vomblaurasen
New member
I have a problem and do not know how to continue. :sad: I did read some of the archives. I have downloaded combofix and hijackthis.
Here is the log from comboflix
ComboFix 07-08-30.3 - "Owner" 2007-08-31 0:02:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT -5:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\Program Files\winpop
C:\WINDOWS\b104.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\system32\aqhpkkbq.ini
C:\WINDOWS\system32\dpmmaftk.ini
C:\WINDOWS\system32\ffusrohp.exe
C:\WINDOWS\system32\hgghedd.dll
C:\WINDOWS\system32\kidwbsuq.exe
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\ktfammpd.dll
C:\WINDOWS\system32\ojoyhcmk.dll
C:\WINDOWS\system32\owcchxum.exe
C:\WINDOWS\system32\pfbrdwya.exe
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\qbkkphqa.dll
C:\WINDOWS\system32\qjamvbcs.dll
C:\WINDOWS\system32\smjnhbdy.ini
C:\WINDOWS\system32\vnnkfjnl.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\ydbhnjms.dll
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))
2007-08-31 00:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 23:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-29 14:08 <DIR> d-------- C:\test
2007-08-29 13:47 <DIR> d-------- C:\Program Files\Common Files\Nova Development
2007-08-29 13:47 <DIR> d-------- C:\Program Files\Art Explosion
2007-08-29 10:47 9,814 --a------ C:\DOCUME~1\Owner\install.exe
2007-08-27 17:19 <DIR> d--hs---- C:\Program Files\outlook
2007-08-05 23:44 <DIR> d---s---- C:\spath
2007-07-28 20:22 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-28 20:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-28 20:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-28 20:14 <DIR> d-------- C:\DOCUME~1\Owner\Shared
2007-07-28 20:13 <DIR> d-------- C:\DOCUME~1\Owner\Incomplete
2007-07-28 20:13 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2007-07-28 20:07 <DIR> d-------- C:\Program Files\Limewire
2007-07-26 10:55 <DIR> d--hs---- C:\found.001
2007-07-26 02:15 <DIR> d--hs---- C:\found.000
2007-07-24 20:39 <DIR> d---s---- C:\vLowenhertzig
2007-07-17 16:16 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-07-17 16:16 <DIR> d-------- C:\Program Files\Dell
2007-07-16 12:54 <DIR> d---s---- C:\OldWorldKennel
2007-07-10 01:45 <DIR> d---s---- C:\TestSite
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-30 14:20 --------- d-------- C:\Program Files\leechFTP
2007-08-28 21:23 --------- d-------- C:\Program Files\Starcraft
2007-08-28 19:13 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-28 02:06 --------- d-------- C:\Program Files\Google
2007-08-27 21:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-27 15:19 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Adobeum
2007-08-18 02:27 --------- d-------- C:\Program Files\iTunes
2007-08-09 19:32 --------- d-------- C:\Program Files\Quicktime
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 20:38 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-07-28 20:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-07-28 20:37 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-07-28 20:34 --------- d-------- C:\Program Files\Morpheus
2007-07-28 20:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-10 03:55 --------- d-------- C:\Program Files\SEO Elite 4
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2003-08-27 14:19 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll
2002-08-29 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56:43 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-04 07:56:55 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"VTTimer"="VTTimer.exe" []
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16]
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 09:55]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2001-10-25 09:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 09:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-23 14:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-23 01:37]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RecordNow!"=
"BackupNotify"=c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"=ALCXMNTR.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
"outlook"=C:\Program Files\outlook\outlook.exe /auto
"RegistryMechanic"=
"runner1"=C:\WINDOWS\retadpu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"SystemOptimizer"=rundll32.exe "C:\WINDOWS\system32\qbkkphqa.dll",forkonce
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe"
"KBD"=C:\HP\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"AutoTKit"=C:\hp\bin\AUTOTKIT.EXE
"CamMonitor"=c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys
R2 WUSB54GSSVC;WUSB54GSSVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe"
R3 Dot4 HPH09;Dot4 HPH09;C:\WINDOWS\system32\DRIVERS\hphid409.sys
R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;C:\WINDOWS\system32\DRIVERS\hphipr09.sys
R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);C:\WINDOWS\system32\Drivers\hphs2k09.sys
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
Contents of the 'Scheduled Tasks' folder
2007-08-30 18:27:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 00:18:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-31 0:22:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-31 00:21
