ComboFix 12-07-26.04 - cschaa001 07/25/2012 19:28:35.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2040 [GMT -4:00] Running from: c:\documents and settings\cschaa001\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: McAfee Host Intrusion Prevention Firewall *Disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5} FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\cschaa001\g2mdlhlpx.exe c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\24420e0_27292.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\4c24888_47012.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\bf947e8_43461.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0220e0_26401.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0220e0_27351.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0947e8_19552.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0b47e8_18202.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0b47e8_18513.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\cec20e0_17021.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\cec20e0_18021.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\d9f4898_25013.pdf c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\d9f4898_26181.pdf c:\documents and settings\cschaa001\Recent\Thumbs.db c:\documents and settings\cschaa001_old2\g2mdlhlpx.exe C:\Install.exe c:\program files\Internet Explorer\SET785.tmp C:\Thumbs.db c:\windows\EventSystem.log c:\windows\SET67A.tmp c:\windows\system32\_004634_.tmp.dll c:\windows\system32\_004635_.tmp.dll c:\windows\system32\_004636_.tmp.dll c:\windows\system32\_004637_.tmp.dll c:\windows\system32\_004644_.tmp.dll c:\windows\system32\_004645_.tmp.dll c:\windows\system32\_004646_.tmp.dll c:\windows\system32\_004647_.tmp.dll c:\windows\system32\_004649_.tmp.dll c:\windows\system32\_004650_.tmp.dll c:\windows\system32\_004651_.tmp.dll c:\windows\system32\_004653_.tmp.dll c:\windows\system32\_004654_.tmp.dll c:\windows\system32\_004656_.tmp.dll c:\windows\system32\_004657_.tmp.dll c:\windows\system32\_004658_.tmp.dll c:\windows\system32\_004660_.tmp.dll c:\windows\system32\_004663_.tmp.dll c:\windows\system32\_004664_.tmp.dll c:\windows\system32\_004668_.tmp.dll c:\windows\system32\_004669_.tmp.dll c:\windows\system32\_004671_.tmp.dll c:\windows\system32\_004672_.tmp.dll c:\windows\system32\_004674_.tmp.dll c:\windows\system32\_004676_.tmp.dll c:\windows\system32\_004677_.tmp.dll c:\windows\system32\_004678_.tmp.dll c:\windows\system32\_004679_.tmp.dll c:\windows\system32\_004680_.tmp.dll c:\windows\system32\_004683_.tmp.dll c:\windows\system32\_004684_.tmp.dll c:\windows\system32\_004685_.tmp.dll c:\windows\system32\_004686_.tmp.dll c:\windows\system32\_004687_.tmp.dll c:\windows\system32\_004692_.tmp.dll c:\windows\system32\_004694_.tmp.dll c:\windows\system32\_004695_.tmp.dll c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\Quick Launch c:\windows\system32\r_server.exe c:\windows\system32\raddrv.dll c:\windows\system32\SET13D8.tmp c:\windows\system32\SET13DB.tmp c:\windows\system32\SET13E3.tmp c:\windows\system32\SET339.tmp c:\windows\system32\SET33A.tmp c:\windows\system32\SET33B.tmp c:\windows\system32\SET33C.tmp c:\windows\system32\SET33E.tmp c:\windows\system32\SET340.tmp c:\windows\system32\SET347.tmp c:\windows\system32\SET348.tmp c:\windows\system32\SET34B.tmp c:\windows\system32\SET35A.tmp c:\windows\system32\SET360.tmp c:\windows\system32\SET361.tmp c:\windows\system32\SET363.tmp c:\windows\system32\SET364.tmp c:\windows\system32\SET365.tmp c:\windows\system32\SET366.tmp c:\windows\system32\SET367.tmp c:\windows\system32\SET369.tmp c:\windows\system32\SET36A.tmp c:\windows\system32\SET36B.tmp c:\windows\system32\SET36C.tmp c:\windows\system32\SET376.tmp c:\windows\system32\SET377.tmp c:\windows\system32\SET378.tmp c:\windows\system32\SET379.tmp c:\windows\system32\SET37C.tmp c:\windows\system32\SET37E.tmp c:\windows\system32\SET37F.tmp c:\windows\system32\SET383.tmp c:\windows\system32\SET386.tmp c:\windows\system32\SET389.tmp c:\windows\system32\SET38A.tmp c:\windows\system32\SET38C.tmp c:\windows\system32\SET38D.tmp c:\windows\system32\SET38E.tmp c:\windows\system32\SET393.tmp c:\windows\system32\SET394.tmp c:\windows\system32\SET395.tmp c:\windows\system32\SET396.tmp c:\windows\system32\SET397.tmp c:\windows\system32\SET39D.tmp c:\windows\system32\SET3A2.tmp c:\windows\system32\SET3A3.tmp c:\windows\system32\SET3A7.tmp c:\windows\system32\SET3AA.tmp c:\windows\system32\SET3AB.tmp c:\windows\system32\SET3B2.tmp c:\windows\system32\SET3B3.tmp c:\windows\system32\SET3B6.tmp c:\windows\system32\SET3BA.tmp c:\windows\system32\SET3C3.tmp c:\windows\system32\SET3C4.tmp c:\windows\system32\SET3C7.tmp c:\windows\system32\SET3C9.tmp c:\windows\system32\SET3CA.tmp c:\windows\system32\SET3CB.tmp c:\windows\system32\SET3CC.tmp c:\windows\system32\SET3CD.tmp c:\windows\system32\SET3CE.tmp c:\windows\system32\SET3DE.tmp c:\windows\system32\SET3E3.tmp c:\windows\system32\SET3E5.tmp c:\windows\system32\SET3E7.tmp c:\windows\system32\SET3E8.tmp c:\windows\system32\SET3E9.tmp c:\windows\system32\SET3EA.tmp c:\windows\system32\SET3EC.tmp c:\windows\system32\SET3ED.tmp c:\windows\system32\SET3F1.tmp c:\windows\system32\SET3F2.tmp c:\windows\system32\SET3F5.tmp c:\windows\system32\SET3F6.tmp c:\windows\system32\SET3F7.tmp c:\windows\system32\SET3FD.