dmc617
2008-02-01, 04:52
here is the combofix log
ComboFix 08-02.01.2 - Dylan McLemore 2008-01-31 19:18:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.143 [GMT -8:00]
Running from: C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\emsqhowk.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\wvustqp.dll
C:\WINDOWS\system32\xqcwebcf.dll
C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\inst.exe
C:\temp\tn3
C:\WINDOWS\b.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\emsqhowk.dll
C:\WINDOWS\system32\fcbewcqx.ini
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\wvustqp.dll
C:\WINDOWS\system32\xqcwebcf.dll
M:\Autorun.inf
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-01-31 19:32 . 2008-01-31 19:32 <DIR> d-------- C:\Temp\tn3
2008-01-31 17:00 . 2008-01-31 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-29 18:42 . 2008-01-29 18:42 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-29 18:42 . 2008-01-29 18:42 86,144 --a------ C:\WINDOWS\system32\drivers\wmilibb.sys
2008-01-26 14:05 . 2008-01-26 14:05 <DIR> d-------- C:\Documents and Settings\Brandon McLemore.MCLEMOREVAIO\Application Data\Symantec
2008-01-26 09:30 . 2008-01-26 09:30 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-26 09:29 . 2008-01-26 19:40 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-01-26 09:28 . 2008-01-26 19:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 09:28 . 2008-01-26 19:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 09:28 . 2008-01-26 19:24 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 09:28 . 2008-01-26 19:24 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 08:38 . 2008-01-26 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-26 06:25 . 2008-01-26 06:25 <DIR> d-------- C:\Program Files\VSO
2008-01-26 06:25 . 2008-01-27 10:11 <DIR> d-------- C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Vso
2008-01-26 06:25 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-01-26 06:25 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-01-26 06:25 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-01-26 06:25 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-01-26 06:25 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-01-26 06:25 . 2008-01-26 06:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-26 06:25 . 2008-01-26 06:25 47,360 --a------ C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\pcouffin.sys
2008-01-16 16:23 . 2008-01-31 19:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:23 . 2008-01-16 16:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 16:21 . 2008-01-16 16:22 <DIR> d-------- C:\Program Files\iTunes
2008-01-16 16:16 . 2008-01-16 16:17 <DIR> d-------- C:\Program Files\QuickTime
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 17:19 . 2008-01-09 17:19 <DIR> d-------- C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Quark
2008-01-09 17:15 . 2008-01-09 17:15 <DIR> d-------- C:\Program Files\Quark
2008-01-07 17:16 . 2008-01-07 17:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-01-05 07:43 . 2008-01-08 15:08 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-05 07:43 . 2008-01-05 07:43 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-05 07:32 . 2008-01-05 07:32 <DIR> d-------- C:\Program Files\TurboTax
2008-01-04 13:59 . 2008-01-04 13:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 13:59 . 2008-01-04 13:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 13:58 . 2008-01-04 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 13:58 . 2008-01-04 13:58 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-01-04 13:58 . 2008-01-04 13:58 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2008-01-04 13:56 . 2008-01-04 13:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 13:56 . 2008-01-04 13:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 03:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-01 01:00 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\uTorrent
2008-02-01 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-30 20:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-01-27 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 03:24 --------- d-----w C:\Program Files\Symantec
2008-01-26 17:32 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Symantec
2008-01-26 15:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-21 21:11 --------- d-----w C:\Program Files\DivX
2008-01-17 00:21 --------- d-----w C:\Program Files\iPod
2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 03:51 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Intuit
2008-01-05 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 15:43 --------- d-----w C:\Program Files\Quicken
2008-01-05 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-12-26 02:24 --------- d-----w C:\Program Files\Microsoft Picture It! 10
2007-12-26 01:31 --------- d-----w C:\Program Files\Microsoft Picture It! 2002
2007-12-26 01:09 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Leadertech
2007-12-25 22:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\DivX
2007-12-23 16:04 --------- d-----w C:\Program Files\Nero
2007-12-23 15:52 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\DAEMON Tools Pro
2007-12-23 15:31 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 14:48 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-20 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-19 03:35 --------- d-----w C:\Documents and Settings\Brandon McLemore.MCLEMOREVAIO\Application Data\Nero
2007-12-16 16:40 --------- d-----w C:\Program Files\Avi2Dvd
2007-12-16 16:21 --------- d-----w C:\Program Files\Windows Defender
2007-12-16 03:02 --------- d-----w C:\Program Files\RegCure
2007-12-15 21:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 00:53 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\DivX
2007-12-11 02:23 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Nero
2007-12-09 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2007-12-09 22:06 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-09 21:23 --------- d-----w C:\Program Files\The Print Shop 22
