ComboFix 10-01-26.01 - Samantha's 01/26/2010 13:56:24.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.238.61 [GMT -5:00]
Running from: c:\documents and settings\Samantha's\My Documents\fix1combo.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Samantha's\Local Settings\Application Data\sghoyb
c:\documents and settings\Samantha's\Local Settings\Application Data\sghoyb\xfwjsysguard.exe
c:\recycler\S-1-5-21-1084323996-473595231-595801551-500
c:\recycler\S-1-5-21-1098446862-152709782-4103956408-500
c:\recycler\S-1-5-21-1400017469-654540944-3146042151-500
c:\recycler\S-1-5-21-154583795-176248638-2662859644-500
c:\recycler\S-1-5-21-1584450710-811814693-2865043677-500
c:\recycler\S-1-5-21-1757981266-1801674531-725345543-500
c:\recycler\S-1-5-21-2530479773-2230874288-861715809-500
c:\recycler\S-1-5-21-272103683-1963388116-1085801163-500
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_PassThru
((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-06 03:21 . 2010-01-06 03:21 -------- d-----w- c:\documents and settings\Samantha's\Application Data\Template
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 15:27 . 2010-01-26 15:27 -------- d-----w- c:\program files\Trend Micro
2009-12-21 19:14 . 2005-06-18 03:49 916480 ----a-w- c:\winnt\system32\wininet.dll
2009-12-02 12:42 . 2005-11-12 15:09 -------- d-----w- c:\program files\Google
2009-11-11 22:29 . 2009-11-11 22:29 152576 ----a-w- c:\documents and settings\Samantha's\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-11 22:29 . 2009-11-11 22:29 79488 ----a-w- c:\documents and settings\Samantha's\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2005-11-12 15:10 . 2005-11-12 15:10 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-01-19 03:43 . 2005-01-19 03:43 251 -c--a-w- c:\program files\wt3d.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\winnt\ehome\ehtray.exe" [2008-04-14 50176]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"NeroCheck"="c:\winnt\System32\NeroCheck.exe" [2001-07-09 155648]
"StacSysTray"="c:\program files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe" [2003-10-24 962560]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [2003-07-10 114688]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-01-09 385024]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-05-09 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-07 77824]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"Gateway Ink Monitor"="c:\program files\Gateway Utilities\GWInkMonitor.exe" [2003-06-25 303180]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-03-07 26112]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"HostManager"="c:\program files\Common Files\AOL\1241165257\ee\AOLSoftware.exe" [2008-06-24 41824]
"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 20480]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-3-7 36953]
Verizon Online Support Center.lnk - c:\program files\Verizon Online\bin\matcli.exe [2005-1-9 204800]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\system32\\LEXPPS.EXE"=
"c:\\WINNT\\system32\\lxducoms.exe"=
"c:\\Program Files\\Lexmark 5600-6600 Series\\lxduamon.exe"=
"c:\\Program Files\\Lexmark 5600-6600 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark 5600-6600 Series\\lxdufax.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\acsd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar;c:\winnt\system32\drivers\cx88xbar.sys [10/26/2003 1:40 AM 6912]
R2 lxdu_device;lxdu_device;c:\winnt\system32\lxducoms.exe -service --> c:\winnt\system32\lxducoms.exe -service [?]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\winnt\system32\drivers\wa301b.sys [8/3/2003 11:15 PM 33847]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\winnt\system32\drivers\cxavsaud.sys [10/26/2003 1:40 AM 8320]
R3 HidFP;HID Front Panel Driver Service;c:\winnt\system32\drivers\HidFP.sys [1/1/1980 4128]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\winnt\system32\spool\drivers\w32x86\3\lxduserv.exe [3/8/2009 2:45 PM 98984]
.
Contents of the 'Scheduled Tasks' folder
2005-01-08 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2003-10-07 00:12]
2005-01-22 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2003-10-07 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.9and10news.com/IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java -
file://c:\winnt\Java\classes\xmldso.cab.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-eiavmpig - c:\documents and settings\Samantha's\Local Settings\Application Data\sghoyb\xfwjsysguard.exe
HKLM-Run-eiavmpig - c:\documents and settings\Samantha's\Local Settings\Application Data\sghoyb\xfwjsysguard.exe
AddRemove-HijackThis - c:\documents and settings\Samantha's\My Documents\HijackThis.exe
AddRemove-Verizon Online Support Center - c:\progra~1\VERIZO~1\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-26 14:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2120)
c:\winnt\system32\WININET.dll
c:\program files\Gateway Utilities\inkpeek.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\LEXBCES.EXE
c:\winnt\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\winnt\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\system32\lxducoms.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\winnt\System32\wdfmgr.exe
c:\winnt\wanmpsvc.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\ehome\ehmsas.exe
c:\progra~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Verizon Online\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2010-01-26 14:33:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 19:33
Pre-Run: 58,376,437,760 bytes free
Post-Run: 58,375,802,880 bytes free
- - End Of File - - E1E8E235ECE70F429E9C51DED1D79CD8