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_r_server -------\Service_r_server . . ((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 ))))))))))))))))))))))))))))))) . . 2012-07-24 14:00 . 2012-07-24 14:01 -------- d-----w- C:\starflt 2012-07-24 12:33 . 2012-07-25 17:55 -------- d-----w- C:\dosprogs 2012-07-24 12:01 . 2012-07-24 12:01 -------- d-----w- c:\documents and settings\cschaa001\Local Settings\Application Data\DOSBox 2012-07-24 12:00 . 2012-07-25 19:28 -------- d-----w- c:\program files\DOSBox-0.74 2012-07-21 00:29 . 2012-07-21 00:29 388096 ----a-r- c:\documents and settings\cschaa001\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-21 00:29 . 2012-07-21 00:29 -------- d-----w- c:\program files\Trend Micro 2012-07-21 00:06 . 2012-07-21 00:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus 2012-07-09 14:19 . 2012-07-09 14:19 -------- d-----w- c:\program files\Belarc 2012-07-09 14:19 . 2011-08-09 21:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys 2012-07-05 14:48 . 2012-07-05 14:48 -------- d-----w- c:\documents and settings\cschaa001\Local Settings\Application Data\BulletProof Software 2012-07-05 14:39 . 2012-07-06 23:30 -------- d-----w- c:\program files\Star Downloader 2012-07-02 12:19 . 2012-07-02 12:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-28 14:56 . 2012-06-28 14:56 -------- d-----w- c:\documents and settings\jcopti001 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-21 00:19 . 2012-04-05 16:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-21 00:19 . 2011-05-19 11:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-02 12:19 . 2010-02-09 14:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-02 12:19 . 2010-05-06 11:55 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-13 17:40 . 2011-09-21 15:00 230808 ----a-r- c:\windows\system32\cpnprt2.cid 2006-12-29 21:15 . 2006-12-29 21:15 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2006-12-29 21:15 . 2006-12-29 21:15 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx 2006-12-29 21:15 . 2006-12-29 21:15 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2006-12-29 21:15 . 2006-12-29 21:15 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2012-06-25 18:04 . 2010-08-31 13:01 80184 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2012-06-25 18:04 . 2010-08-31 13:01 586040 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2011-02-01 19:59 . 2011-02-01 19:59 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2010-12-17 15:59 . 2010-12-17 15:59 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-07-20 13:16 . 2011-05-07 17:13 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-04-04 1261472] "BatteryCare"="c:\program files\BatteryCare\BatteryCare.exe" [2012-07-09 728064] "FolderMenu"="c:\program files\FolderMenu\FolderMenu.exe" [2010-04-23 432268] "Spotify Web Helper"="c:\documents and settings\cschaa001\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-07-23 1192664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "Apoint"="c:\program files\Apoint\Apoint.exe" [2008-01-16 176128] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-20 466944] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-22 442467] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2010-11-12 5145952] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-06-09 115624] "PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888] "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2010-11-12 5145952] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-2-6 1528880] Infuzer.lnk - c:\program files\Trondent Development Corp\Infuzer\Infuzer.exe [2010-5-11 278016] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-1-5 813584] MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2010-4-19 294912] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "consentpromptbehavioradmin"= 0 (0x0) "enableinstallerdetection"= 0 (0x0) "enablesecureuiapaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) "NoMSAppLogo5ChannelNotify"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideSCAPower"= 0 (0x0) "NoHardwareTab"= 1 (0x1) "NoChangeAnimation"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\0\0] "Script"=NortheastAdminRightsLogon.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\0\1] "Script"=NortheastLogon.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\1\0] "Script"=scr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\1\1] "Script"=PaCPA_DriveMapping_Script.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\1\2] "Script"=KeystoneBGinstall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\1\3] "Script"=runscriptSQL-KEY.