strange window on startup, help!!! - Page 3 - PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!

dantommat · #31 02-26-2008

when someone has a chance, could you look at the screenshots i posted yesterday and let me know which items i should disable. pretty please with sugar on top!!!!!!!!!!!!!

dantommat · #32 02-27-2008

seems i got lost in the fray again.been a couple of days since i've gotten any replies.

Hengis · #33 02-27-2008

Thanks for your patience - I will notify the Security guys.

Pancake · #34 02-27-2008

That screenshot wont really help.Remove that Combofix you gave and get a new one....

Ok.We need to download a newComboFix.exe.

Please visit this webpage for download links, and instructions for running the tool

When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Pancake · #35 02-27-2008

Post removed

dantommat · #36 02-28-2008

do you want them run in safe mode?

Pancake · #37 02-28-2008

No,just normal mode.

dantommat · #38 02-28-2008

here are the logs from combofix and hjt

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1378 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-27 16:10 . 2008-02-27 16:10 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-27 15:03 . 2008-02-27 16:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2008-02-27 12:37 . 2008-02-27 12:37 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Lavasoft
2008-02-27 12:07 . 2008-02-27 12:06 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-27 12:07 . 2008-02-27 12:07 2,554 --a------ C:\WINDOWS\unins000.dat
2008-02-26 19:59 . 2008-02-26 20:01 <DIR> d-------- C:\Program Files\RegCure
2008-02-24 21:15 . 2008-02-24 21:15 <DIR> d-------- C:\Program Files\Belarc
2008-02-24 21:15 . 2005-04-07 16:18 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-02-24 09:34 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-02-24 09:33 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2008-02-24 09:32 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-24 09:31 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-02-24 09:30 . 2004-08-04 07:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-24 09:29 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-02-24 09:28 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-02-24 09:28 . 2001-08-17 22:36 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2008-02-24 09:28 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-02-24 09:28 . 2001-08-17 13:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2008-02-24 09:28 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-02-24 09:28 . 2001-08-17 12:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-02-24 09:28 . 2001-08-17 22:36 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-02-24 09:28 . 2001-08-17 12:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2008-02-24 09:28 . 2001-08-17 14:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2008-02-24 09:28 . 2001-08-17 13:51 16,896 --a--c--- C:\WINDOWS\system32\dllcache\stcusb.sys
2008-02-24 09:28 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-02-24 09:26 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-02-24 09:25 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-02-24 09:24 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-24 09:23 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-02-24 09:22 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-24 09:21 . 2004-08-04 07:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-24 09:20 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-02-24 09:19 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-02-24 09:18 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-02-24 09:17 . 2004-08-04 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-24 09:16 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-02-24 09:15 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-24 09:14 . 2004-08-04 07:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-02-24 09:13 . 2004-08-04 07:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-02-24 09:12 . 2004-08-04 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-24 09:11 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-02-24 09:10 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-24 09:09 . 2001-08-17 14:56 470,144 --a--c--- C:\WINDOWS\system32\dllcache\g200d.dll
2008-02-24 09:08 . 2001-08-17 12:17 629,952 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-02-24 09:07 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-02-24 09:06 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-24 09:05 . 2004-08-04 00:56 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-02-24 09:04 . 2004-08-04 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-24 09:03 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-02-24 09:02 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-02-24 09:01 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-24 09:00 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-24 09:00 . 2001-08-17 14:06 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2008-02-23 18:57 . 2008-02-23 18:57 <DIR> d-------- C:\programs
2008-02-21 12:25 . 2008-02-21 12:25 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-02-21 12:25 . 2008-02-21 12:25 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-02-21 12:21 . 2008-02-21 12:21 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-02-21 12:19 . 2008-02-21 12:19 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Sunbelt Software
2008-02-21 12:19 . 2008-02-21 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-02-21 05:05 . 2008-02-21 05:06 <DIR> d-------- C:\Program Files\CCleaner
2008-02-21 04:54 . 2008-02-21 04:54 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Grisoft
2008-02-21 00:22 . 2008-02-21 00:22 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\SUPERAntiSpyware.com
2008-02-20 22:34 . 2008-02-20 22:34 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Grisoft
2008-02-20 22:31 . 2008-02-20 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-20 22:31 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-20 22:25 . 2008-02-26 18:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-20 22:25 . 2008-02-20 22:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 22:25 . 2008-02-20 22:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-02-20 22:25 . 2008-02-20 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-20 22:12 . 2004-10-20 09:47 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\WINDOWS
2008-02-20 22:12 . 2004-10-21 05:13 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Symantec
