Member Panel

Pancake

No,just normal mode.

dantommat

here are the logs from combofix and hjt

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1378 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-27 16:10 . 2008-02-27 16:10 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-27 15:03 . 2008-02-27 16:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2008-02-27 12:37 . 2008-02-27 12:37 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Lavasoft
2008-02-27 12:07 . 2008-02-27 12:06 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-27 12:07 . 2008-02-27 12:07 2,554 --a------ C:\WINDOWS\unins000.dat
2008-02-26 19:59 . 2008-02-26 20:01 <DIR> d-------- C:\Program Files\RegCure
2008-02-24 21:15 . 2008-02-24 21:15 <DIR> d-------- C:\Program Files\Belarc
2008-02-24 21:15 . 2005-04-07 16:18 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-02-24 09:34 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-02-24 09:33 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2008-02-24 09:32 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-24 09:31 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-02-24 09:30 . 2004-08-04 07:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-24 09:29 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-02-24 09:28 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-02-24 09:28 . 2001-08-17 22:36 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2008-02-24 09:28 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-02-24 09:28 . 2001-08-17 13:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2008-02-24 09:28 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-02-24 09:28 . 2001-08-17 12:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-02-24 09:28 . 2001-08-17 22:36 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-02-24 09:28 . 2001-08-17 12:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2008-02-24 09:28 . 2001-08-17 14:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2008-02-24 09:28 . 2001-08-17 13:51 16,896 --a--c--- C:\WINDOWS\system32\dllcache\stcusb.sys
2008-02-24 09:28 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-02-24 09:26 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-02-24 09:25 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-02-24 09:24 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-24 09:23 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-02-24 09:22 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-24 09:21 . 2004-08-04 07:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-24 09:20 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-02-24 09:19 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-02-24 09:18 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-02-24 09:17 . 2004-08-04 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-24 09:16 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-02-24 09:15 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-24 09:14 . 2004-08-04 07:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-02-24 09:13 . 2004-08-04 07:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-02-24 09:12 . 2004-08-04 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-24 09:11 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-02-24 09:10 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-24 09:09 . 2001-08-17 14:56 470,144 --a--c--- C:\WINDOWS\system32\dllcache\g200d.dll
2008-02-24 09:08 . 2001-08-17 12:17 629,952 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-02-24 09:07 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-02-24 09:06 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-24 09:05 . 2004-08-04 00:56 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-02-24 09:04 . 2004-08-04 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-24 09:03 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-02-24 09:02 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-02-24 09:01 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-24 09:00 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-24 09:00 . 2001-08-17 14:06 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2008-02-23 18:57 . 2008-02-23 18:57 <DIR> d-------- C:\programs
2008-02-21 12:25 . 2008-02-21 12:25 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-02-21 12:25 . 2008-02-21 12:25 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-02-21 12:21 . 2008-02-21 12:21 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-02-21 12:19 . 2008-02-21 12:19 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Sunbelt Software
2008-02-21 12:19 . 2008-02-21 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-02-21 05:05 . 2008-02-21 05:06 <DIR> d-------- C:\Program Files\CCleaner
2008-02-21 04:54 . 2008-02-21 04:54 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Grisoft
2008-02-21 00:22 . 2008-02-21 00:22 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\SUPERAntiSpyware.com
2008-02-20 22:34 . 2008-02-20 22:34 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Grisoft
2008-02-20 22:31 . 2008-02-20 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-20 22:31 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-20 22:25 . 2008-02-26 18:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-20 22:25 . 2008-02-20 22:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 22:25 . 2008-02-20 22:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-02-20 22:25 . 2008-02-20 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-20 22:12 . 2004-10-20 09:47 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\WINDOWS
2008-02-20 22:12 . 2004-10-21 05:13 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Symantec
2008-02-20 22:12 . 2004-10-21 01:40 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Sonic
2008-02-20 22:12 . 2004-10-21 01:40 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\SampleView
2008-02-20 22:12 . 2004-10-20 09:31 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Intervideo
2008-02-20 22:12 . 2004-10-20 09:47 <DIR> d-------- C:\Documents and Settings\Administrator.KITCHEN_COMP\Application Data\Apple Computer
2008-02-19 08:29 . 2008-02-19 08:29 <DIR> dr-h----- C:\MSOCache
2008-02-09 18:23 . 2008-02-09 18:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-09 18:23 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-09 18:23 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-09 18:23 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-09 18:23 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-09 18:23 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-09 18:23 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-09 18:23 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-09 18:23 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-09 10:43 . 2008-02-09 10:43 <DIR> d-------- C:\ie-spyad_zo
