PDA

View Full Version : Is it clean yet? :(



hicarbon
2008-08-13, 11:26
Here is the Hijackthis log and the ComboFix log (I was out of town and my 2nd thread was archived, that is why I am creating a new one)

Hijackthis Log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:21, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1178750834\ee\AOLSoftware.exe
C:\windows\mstre6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://signup.worldofwarcraft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {328173EA-2D4F-4FBF-8194-892A10DC9C72} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AE99EB12-A2D7-42D7-8BC2-754431199E2F} - (no file)
O2 - BHO: (no name) - {B1F91A93-52B2-4CC8-A895-35422954E062} - (no file)
O2 - BHO: (no name) - {ED786F23-B5DE-45A7-A4F9-24C0DE175DB0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178750834\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [systray] C:\windows\mstre6.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [sprof] C:\Program Files\sprof\sprof.exe
O4 - HKLM\..\Run: [Windows defend] C:\Program Files\iSecurity\{9DA536DD-32B1-4944-B34F-98A8E18CF2BA}\install.exe
O4 - HKLM\..\Run: [8c31044d] rundll32.exe "C:\WINDOWS\system32\ujpqanlf.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7143 bytes


----------------------------------------------------------

ComboFix Log


ComboFix 08-08-12.01 - xxGeist 2008-08-12 22:44:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1547 [GMT -4:00]
Running from: C:\Documents and Settings\xxGeist\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Antivirus 2009.lnk
C:\Documents and Settings\Administrator\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\xxGeist\Desktop\Antivirus 2009.lnk
C:\Documents and Settings\xxGeist\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\xxGeist\Desktop\Error Cleaner.url
C:\Documents and Settings\xxGeist\Desktop\Privacy Protector.url
C:\Documents and Settings\xxGeist\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\xxGeist\Desktop\SystemDefender.lnk
C:\Documents and Settings\xxGeist\Favorites\Error Cleaner.url
C:\Documents and Settings\xxGeist\Favorites\Privacy Protector.url
C:\Documents and Settings\xxGeist\Favorites\Spyware&Malware Protection.url
C:\iSecurity
C:\Program Files\iSecurity
C:\Program Files\iSecurity\{9DA536DD-32B1-4944-B34F-98A8E18CF2BA}\install.exe
C:\Program Files\iSecurity\antivirusxp.bmp
C:\Program Files\iSecurity\antivirusxp.ico
C:\Program Files\iSecurity\antivirusxpi.bmp
C:\Program Files\iSecurity\av2009.bmp
C:\Program Files\iSecurity\av2009.ico
C:\Program Files\iSecurity\av2009i.bmp
C:\Program Files\iSecurity\iSecurity.dat
C:\Program Files\iSecurity\iSecurity.html
C:\Program Files\iSecurity\systemdefender.bmp
C:\Program Files\iSecurity\systemdefender.ico
C:\Program Files\iSecurity\systemdefenderi.bmp
C:\Program Files\iSecurity\v20\iSecurity.cpl
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\sprof
C:\Program Files\sprof\sprof.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\SystemDefender.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\etgl.exe
C:\WINDOWS\mrvtdpqe.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\resources\CheckService.dll
C:\WINDOWS\resources\UnknownSDRAM.dll
C:\WINDOWS\resources\WinDrive.dll
C:\WINDOWS\Sys2A.exe
C:\WINDOWS\Sys2B.exe
C:\WINDOWS\Sys2C.exe
C:\WINDOWS\Sys6.exe
C:\WINDOWS\system32\960932
C:\WINDOWS\system32\960932\960932.dll
C:\WINDOWS\system32\atheuond.dll
C:\WINDOWS\system32\dabcqewg.ini
C:\WINDOWS\system32\ddcYrPjI.dll
C:\WINDOWS\system32\dnouehta.ini
C:\WINDOWS\system32\flnaqpju.ini
C:\WINDOWS\system32\gkwmectc.dll
C:\WINDOWS\system32\hushnl.dll
C:\WINDOWS\system32\hwbolr.dll
C:\WINDOWS\system32\IjPrYcdd.ini
C:\WINDOWS\system32\IjPrYcdd.ini2
C:\WINDOWS\system32\ISECUR~1.CPL
C:\WINDOWS\system32\iSecurity.cpl
C:\WINDOWS\system32\jkkKebBt.dll
C:\WINDOWS\system32\jqwkajmp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nmouyb.dll
C:\WINDOWS\system32\qoMghigG.dll
C:\WINDOWS\system32\risiqm.dll
C:\WINDOWS\system32\rkyiakiv.ini
C:\WINDOWS\system32\tabjhssa.dll
C:\WINDOWS\system32\tsufwsbh.ini
C:\WINDOWS\system32\ujpqanlf.dll
C:\WINDOWS\system32\ukyoilap.dll
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\VEeMVvut.ini
C:\WINDOWS\system32\VEeMVvut.ini2
C:\WINDOWS\system32\wlfkkgmc.dll
C:\WINDOWS\tmark2.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-07-31 21:21 . 2008-07-31 21:21 138,752 --a------ C:\tmp2111251.dll
2008-07-31 21:19 . 2008-07-31 21:19 240 --a------ C:\WINDOWS\cf.dat
2008-07-31 21:00 . 2008-07-31 21:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-31 21:00 . 2008-07-31 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 20:56 . 2008-07-31 20:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 20:42 . 2008-08-12 22:31 1,896 --a------ C:\Antivirus 2009.lnk
2008-07-31 20:42 . 2008-08-12 22:31 1,764 --a------ C:\Antivirus XP 2008.lnk
2008-07-20 22:16 . 2008-07-31 21:16 <DIR> d-------- C:\WINDOWS\system32\518963
2008-07-20 22:16 . 2008-07-20 22:16 138,752 --a------ C:\tmp1253751.dll
2008-07-20 22:16 . 2008-07-20 22:16 16,896 --a------ C:\WINDOWS\mstre6.exe
2008-07-20 22:16 . 2008-07-20 22:16 1 --a------ C:\WINDOWS\fmark2.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 19:31 --------- d-----w C:\Documents and Settings\xxGeist\Application Data\TmpRecentIcons
2008-07-05 01:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 01:31 --------- d-----w C:\Program Files\Lavasoft
2008-07-05 01:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 01:30 --------- d-----w C:\Program Files\CableRouting
2008-07-04 21:43 --------- d-----w C:\Program Files\World of Warcraft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 16:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 16:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 16:00 455168]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 12:38 159744]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-03-29 14:45 233534]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 10:56 409600]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 08:30 503808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]
"HostManager"="C:\Program Files\Common Files\AOL\1178750834\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"systray"="C:\windows\mstre6.exe" [2008-07-20 22:16 16896]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 06:12 88209 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\aol\\1178750834\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.
- - - - ORPHANS REMOVED - - - -

