Here are the SDFix and ComboFix reports. Thank you so much for your help!!
SDFix: Version 1.145 Run by dad on Sat 02/23/2008 at 01:45 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\CID - Deleted
C:\WINDOWS\system32\sex1.ico.tmp - Deleted
C:\WINDOWS\system32\sex2.ico.tmp - Deleted
C:\WINDOWS\system32\SvcNm - Deleted
C:\WINDOWS\system32\upds.log - Deleted
C:\WINDOWS\system32\url1 - Deleted
C:\WINDOWS\system32\url2 - Deleted
C:\WINDOWS\system32\url3 - Deleted
C:\WINDOWS\system32\wscmp.dll.tmp - Deleted
Folder C:\WINDOWS\system32\svcd - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-23 13:53:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 1 Apr 2007 211 A.SHR --- "C:\BOOT.BAK"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Wed 11 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Wed 12 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 18 Sep 2005 788,568 A..H. --- "C:\Program Files\Online Services\Canada\KOL\client.exe"
Wed 17 Aug 2005 13,459,528 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe"
Wed 17 Aug 2005 233,472 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe"
Wed 17 Aug 2005 389,120 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe"
Wed 12 Sep 2007 4,348 ...H. --- "C:\Documents and Settings\dad\My Documents\My Music\License Backup\drmv1key.bak"
Sun 16 Dec 2007 20 A..H. --- "C:\Documents and Settings\dad\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 28 Aug 2007 312 A.SH. --- "C:\Documents and Settings\dad\My Documents\My Music\License Backup\drmv2key.bak"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Wed 12 Sep 2007 4,348 ...H. --- "C:\Documents and Settings\dad\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Wed 12 Sep 2007 20 A..H. --- "C:\Documents and Settings\dad\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Tue 28 Aug 2007 312 A.SH. --- "C:\Documents and Settings\dad\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Sun 18 Sep 2005 77,824 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll"
Sun 18 Sep 2005 6,961,146 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip"
Sun 18 Sep 2005 3,058,888 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe"
Sun 18 Sep 2005 307,289 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll"
Sun 18 Sep 2005 7,083,361 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip"
Sun 18 Sep 2005 550,488 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe"
Sun 18 Sep 2005 553,984 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe"
Sun 18 Sep 2005 2,242,759 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe"
Sun 18 Sep 2005 24,064 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll"
Sun 18 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll"
Sun 18 Sep 2005 748,728 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe"
Sun 18 Sep 2005 7,515,304 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe"
Sun 18 Sep 2005 86,016 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll"
Sun 18 Sep 2005 45,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll"
Sun 18 Sep 2005 5,111,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE"
Sun 18 Sep 2005 4,378,673 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe"
Sun 18 Sep 2005 360,448 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe"
Sun 18 Sep 2005 40,960 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll"
Sun 18 Sep 2005 473,736 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe"
Sun 18 Sep 2005 12,288 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll"
Sun 18 Sep 2005 516,032 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe"
Sun 18 Sep 2005 597,080 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe"
Sun 18 Sep 2005 590,688 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe"
Sun 18 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll"
Sun 18 Sep 2005 49,152 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll"
Sun 18 Sep 2005 61,440 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe"
Sun 18 Sep 2005 3,858,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe"
Finished!ComboFix 08-02-24.2 - dad 2008-02-23 14:25:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.166 [GMT -8:00]
Running from: C:\Documents and Settings\dad\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bsnzafqa.bin
C:\WINDOWS\system32\cfg.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTLOAD
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.
2008-02-23 13:42 . 2008-02-23 13:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-23 13:27 . 2008-02-23 14:01 <DIR> d-------- C:\SDFix
2008-02-22 20:36 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-22 20:28 . 2008-02-22 20:35 <DIR> d-------- C:\Documents and Settings\dad\.SunDownloadManager
2008-02-22 20:24 . 2008-02-22 20:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-22 18:21 . 2008-02-22 18:21 <DIR> d-------- C:\Documents and Settings\dad\Application Data\Malwarebytes
2008-02-22 18:20 . 2008-02-22 18:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-22 18:20 . 2008-02-22 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-19 12:44 . 2008-02-19 12:44 <DIR> d-------- C:\Documents and Settings\Allie\Application Data\Viewpoint
2008-02-19 12:43 . 2008-02-19 12:43 <DIR> d-------- C:\Documents and Settings\Allie\Application Data\acccore
2008-02-19 12:35 . 2008-02-19 12:35 <DIR> d-------- C:\Documents and Settings\Allie\Application Data\Template
2008-02-19 12:35 . 2008-02-22 18:06 170 --a------ C:\Documents and Settings\Allie\Application Data\wklnhst.dat
2008-02-16 22:41 . 2008-02-16 22:41 <DIR> d-------- C:\Documents and Settings\Allie\Application Data\Talkback
2008-02-16 22:40 . 2008-02-16 22:40 <DIR> d-------- C:\Documents and Settings\Allie\Application Data\MailFrontier
2008-02-16 22:39 . 2006-08-01 10:51 <DIR> d-------- C:\Documents and Settings\Allie\WINDOWS
2008-02-16 22:39 . 2006-08-01 10:52 <DIR> d-------- C:\Documents and Settings\Allie\Application Data\Intuit
2008-02-16 13:59 . 2008-02-23 00:15 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-15 23:13 . 2008-02-15 23:13 2,007,718 --a------ C:\WINDOWS\system32\untitled.bmp
2008-02-15 20:16 . 2008-02-15 20:16 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-02-15 20:16 . 2008-02-18 17:46 36,654 --a------ C:\WINDOWS\DIIUnin.dat
2008-02-15 20:16 . 2008-02-15 20:16 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-02-15 20:12 . 2008-02-23 00:22 <DIR> d-------- C:\Program Files\Diablo II
