Here is combofix log file
-------------------------------------------------------------
ComboFix 09-02-26.02 - Administrator 2009-02-27 15:04:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1521 [GMT -6:00]
Running from: c:\tempo\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\x64
E:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://fox249dc1:8530.
((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.
2009-02-26 14:12 . 2009-02-26 14:12 <DIR> d-------- C:\_OTMoveIt
2009-02-26 12:46 . 2009-02-26 12:47 <DIR> d-------- C:\rsit
2009-02-26 12:35 . 2009-02-26 12:35 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-26 12:34 . 2009-02-26 12:34 <DIR> d-------- c:\windows\ERUNT
2009-02-26 12:31 . 2009-02-26 12:42 <DIR> d-------- C:\SDFix
2009-02-26 09:18 . 2008-06-17 13:02 8,461,312 --------- c:\windows\system32\dllcache\shell32.dll
2009-02-26 09:18 . 2009-01-09 13:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 09:34 . 2007-06-27 08:00 11,194,368 --a------ c:\windows\system32\ZHHP_RES.DLL
2009-02-24 09:34 . 2007-06-27 08:00 352,256 --a------ c:\windows\system32\zSHP2600.EXE
2009-02-24 09:34 . 2007-06-27 08:00 299,008 --a------ c:\windows\system32\ZHHP2600.EXE
2009-02-24 09:34 . 2007-06-27 08:00 106,496 --a------ c:\windows\system32\ZSPOOL.DLL
2009-02-24 09:34 . 2007-06-27 08:00 102,400 --a------ c:\windows\system32\ZLHP2600.DLL
2009-02-24 09:34 . 2007-06-27 08:00 61,440 --a------ c:\windows\system32\zIMF.DLL
2009-02-24 09:34 . 2007-06-27 08:00 53,248 --a------ c:\windows\system32\ZTAG.DLL
2009-02-24 09:33 . 2007-06-27 08:00 805,928 --a------ c:\windows\system32\hp2600n.img
2009-02-24 09:33 . 2007-06-27 08:00 749,568 --a------ c:\windows\system32\AGISSI.DLL
2009-02-17 11:19 . 2009-02-27 14:51 <DIR> d-------- C:\tempo
2009-02-14 01:58 . 2003-10-01 17:44 31,744 --a------ c:\windows\system32\drivers\IcdSX.sys
2009-02-14 01:56 . 2009-02-14 01:58 <DIR> d-------- c:\program files\SONY
2009-02-14 01:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-14 01:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2009-02-14 01:53 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-14 01:53 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2009-02-13 11:23 . 2009-02-13 13:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\U3
2009-02-09 11:15 . 2009-02-25 09:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 11:15 . 2009-02-09 11:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 11:15 . 2009-02-09 11:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-09 11:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 11:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-06 23:22 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-02-06 23:17 . 2009-02-06 23:17 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-06 23:14 . 2009-02-06 23:14 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-06 23:13 . 2009-02-06 23:14 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-06 23:08 . 2009-02-06 23:08 <DIR> d-------- c:\program files\QuickTime
2009-02-06 23:08 . 2009-02-06 23:08 <DIR> d-------- c:\program files\iTunes
2009-02-06 23:08 . 2009-02-06 23:08 <DIR> d-------- c:\program files\iPod
2009-02-06 23:08 . 2009-02-06 23:08 <DIR> d-------- c:\program files\Bonjour
2009-02-06 23:08 . 2009-02-06 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-06 23:08 . 2009-02-06 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-06 23:08 . 2009-02-06 23:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-06 23:08 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-06 23:08 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-06 23:07 . 2009-02-06 23:08 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-06 23:07 . 2009-02-06 23:07 <DIR> d-------- c:\program files\Apple Software Update
2009-02-06 23:07 . 2009-02-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-06 22:22 . 2009-02-06 22:22 <DIR> d-------- c:\program files\NOS
2009-02-05 23:06 . 2009-02-05 23:06 <DIR> d-------- c:\windows\Sun
2009-02-05 14:38 . 2009-02-05 14:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe
2009-02-05 10:34 . 2009-02-05 10:34 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-05 10:34 . 2009-02-05 10:34 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-05 10:34 . 2009-02-05 10:34 <DIR> d-------- c:\program files\MSBuild
2009-02-05 10:33 . 2009-02-05 10:34 <DIR> d-------- C:\3c10fd7fa45e45cf01d8535528
