After getting hijackthis to run, i decided to try and run combofix as well...success!! HEre is the log from Combo Fix!
ComboFix 08-03-09.1 - HP_Administrator 2008-03-09 16:56:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.594 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Administrator\Application Data\printer.exe
C:\WINDOWS\system32\efcbcya.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\wowfx.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\dllcache\beep.sysC:\WINDOWS\system32\drivers\beep.sysC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\SystemDefender
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\BM708f7764.xml
C:\WINDOWS\braviax.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\cru629.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aujlbctb.dll
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\system32\ddcdcdc.dll
C:\WINDOWS\system32\djsixvbj.dll
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini2
C:\WINDOWS\system32\gwbktpmt.dll
C:\WINDOWS\system32\hkerklck.dll
C:\WINDOWS\system32\jijqksuu.ini
C:\WINDOWS\system32\korouiaj.dll
C:\WINDOWS\system32\launcher.exe
C:\WINDOWS\system32\ljjihef.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgqnhusi.dll
C:\WINDOWS\system32\ohlgqwrj.dll
C:\WINDOWS\system32\tmptkbwg.ini
C:\WINDOWS\system32\ujpcthre.dll
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\uuskqjij.dll
C:\WINDOWS\system32\vuvxcryc.dll
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\system32\winjrp32.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.
2008-03-09 15:47 . 2008-03-09 15:47 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-03-09 15:27 . 2008-03-09 15:44 <DIR> d-------- C:\Mr Wacky's Adventure
2008-03-09 13:42 . 2008-03-09 13:42 16,384 --a------ C:\WINDOWS\nod32se.exe
2008-03-09 13:39 . 2008-03-09 13:39 13,556 --a------ C:\Program Files\tmp234734.exe
2008-03-09 13:39 . 2008-03-09 13:39 13,496 --a------ C:\Program Files\tmp230156.exe
2008-03-08 11:09 . 2008-03-08 11:09 <DIR> d-------- C:\Program Files\SysCleaner
2008-03-08 11:04 . 2008-03-09 13:44 98,709 --a------ C:\Program Files\udefender_setup.exe
2008-03-08 10:59 . 2008-03-08 10:59 <DIR> d-------- C:\Program Files\IE Extensions
2008-03-08 10:59 . 2008-03-08 10:59 35,732 --a------ C:\Program Files\tmp208980750.exe
2008-03-08 10:59 . 2008-03-08 10:59 35,732 --a------ C:\Program Files\tmp208979125.exe
2008-03-08 10:59 . 2008-03-08 10:59 18,944 --a------ C:\WINDOWS\system32\drvlon.dll
2008-03-08 10:59 . 2008-03-08 10:59 16,480 --a------ C:\Program Files\tmp208970250.exe
2008-03-08 10:59 . 2008-03-08 10:59 13,580 --a------ C:\Program Files\tmp208974140.exe
2008-03-07 22:09 . 2008-03-09 13:38 1,307,681 ---hs---- C:\WINDOWS\system32\ovrcnaop.ini
2008-03-06 22:13 . 2008-03-06 22:13 1,306,677 ---hs---- C:\WINDOWS\system32\ugmyegrn.ini
2008-03-06 00:55 . 2008-03-06 00:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2008-03-05 22:37 . 2008-03-06 00:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-05 22:28 . 2007-01-18 08:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-03-05 22:27 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-05 22:26 . 2008-03-06 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 22:07 . 2008-03-05 22:07 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-03-05 09:45 . 2008-03-05 09:45 59,392 --a------ C:\mmesckoj.exe
2008-03-05 09:45 . 2008-03-05 09:45 58,368 --a------ C:\mhyvfa.exe
2008-03-05 09:45 . 2008-03-05 09:45 51,712 --a------ C:\xoipvs.exe
2008-03-05 09:45 . 2008-03-05 22:28 16,384 --a------ C:\WINDOWS\system32\braviax.ex_
2008-03-05 09:45 . 2008-03-05 09:45 3,584 --a------ C:\xlth.exe
2008-03-03 22:46 . 2008-03-03 22:46 <DIR> d-------- C:\Program Files\Your Company Name
2008-03-03 22:46 . 2008-03-03 22:46 <DIR> d-------- C:\Program Files\Total Seminars
2008-02-22 12:02 . 2008-02-22 12:02 202,827 --a------ C:\WINDOWS\system32\atasnt40.dll
2008-02-22 12:01 . 2008-02-22 12:01 51,304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2008-02-22 00:25 . 2008-02-22 00:25 <DIR> d-------- C:\Program Files\OGPlanet
2008-02-14 03:08 . 2008-02-14 03:08 <DIR> d-------- C:\Program Files\MSECache
2008-02-14 03:08 . 2008-02-14 03:08 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-02-14 03:07 . 2008-02-14 03:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-06 02:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp
2008-03-06 02:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 13:45 --------- d-----w C:\Program Files\Incomplete
2008-03-05 13:35 --------- d-----w C:\Program Files\LimeWire
2008-03-05 13:35 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-03-05 06:24 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2008-03-03 23:08 --------- d-----w C:\Program Files\AIM6
2008-03-03 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-03 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-03 04:31 --------- d-----w C:\Program Files\World of Warcraft
2008-02-29 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-26 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 07:52 --------- d-----w C:\Program Files\Sword of The New World
2008-02-26 07:51 --------- d-----w C:\Program Files\MasterOfDefense_at
2008-02-22 14:24 --------- d-----w C:\Documents and Settings\Technisource VPN\Application Data\ICAClient
2008-02-14 07:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-14 07:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-08 21:56 --------- d-----w C:\Documents and Settings\Technisource VPN\Application Data\acccore