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-70120\Scripts\Logon\0\0] "Script"=NoProxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-70120\Scripts\Logon\0\1] "Script"=runscriptEast.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-70124\Scripts\Logon\0\0] "Script"=runscriptSQL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-70124\Scripts\Logon\0\1] "Script"=NoProxy.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SlingAgentService"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [6/1/2012 9:08 AM 21240] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [6/1/2012 9:08 AM 335224] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/26/2011 2:23 PM 101112] R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [6/1/2012 9:08 AM 217976] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [5/3/2012 6:37 PM 1226096] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [7/31/2008 10:41 PM 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [7/31/2008 10:41 PM 21352] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/5/2012 8:26 AM 10384] R2 NightWatchman50;NightWatchman50;c:\program files\1E\NightWatchman50\NwmSvc.exe [9/22/2010 11:55 AM 1021272] R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 4:35 PM 61440] R2 NwmSleepless;NwmSleepless;c:\windows\system32\drivers\NwmSleepless.sys [1/27/2011 2:19 AM 46656] R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [12/19/2011 1:20 PM 3289032] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/1/2012 9:08 AM 77816] R2 WakeUpAgt;1E WakeUp Agent;c:\program files\1E\WakeUp\Agent\WakeUpAgt.exe [9/29/2010 5:24 PM 275792] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2/5/2009 2:10 PM 108160] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2/5/2009 2:31 PM 32808] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2/5/2009 2:17 PM 244368] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2012 8:02 AM 106656] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/5/2009 2:21 PM 110080] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [6/1/2012 9:08 AM 94584] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [7/26/2008 5:30 PM 14416] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 1:20 PM 136176] S2 SitCommunicatorV2.0.1;SitCommunicatorV2.0.1;"c:\program files\Comcast\SitCommunicator\SitCommunicatorV2.0.1.exe" --> c:\program files\Comcast\SitCommunicator\SitCommunicatorV2.0.1.exe [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/9/2011 3:33 PM 23888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 1:20 PM 136176] S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [9/24/2001 4:36 AM 75776] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/28/2012 1:02 PM 113120] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [6/1/2012 9:08 AM 94584] S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [6/1/2012 9:08 AM 93816] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 3:37 PM 517096] S4 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [11/3/2010 8:19 PM 94024] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WINRING0_1_2_0 *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-06-24 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37] . 2012-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 17:20] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 17:20] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367Core.job - c:\documents and settings\cschaa001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-02 12:43] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367UA.job - c:\documents and settings\cschaa001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-02 12:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.teamcomcast.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 DPF: {EFCBF9F8-0F50-11D2-A9F3-0004ACFF1B93} - hxxp://comtrac/Comcast0607/controls/cti_control.ocx FF - ProfilePath - c:\documents and settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe HKCU-Run-AdobeBridge - (no file) SafeBoot-Symantec Antvirus AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-25 19:44 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(772) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . - - - - - - - > 'lsass.exe'(832) c:\windows\SYSTEM32\SYSFER.DLL . - - - - - - - > 'explorer.exe'(684) c:\windows\SYSTEM32\SYSFER.DLL c:\windows\system32\logishrd\LVPrcInj01.dll c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\inetres.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\CCM\CcmExec.exe c:\program files\1E\NightWatchman50\NWMCLI.EXE c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\progra~1\AD-AWA~1\AdAware.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2012-07-25 19:55:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-25 23:54 . Pre-Run: 9,332,674,560 bytes free Post-Run: 10,954,235,904 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 4239782475EC25D0B3FC575BD734A572