Hi Ewgene ,
I am not sure it is all gone even though it is not happening as often and as " strong " as it was before .
After the last cure last night , I saw again after checking with HiJackThis that I had about +100 host O1's . My CPU was not 100% gone but again connection was extremely slow . See HiJack log below . Combofix log follows :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:45, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\System.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
O1 - Hosts: 127.1 61.134.37.12
O1 - Hosts: 127.1 ko.ssa387.cn
O1 - Hosts: 127.1 www.ndxrr.cn
O1 - Hosts: 127.1 12345.ssa387.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 wwwwhf.cn
O1 - Hosts: 127.1 a89369093.sq.u9idc.com
O1 - Hosts: 127.1 www.mmd178.cn
O1 - Hosts: 127.1 www.178mmd.cn
O1 - Hosts: 127.1 www.wenzhuoyyy.cn
O1 - Hosts: 127.1 tw.lovechina.tw.cn
O1 - Hosts: 127.1 222.189.238.151
O1 - Hosts: 127.1 222.179.185.78
O1 - Hosts: 127.1 www.wq9q.cn
O1 - Hosts: 127.1 593ffcey.cn
O1 - Hosts: 127.1 set.yay520.cn
O1 - Hosts: 127.1 tenmoc999.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 121.kcuf-01.com
O1 - Hosts: 127.1 www.ew1q.cn
O1 - Hosts: 127.1 www.b3sk.cn
O1 - Hosts: 127.1 up.bizmd.cn
O1 - Hosts: 127.1 www.ms2a.cn
O1 - Hosts: 127.1 www.wo9188.cn
O1 - Hosts: 127.1 www.fgetchr.cn
O1 - Hosts: 127.1 www.e6zx.cn
O1 - Hosts: 127.1 hai067.com
O1 - Hosts: 127.1 hai088.com
O1 - Hosts: 127.1 778899.jd8j.cn
O1 - Hosts: 127.1 sql.78-11.net
O1 - Hosts: 127.1 www.bbbirdy.com
O1 - Hosts: 127.1 www.s1na1.com.cn
O1 - Hosts: 127.1 www.dianyinjzd.cn
O1 - Hosts: 127.1 www.dj5201314dj.com
O1 - Hosts: 127.1 max-2.cn
O1 - Hosts: 127.1 a.asp-o.cn
O1 - Hosts: 127.1 b.asp-o.cn
O1 - Hosts: 127.1 c.asp-o.cn
O1 - Hosts: 127.1 x.kprobb.cn
O1 - Hosts: 127.1 js.php-k.cn
O1 - Hosts: 127.1 max-1.cn
O1 - Hosts: 127.1 max-3.cn
O1 - Hosts: 127.1 max-4.cn
O1 - Hosts: 127.1 max-5.cn
O1 - Hosts: 127.1 max-6.cn
O1 - Hosts: 127.1 max-7.cn
O1 - Hosts: 127.1 max-8.cn
O1 - Hosts: 127.1 max-9.cn
O1 - Hosts: 127.1 max-10.cn
O1 - Hosts: 127.1 max-11.cn
O1 - Hosts: 127.1 max-12.cn
O1 - Hosts: 127.1 twocannon250.com.cn
O1 - Hosts: 127.1 www.133mm.cn
O1 - Hosts: 127.1 www.51vmm.cn
O1 - Hosts: 127.1 www.7mmoo.cn
O1 - Hosts: 127.1 www.99mmm.org.cn
O1 - Hosts: 127.1 www.hdec.cn
O1 - Hosts: 127.1 www.picc18.com
O1 - Hosts: 127.1 www.kissdh.com
O1 - Hosts: 127.1 www.x7v.cn
O1 - Hosts: 127.1 biqulu.cn
O1 - Hosts: 127.1 2008.qq2006.com.cn
O1 - Hosts: 127.1 giaitrisex.com
O1 - Hosts: 127.1 www.giaitrisex.com
O1 - Hosts: 127.1 www.giaitrituoitre.net
O1 - Hosts: 127.1 mekiep.com
O1 - Hosts: 127.1 www.1sex1day.com
O1 - Hosts: 127.1 a.9ymm.com
O1 - Hosts: 127.1 bobo.7wyt.com
O1 - Hosts: 127.1 www.591caobi.cn
O1 - Hosts: 127.1 www.hrz008.cn
O1 - Hosts: 127.1 asp-15.cn
O1 - Hosts: 127.1 asp-12.cn
O1 - Hosts: 127.1 www.jb88.net
O1 - Hosts: 127.1 6.a88a.com
O1 - Hosts: 127.1 w.b2c3.cn
O1 - Hosts: 127.1 m.c5x8.com
O1 - Hosts: 127.1 www.518sfw.cn
O1 - Hosts: 127.1 www.jjyyzmj.cn
O1 - Hosts: 127.1 u.cnmrx.net
O1 - Hosts: 127.1 duowan.czm.cn
O1 - Hosts: 127.1 xccxcxcxcxcx.cn
O1 - Hosts: 127.1 google-yahoo.org.cn
O1 - Hosts: 127.1 tudou-net.org.cn
O1 - Hosts: 127.1 downloads.zango.com
O1 - Hosts: 127.1 ftp.surfnet.nl