2008-02-20 22:12 . 2004-10-21 01:40 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Sonic
2008-02-20 22:12 . 2004-10-21 01:40 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\SampleView
2008-02-20 22:12 . 2004-10-20 09:31 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Intervideo
2008-02-20 22:12 . 2004-10-20 09:47 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Apple Computer
2008-02-19 08:29 . 2008-02-19 08:29 <DIR> dr-h----- C:\MSOCache
2008-02-09 18:23 . 2008-02-09 18:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-09 18:23 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-09 18:23 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-09 18:23 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-09 18:23 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-09 18:23 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-09 18:23 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-09 18:23 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-09 18:23 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-09 10:43 . 2008-02-09 10:43 <DIR> d-------- C:\ie-spyad_zo
2008-02-09 10:37 . 2008-02-09 10:39 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-09 10:37 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-09 08:38 . 2008-02-09 19:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-09 08:38 . 2008-02-09 08:51 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-09 08:38 . 2008-02-09 08:51 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-09 08:38 . 2008-02-09 08:51 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-08 18:09 . 2007-09-28 03:07 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-02-08 18:09 . 2007-09-28 03:07 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-02-08 18:08 . 2008-02-08 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-08 18:06 . 2008-02-09 11:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-08 17:29 . 2008-02-08 17:29 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2008-02-08 17:22 . 2008-02-09 16:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\HPAppData
2008-02-08 17:22 . 2008-02-08 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-02-08 17:21 . 2008-02-08 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-27 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 16:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-23 02:11 --------- d-----w C:\Program Files\Yahoo!
2008-02-16 13:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 14:33 --------- d-----w C:\Program Files\Zune
2008-02-09 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-08 23:03 --------- d-----w C:\Program Files\Panda Security
2008-02-08 22:43 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-08 22:22 --------- d-----w C:\Program Files\HP
2008-02-08 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-04 04:42 140 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-02-04 00:17 --------- d--h--w C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2008-01-26 04:26 --------- d-----w C:\Program Files\AIM6
2008-01-26 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-17 21:45 --------- d-----w C:\Program Files\Netflix
2008-01-13 15:56 --------- d-----w C:\Program Files\Electronic Arts
2008-01-13 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 15:46 --------- d-----w C:\Program Files\Nitro Games
2008-01-13 02:04 --------- d-----w C:\Program Files\Infogrames
2008-01-13 02:00 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-13 01:48 --------- d-----w C:\Program Files\Logitech
2008-01-06 14:05 --------- d-----w C:\Program Files\THQ
2008-01-05 00:08 --------- d-----w C:\Program Files\LimeWire
2007-12-30 14:44 --------- d-----w C:\Program Files\NoAdware5.0
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
2005-03-04 01:27 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP 5\plugin\bin\PCHButton.exe" [2004-10-21 01:04 159744]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 07:01 544768 C:\WINDOWS\sm56hlpr.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 22:13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 23:54 253952]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2006-03-20 17:34 213936]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-05 14:24 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 08:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 00:21 1393928]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-11-15 21:51 166304 c:\Program Files\Zune\ZuneLauncher.exe
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-02-21 12:21]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapif s.sys []
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys []
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreade r.sys [2001-01-02 22:53]
S3 zsi_fw;Stiletto 100 Firmware Upgrade Driver;C:\WINDOWS\system32\Drivers\zsi_fw.sys [2006-08-02 18:17]
S3 zsi_zap;Stiletto 100 ZAP Upgrade Driver;C:\WINDOWS\system32\Drivers\zsi_zap.sys [2006-08-02 18:17]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 21:10:30 C:\WINDOWS\Tasks\Basic clean-up.job"
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe
"2008-02-08 21:10:31 C:\WINDOWS\Tasks\Basic clean-up1.job"
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe
"2008-02-27 22:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-27 00:59:22 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-27 22:26:00 C:\WINDOWS\Tasks\WebReg Photosmart D7200 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 18:13:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-02-27 18:14:59
ComboFix2.txt 2008-02-23 14:17:12
ComboFix3.txt 2008-02-21 01:28:51
.
2008-02-20 23:00:47 --- E O F ---

and hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:29 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\sm56hlpr.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHBu tton.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HOME - Comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHBu tton.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: ImageShack® - Tstart
O15 - Trusted Zone: http://*.spywarebot.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://collegio-cam.pittstate.edu/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141608833390
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshe...onGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.about.com/online/onlin...ploader_v6.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.co...x/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 10673 bytes