--- E O F ---
Here is the log from comboflix
ComboFix 07-08-30.3 - "Owner" 2007-08-31 0:02:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT -5:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\Program Files\winpop
C:\WINDOWS\b104.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\system32\aqhpkkbq.ini
C:\WINDOWS\system32\dpmmaftk.ini
C:\WINDOWS\system32\ffusrohp.exe
C:\WINDOWS\system32\hgghedd.dll
C:\WINDOWS\system32\kidwbsuq.exe
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\ktfammpd.dll
C:\WINDOWS\system32\ojoyhcmk.dll
C:\WINDOWS\system32\owcchxum.exe
C:\WINDOWS\system32\pfbrdwya.exe
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\qbkkphqa.dll
C:\WINDOWS\system32\qjamvbcs.dll
C:\WINDOWS\system32\smjnhbdy.ini
C:\WINDOWS\system32\vnnkfjnl.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\ydbhnjms.dll
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))
2007-08-31 00:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 23:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-29 14:08 <DIR> d-------- C:\test
2007-08-29 13:47 <DIR> d-------- C:\Program Files\Common Files\Nova Development
2007-08-29 13:47 <DIR> d-------- C:\Program Files\Art Explosion
2007-08-29 10:47 9,814 --a------ C:\DOCUME~1\Owner\install.exe
2007-08-27 17:19 <DIR> d--hs---- C:\Program Files\outlook
2007-08-05 23:44 <DIR> d---s---- C:\spath
2007-07-28 20:22 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-28 20:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-28 20:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-28 20:14 <DIR> d-------- C:\DOCUME~1\Owner\Shared
2007-07-28 20:13 <DIR> d-------- C:\DOCUME~1\Owner\Incomplete
2007-07-28 20:13 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2007-07-28 20:07 <DIR> d-------- C:\Program Files\Limewire
2007-07-26 10:55 <DIR> d--hs---- C:\found.001
2007-07-26 02:15 <DIR> d--hs---- C:\found.000
2007-07-24 20:39 <DIR> d---s---- C:\vLowenhertzig
2007-07-17 16:16 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-07-17 16:16 <DIR> d-------- C:\Program Files\Dell
2007-07-16 12:54 <DIR> d---s---- C:\OldWorldKennel
2007-07-10 01:45 <DIR> d---s---- C:\TestSite
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-30 14:20 --------- d-------- C:\Program Files\leechFTP
2007-08-28 21:23 --------- d-------- C:\Program Files\Starcraft
2007-08-28 19:13 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-28 02:06 --------- d-------- C:\Program Files\Google
2007-08-27 21:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-27 15:19 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Adobeum
2007-08-18 02:27 --------- d-------- C:\Program Files\iTunes
2007-08-09 19:32 --------- d-------- C:\Program Files\Quicktime
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 20:38 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-07-28 20:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-07-28 20:37 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-07-28 20:34 --------- d-------- C:\Program Files\Morpheus
2007-07-28 20:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-10 03:55 --------- d-------- C:\Program Files\SEO Elite 4
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2003-08-27 14:19 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll
2002-08-29 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56:43 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-04 07:56:55 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"VTTimer"="VTTimer.exe" []
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16]
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 09:55]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2001-10-25 09:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 09:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-23 14:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-23 01:37]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RecordNow!"=
"BackupNotify"=c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"=ALCXMNTR.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
"outlook"=C:\Program Files\outlook\outlook.exe /auto
"RegistryMechanic"=
"runner1"=C:\WINDOWS\retadpu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"SystemOptimizer"=rundll32.exe "C:\WINDOWS\system32\qbkkphqa.dll",forkonce
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe"
"KBD"=C:\HP\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"AutoTKit"=C:\hp\bin\AUTOTKIT.EXE
"CamMonitor"=c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys
R2 WUSB54GSSVC;WUSB54GSSVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe"
R3 Dot4 HPH09;Dot4 HPH09;C:\WINDOWS\system32\DRIVERS\hphid409.sys
R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;C:\WINDOWS\system32\DRIVERS\hphipr09.sys
R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);C:\WINDOWS\system32\Drivers\hphs2k09.sys
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
Contents of the 'Scheduled Tasks' folder
2007-08-30 18:27:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 00:18:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-31 0:22:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-31 00:21
--- E O F ---