2008-02-09 10:37 . 2008-02-09 10:39 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-09 10:37 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-09 08:38 . 2008-02-09 19:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-09 08:38 . 2008-02-09 08:51 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-09 08:38 . 2008-02-09 08:51 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-09 08:38 . 2008-02-09 08:51 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-08 18:09 . 2007-09-28 03:07 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-02-08 18:09 . 2007-09-28 03:07 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-02-08 18:08 . 2008-02-08 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-08 18:06 . 2008-02-09 11:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-08 17:29 . 2008-02-08 17:29 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2008-02-08 17:22 . 2008-02-09 16:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\HPAppData
2008-02-08 17:22 . 2008-02-08 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-02-08 17:21 . 2008-02-08 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-27 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 16:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-23 02:11 --------- d-----w C:\Program Files\Yahoo!
2008-02-16 13:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 14:33 --------- d-----w C:\Program Files\Zune
2008-02-09 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-08 23:03 --------- d-----w C:\Program Files\Panda Security
2008-02-08 22:43 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-08 22:22 --------- d-----w C:\Program Files\HP
2008-02-08 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-04 04:42 140 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-02-04 00:17 --------- d--h--w C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2008-01-26 04:26 --------- d-----w C:\Program Files\AIM6
2008-01-26 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-17 21:45 --------- d-----w C:\Program Files\Netflix
2008-01-13 15:56 --------- d-----w C:\Program Files\Electronic Arts
2008-01-13 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 15:46 --------- d-----w C:\Program Files\Nitro Games
2008-01-13 02:04 --------- d-----w C:\Program Files\Infogrames
2008-01-13 02:00 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-13 01:48 --------- d-----w C:\Program Files\Logitech
2008-01-06 14:05 --------- d-----w C:\Program Files\THQ
2008-01-05 00:08 --------- d-----w C:\Program Files\LimeWire
2007-12-30 14:44 --------- d-----w C:\Program Files\NoAdware5.0
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
2005-03-04 01:27 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP 5\plugin\bin\PCHButton.exe" [2004-10-21 01:04 159744]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 07:01 544768 C:\WINDOWS\sm56hlpr.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 22:13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 23:54 253952]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2006-03-20 17:34 213936]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-05 14:24 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 08:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 00:21 1393928]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-11-15 21:51 166304 c:\Program Files\Zune\ZuneLauncher.exe
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-02-21 12:21]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapif s.sys []
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys []
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreade r.sys [2001-01-02 22:53]
S3 zsi_fw;Stiletto 100 Firmware Upgrade Driver;C:\WINDOWS\system32\Drivers\zsi_fw.sys [2006-08-02 18:17]
S3 zsi_zap;Stiletto 100 ZAP Upgrade Driver;C:\WINDOWS\system32\Drivers\zsi_zap.sys [2006-08-02 18:17]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 21:10:30 C:\WINDOWS\Tasks\Basic clean-up.job"
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe
"2008-02-08 21:10:31 C:\WINDOWS\Tasks\Basic clean-up1.job"
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe
"2008-02-27 22:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-27 00:59:22 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-27 22:26:00 C:\WINDOWS\Tasks\WebReg Photosmart D7200 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 18:13:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-02-27 18:14:59
ComboFix2.txt 2008-02-23 14:17:12
ComboFix3.txt 2008-02-21 01:28:51
.
2008-02-20 23:00:47 --- E O F ---

and hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:29 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\sm56hlpr.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHBu tton.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HOME - Comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHBu tton.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: ImageShack® - Tstart
O15 - Trusted Zone: http://*.spywarebot.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://collegio-cam.pittstate.edu/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141608833390
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshe...onGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.about.com/online/onlin...ploader_v6.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.co...x/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 10673 bytes

Pancake

I can find nothing there.. this popup sounds like the Combofix icon.If it is do this..

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

ComboFix /u

dantommat

ummmm........... it was there when i started this thread and before i downloaded combofix in the prework. and i still have that heavy cpu usage from svchost.exe at startup also

Pancake

I see you have two anti virus programs running.That is not a good thing.Remove one...

dantommat

funny you should bring that up. i tried to uninstall the trend micro anti-virus awhile ago and when i go to control panel, add remove programs, wait for list to be populated and choose that program to uninstall absolutely nothing happens. no popups ,zilch. any ideas on how to get rid of it

Member Panel

Sponsors and Ads

Live Tag Cloud