2009-02-05 10:33 . 2008-07-06 06:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-05 10:33 . 2008-07-06 06:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-05 10:33 . 2008-07-06 04:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-05 10:33 . 2008-07-06 06:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-05 10:33 . 2008-07-06 06:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-05 10:33 . 2008-07-06 06:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-05 10:33 . 2008-07-06 06:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-04 16:08 . 2009-02-24 09:34 <DIR> d-------- C:\Drivers_Programs
2009-02-04 13:38 . 2009-02-04 13:38 <DIR> d--h----- c:\windows\PIF
2009-02-04 13:18 . 2008-12-20 17:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-02-04 13:18 . 2007-04-17 03:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-04 13:18 . 2007-03-07 23:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-04 13:18 . 2008-12-20 17:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-04 13:18 . 2008-12-20 17:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-04 13:18 . 2008-12-20 17:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-02-04 13:18 . 2008-12-20 17:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-02-04 13:18 . 2008-12-20 17:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-04 13:18 . 2008-12-19 03:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-04 13:17 . 2009-02-04 13:17 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-04 12:02 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-02-04 12:02 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-02-04 12:02 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-02-04 12:02 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2009-02-04 09:48 . 2007-02-17 06:21 196,096 --a------ C:\nltest.exe
2009-02-03 17:20 . 2009-02-03 17:20 <DIR> d-------- c:\windows\SchCache
2009-02-03 16:32 . 2008-12-11 04:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-02-03 16:31 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-02-03 16:31 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-03 16:30 . 2008-08-14 04:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-03 16:30 . 2008-08-14 04:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-03 16:30 . 2008-08-14 03:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-03 16:30 . 2008-08-14 03:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 16:30 . 2008-09-15 06:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-02-03 16:30 . 2008-04-11 13:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-03 16:30 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-02-03 16:30 . 2008-05-01 08:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-02-03 16:29 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-02-03 16:29 . 2008-05-08 08:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-02-03 16:22 . 2009-02-03 16:22 <DIR> d--hs---- c:\documents and settings\Administrator\UserData
2009-02-03 16:18 . 2009-02-03 16:18 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-03 16:08 . 2009-02-03 16:08 <DIR> d-------- c:\documents and settings\thitam_tran\Bluetooth Software
2009-02-03 16:07 . 2008-12-17 17:38 <DIR> d-------- c:\documents and settings\thitam_tran\Application Data\SampleView
2009-02-03 16:07 . 2008-12-17 17:38 <DIR> d-------- c:\documents and settings\thitam_tran\Application Data\InstallShield
2009-02-03 16:07 . 2008-12-17 17:38 <DIR> d-------- c:\documents and settings\thitam_tran\Application Data\hpqLog
2009-02-03 16:07 . 2009-02-15 14:07 <DIR> d-------- c:\documents and settings\thitam_tran
2009-02-03 15:47 . 2009-02-03 15:47 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-03 15:47 . 2009-02-03 15:47 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-03 15:47 . 2009-02-03 15:47 10,563 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-03 15:47 . 2009-02-03 15:47 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-03 15:46 . 2009-02-03 15:47 <DIR> d-------- c:\program files\Symantec
2009-02-03 15:45 . 2009-02-03 15:48 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-03 15:43 . 2009-02-03 15:43 <DIR> d-------- c:\windows\SHELLNEW
2009-02-03 15:43 . 2009-02-03 15:43 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-03 15:43 . 2009-02-03 15:43 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-02-03 15:43 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-02-03 15:43 . 2009-02-04 13:24 376 --a------ c:\windows\ODBC.INI
