Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\knocked_up1
C:\KNOCKED_UP1.ISO\
C:\Program Files\bfgtoolbar
C:\Program Files\bfgtoolbar\Cache\1.bmp
C:\Program Files\bfgtoolbar\Cache\2.bmp
C:\Program Files\bfgtoolbar\Cache\20off.bmp
C:\Program Files\bfgtoolbar\Cache\3.bmp
C:\Program Files\bfgtoolbar\Cache\4.bmp
C:\Program Files\bfgtoolbar\Cache\5.bmp
C:\Program Files\bfgtoolbar\Cache\6.bmp
C:\Program Files\bfgtoolbar\Cache\bfgtoolbartb0401.cfg
C:\Program Files\bfgtoolbar\Cache\COMBOSEARCH.acs
C:\Program Files\bfgtoolbar\Cache\ErrorLog.txt
C:\Program Files\bfgtoolbar\Cache\le.txt
C:\Program Files\bfgtoolbar\Cache\logo.bmp
C:\Program Files\bfgtoolbar\Cache\mygames.bmp
C:\Program Files\bfgtoolbar\Cache\newgames.bmp
C:\Program Files\bfgtoolbar\Cache\newgames3.bmp
C:\Program Files\bfgtoolbar\Cache\search.bmp
C:\Program Files\bfgtoolbar\Cache\topten.bmp
C:\Program Files\bfgtoolbar\Cache\topten2.bmp
C:\Program Files\bfgtoolbar\Cache\topten3.bmp
C:\Program Files\bfgtoolbar\Cache\topten4.bmp
C:\Program Files\bfgtoolbar\Cache\topten5.bmp
C:\Program Files\bfgtoolbar\Cache\webgames.bmp
C:\Program Files\bfgtoolbar\install.ico
C:\Program Files\bfgtoolbar\toolbar.ini
C:\Program Files\bfgtoolbar\uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-13 17:33 . 2008-03-14 11:02 1,288 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-13 17:30 . 2008-03-15 11:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\SmitfraudFix
2008-03-13 14:59 . 2008-03-13 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-09 10:35 . 2008-03-10 07:46 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2008-03-09 10:34 . 2008-03-09 10:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\INAC
2008-03-09 10:34 . 2008-03-09 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\INAC
2008-03-09 10:29 . 2008-03-10 08:19 <DIR> d-------- C:\Program Files\INAC
2008-03-08 08:31 . 2008-03-08 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 08:30 . 2008-03-08 08:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 10:28 . 2008-03-06 10:35 4,681,674,752 --a------ C:\KNOCKED_UP1.ISO
2008-03-02 10:33 . 2008-03-08 08:20 <DIR> d-------- C:\Program Files\AdwareFilter
2008-03-01 14:20 . 2008-03-01 14:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-03-01 14:15 . 2008-03-01 14:30 141,199 --a------ C:\WINDOWS\hpoins14.dat
2008-03-01 14:15 . 2007-06-05 19:07 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-02-29 12:14 . 2008-02-29 12:14 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2008-02-29 12:12 . 2008-02-29 12:12 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-02-26 20:59 . 2008-02-26 21:01 <DIR> d-------- C:\Program Files\Snood
2008-02-21 22:42 . 2008-02-21 22:42 <DIR> d-------- C:\Program Files\SonicWallES
2008-02-21 17:22 . 2008-03-07 17:39 7,223 --a------ C:\rollback.ini
2008-02-21 17:16 . 2008-02-21 22:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MailFrontier
2008-02-21 17:11 . 2008-03-15 15:59 19,416,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-21 17:11 . 2008-03-15 07:35 259,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 17:03 . 2008-02-21 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-21 17:03 . 2008-03-08 20:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-21 17:02 . 2007-11-14 17:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-21 17:01 . 2008-02-21 17:01 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-21 16:59 . 2008-03-15 15:40 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-21 16:54 . 2008-02-21 16:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-02-21 16:54 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-21 16:53 . 2008-02-21 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 09:02 . 2007-08-13 19:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-15 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-15 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-15 11:45 --------- d-----w C:\Program Files\AIM
2008-03-15 11:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Aim
2008-03-15 11:30 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-15 11:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-15 11:19 1,569,357 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-15 04:16 507,392 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-14 14:48 1,609,216 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-14 13:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-03-13 21:25 --------- d-----w C:\Program Files\Viewpoint
2008-03-13 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-13 14:45 --------- d-----w C:\Program Files\One Million Recipes
2008-03-12 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-12 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 02:08 2,828,288 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-12 00:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 11:43 1,624,064 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-08 17:30 1,871,360 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-08 12:12 299,520 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-08 12:12 1,568,256 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-08 03:29 940,032 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-07 20:52 2,657,792 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-07 20:52 1,539,072 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-06 02:48 2,876,928 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-05 21:36 --------- d-----w C:\Program Files\Yahoo! Games
2008-03-04 14:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-03 19:22 57,799 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_03_13_39_51_small.dmp.zip
2008-03-03 16:39 491,008 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-03 16:39 1,487,872 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-03 03:22 2,663,936 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-03 03:22 1,486,848 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-02 02:55 2,460,160 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-01 18:20 --------- d-----w C:\Program Files\HP
2008-03-01 18:07 4,075,008 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-01 18:07 1,459,200 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-29 16:14 --------- d-----w C:\Program Files\Kodak
2008-02-29 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-25 12:33 256,000 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-25 12:33 1,384,960 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-25 03:19 1,523,712 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-25 03:19 1,379,840 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-24 03:06 1,875,456 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-24 03:06 1,376,256 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-18 11:24 --------- d-----w C:\Program Files\Babylon
2008-02-14 20:11 --------- d-----w C:\Program Files\TomTom HOME 2
2008-02-11 17:42 --------- d-----w C:\Program Files\STOPzilla!
