ComboFix 09-09-02.02 - Amy 03/09/2009 8:26.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1246.565 [GMT 1:00]
Running from: c:\documents and settings\Amy\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1915519111-964205337-987034947-1003
C:\setup.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\SKYNETakstvuue.dat
c:\windows\system32\SKYNETyljapyah.dat
c:\windows\system32\UACcyuifontie.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjrptgxqoke.db
.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.
2009-08-26 19:11 . 2009-08-26 19:11 -------- d-----w- c:\program files\Trend Micro
2009-08-24 21:49 . 2009-08-24 21:49 -------- d-----w- c:\documents and settings\Amy\Application Data\Creative
2009-08-18 20:18 . 2009-08-18 20:18 -------- d-----w- c:\program files\Norton Support
2009-08-18 20:18 . 2009-08-18 20:18 -------- d-----w- c:\documents and settings\Amy\Local Settings\Application Data\Symantec
2009-08-18 20:08 . 2009-08-18 20:08 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-18 20:08 . 2009-08-18 20:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-18 20:08 . 2009-08-18 20:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 20:07 . 2009-08-18 20:07 -------- d-----w- c:\windows\system32\drivers\NAV
2009-08-18 20:07 . 2009-08-18 20:07 -------- d-----w- c:\program files\Norton AntiVirus
2009-08-18 20:07 . 2009-08-18 20:07 -------- d-----w- c:\program files\Windows Sidebar
2009-08-18 19:58 . 2009-08-18 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-18 19:58 . 2009-08-18 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-18 19:58 . 2009-08-18 19:58 -------- d-----w- c:\program files\NortonInstaller
2009-08-18 19:02 . 2009-08-18 19:02 -------- d-sh--w- c:\documents and settings\Maffu\PrivacIE
2009-08-18 19:02 . 2009-08-18 19:02 -------- d-sh--w- c:\documents and settings\Maffu\IETldCache
2009-08-18 13:18 . 2009-08-18 18:51 -------- d-----w- c:\program files\techguysctss
2009-08-17 22:28 . 2009-08-17 22:28 -------- d-----w- c:\documents and settings\Amy\Local Settings\Application Data\Google
2009-08-11 19:10 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 14:02 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-10 13:50 . 2009-08-10 13:50 -------- d-----w- c:\windows\system32\scripting
2009-08-10 13:50 . 2009-08-10 13:50 -------- d-----w- c:\windows\system32\en
2009-08-10 13:50 . 2009-08-10 13:50 -------- d-----w- c:\windows\system32\bits
2009-08-10 13:48 . 2009-08-10 13:48 -------- d-----w- c:\windows\ServicePackFiles
2009-08-10 13:43 . 2009-08-10 13:43 -------- d-----w- c:\windows\EHome
2009-08-10 12:32 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-08-10 12:31 . 2004-08-03 21:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2009-08-10 12:30 . 2008-04-14 00:11 15423 ------w- c:\windows\system32\drivers\ch7xxnt5.dll
2009-08-09 16:54 . 2009-08-09 16:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-09 16:40 . 2009-08-09 16:40 -------- d-sh--w- c:\documents and settings\Amy\IECompatCache
2009-08-09 16:38 . 2009-08-09 16:38 -------- d-sh--w- c:\documents and settings\Amy\PrivacIE
2009-08-09 16:38 . 2009-08-09 16:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-09 16:37 . 2009-08-09 16:37 -------- d-sh--w- c:\documents and settings\Amy\IETldCache
2009-08-09 16:36 . 2009-08-09 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-08-09 16:34 . 2009-08-09 16:34 -------- d-----w- c:\windows\ie8updates
2009-08-09 16:33 . 2009-08-09 16:33 -------- dc-h--w- c:\windows\ie8
2009-08-09 16:29 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-09 16:29 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-09 16:29 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-09 14:05 . 2009-08-09 14:15 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-09 14:05 . 2009-08-09 14:15 16160 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-09 14:05 . 2009-08-09 14:14 -------- d-----w- c:\documents and settings\Gamer\Application Data\Virgin Broadband
2009-08-09 13:44 . 2009-08-10 13:50 -------- d-----w- c:\windows\l2schemas
2009-08-09 13:43 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-08-09 11:05 . 2009-08-09 11:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 11:05 . 2009-08-09 11:05 -------- d-----w- c:\program files\MSBuild
2009-08-09 11:05 . 2009-08-09 11:05 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 11:05 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 11:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 11:05 . 2009-08-09 11:05 -------- d-----w- C:\1fd7176ac590664ec748c9d83e4342aa
2009-08-09 11:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 11:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 11:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-09 11:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 11:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 11:00 . 2009-08-09 11:00 -------- d-----w- c:\program files\MSXML 6.0