2007-12-09 21:07 --------- d-----w C:\Program Files\Broderbund
2007-12-09 20:55 --------- d-----w C:\Program Files\Web Publish
2007-12-09 20:13 --------- d-----w C:\Program Files\Common Files\Broderbund
2007-12-03 03:04 --------- d-----w C:\Program Files\MySpace
2007-12-01 19:23 --------- d-----w C:\Program Files\mp3DirectCut
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-12-01 03:43 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-01 03:34 --------- d-----w C:\Program Files\SlySoft
2007-12-01 03:07 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\SlySoft
2007-12-01 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-10 21:00 96,064 -c--a-w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 19:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 16:19 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 19:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05 339968]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 09:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 16:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 14:00 2748928 C:\WINDOWS\ALCWZRD.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 10:32 126976]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 12:43 151552]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 10:10 192512]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 19:41 28738]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-09-10 09:30 380928]
"FLMOFFICE4DMOUSE"="C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe" [2006-12-03 12:32 356352]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 15:04 712704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 21:07 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 20:53 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-06 23:33 8720384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-12-05 15:41 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-12-04 04:44 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2004-02-02 00:41 495616 C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a--c--- 2003-11-12 05:23 49152 C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-06 23:33 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe
R0 iviVD;iviVD;C:\WINDOWS\system32\DRIVERS\iviVD.sys [2005-11-15 23:42]
R1 wmilibb;wmilibb;C:\WINDOWS\system32\drivers\wmilibb.sys [2008-01-29 18:42]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 21:07]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 16:26]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-02-14 21:30]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 16:23]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 03:33:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-26 17:39:43 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Dylan McLemore.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 19:32:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-01-31 19:35:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 03:35:10
.
2008-01-31 21:52:45 --- E O F ---
thanks for any help
ComboFix 08-02.01.2 - Dylan McLemore 2008-01-31 19:18:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.143 [GMT -8:00]
Running from: C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\emsqhowk.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\wvustqp.dll
C:\WINDOWS\system32\xqcwebcf.dll
C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\inst.exe
C:\temp\tn3
C:\WINDOWS\b.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\emsqhowk.dll
C:\WINDOWS\system32\fcbewcqx.ini
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\wvustqp.dll
C:\WINDOWS\system32\xqcwebcf.dll
M:\Autorun.inf
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-01-31 19:32 . 2008-01-31 19:32 <DIR> d-------- C:\Temp\tn3
2008-01-31 17:00 . 2008-01-31 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-29 18:42 . 2008-01-29 18:42 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-29 18:42 . 2008-01-29 18:42 86,144 --a------ C:\WINDOWS\system32\drivers\wmilibb.sys
2008-01-26 14:05 . 2008-01-26 14:05 <DIR> d-------- C:\Documents and Settings\Brandon McLemore.MCLEMOREVAIO\Application Data\Symantec
2008-01-26 09:30 . 2008-01-26 09:30 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-26 09:29 . 2008-01-26 19:40 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-01-26 09:28 . 2008-01-26 19:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 09:28 . 2008-01-26 19:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 09:28 . 2008-01-26 19:24 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 09:28 . 2008-01-26 19:24 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 08:38 . 2008-01-26 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-26 06:25 . 2008-01-26 06:25 <DIR> d-------- C:\Program Files\VSO
2008-01-26 06:25 . 2008-01-27 10:11 <DIR> d-------- C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Vso
2008-01-26 06:25 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-01-26 06:25 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-01-26 06:25 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-01-26 06:25 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-01-26 06:25 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-01-26 06:25 . 2008-01-26 06:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-26 06:25 . 2008-01-26 06:25 47,360 --a------ C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\pcouffin.sys
2008-01-16 16:23 . 2008-01-31 19:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:23 . 2008-01-16 16:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 16:21 . 2008-01-16 16:22 <DIR> d-------- C:\Program Files\iTunes
2008-01-16 16:16 . 2008-01-16 16:17 <DIR> d-------- C:\Program Files\QuickTime
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 17:19 . 2008-01-09 17:19 <DIR> d-------- C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Quark
2008-01-09 17:15 . 2008-01-09 17:15 <DIR> d-------- C:\Program Files\Quark
