Beowulf!
2007-12-15, 20:48
I started getting this message a few days ago.
From what I read in the forums, I downloaded ComboFix.exe and after several tries I was able to run it, it seems to have fixed the problem (as the message has not popped up).
Following is the logfile. Is there anything else I should do?
On the bright side, I now have access to my user account!!
ComboFix 07-12-15.5 - B&P 2007-12-15 14:01:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.101 [GMT -5:00]
Running from: C:\Documents and Settings\B&P.BARBARA1814\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\infos.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Documents and Settings\B&P.BARBARA1814\Start Menu\Programs\StartUp\infos.exe
C:\WINDOWS\system32\bronto.dll
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\winter.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))
.
2007-12-10 15:22 . 2007-05-05 13:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-10 15:22 . 2007-05-05 13:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-12-10 14:57 . 2007-12-10 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-10 14:56 . 2007-12-10 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-10 14:55 . 2007-12-10 14:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-10 09:52 . 2007-12-10 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-08 13:50 . 2007-12-10 00:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-08 13:50 . 2007-12-08 13:50 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-29 07:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-27 13:26 . 2007-11-27 13:26 <DIR> d-------- C:\Program Files\PrintKey2000
2007-11-27 13:25 . 2007-11-27 13:25 <DIR> d-------- C:\TEMP\printkey510ef
2007-11-27 13:25 . 2007-11-27 13:25 571,046 --a------ C:\TEMP\printkey510ef.zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 04:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-08 16:08 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-29 12:13 --------- d-----w C:\Program Files\Java
2007-11-27 18:40 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-27 18:07 --------- d-----w C:\Documents and Settings\B&P.BARBARA1814\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 16:33 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-04 16:33 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-04 16:33 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-04 16:33 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-04 16:33 --------- d-----w C:\Program Files\Symantec
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-01 19:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-01 19:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-09-30 18:28 0 ----a-w C:\Documents and Settings\B&P.BARBARA1814\Application Data\wklnhst.dat
2007-04-09 16:26 982 ----a-w C:\Documents and Settings\B&P\Application Data\wklnhst.dat
2005-09-24 16:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-09-24 00:44 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 19:37]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 21:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 07:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 07:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 07:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 06:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 00:46]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 23:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 15:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 10:03]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23]
"HostManager"="C:\Program Files\Common Files\AOL\1178393113\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-05-05 14:27]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 16:33]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 14:20]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-14 08:51:44]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-14 08:51:44]
C:\Documents and Settings\B&P\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-14 08:51:44]
C:\Documents and Settings\B&P.BARBARA1814\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-14 08:51:44]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30]
Printkey.exe [1998-11-27 17:41:16]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2007-11-27 13:26:20]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-08-21 03:51:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-07-07 00:38:42 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - B&P.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 14:06:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???xR??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-15 14:06:49
.
2007-12-12 05:25:19 --- E O F ---
From what I read in the forums, I downloaded ComboFix.exe and after several tries I was able to run it, it seems to have fixed the problem (as the message has not popped up).
Following is the logfile. Is there anything else I should do?
On the bright side, I now have access to my user account!!
ComboFix 07-12-15.5 - B&P 2007-12-15 14:01:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.101 [GMT -5:00]
Running from: C:\Documents and Settings\B&P.BARBARA1814\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\infos.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Documents and Settings\B&P.BARBARA1814\Start Menu\Programs\StartUp\infos.exe
C:\WINDOWS\system32\bronto.dll
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\winter.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))
.
2007-12-10 15:22 . 2007-05-05 13:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-10 15:22 . 2007-05-05 13:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-12-10 14:57 . 2007-12-10 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-10 14:56 . 2007-12-10 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-10 14:55 . 2007-12-10 14:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-10 09:52 . 2007-12-10 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-08 13:50 . 2007-12-10 00:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-08 13:50 . 2007-12-08 13:50 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-29 07:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-27 13:26 . 2007-11-27 13:26 <DIR> d-------- C:\Program Files\PrintKey2000
2007-11-27 13:25 . 2007-11-27 13:25 <DIR> d-------- C:\TEMP\printkey510ef
2007-11-27 13:25 . 2007-11-27 13:25 571,046 --a------ C:\TEMP\printkey510ef.zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 04:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-08 16:08 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-29 12:13 --------- d-----w C:\Program Files\Java
2007-11-27 18:40 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-27 18:07 --------- d-----w C:\Documents and Settings\B&P.BARBARA1814\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 16:33 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-04 16:33 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-04 16:33 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-04 16:33 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-04 16:33 --------- d-----w C:\Program Files\Symantec
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-01 19:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-01 19:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-09-30 18:28 0 ----a-w C:\Documents and Settings\B&P.BARBARA1814\Application Data\wklnhst.dat
2007-04-09 16:26 982 ----a-w C:\Documents and Settings\B&P\Application Data\wklnhst.dat
2005-09-24 16:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-09-24 00:44 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 19:37]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 21:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 07:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 07:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 07:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 06:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 00:46]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 23:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 15:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 10:03]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23]
"HostManager"="C:\Program Files\Common Files\AOL\1178393113\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-05-05 14:27]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 16:33]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 14:20]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-14 08:51:44]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-14 08:51:44]
C:\Documents and Settings\B&P\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-14 08:51:44]
C:\Documents and Settings\B&P.BARBARA1814\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-14 08:51:44]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30]
Printkey.exe [1998-11-27 17:41:16]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2007-11-27 13:26:20]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-08-21 03:51:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-07-07 00:38:42 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - B&P.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 14:06:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???xR??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-15 14:06:49
.
2007-12-12 05:25:19 --- E O F ---