2009-08-09 11:00 . 2009-08-09 11:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-09 10:44 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-09 10:42 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-08-09 10:42 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-09 10:42 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 07:36 . 2007-09-30 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-09-03 07:36 . 2006-12-11 21:26 -------- d-----w- c:\program files\lx_cats
2009-09-03 07:35 . 2008-08-28 15:39 -------- d-----w- c:\program files\Common Files\Akamai
2009-09-02 20:39 . 2008-09-07 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-01 14:22 . 2009-06-07 23:35 -------- d-----w- c:\documents and settings\Amy\Application Data\Spotify
2009-09-01 14:02 . 2008-12-02 23:59 -------- d-----w- c:\program files\Celtx
2009-09-01 12:38 . 2009-04-06 14:18 -------- d-----w- c:\documents and settings\Amy\Application Data\uTorrent
2009-08-18 20:11 . 2006-01-16 03:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-18 20:09 . 2006-01-16 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-18 20:08 . 2009-08-18 20:08 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-18 20:08 . 2009-08-18 20:08 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-18 20:08 . 2006-01-16 03:34 -------- d-----w- c:\program files\Symantec
2009-08-18 18:53 . 2008-08-03 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-14 02:21 . 2006-04-23 15:04 32176 ----a-w- c:\documents and settings\Amy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 14:00 . 2007-09-30 20:07 -------- d-----w- c:\program files\Kontiki
2009-08-10 12:38 . 2006-04-23 22:19 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-10 12:37 . 2009-01-22 17:18 -------- d-----w- c:\program files\Microsoft Works
2009-08-09 14:15 . 2009-08-09 14:05 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-09 14:15 . 2009-08-09 14:05 1292 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-09 14:14 . 2009-04-06 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-08-09 14:14 . 2009-04-06 13:22 -------- d-----w- c:\program files\Virgin Broadband
2009-08-09 13:39 . 2006-01-16 03:34 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-09 13:30 . 2006-01-16 03:34 -------- d-----w- c:\program files\Common Files\Real
2009-08-09 12:54 . 2009-02-07 14:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:01 . 2003-01-03 03:52 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2003-01-03 03:52 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2003-01-03 03:53 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 11:47 . 2009-07-07 11:47 1915520 ----a-w- c:\documents and settings\Amy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-03 17:09 . 2003-01-03 03:53 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2003-01-03 03:53 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-01-03 03:53 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-01-03 03:53 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2003-01-03 03:52 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2003-01-03 03:52 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-01-03 03:52 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2003-01-03 03:52 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2003-01-03 03:53 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2003-01-03 03:52 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2003-01-03 03:53 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2003-01-03 03:52 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2003-01-03 05:05 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-01-03 03:53 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-02-03 323216]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-6-30 303104]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-6-29 145736]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.CHIP^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\Administrator.CHIP\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2233:TCP"= 2233:TCP:Akamai NetSession Interface
"1178:TCP"= 1178:TCP:Akamai NetSession Interface
"4904:TCP"= 4904:TCP:Akamai NetSession Interface
"1099:TCP"= 1099:TCP:Akamai NetSession Interface
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"2643:TCP"= 2643:TCP:Akamai NetSession Interface
"4295:TCP"= 4295:TCP:Akamai NetSession Interface
"1237:TCP"= 1237:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"2348:TCP"= 2348:TCP:Akamai NetSession Interface
"2359:TCP"= 2359:TCP:Akamai NetSession Interface
"1284:TCP"= 1284:TCP:Akamai NetSession Interface
"3732:TCP"= 3732:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"1075:TCP"= 1075:TCP:Akamai NetSession Interface
"3522:TCP"= 3522:TCP:Akamai NetSession Interface
"1918:TCP"= 1918:TCP:Akamai NetSession Interface
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"1937:TCP"= 1937:TCP:Akamai NetSession Interface
"3513:TCP"= 3513:TCP:Akamai NetSession Interface
"3515:TCP"= 3515:TCP:Akamai NetSession Interface
"4343:TCP"= 4343:TCP:Akamai NetSession Interface
"4394:TCP"= 4394:TCP:Akamai NetSession Interface
"1611:TCP"= 1611:TCP:Akamai NetSession Interface
"2028:TCP"= 2028:TCP:Akamai NetSession Interface
"3221:TCP"= 3221:TCP:Akamai NetSession Interface
"3065:TCP"= 3065:TCP:Akamai NetSession Interface