O1 - Hosts: 127.1 bis.180solutions.com
O1 - Hosts: 127.1 installs.hotbar.com
O1 - Hosts: 127.1 www.hbdownloads.com
O1 - Hosts: 127.1 static.zangocash.com
O1 - Hosts: 127.1 www.qq-songli.cn
O1 - Hosts: 127.1 aa.9234.net
O1 - Hosts: 127.1 www.97love.info
O1 - Hosts: 127.1 97love.info
O1 - Hosts: 127.1 www.zyzhuiku.cn
O1 - Hosts: 127.1 zyzhuiku.cn
O1 - Hosts: 127.1 www.lang18.com
O1 - Hosts: 127.1 lang18.com
O1 - Hosts: 127.1 sao6666.com
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MPKrnl] rundll32 "C:\WINDOWS\MPKrnl.dll",KrnlMsgProc
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [MPMKrnl] rundll32 "C:\WINDOWS\MKMKrnl.dll",KMainProc
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) -
http://chkr-web.ifol...loader_chkr.cabO16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) -
http://www.klickonli...geUploader3.cabO16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) -
http://static.photob...ploader_uni.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: 01AFE3DC.dll,HBmhly.dll,HBZHUXIAN.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 16922 bytes
------------------------
ComboFix 08-11-19.08 - OKUCU 2008-11-20 10:45:54.16 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.90.1033.18.988 [GMT -8:00]
Running from: c:\documents and settings\OKUCU\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Messenger\msgmr.dll
c:\windows\AppPatch\AcSpecf.dll
c:\windows\AppPatch\AcXtrnel.sdb
c:\windows\Downloaded Program Files\ThunderAdvise.dll
c:\windows\Fonts\Framdee.ttf
c:\windows\MSVB50CHS.dll
c:\windows\system32\
01AFE3DC.dll
c:\windows\system32\
08223B03.cfg
c:\windows\system32\
08223B03.dll
c:\windows\system32\122B901E.cfg
c:\windows\system32\122B901E.dll
c:\windows\system32\16AF66EB.dll
c:\windows\system32\201476D0.dll
c:\windows\system32\2EF0D734.cfg
c:\windows\system32\2EF0D734.dll
c:\windows\system32\34A25F04.dll
c:\windows\system32\3B8DA919.dll
c:\windows\system32\4D023DE9.cfg
c:\windows\system32\4D023DE9.dll
c:\windows\system32\4FBFD5A4.dll
c:\windows\system32\58FF3024.cfg
c:\windows\system32\58FF3024.dll
c:\windows\system32\5934EA2B.dll
c:\windows\system32\66AFCB56.cfg
c:\windows\system32\66AFCB56.dll
c:\windows\system32\8566F82E.cfg
c:\windows\system32\8566F82E.dll
c:\windows\system32\93DEE065.dll
c:\windows\system32\9CA963CA.cfg
c:\windows\system32\9CA963CA.dll
c:\windows\system32\9F684DE8.cfg
c:\windows\system32\9F684DE8.dll
c:\windows\system32\A1A6BC2E.dll
c:\windows\system32\AD794E6B.dll
c:\windows\system32\B3721C07.cfg
c:\windows\system32\B3721C07.dll
c:\windows\system32\B8E83D3C.dll
c:\windows\system32\BA7EDF54.cfg
c:\windows\system32\BA7EDF54.dll
c:\windows\system32\DA63E650.cfg
c:\windows\system32\DA63E650.dll
c:\windows\system32\DFEC5CB7.cfg
c:\windows\system32\DFEC5CB7.dll
c:\windows\system32\drivers\HBKernel32.sys
c:\windows\system32\E0D39066.cfg
c:\windows\system32\E0D39066.dll
c:\windows\system32\E1D19FCC.dll
c:\windows\system32\F8E07BB2.dll
c:\windows\system32\HBmhly.dll
c:\windows\system32\HBZHUXIAN.dll
c:\windows\system32\system.exe
c:\windows\system32\unxxx.bat
c:\windows\temp\wmsetup.dll
c:\windows\Update.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_HBKernel32
((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.