2008-02-08 19:40 --------- d-----w C:\Documents and Settings\Technisource VPN\Application Data\DWRCC
2008-02-08 19:37 --------- d-----w C:\Documents and Settings\Technisource VPN\Application Data\DameWare Development
2008-02-08 19:36 --------- d-----w C:\Program Files\DameWare Development
2008-02-08 19:24 --------- d-----w C:\Program Files\SJLabs
2008-02-08 19:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 19:14 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2008-02-08 19:14 --------- d-----w C:\Program Files\AR System
2008-02-08 19:14 --------- d-----w C:\Documents and Settings\Technisource VPN\Application Data\AR System
2008-02-05 06:28 --------- d-----w C:\Program Files\WowGasm
2008-02-05 04:31 --------- d-----w C:\Program Files\Warcraft III
2008-02-04 06:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-02-01 00:46 --------- d-----w C:\Program Files\support.com
2008-02-01 00:46 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-01-25 13:42 --------- d-----w C:\Program Files\Google
2008-01-25 02:58 --------- d-----w C:\Program Files\CCleaner
2008-01-23 06:33 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-01-16 07:17 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\ICAClient
2008-01-16 04:21 --------- d-----w C:\Program Files\Java
2007-12-20 03:47 846,504 ----a-w C:\Documents and Settings\HP_Administrator\JNativeCpp.dll
2007-04-23 05:51 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-01-21 00:53 45,056 ------r C:\Program Files\SetAttrib.exe
2004-11-30 07:23 40,960 ------r C:\Program Files\delete.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
Files Infected - Win32.Agent.zbc:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Philips\Philips Device Transfer Pop-up\PDeviceConn.exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00 15360]
"cdloader"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2008-03-05 22:36 50520]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-05 22:36 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 20:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2008-03-05 22:50 1626112 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-03-05 22:36 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-03-05 22:36 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2008-03-05 22:36 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 03:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-03-05 22:36 132496]
"LaunchPDeviceConn"="C:\Program Files\Philips\Philips Device Transfer Pop-up\PDeviceConn.exe" [2008-03-05 22:36 299008]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-03-05 22:36 124520]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-03-05 22:36 155648]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-03-05 22:36 249856]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 06:53 15969280 C:\WINDOWS\RTHDCPL.EXE]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-03-05 22:36 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-05 22:36 180269]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 05:21 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-09 15:48 6731312]
"MSDisp32"="C:\WINDOWS\system32\drvlon.dll" [2008-03-08 10:59 18944]
"braviax"="braviax.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-09 17:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-02-22 17:58:29 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {31f9e817-78f3-43f6-a2b9-6be4db1f4c6d} - C:\WINDOWS\Installer\{31f9e817-78f3-43f6-a2b9-6be4db1f4c6d}\zip.dll [2008-03-08 10:59 38438]
"BootRam"= {9f548e5a-2138-4a5f-b37d-c8f8ed5d0082} - C:\WINDOWS\Installer\{9f548e5a-2138-4a5f-b37d-c8f8ed5d0082}\BootRam.dll [2008-03-08 10:59 14374]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrp32]
winjrp32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a------ 2005-11-11 17:11 1064960 C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
--a------ 2005-11-11 17:10 61440 C:\Program Files\DISC\DiscUpdateMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2005-11-01 06:01 90112 c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1147572088\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-05 22:36 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1147572088\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1147572088\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 inwrdr;inwrdr;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\inwrdr.sys []
S3 nenum13E;nenum13E;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nenum13E.sys []
S3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys []
S3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys []
S3 vtdg46xx;vtdg46xx;C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys []
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47876b4c-f72b-11da-8a91-0015f2eb0b2a}]
\Shell\AutoRun\command - J:\JDSecure\Windows\JDSecure20.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56ac6ba3-ef32-11da-8a81-0015f2eb0b2a}]
\Shell\AutoRun\command - J:\JDSecure\Windows\JDSecure20.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-09 17:03:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\accctsggw]
"ImagePath"="\??\C:\WINDOWS\inf\accctsggw.cat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\Installer\{31f9e817-78f3-43f6-a2b9-6be4db1f4c6d}\zip.dll
-> C:\WINDOWS\Installer\{9f548e5a-2138-4a5f-b37d-c8f8ed5d0082}\BootRam.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-03-09 17:09:49 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2008-03-09 21:09:47
.
2007-11-28 06:53:27 --- E O F ---