BHO-{328173EA-2D4F-4FBF-8194-892A10DC9C72} - C:\WINDOWS\system32\tuvVMeEV.dll
BHO-{AE99EB12-A2D7-42D7-8BC2-754431199E2F} - (no file)
BHO-{B1F91A93-52B2-4CC8-A895-35422954E062} - (no file)
BHO-{ED786F23-B5DE-45A7-A4F9-24C0DE175DB0} - (no file)
HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-sprof - C:\Program Files\sprof\sprof.exe
HKLM-Run-Windows defend - C:\Program Files\iSecurity\{9DA536DD-32B1-4944-B34F-98A8E18CF2BA}\install.exe
HKLM-Run-8c31044d - C:\WINDOWS\system32\ujpqanlf.dll
SSODL-UnknownSDRAM-{49ec8626-d651-4720-a244-5d42df40e88c} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\xxGeist\Application Data\Mozilla\Firefox\Profiles\4ewavsry.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 22:54:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?1?2?1??????? ???B?????????????hLC? ??????

scanning hidden files ...


C:\Documents and Settings\xxGeist\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls-journal 16912 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\aol\acs\AOLacsd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\shared\HPQTOA~1.EXE
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\update.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-08-12 22:58:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 02:58:19

Pre-Run: 39,752,220,672 bytes free
Post-Run: 39,663,628,288 bytes free

225 --- E O F --- 2008-04-22 12:18:15