2008-01-07 17:16 . 2008-01-07 17:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-01-05 07:43 . 2008-01-08 15:08 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-05 07:43 . 2008-01-05 07:43 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-05 07:32 . 2008-01-05 07:32 <DIR> d-------- C:\Program Files\TurboTax
2008-01-04 13:59 . 2008-01-04 13:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 13:59 . 2008-01-04 13:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 13:58 . 2008-01-04 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 13:58 . 2008-01-04 13:58 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-01-04 13:58 . 2008-01-04 13:58 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2008-01-04 13:56 . 2008-01-04 13:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 13:56 . 2008-01-04 13:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 03:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-01 01:00 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\uTorrent
2008-02-01 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-30 20:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-01-27 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 03:24 --------- d-----w C:\Program Files\Symantec
2008-01-26 17:32 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Symantec
2008-01-26 15:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-21 21:11 --------- d-----w C:\Program Files\DivX
2008-01-17 00:21 --------- d-----w C:\Program Files\iPod
2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 03:51 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Intuit
2008-01-05 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 15:43 --------- d-----w C:\Program Files\Quicken
2008-01-05 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-12-26 02:24 --------- d-----w C:\Program Files\Microsoft Picture It! 10
2007-12-26 01:31 --------- d-----w C:\Program Files\Microsoft Picture It! 2002
2007-12-26 01:09 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Leadertech
2007-12-25 22:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\DivX
2007-12-23 16:04 --------- d-----w C:\Program Files\Nero
2007-12-23 15:52 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\DAEMON Tools Pro
2007-12-23 15:31 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 14:48 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-20 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-19 03:35 --------- d-----w C:\Documents and Settings\Brandon McLemore.MCLEMOREVAIO\Application Data\Nero
2007-12-16 16:40 --------- d-----w C:\Program Files\Avi2Dvd
2007-12-16 16:21 --------- d-----w C:\Program Files\Windows Defender
2007-12-16 03:02 --------- d-----w C:\Program Files\RegCure
2007-12-15 21:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 00:53 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\DivX
2007-12-11 02:23 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\Nero
2007-12-09 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2007-12-09 22:06 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-09 21:23 --------- d-----w C:\Program Files\The Print Shop 22
2007-12-09 21:07 --------- d-----w C:\Program Files\Broderbund
2007-12-09 20:55 --------- d-----w C:\Program Files\Web Publish
2007-12-09 20:13 --------- d-----w C:\Program Files\Common Files\Broderbund
2007-12-03 03:04 --------- d-----w C:\Program Files\MySpace
2007-12-01 19:23 --------- d-----w C:\Program Files\mp3DirectCut
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-12-01 03:43 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-01 03:34 --------- d-----w C:\Program Files\SlySoft
2007-12-01 03:07 --------- d-----w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\SlySoft
2007-12-01 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-10 21:00 96,064 -c--a-w C:\Documents and Settings\Dylan McLemore.MCLEMOREVAIO\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 19:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 16:19 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 19:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05 339968]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 09:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 16:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 14:00 2748928 C:\WINDOWS\ALCWZRD.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 10:32 126976]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 12:43 151552]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 10:10 192512]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 19:41 28738]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-09-10 09:30 380928]
"FLMOFFICE4DMOUSE"="C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe" [2006-12-03 12:32 356352]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 15:04 712704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 21:07 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 20:53 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-06 23:33 8720384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-12-05 15:41 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-12-04 04:44 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2004-02-02 00:41 495616 C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a--c--- 2003-11-12 05:23 49152 C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-06 23:33 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe
R0 iviVD;iviVD;C:\WINDOWS\system32\DRIVERS\iviVD.sys [2005-11-15 23:42]
R1 wmilibb;wmilibb;C:\WINDOWS\system32\drivers\wmilibb.sys [2008-01-29 18:42]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 21:07]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 16:26]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-02-14 21:30]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 16:23]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 03:33:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-26 17:39:43 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Dylan McLemore.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 19:32:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-01-31 19:35:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 03:35:10
.
2008-01-31 21:52:45 --- E O F ---
thanks for any help