2008-02-15 19:00 . 2008-02-15 19:00 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Viewpoint
2008-02-15 18:59 . 2008-02-15 18:59 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\acccore
2008-02-14 22:41 . 2008-02-14 22:41 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Talkback
2008-02-13 20:34 . 2008-02-13 20:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 20:34 . 2008-02-13 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 22:22 . 2008-02-10 22:22 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\MailFrontier
2008-02-10 22:18 . 2006-08-01 10:52 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Intuit
2008-02-10 22:17 . 2006-08-01 10:51 <DIR> d-------- C:\Documents and Settings\Nick\WINDOWS
2008-02-10 22:17 . 2008-02-10 22:17 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-10 02:15 . 2008-02-10 02:15 0 --a------ C:\WINDOWS\system32\sex5.ico.tmp
2008-02-10 02:14 . 2008-02-10 02:14 0 --a------ C:\WINDOWS\system32\sex4.ico.tmp
2008-02-10 02:14 . 2008-02-10 02:14 0 --a------ C:\WINDOWS\system32\sex3.ico.tmp
2008-02-10 02:01 . 2008-02-23 14:03 962 --a------ C:\rollback.ini
2008-02-10 01:38 . 2008-02-10 01:38 <DIR> d-------- C:\Documents and Settings\dad\Application Data\MailFrontier
2008-02-10 01:34 . 2008-02-24 14:32 3,840,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-10 01:34 . 2008-02-24 14:28 52,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-10 01:28 . 2008-02-10 01:28 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-10 01:28 . 2008-02-10 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-10 01:26 . 2008-02-24 14:30 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-09 17:58 . 2008-02-18 17:39 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-02-09 17:58 . 2008-02-18 17:39 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-02-09 17:58 . 2008-02-18 17:39 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-02-08 17:44 . 2008-02-10 01:58 3,262 --a------ C:\WINDOWS\system32\sex5.ico
2008-02-08 17:44 . 2008-02-10 01:58 3,262 --a------ C:\WINDOWS\system32\sex4.ico
2008-02-08 17:43 . 2008-02-10 01:57 3,262 --a------ C:\WINDOWS\system32\sex3.ico
2008-01-31 20:00 . 2008-01-31 20:00 <DIR> d-------- C:\Program Files\HyCam2
2008-01-31 19:09 . 2008-01-31 19:09 <DIR> d-------- C:\Documents and Settings\dad\Application Data\Apple Computer
2008-01-31 19:09 . 2008-02-23 14:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 19:09 . 2008-01-31 19:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-31 19:08 . 2008-01-31 19:09 <DIR> d-------- C:\Program Files\iTunes
2008-01-31 19:08 . 2008-01-31 19:08 <DIR> d-------- C:\Program Files\iPod
2008-01-31 19:07 . 2008-01-31 19:07 <DIR> d-------- C:\Program Files\Bonjour
2008-01-31 19:06 . 2008-01-31 19:07 <DIR> d-------- C:\Program Files\QuickTime
2008-01-31 19:06 . 2008-01-31 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-31 19:05 . 2008-01-31 19:05 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-31 19:05 . 2008-01-31 19:05 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-31 19:05 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-31 19:04 . 2008-01-31 19:04 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-31 19:04 . 2008-01-31 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Documents and Settings\dad\Application Data\Talkback
2008-01-24 22:34 . 2008-01-09 20:17 94,294 --------- C:\WINDOWS\HPHins03.dat.temp
2008-01-24 22:34 . 2004-06-06 20:41 2,655 --------- C:\WINDOWS\hphmdl03.dat.temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 04:36 --------- d-----w C:\Program Files\Java
2008-02-23 04:07 --------- d-----w C:\Program Files\LimeWire
2008-02-23 03:32 955,904 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-23 00:50 --------- d-----w C:\Documents and Settings\dad\Application Data\LimeWire
2008-02-23 00:47 7,824 ----a-w C:\Documents and Settings\dad\Application Data\wklnhst.dat
2008-02-18 01:13 --------- d-----w C:\Documents and Settings\dad\Application Data\Netscape
2008-02-18 01:02 105,472 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-18 01:02 1,954,304 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-17 21:03 1,662,976 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-17 05:15 1,940,992 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-16 04:27 1,933,824 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-11 06:16 --------- d-----w C:\Documents and Settings\dad\Application Data\IMVU
2008-02-10 20:53 387,072 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-10 09:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-10 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 08:12 --------- d-----w C:\Program Files\Shockwave.com
2008-02-10 07:19 --------- d-----w C:\Program Files\Google
2008-02-10 03:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 01:33 --------- d-----w C:\Program Files\Rhapsody
2008-01-17 01:17 --------- d-----w C:\Program Files\Genius 2000
2008-01-10 04:16 --------- d-----w C:\Program Files\HP
2008-01-10 04:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-07 05:39 --------- d-----w C:\Program Files\SwiftSwitch
2008-01-06 05:38 --------- d-----w C:\Program Files\Bethesda Softworks
2008-01-06 05:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2006-02-19 17:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"HijackThis startup scan"="C:\Documents and Settings\dad\Desktop\HijackThis.exe" [2008-02-17 22:09 401720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 10:39 180269]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"nwiz"="nwiz.exe" [2006-05-09 14:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 14:50 7311360]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 20:53 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 02:28 172032]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 19:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^dad^Start Menu^Programs^Startup^IMVU.lnk]
path=C:\Documents and Settings\dad\Start Menu\Programs\Startup\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 07:20 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 15:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\system32\winupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
S2 PNJX;Security Service;C:\WINDOWS\system32\svcd\svchost.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-24 14:31:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-02-24 14:41:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 22:40:51
.
2008-02-23 11:00:43 --- E O F ---