I don't have McCaffee installed on my computer. I checked my program files and my remove hardware screen, but there's nothing there.
Also, I couldn't disable Norton on startup, and it kept recognizing ComboFix as a virus.
After ComboFix finally finished, Internet Explorer was set as my default browser (instead of Firefox), and I had a "video game rentals for free" icon on my desktop.
Ok, here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:52 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34669ECD-5877-5AA2-5716-5800CDBB8BB8} - C:\WINDOWS\system32\sbnmr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {629FA77F-62D2-4CA3-9374-43E6848A7949} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\system32\DOBE~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Ait] "C:\Documents and Settings\Owner\My Documents\??pPatch\??rss.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7265 bytes
Here's the ComboFix log:
ComboFix 08-02.01.5 - Owner 2008-02-01 14:25:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.602 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\pmnomlj.dll
C:\WINDOWS\system32\ssqro.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Owner\My Documents\PPATCH~1
C:\Documents and Settings\Owner\My Documents\PPATCH~1\??rss.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\?dobe\
C:\WINDOWS\system32\dobe~1\scanregw.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\eeljubj.dll
C:\WINDOWS\system32\efcyxuv.dll
C:\WINDOWS\system32\gjbyduhq.dll
C:\WINDOWS\system32\hglnlwld.dll
C:\WINDOWS\system32\hsjqaknm.dll
C:\WINDOWS\system32\ljpmiiwo.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnomlj.dll
C:\WINDOWS\system32\qhudybjg.ini
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
----- BITS: Possible infected sites -----
hxxp://au.download.windowsupdate.com
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-02-01 14:31 . 2008-02-01 14:31 <DIR> d-------- C:\Temp\tn3
2008-02-01 07:49 . 2008-02-01 07:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 07:46 . 2008-02-01 07:46 2 --a------ C:\WINDOWS\msoffice.ini
2008-02-01 06:47 . 2008-02-01 08:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-02-01 03:59 . 2008-02-01 03:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-01 03:58 . 2008-02-01 04:51 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-30 14:07 . 2008-01-30 14:07 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2008-01-30 04:05 . 2008-01-30 04:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-01-30 04:01 . 2008-01-30 04:02 <DIR> d-------- C:\Program Files\AIM6
2008-01-30 04:01 . 2008-01-30 04:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-30 03:59 . 2008-01-30 03:59 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-01-30 03:59 . 2008-01-30 03:59 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 05.Wdf
2008-01-30 03:58 . 2008-01-30 03:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-30 03:58 . 2008-01-30 04:00 <DIR> d-------- C:\Program Files\Zune
2008-01-30 03:57 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-30 03:57 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-30 03:57 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-30 03:55 . 2008-01-31 08:47 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-30 03:55 . 2008-01-30 04:00 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-29 15:41 . 2008-02-01 03:33 644 --a------ C:\WINDOWS\wininit.ini
2008-01-29 15:33 . 2008-01-31 18:39 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-29 15:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-29 15:09 . 2008-01-29 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-29 14:21 . 2008-01-29 14:21 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2008-01-29 07:52 . 2008-01-29 07:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-29 07:52 . 2008-01-29 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-29 07:51 . 2008-01-29 07:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 07:50 . 2008-01-29 07:50 <DIR> d--hs---- C:\TrustedAntivirus
2008-01-29 07:50 . 2008-01-29 07:50 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-29 07:49 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-29 07:46 . 2008-01-29 07:46 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-29 07:45 . 2008-01-29 07:45 <DIR> d-------- C:\WINDOWS\system32\wts1
2008-01-29 07:45 . 2008-01-29 08:09 <DIR> d-------- C:\WINDOWS\system32\vip4
2008-01-29 07:45 . 2008-01-29 08:31 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-29 07:45 . 2008-01-29 08:09 <DIR> d-------- C:\WINDOWS\system32\knis6
2008-01-29 07:45 . 2008-01-29 14:48 <DIR> d-------- C:\WINDOWS\system32\comg9
2008-01-29 07:45 . 2008-01-29 07:45 <DIR> d-------- C:\Temp\gTiis19
2008-01-29 07:45 . 2008-01-29 07:45 <DIR> d-------- C:\Temp\cXzz9
2008-01-29 07:45 . 2008-02-01 14:31 <DIR> d-------- C:\Temp
2008-01-29 07:45 . 2008-01-29 07:45 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-29 07:45 . 2008-01-29 07:45 86,016 --a------ C:\WINDOWS\system32\drivers\dmboott.sys
2008-01-29 04:35 . 2008-01-29 05:36 <DIR> d-------- C:\Program Files\Semagic
2008-01-29 04:34 . 2008-01-29 04:34 <DIR> d-------- C:\Program Files\DNA