2009-02-03 15:41 . 2009-02-03 15:41 <DIR> dr-h----- C:\MSOCache
2009-02-03 15:39 . 2009-02-03 15:39 <DIR> d-------- c:\program files\lotus
2009-02-03 15:39 . 2009-02-03 15:39 995 --a------ c:\windows\system32\mapisvc.inf
2009-02-03 15:23 . 2009-02-03 15:23 16 --a------ c:\windows\system32\coh.cache
2009-02-03 14:32 . 2009-02-03 14:32 <DIR> d-------- c:\program files\WIDCOMM
2009-02-03 14:32 . 2009-02-03 14:32 <DIR> d-------- c:\documents and settings\Administrator\Bluetooth Software
2009-02-03 14:32 . 2007-02-14 08:20 868,298 --a------ c:\windows\system32\drivers\btkrnl.sys
2009-02-03 14:32 . 2007-01-24 14:28 325,120 --a------ c:\windows\system32\accelerometercp.CPL
2009-02-03 14:32 . 2007-01-24 14:28 124,928 --a------ c:\windows\system32\accelerometerST.exe
2009-02-03 14:32 . 2007-01-05 16:42 7,680 --a------ c:\windows\system32\accelerometerdll.DLL
2009-02-03 14:32 . 2007-01-24 13:08 195 -r-hs---- c:\windows\system32\vssver2.scc
2009-02-03 14:31 . 2009-02-03 14:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-02-03 14:31 . 2004-08-04 02:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-03 14:30 . 2009-02-03 14:30 <DIR> d-------- c:\program files\Macrovision Corp
2009-02-03 14:30 . 2009-02-03 14:30 <DIR> d-------- c:\program files\InterVideo
2009-02-03 14:30 . 2009-02-03 14:30 <DIR> d-------- c:\program files\Common Files\InterVideo
2009-02-03 14:30 . 2002-11-22 02:57 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 07:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 05:17 --------- d-----w c:\program files\Java
2009-02-03 21:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-03 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-03 21:26 --------- d-----w c:\program files\Hewlett-Packard
2009-02-03 21:14 --------- d-----w c:\program files\HPQ
2009-02-03 21:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-03 20:30 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-03 20:29 1,775 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq 6710b_YN_0U_QUSH85100MN_ERM408UTRABA_46_I30C0_SHP_VKBC Version 71.2E_B68DDU Ver. F.13_T080818_WXP2_L409_M2040_J120_7Intel_8Pentium III Xeon_92.09_#081217_N14E41693_()_XMOBILE_CN10_Z_2F.13.MRK
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"HPWWANGSAssistant"="c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe" [2007-09-07 4162864]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-02-03 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-06 19:30 74240 c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1614895754-842925246-839522115-1791\Scripts\Logon\
0\
0]
"Script"=pushprinterconnections.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-04-22 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-03-29 13696]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-04-22 5808]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-12-17 540448]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-09-19 36608]
S4 Microsoft Service Controler;Microsoft Service Controler;c:\windows\system32\services.exe [2004-08-04 108544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04f3eed8-f9f3-11dd-8b7b-00215c06936d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Symantec Antvirus
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-27 15:07:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(932)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(988)
c:\windows\SbHpNp.dll
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-27 15:09:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-27 21:09:27
Pre-Run: 74,914,869,248 bytes free
Post-Run: 74,906,480,640 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
321 --- E O F --- 2009-02-26 16:17:45
================================================================================================
hijackthis log file
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:07 PM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\tempo\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = houston.foxconn.com
O17 - HKLM\Software\..\Telephony: DomainName = houston.foxconn.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = houston.foxconn.com
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
--
End of file - 10210 bytes