41 d-------- C:\SDFix 2008-05-29 11:34 . 2008-05-29 15:17 0 --ahs---- C:\Documents and Settings\HP_Administrator\Application Data\[u]0[/u]000000000t.dat 2008-05-29 11:25 . 2008-05-29 11:18 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-05-29 11:18 . 2008-05-29 11:26 d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6 2008-05-29 10:32 . 2008-05-29 10:32 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-05-29 10:29 . 2008-05-30 15:43 d-------- C:\WINDOWS\system32\vd2 2008-05-29 10:29 . 2008-05-29 13:26 d-------- C:\WINDOWS\system32\rev3 2008-05-29 10:29 . 2008-05-29 10:29 d-------- C:\WINDOWS\system32\bTMP 2008-05-29 10:29 . 2008-05-29 13:26 d-------- C:\WINDOWS\system32\acom1 2008-05-29 10:29 . 2008-05-29 13:26 d-------- C:\WINDOWS\system32\1026c 2008-05-29 10:29 . 2008-05-29 10:29 d-------- C:\Documents and Settings\LocalService\Application Data\Yapta 2008-05-29 10:29 . 2008-05-29 10:29 89,049 --a------ C:\WINDOWS\system32\vbpdtvdp.exe 2008-05-29 10:28 . 2008-05-29 13:26 d-------- C:\WINDOWS\system32\vntiho18 2008-05-29 10:28 . 2008-05-29 12:26 d-------- C:\Temp 2008-05-29 10:25 . 2008-05-29 20:43 d-------- C:\Program Files\SurfingSoftware 2008-05-29 09:51 . 2008-05-29 09:51 d-------- C:\Program Files\Common Files\Adobe 2008-05-29 09:50 . 2008-05-29 09:50 d-------- C:\Program Files\Common Files\xing shared 2008-05-10 16:58 . 2008-05-10 16:58 d-------- C:\Program Files\Orb Networks 2008-05-10 16:58 . 2008-05-12 22:44 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 05:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-31 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-05-30 22:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM 2008-05-30 19:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-30 16:14 9,984 ----a-w C:\WINDOWS\waol.exe 2008-05-30 16:14 30,208 ----a-w C:\WINDOWS\win64.exe 2008-05-30 16:14 23,040 ----a-w C:\WINDOWS\avpcc.dll 2008-05-30 16:14 20,480 ----a-w C:\WINDOWS\users32.exe 2008-05-30 16:14 16,128 ----a-w C:\WINDOWS\clrssn.exe 2008-05-30 16:14 14,592 ----a-w C:\WINDOWS\winmgnt.exe 2008-05-30 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-29 15:49 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2008-05-29 15:07 --------- d-----w C:\Program Files\LimeWire 2008-05-29 14:07 --------- d-----w C:\Program Files\Google 2008-05-29 13:55 --------- d-----w C:\Program Files\Real 2008-05-29 13:50 --------- d-----w C:\Program Files\Common Files\Real 2008-05-26 13:55 --------- d-----w C:\Program Files\Quicken 2008-04-26 09:33 --------- d-----w C:\Program Files\VoiceDialIt 2.0 for PalmOS 2008-04-25 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-25 21:32 --------- d-----w C:\Program Files\Common Files\Epocrates 2008-04-25 19:31 --------- d-----w C:\Program Files\Palm 2008-04-25 19:23 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-13 23:55 --------- d-----w C:\Program Files\WMR11 2008-04-13 23:52 --------- d-----w C:\Program Files\WinPcap 2008-04-08 17:56 --------- d-----w C:\Program Files\Yapta 2007-03-26 00:59 5,495 ----a-w C:\Program Files\[u]0[/u]x0409.ini 2007-03-26 00:59 3,674,624 ----a-w C:\Program Files\PCmover.msi 2007-03-01 12:30 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 17:16 68856] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 00:01 67584] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 11:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 11:40 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 22:30 139264] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152] "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 12:05 90112] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 01:34 249856] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 21:18 49152] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-29 09:49 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-05-19 15:34 1106344] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-05-19 15:39 1848150] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-05-19 15:34 126976] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2007-10-30 22:57 1095256] "HotSync"="C:\Program Files\PalmSource\Desktop\HotSync.exe" [ ] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240] C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ Calendar Creator Scheduler.lnk - C:\Program Files\Calendar Creator 4.0\CCSCHED.EXE [2007-03-01 12:01:44 97280] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-27 00:11:01 125624] HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08 1392640] HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08 1392640] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 21:40:44 282624] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXQGvww] byXQGvww.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\HP_Administrator\Application Data\kyzys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-03-31 21:54 507904 C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --a------ 2008-01-23 15:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinaps7] C:\Documents and Settings\HP_Administrator\Application Data\Zinaps7\Zinaps7.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\HP Rhapsody\\rhapsody.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2006-05-03 09:19] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 13:31] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2006-05-03 09:19] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N] \Shell\AutoRun\command - N:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26d0e56a-bf99-11db-9c3b-001731a59835}] \Shell\AutoRun\command - N:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d00a662-0ac0-11dc-9c51-001731a59835}] \Shell\AutoRun\command - L:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc0eb74a-b31a-11dc-9c75-001731a59835}] \Shell\AutoRun\command - N:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-05-31 05:01:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job" - C:\WINDOWS\system32\rundll32.exe "2008-05-30 22:11:35 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 01:35:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\searchindexer.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\DISC\DiscStreamHub.exe C:\hp\KBD\kbd.exe C:\WINDOWS\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\searchfilterhost.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\WINDOWS\system32\searchprotocolhost.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . ************************************************************************** . Completion time: 2008-06-01 1:39:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-01 05:39:17 Pre-Run: 18,540,199,936 bytes free Post-Run: 18,570,833,920 bytes free 313 --- E O F --- 2008-05-30 07:02:39