2008-11-19 20:35 . 2008-11-19 20:50 20,480 --a------ c:\windows\MPKrnl.dll
2008-11-19 20:35 . 2008-11-19 20:35 152 --ahs---- c:\windows\system32\
01AFE3DC.cfg
2008-11-19 20:33 . 2008-11-19 20:33 5,504 --a------ c:\windows\system32\f35ee9e.sys
2008-11-19 20:33 . 2008-11-19 20:33 5,504 --a------ c:\windows\system32\b160485.sys
2008-11-19 20:33 . 2008-11-19 20:33 296 --ahs---- c:\windows\system32\16AF66EB.cfg
2008-11-12 08:27 . 2008-11-12 08:30 <DIR> d-------- C:\Lop SD
2008-11-12 07:53 . 2008-11-12 07:53 <DIR> d-------- c:\windows\ERUNT
2008-11-12 07:47 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-10 11:53 . 2008-11-10 11:53 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-02 18:25 . 2008-11-02 18:25 <DIR> d-------- c:\documents and settings\OKUCU\DoctorWeb
2008-11-02 17:46 . 2008-11-02 18:24 250 --a------ c:\windows\gmer.ini
2008-10-27 09:43 . 2008-11-05 23:48 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-27 09:43 . 2008-10-27 09:43 1,409 --a------ c:\windows\QTFont.for
2008-10-26 18:12 . 2008-10-26 18:12 <DIR> d-------- C:\rsit
2008-10-25 05:09 . 2008-10-25 05:09 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-24 19:55 . 2008-10-24 19:55 <DIR> d-------- C:\_OTScanIt
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 18:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-20 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-20 04:50 10,240 ----a-w c:\windows\MKMKrnl.dll
2008-11-19 08:18 --------- d-----w c:\documents and settings\OKUCU\Application Data\SolidDocuments
2008-11-12 06:16 --------- d-----w c:\documents and settings\OKUCU\Application Data\Skype
2008-11-04 02:16 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2008-10-31 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 04:12 76,856 ----a-w c:\documents and settings\OKUCU\Application Data\GDIPFONTCACHEV1.DAT
2008-10-25 13:09 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-25 12:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 23:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 23:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-18 15:47 --------- d-----w c:\documents and settings\OKUCU\Application Data\LimeWire
2008-10-15 09:49 --------- d-----w c:\program files\Visage
2008-10-15 09:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-15 09:49 --------- d-----w c:\program files\Common Files\Visage Software
2008-10-15 08:10 --------- d-----w c:\program files\SolidDocuments
2008-10-15 08:09 --------- d-----w c:\documents and settings\All Users\Application Data\SolidDocuments
2008-10-15 07:38 --------- d-----w c:\program files\PDFCreator
2008-10-15 07:38 --------- d-----w c:\documents and settings\OKUCU\Application Data\PDFCreator
2008-10-14 05:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 20:55 --------- d-----w c:\program files\MathType
2008-10-12 11:08 --------- d-----w c:\documents and settings\OKUCU\Application Data\Autodesk
2008-10-12 11:08 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-10-11 09:25 --------- d-----w c:\program files\MSXML 6.0
2008-10-10 08:32 --------- d-----w c:\program files\Nikon_Capture_NX2_v2.1.0
2008-10-10 08:13 --------- d-----w c:\program files\AutoCAD 2008
2008-10-10 08:12 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-09 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-09 18:30 --------- d-----w c:\program files\Common Files\Adobe
2008-10-09 18:30 --------- d-----w c:\program files\Bonjour
2008-10-09 18:17 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-09 17:00 --------- d-----w c:\program files\turbo squid tentacles
2008-10-09 16:54 --------- d-----w c:\program files\Autodesk
2008-10-05 06:22 --------- d-----w c:\program files\Google
2008-10-02 06:33 --------- d-----w c:\program files\eMule
2008-10-02 06:31 --------- d-----w c:\program files\Swiss International Air Lines TravelDesk
2008-10-02 06:29 --------- d-----w c:\program files\Netopia
2008-09-29 05:52 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-09-29 05:47 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2008-09-25 07:44 --------- d-----w c:\documents and settings\OKUCU\Application Data\U3
2008-08-10 06:58 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
.