2008-01-29 04:34 . 2008-01-29 04:34 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-29 04:34 . 2008-02-01 14:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-01-29 04:28 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\SET7A.tmp
2008-01-29 04:27 . 2008-01-29 04:27 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-29 04:22 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-29 04:16 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-29 04:16 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-29 04:16 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-29 03:17 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-29 00:00 . 2008-01-29 03:07 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-01-29 00:00 . 2005-05-12 14:00 14,396,416 --a------ C:\WINDOWS\RTHDCPL.EXE
2008-01-29 00:00 . 2008-01-29 00:00 294,912 --a------ C:\WINDOWS\HideWin.exe
2008-01-29 00:00 . 2005-05-12 14:00 262,144 --a------ C:\WINDOWS\system32\RTSndMgr.CPL
2008-01-29 00:00 . 2005-05-12 14:00 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-29 00:00 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-28 23:59 . 2005-05-12 14:00 487,424 --------- C:\WINDOWS\RtlExUpd.dll
2008-01-28 23:58 . 2008-01-30 02:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-28 23:58 . 2007-07-12 18:31 765,952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-01-28 23:58 . 2006-08-25 10:45 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-01-28 22:14 . 2008-01-28 22:14 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-28 22:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-28 22:13 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-28 22:12 . 2008-01-28 22:12 <DIR> d-------- C:\Program Files\SymNetDrv
2008-01-28 22:07 . 2004-08-19 20:37 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-01-28 22:07 . 2004-08-19 20:43 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-01-28 22:07 . 2004-08-19 20:56 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\CyberLink
2008-01-28 22:07 . 2008-02-01 07:45 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\AOL
2008-01-28 20:48 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-28 20:48 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-28 20:48 . 2004-08-04 01:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-28 20:48 . 2001-08-17 16:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-28 20:48 . 2001-08-17 17:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-11 17:54 . 2008-01-11 17:54 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-11 17:54 . 2008-01-11 17:54 61,856 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe
2008-01-11 17:39 . 2008-01-11 17:39 40,832 --a------ C:\WINDOWS\system32\drivers\zumbus.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-01 19:22 --------- d-----w C:\Program Files\Pure Networks
2008-02-01 12:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-01 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-01 12:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2008-02-01 12:44 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 12:03 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-30 09:02 --------- d-----w C:\Program Files\Viewpoint
2008-01-30 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-29 20:29 --------- d-----w C:\Program Files\Java
2008-01-29 05:00 --------- d-----w C:\Program Files\Realtek
2008-01-29 04:57 --------- d-----w C:\Program Files\BigFix
2008-01-29 03:12 --------- d-----w C:\Program Files\Symantec
2008-01-29 03:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34669ECD-5877-5AA2-5716-5800CDBB8BB8}]
C:\WINDOWS\system32\sbnmr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{629FA77F-62D2-4CA3-9374-43E6848A7949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-01-29 04:34 286528]
"Cpue"="C:\WINDOWS\system32\DOBE~1\scanregw.ex e" [ ]
"Ait"="C:\Documents and Settings\Owner\My Documents\??pPatch\??rss.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 20:59 70816]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 14:24 124096]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 13:50 155648]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 12:46 53248]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 17:18 135168]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-28 22:12 95960]
"SoundMan"="SOUNDMAN.EXE" [2005-05-12 14:00 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 14:00 2805248 C:\WINDOWS\ALCWZRD.EXE]
"bm"="C:\Program Files\Common Files\TrustedAntivirus\bm.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
R1 dmboott;dmboott;C:\WINDOWS\system32\drivers\dmboot t.sys [2008-01-29 07:45]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 03:07:56 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 03:07:56 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 03:10:11 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-01-29 03:10:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-01 14:31:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-02-01 14:38:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 19:38:44
.
2008-01-31 08:01:06 --- E O F ---