2008-02-09 21:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 14:05 --------- d-----w C:\Program Files\LimeWire
2008-02-08 22:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2008-02-08 16:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TomTom
2008-02-08 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-02-08 16:44 --------- d-----w C:\Program Files\TomTom DesktopSuite
2008-02-04 18:49 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-04 18:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-04 18:11 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-04 18:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-04 18:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-04 18:11 --------- d-----w C:\Program Files\Symantec
2008-02-04 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-04 17:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-04 17:22 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-02-03 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-03 14:53 --------- d-----w C:\Program Files\WM Converter
2008-02-02 22:04 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 19:36 229,376 ----a-r C:\WINDOWS\system32\SZBase5.dll
2008-02-01 11:16 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-02-01 11:16 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-31 17:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-30 22:53 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2008-01-30 22:52 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2008-01-30 22:52 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2008-01-30 22:52 364,544 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2008-01-30 22:51 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2008-01-30 22:51 192,512 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2008-01-30 22:50 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2008-01-30 22:50 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2008-01-30 22:47 704,512 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2008-01-30 14:31 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-30 13:49 --------- d-----w C:\Program Files\Alwil Software
2008-01-28 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 19:02 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-01-28 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-28 13:45 --------- d-----w C:\Program Files\FriendFinder
2008-01-28 13:44 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-01-28 13:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 13:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-28 13:43 --------- d-----w C:\Program Files\Windows Live Favorites
2008-01-28 13:43 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 13:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Closebash
2008-01-28 13:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-01-28 13:42 --------- d-----w C:\Program Files\DivX
2008-01-28 13:42 --------- d-----w C:\Program Files\CyberDefender
2008-01-28 13:41 --------- d-----w C:\Program Files\Google
2008-01-28 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-01-28 13:37 --------- d-----w C:\Program Files\MySpace
2008-01-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft(2)
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-10-01 12:17 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot_2008-03-13_ 8.16.57.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-02-27 12:29:49 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-15 11:40:25 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-02-27 12:29:49 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-15 11:40:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-02-27 12:29:49 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-15 11:40:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-13 10:59:04 882,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-03-15 11:38:38 882,096 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-04 14:12 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 17:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
C:\Documents and Settings\mommy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 17:32:57 147456]
C:\Documents and Settings\mommyrachel\Start Menu\Programs\Startup\
Intel Snapshot.Lnk [2007-07-23 09:13:14 848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Intel Snapshot.Lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Intel Snapshot.Lnk
backup=C:\WINDOWS\pss\Intel Snapshot.LnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-03 03:19 77312 C:\WINDOWS\arpwrmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-01-31 14:15 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 08:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a------ 2005-09-27 03:43 1060864 C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
--a------ 2005-09-27 03:42 61440 C:\Program Files\DISC\DiscUpdateMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 13:41 1605740 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 02:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-02-05 19:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 03:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-28 03:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 21:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 09:44 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 17:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-25 00:53 714608 C:\Program Files\Norton AntiVirus\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-27 17:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-01-03 17:48 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-02-07 05:47 361832 C:\Program Files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 17:46 709992 C:\WINDOWS\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 10:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-11-14 17:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Documents and Settings\\HP_Administrator\\My Documents\\LimeWire\\Incomplete\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\Incomplete\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-01-31 13:16]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 17:45]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 17:46]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 17:05]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0b45e9c-cf36-11dc-a346-0015f2983187}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 13:05:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 19:35:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 21:30:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-29 16:07:41 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-27 07:00:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-11 00:50:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-15 00:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - daddy.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-15 00:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-02-27 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 15:59:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-15 16:04:03
ComboFix-quarantined-files.txt 2008-03-15 20:03:51
ComboFix2.txt 2008-03-14 15:28:55
ComboFix3.txt 2008-03-13 12:17:36
ComboFix4.txt 2008-03-11 11:38:14
.
2008-03-12 16:04:47 --- E O F ---