((((((((((((((((((((((((((((( snapshot_2008-11-18_ 8.08.27.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-18 16:03:11 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-19 05:54:06 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-18 16:03:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-19 05:54:06 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-18 16:03:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-19 05:54:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-17 03:19:13 5,504 ----a-w c:\windows\system32\d435fd4.sys
+ 2008-11-20 04:34:08 5,504 ----a-w c:\windows\system32\d435fd4.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-28 286720]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-30 122941]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-19 48752]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-05-05 22656]
"MPKrnl"="c:\windows\MPKrnl.dll" [2008-11-19 20480]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 c:\windows\KHALMNPR.Exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 c:\windows\system32\TCtrlIOHook.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MPMKrnl"="c:\windows\MKMKrnl.dll" [2008-11-19 10240]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-28 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46}"= "16AF66EB.dll" [BU]
"{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}"= "4FBFD5A4.dll" [BU]
"{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC}"= "E1D19FCC.dll" [BU]
"{F8E07BB2-7A19-4057-80F1-E14646E630B4}"= "F8E07BB2.dll" [BU]
"{AD794E6B-90B7-4F9D-8FD6-0C16E3298FF2}"= "AD794E6B.dll" [BU]
"{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}"= "A1A6BC2E.dll" [BU]
"{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}"= "5934EA2B.dll" [BU]
"{201476D0-2B18-462E-AB9F-3E2B0CC8732B}"= "201476D0.dll" [BU]
"{3B8DA919-1139-4B10-AD8F-91E8FBCFD375}"= "3B8DA919.dll" [BU]
"{93DEE065-EC9B-4505-ADD3-19880AD3C38F}"= "93DEE065.dll" [BU]
"{B8E83D3C-9466-4091-9AD1-1F89418A6EB7}"= "B8E83D3C.dll" [BU]
"{01AFE3DC-2242-436E-9B44-6DD1C664E828}"= "01AFE3DC.dll" [BU]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-03 09:11 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-20 12:36 1207080 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 03:58 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-27 01:18 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 05:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 06:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 06:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2005-08-30 02:53 1077329 c:\program files\Toshiba\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 08:20 20058152 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-12 01:31 118784 c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-03-10 09:45 35328 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
--a------ 2005-06-06 00:58 24576 c:\windows\system32\ZoomingHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
S3 b160485;b160485;\??\c:\windows\system32\b160485.sys [2008-11-19 5504]
S3 d435fd4;d435fd4;\??\c:\windows\system32\d435fd4.sys [2008-11-19 5504]
S3 f35ee9e;f35ee9e;\??\c:\windows\system32\f35ee9e.sys [2008-11-19 5504]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-07 29744]
.
Contents of the 'Scheduled Tasks' folder
2008-11-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 03:24]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{34A25F04-008D-403E-8EE6-2307BC02FA2E} - 34A25F04.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\OKUCU\Application Data\Mozilla\Firefox\Profiles\c4f6pgvi.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-20 10:55:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Toshiba\ConfigFree\CFSServ.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-11-20 11:02:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-20 19:02:13
ComboFix2.txt 2008-11-19 19:26:31
ComboFix3.txt 2008-11-19 16:36:42
ComboFix4.txt 2008-11-19 06:23:32
ComboFix5.txt 2008-11-20 18:44:14
Pre-Run: 14,244,139,008 bytes free
Post-Run: 14,273,413,120 bytes free
353 --- E O F --- 2008-10-16 20:32:25
I just want to do a final check.
to insert the attachment into your post
OTScanIt.Txt 238.52KB
254 downloads
) : "Repair", "Install", and "exit". Do you have this screen ? If yes, click on exit and it means it's the good CD 
This topic is locked
Sign In
Create Account