"1414:TCP"= 1414:TCP:Akamai NetSession Interface
"1670:TCP"= 1670:TCP:Akamai NetSession Interface
"2424:TCP"= 2424:TCP:Akamai NetSession Interface
"2437:TCP"= 2437:TCP:Akamai NetSession Interface
"3599:TCP"= 3599:TCP:Akamai NetSession Interface
"2351:TCP"= 2351:TCP:Akamai NetSession Interface
"3490:TCP"= 3490:TCP:Akamai NetSession Interface
"2995:TCP"= 2995:TCP:Akamai NetSession Interface
"3006:TCP"= 3006:TCP:Akamai NetSession Interface
"4645:TCP"= 4645:TCP:Akamai NetSession Interface
"3112:TCP"= 3112:TCP:Akamai NetSession Interface
"4206:TCP"= 4206:TCP:Akamai NetSession Interface
"4573:TCP"= 4573:TCP:Akamai NetSession Interface
"2458:TCP"= 2458:TCP:Akamai NetSession Interface
"1651:TCP"= 1651:TCP:Akamai NetSession Interface
"1723:TCP"= 1723:TCP:Akamai NetSession Interface
"4146:TCP"= 4146:TCP:Akamai NetSession Interface
"3255:TCP"= 3255:TCP:Akamai NetSession Interface
"3359:TCP"= 3359:TCP:Akamai NetSession Interface
"3376:TCP"= 3376:TCP:Akamai NetSession Interface
"3755:TCP"= 3755:TCP:Akamai NetSession Interface
"4607:TCP"= 4607:TCP:Akamai NetSession Interface
"2632:TCP"= 2632:TCP:Akamai NetSession Interface
"3026:TCP"= 3026:TCP:Akamai NetSession Interface
"2659:TCP"= 2659:TCP:Akamai NetSession Interface
"3944:TCP"= 3944:TCP:Akamai NetSession Interface
"2038:TCP"= 2038:TCP:Akamai NetSession Interface
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1000000.07D\SymEFA.sys [18/08/2009 21:08 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [18/08/2009 21:08 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [18/08/2009 21:08 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [18/08/2009 21:11 276344]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [03/01/2003 04:53 14336]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [18/08/2009 21:08 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2009 03:15 102448]
S2 LXCRCustomerConnect;LXCRCustomerConnect;c:\windows\System32\spool\DRIVERS\W32X86\3\\LXCRserv.exe --> c:\windows\System32\spool\DRIVERS\W32X86\3\\LXCRserv.exe [?]
S3 acfva;acfva;c:\windows\system32\DRIVERS\acfva.sys --> c:\windows\system32\DRIVERS\acfva.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [15/04/2008 14:49 16512]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [23/04/2006 16:18 201728]
S3 nenum13E;nenum13E;\??\c:\docume~1\Maffu\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\Maffu\LOCALS~1\Temp\nenum13E.sys [?]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [13/02/2009 21:05 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [13/02/2009 21:05 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [13/02/2009 21:05 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [13/02/2009 21:05 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [13/02/2009 21:05 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [13/02/2009 21:05 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [13/02/2009 21:05 117544]
--- Other Services/Drivers In Memory ---
*Deregistered* - VolumeFilter
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-09-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-07 13:40]
2009-09-03 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2003-01-06 18:14]
2009-09-03 c:\windows\Tasks\Norton AntiVirus - Amy - Full System Scan.job
- c:\program files\Norton AntiVirus\Engine\16.0.0.125\Navw32.exe [2009-08-18 20:08]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{4dd6071a-038f-4806-9a54-6ea74c49760c} - c:\program files\football365Toolbar\insptbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-adfwxaaa - c:\windows\system32\adfwxaaa.exe
HKLM-Run-ISTray - c:\program files\techguysctss\sscommon\common\snapins\toolkit_techguys\bin\sdscanner\pctsTray.exe
HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
Notify-cbxuvvu - cbxuvvu.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Connection Wizard,ShellNext = hxxp://www.pjonline.com/Editorial/20060 ... stion.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Amy\Application Data\Mozilla\Firefox\Profiles\9a55r9c6.default\
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/sear ... -web_uk&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 08:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-326614594-1740654645-2243009310-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Kontiki\KService.exe
c:\windows\wanmpsvc.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\lxcrcoms.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-09-03 8:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 07:40
Pre-Run: 4,758,556,672 bytes free
Post-Run: 4,714,180,608 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
359 --- E O F --- 2009-08-30 15:56
And here's the new HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:43, on 03/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pjonline.com/Editorial/20060 ... stion.html
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5208034546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LXCRCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCRserv.exe (file missing)
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8750 bytes