ComboFix 10-06-03.01 - Compaq_Owner 06/05/2010 19:30:37.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.337 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\cpu tools\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.
2010-06-05 14:39 . 2010-06-05 14:39 -------- d-----w- c:\program files\ERUNT
2010-06-05 01:15 . 2010-06-05 15:35 -------- d-----w- c:\program files\trend micro
2010-06-05 01:15 . 2010-06-05 01:15 -------- d-----w- C:\rsit
2010-05-25 03:34 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-05-25 03:34 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-05-25 03:34 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-05-25 03:34 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-05-25 03:34 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-05-25 03:34 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-05-23 15:48 . 2010-05-23 15:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\U3
2010-05-23 06:47 . 2010-05-23 06:47 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Facebook
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 02:21 . 2004-09-29 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-06 02:21 . 2004-09-29 23:56 -------- d-----w- c:\program files\Viewpoint
2010-06-06 02:18 . 2004-10-03 01:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 02:04 . 2004-09-27 04:32 42948 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2010-06-02 16:41 . 2010-06-02 16:41 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-31 08:52 . 2010-01-24 05:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-31 08:52 . 2010-01-24 05:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-29 03:32 . 2010-01-24 06:20 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Skype
2010-05-29 03:05 . 2010-01-24 06:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\skypePM
2010-05-23 21:14 . 2007-12-21 01:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Image Zone Express
2010-05-23 07:13 . 2010-05-23 06:47 50354 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Facebook\uninstall.exe
2010-05-16 01:03 . 2008-08-07 15:34 -------- d-----w- c:\program files\Google
2010-05-02 16:51 . 2010-04-01 06:04 -------- d-----w- c:\program files\Camfrog
2010-05-02 16:49 . 2007-02-23 16:35 -------- d-----w- c:\program files\RCI Welcome
2010-05-02 16:47 . 2005-02-14 04:36 -------- d-----w- c:\program files\iPod
2010-05-02 16:34 . 2004-08-12 11:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 16:22 . 2009-12-24 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 16:21 . 2009-12-24 02:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Tific
2010-05-02 16:19 . 2010-05-02 16:19 -------- d-----w- c:\program files\Symantec
2010-05-02 16:19 . 2010-05-02 16:19 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-02 16:19 . 2010-05-02 16:19 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 16:19 . 2010-05-02 16:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 16:19 . 2010-05-02 16:19 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 16:18 . 2010-05-02 16:18 -------- d-----w- c:\program files\Norton 360
2010-05-02 05:16 . 2008-10-17 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-02 05:14 . 2008-09-20 23:24 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Symantec
2010-05-02 05:09 . 2010-05-02 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-05-02 05:08 . 2009-12-24 02:56 -------- d-----w- c:\program files\NortonInstaller
2010-04-25 18:29 . 2010-01-25 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-12 20:39 . 2010-04-30 16:41 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-03-23 22:54 . 2010-03-23 22:54 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-10 06:15 . 2004-09-06 17:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-04-01 05:47 . 2008-09-21 15:54 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D19B89F3-375D-4BAA-9319-9D21248ED96B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-21 213936]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-03-21 86960]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-08-12 32881]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-8-11 16423]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=sysaudio.sys
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Network Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk
backup=c:\windows\pss\Wireless Network Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^StartUp^Logitech . Product Registration.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\StartUp\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [5/24/2010 8:34 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [5/24/2010 8:34 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [5/5/2010 9:06 PM 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [5/24/2010 8:34 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [5/24/2010 8:34 PM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccsvchst.exe [5/24/2010 8:33 PM 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/23/2009 7:56 PM 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/23/2009 7:56 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/26/2010 9:12 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [5/28/2010 12:33 PM 331640]
S1 rdbsss;rdbsss;c:\windows\system32\drivers\rdbsss.sys --> c:\windows\system32\drivers\rdbsss.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:41 PM 135664]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [11/28/2002 9:23 PM 39048]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - IPVNMon
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 03:41]
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
Trusted Zone: espn.com\www
Trusted Zone: sigalert.com\www
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\2ojqxwcz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 19:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(5364)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-06-05 19:52:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 02:52
ComboFix2.txt 2010-06-05 15:18
Pre-Run: 15,154,380,800 bytes free
Post-Run: 15,121,793,024 bytes free
- - End Of File - - 27965A4C385C93F26A960ECE463935D6