HijackThis Log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:59, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Antivirus 2008\Antivirus-2008.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://antivir--2008...uy.php?aff=1001O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [98be2775] rundll32.exe "C:\WINDOWS\system32\tsmdhasi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {d8984c47-1522-4219-ae63-3ca7ac8f3bd6} - C:\WINDOWS\system32\iehlpr32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8320 bytes
And ComboFix Log...
ComboFix 08-08-08.08 - HP_Administrator 2008-08-09 17:26:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1417 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\ARB456WZ\interclick.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\ARB456WZ\interclick.com\ud.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008.lnk
C:\Documents and Settings\HP_Administrator\Desktop\Antivirus-2008.lnk
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Antivirus 2008
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Antivirus 2008\Antivirus-2008.lnk
C:\Program Files\Antivirus 2008
C:\Program Files\Antivirus 2008\Antivirus-2008.exe
C:\Program Files\Antivirus 2008\vscan.tsi
C:\Program Files\Antivirus 2008\zlib.dll
C:\WINDOWS\adaway.lic
C:\WINDOWS\bgrqfetx.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\emgo.exe
C:\WINDOWS\system32\byXNdcbC.dll
C:\WINDOWS\system32\CbcdNXyb.ini
C:\WINDOWS\system32\CbcdNXyb.ini2
C:\WINDOWS\system32\drivers\Wingo17.sys
C:\WINDOWS\system32\iifcCuSj.dll
C:\WINDOWS\system32\isahdmst.ini
C:\WINDOWS\system32\nwbqyz.dll
C:\WINDOWS\system32\rqRlJcAP.dll
C:\WINDOWS\system32\rresiqde.dll
C:\WINDOWS\system32\thxujhbi.ini
C:\WINDOWS\system32\tsmdhasi.dll
C:\WINDOWS\system32\urfloxmd.dll
C:\WINDOWS\system32\vxyzga.dll
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\xcrashdump.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINGO17
-------\Service_Wingo17
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.
2008-08-09 03:44 . 2008-08-09 03:46 <DIR> d-------- C:\Program Files\Adware Away
2008-08-09 02:53 . 2008-08-09 02:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-09 02:53 . 2008-08-09 02:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-09 02:29 . 2008-08-09 02:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-09 02:16 . 2008-08-09 02:16 <DIR> d-------- C:\Program Files\ERUNT
2008-08-09 02:12 . 2008-08-09 02:13 <DIR> d-------- C:\Documents and Settings\HP_Administrator\SmitfraudFix
2008-08-09 02:12 . 2008-08-09 12:28 3,556 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-09 02:08 . 2008-08-08 23:52 86,016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-09 02:07 . 2008-08-09 13:21 <DIR> d-------- C:\Fraps
2008-08-09 02:07 . 2008-08-09 13:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 02:07 . 2008-08-09 02:07 65,536 ---hs---- C:\Documents and Settings\HP_Administrator\MediaTubeCodec_ver1.1463.0.exe
2008-08-02 15:58 . 2008-08-02 15:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-02 15:58 . 2005-10-22 07:28 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-02 15:58 . 2005-10-22 07:28 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-02 15:56 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-02 15:56 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-09 14:37 . 2008-07-31 18:24 <DIR> d-------- C:\Program Files\Common
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 21:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-09 21:17 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-08-09 06:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-07-15 13:56 --------- d-----w C:\Program Files\World of Warcraft
2008-06-29 17:13 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-20 21:57 --------- d-----w C:\Program Files\Tortun
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 10:33 61440]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-04 12:40 48752]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-03-29 20:03 22656]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 20:50 253952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-11 02:00 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-11 02:13 98304]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 10:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-12 15:10:37 147456]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-10 10:33:06 61440]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 09:23:26 282624]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-11 02:21:00 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-16 18:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-07-30 C:\WINDOWS\Tasks\HPCeeSchedule.job
- C:\PROGRA~1\EASYIN~1\Ceement\HPCEE.exe [2005-05-24 19:46]
2008-08-02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 10:21]
2008-08-09 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 22:24]
2008-08-09 C:\WINDOWS\Tasks\WebReg Photosmart C4200 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 10:21]
.
- - - - ORPHANS REMOVED - - - -
BHO-{A7C24F5D-8407-49B8-807F-BD0B213692EA} - C:\WINDOWS\wnlmdakqgpk.dll
HKLM-Run-98be2775 - C:\WINDOWS\system32\tsmdhasi.dll
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9dnek58g.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPOJI610.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-09 17:36:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-09 17:40:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 21:40:55
Pre-Run: 198,888,534,016 bytes free
Post-Run: 198,919,389,184 bytes free
217 --- E O F --- 2008-07-10 18:08:02