Tech Support Forum - View Single Post

danny539 · 08-11-2007, 04:46 PM

ComboFix 07-08-12 - "danny" 2007-08-11 16:10:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.229 [GMT -5:00]
Command switches used :: C:\Documents and Settings\danny\Desktop\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))

2007-08-11 13:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 13:13 <DIR> d-------- C:\Program Files\File Shredder
2007-08-11 12:40 3,212 --a------ C:\WINDOWS\system32\rounders.dat
2007-08-11 00:22 929,792 -ra------ C:\WINDOWS\system32\PRISME5.dll
2007-08-11 00:22 15,781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-08-11 00:20 <DIR> d-------- C:\Program Files\2Wire
2007-08-07 19:24 <DIR> d-------- C:\DOCUME~1\danny\APPLIC~1\OpenOffice.org2
2007-08-07 19:19 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-07 18:27 <DIR> d-------- C:\Program Files\SysShield Tools
2007-08-07 18:20 <DIR> d-------- C:\Program Files\BitComet
2007-08-07 15:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-07 14:33 <DIR> d-------- C:\DOCUME~1\danny\APPLIC~1\Skype
2007-08-07 14:32 <DIR> d-------- C:\Program Files\Skype
2007-08-07 14:32 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-07 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-07-31 16:50 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-31 16:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-24 14:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-07-19 15:33 <DIR> d-------- C:\DOCUME~1\Dee\APPLIC~1\Google

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 00:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-07 19:27 --------- d-------- C:\Program Files\Opera
2007-08-07 15:44 --------- d-------- C:\Program Files\AusLogics Disk Defrag
2007-08-07 13:27 --------- d-------- C:\Program Files\TClock
2007-07-27 17:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-27 17:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 17:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 17:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 16:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 16:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 16:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-20 12:37 --------- d--h----- C:\DOCUME~1\danny\APPLIC~1\ijjigame
2007-06-24 14:25 --------- d-------- C:\DOCUME~1\danny\APPLIC~1\Opera
2007-06-21 15:41 --------- d-------- C:\DOCUME~1\danny\APPLIC~1\HP
2007-06-21 15:40 --------- d-------- C:\Program Files\Hewlett-Packard
2007-06-21 15:34 --------- d-------- C:\Program Files\IrfanView
2007-06-21 15:34 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-06-21 15:32 --------- d-------- C:\Program Files\Common Files\HP
2007-06-21 15:26 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-21 15:19 --------- d-------- C:\Program Files\HP
2007-06-20 15:34 --------- d-------- C:\DOCUME~1\danny\APPLIC~1\AdobeUM
2007-06-14 17:55 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-12 18:03 --------- d--h----- C:\DOCUME~1\danny\APPLIC~1\Move Networks
2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-05-17 01:20 17 --a------ C:\Program Files\d.bat
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2007-08-07 15:07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1125627011\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

R1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R3 CAMCAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\camcaud.sys
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camchal.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
S3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sys
S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys
S3 EraserUtilDrv10500;EraserUtilDrv10500;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10500.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-11 20:53:00 C:\WINDOWS\Tasks\WebReg Photosmart C4100 series.job - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 16:14:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 16:15:25
C:\ComboFix-quarantined-files.txt ... 2007-08-11 16:15
C:\ComboFix2.txt ... 2007-08-11 14:04

--- E O F ---

08-11-2007, 04:46 PM	#5 (permalink)
danny539 Registered User Join Date: Aug 2007 Posts: 13 OS: winxp	Re: Need help!! ComboFix 07-08-12 - "danny" 2007-08-11 16:10:32.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.229 [GMT -5:00] Command switches used :: C:\Documents and Settings\danny\Desktop\CFScript.txt * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 ))))))))))))))))))))))))))))))) 2007-08-11 13:52 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-11 13:13 <DIR> d-------- C:\Program Files\File Shredder 2007-08-11 12:40 3,212 --a------ C:\WINDOWS\system32\rounders.dat 2007-08-11 00:22 929,792 -ra------ C:\WINDOWS\system32\PRISME5.dll 2007-08-11 00:22 15,781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys 2007-08-11 00:20 <DIR> d-------- C:\Program Files\2Wire 2007-08-07 19:24 <DIR> d-------- C:\DOCUME~1\danny\APPLIC~1\OpenOffice.org2 2007-08-07 19:19 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-07 18:27 <DIR> d-------- C:\Program Files\SysShield Tools 2007-08-07 18:20 <DIR> d-------- C:\Program Files\BitComet 2007-08-07 15:07 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-07 14:33 <DIR> d-------- C:\DOCUME~1\danny\APPLIC~1\Skype 2007-08-07 14:32 <DIR> d-------- C:\Program Files\Skype 2007-08-07 14:32 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-08-07 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype 2007-07-31 16:50 <DIR> d-------- C:\Program Files\Lavasoft 2007-07-31 16:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-24 14:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-07-19 15:33 <DIR> d-------- C:\DOCUME~1\Dee\APPLIC~1\Google (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 00:22 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-07 19:27 --------- d-------- C:\Program Files\Opera 2007-08-07 15:44 --------- d-------- C:\Program Files\AusLogics Disk Defrag 2007-08-07 13:27 --------- d-------- C:\Program Files\TClock 2007-07-27 17:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-27 17:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-27 17:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-27 17:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 16:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 16:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 16:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-20 12:37 --------- d--h----- C:\DOCUME~1\danny\APPLIC~1\ijjigame 2007-06-24 14:25 --------- d-------- C:\DOCUME~1\danny\APPLIC~1\Opera 2007-06-21 15:41 --------- d-------- C:\DOCUME~1\danny\APPLIC~1\HP 2007-06-21 15:40 --------- d-------- C:\Program Files\Hewlett-Packard 2007-06-21 15:34 --------- d-------- C:\Program Files\IrfanView 2007-06-21 15:34 --------- d-------- C:\Program Files\Common Files\Sonic Shared 2007-06-21 15:32 --------- d-------- C:\Program Files\Common Files\HP 2007-06-21 15:26 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-06-21 15:19 --------- d-------- C:\Program Files\HP 2007-06-20 15:34 --------- d-------- C:\DOCUME~1\danny\APPLIC~1\AdobeUM 2007-06-14 17:55 --------- d-------- C:\Program Files\MSXML 4.0 2007-06-12 18:03 --------- d--h----- C:\DOCUME~1\danny\APPLIC~1\Move Networks 2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 10:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2006-05-17 01:20 17 --a------ C:\Program Files\d.bat 2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2007-08-07 15:07 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1125627011\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] %systemroot%\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart R1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sys R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys R3 CAMCAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\camcaud.sys R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camchal.sys R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys S3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sys S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys S3 EraserUtilDrv10500;EraserUtilDrv10500;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10500.sys Newly Created Service - CATCHME Contents of the 'Scheduled Tasks' folder 2007-08-11 20:53:00 C:\WINDOWS\Tasks\WebReg Photosmart C4100 series.job - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-11 16:14:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-11 16:15:25 C:\ComboFix-quarantined-files.txt ... 2007-08-11 16:15 C:\ComboFix2.txt ... 2007-08-11 14:04 --- E O F ---