ComboFix 07-10-06.3 - HP_Administrator 2007-10-05 22:54:37.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1281 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\AntiSpyware\Combo fix\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))
.
2007-10-05 09:03 6,902 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-05 09:02 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-05 09:02 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-05 09:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-05 09:02 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-05 06:13 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\eAcceleration
2007-10-05 06:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eAcceleration
2007-10-04 21:51 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2007-10-04 20:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-04 20:04 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 20:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HouseCall 6.6
2007-10-04 19:39 <DIR> d-------- C:\Program Files\Panda Security
2007-10-04 17:12 <DIR> d-------- C:\Program Files\RegCure
2007-10-04 16:44 <DIR> d-------- C:\Adobe Fireworks CS3
2007-10-04 09:43 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-03 21:55 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2007-10-03 08:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2007-10-02 22:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-02 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-02 16:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2007-10-02 16:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Roxio
2007-10-02 16:46 <DIR> d-------- C:\Program Files\InterActual
2007-10-02 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2007-10-02 16:24 <DIR> d-------- C:\Program Files\SmartSound Software
2007-10-02 16:24 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-02 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-10-02 16:23 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-10-02 16:23 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-10-02 16:23 <DIR> d-------- C:\Program Files\Roxio
2007-10-02 16:22 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-10-01 19:42 <DIR> d-------- C:\Intel
2007-10-01 16:38 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2007-10-01 16:23 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-01 16:05 <DIR> d-------- C:\Program Files\uTorrent
2007-10-01 16:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-10-01 09:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-01 00:59 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-10-01 00:59 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-10-01 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-01 00:49 <DIR> d-------- C:\Program Files\Registry Defragmentation
2007-09-30 22:23 88 -r-hs---- C:\WINDOWS\system32\D75EC8DB78.sys
2007-09-30 20:34 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-09-30 18:52 1,030,144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll
2007-09-30 18:08 56 -r-hs---- C:\WINDOWS\system32\84D98D6F94.sys
2007-09-30 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-09-30 08:43 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-09-29 22:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 21:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Publish Providers
2007-09-29 21:15 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-29 20:58 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sony
2007-09-29 20:44 <DIR> d-------- C:\Program Files\Vstplugins
2007-09-29 20:43 <DIR> d-------- C:\Program Files\Sony
2007-09-29 20:37 <DIR> d-------- C:\Program Files\Sony Setup
2007-09-29 20:27 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-09-29 17:31 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-09-29 17:31 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-09-29 17:31 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-09-29 17:31 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-09-29 17:31 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-09-29 17:13 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-29 17:13 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-29 17:13 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-29 17:13 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-09-29 16:04 6,890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-29 14:55 <DIR> d-------- C:\current installs
2007-09-29 14:50 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-09-29 14:22 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-09-29 13:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-29 12:36 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2007-09-29 11:58 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-29 11:43 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-09-29 10:59 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-09-29 09:49 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-09-29 09:11 23 --ahs---- C:\WINDOWS\system32\adced8_r.dll
2007-09-29 03:53 <DIR> d-------- C:\Program Files\Support Tools
2007-09-29 03:09 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-29 03:09 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-29 03:09 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-29 03:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-29 03:09 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-29 03:09 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-29 03:09 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-29 03:09 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-29 02:45 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-29 02:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-29 02:45 <DIR> d-------- C:\Program Files\Norton SystemWorks Basic Edition
2007-09-29 02:06 <DIR> d-------- C:\Program Files\Symantec
2007-09-29 02:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-29 01:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-29 01:17 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-29 01:13 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-09-29 01:09 96,792 --------- C:\WINDOWS\system32\basecsp.dll
2007-09-29 01:09 84,480 --------- C:\WINDOWS\system32\pintool.exe
2007-09-29 01:09 25,600 --------- C:\WINDOWS\system32\bcsprsrc.dll
2007-09-29 01:09 151,552 --------- C:\WINDOWS\system32\ifxcardm.dll
2007-09-29 01:09 133,120 --------- C:\WINDOWS\system32\axaltocm.dll
2007-09-29 00:28 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-09-29 00:28 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-09-29 00:28 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-09-29 00:27 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 23:03 --------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-10-05 21:21 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-10-05 21:06 --------- d-------- C:\Program Files\DISC
2007-10-05 21:03 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-05 21:03 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-05 21:00 --------- d-a------ C:\Program Files\Common Files\LightScribe
2007-10-04 12:34 --------- d-------- C:\Program Files\microsoft frontpage
2007-10-04 09:52 --------- d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-03 21:55 --------- d-------- C:\Program Files\Sonic
2007-10-03 21:02 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:02 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 20:38 --------- d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-03 20:35 --------- d-------- C:\Program Files\HP
2007-10-03 20:34 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-02 16:31 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-02 16:23 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-10-02 12:56 --------- d-------- C:\Program Files\Microsoft Money 2006
2007-10-02 12:30 --------- d-------- C:\Program Files\Microsoft Works
2007-10-02 11:40 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-30 20:07 --------- d-------- C:\Program Files\DivX
2007-09-29 21:49 --------- d-------- C:\Program Files\Google
2007-09-29 21:15 --------- d-------- C:\Program Files\Common Files\Real
2007-09-29 13:55 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-09-29 13:55 249856 --------- C:\WINDOWS\Setup1.exe
2007-09-29 09:51 --------- d-------- C:\Program Files\Rhapsody
2007-09-29 09:38 --------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2007-09-29 09:30 --------- d-------- C:\Program Files\Netscape
2007-09-29 09:11 --------- d-------- C:\Program Files\Quicken
2007-09-29 02:10 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-09-29 00:17 2015 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_RC643AA-ABA m7667c_YC_0Pavi_QMXF641_E64NAemMPA4_48_IBasswood_SASUSTek Computer INC._V1.05_B3.08_T060918_WXP2_L409_M2047_J300_7Intel_8Core2 6400_92.13_#061217_N168C001B_Z14F12F20_G10DE01DD.MRK
2007-09-24 08:13 --------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2007-09-24 07:37 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-19 13:26 --------- d-------- C:\Program Files\MSBuild
2007-09-12 21:03 --------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2007-09-12 20:43 --------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-09-12 20:24 --------- d-------- C:\Program Files\Windows Live
2007-09-12 20:22 --------- d-------- C:\Program Files\Apple Software Update
2007-09-12 20:22 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-10 19:25 --------- d-------- C:\Program Files\Common Files\Scanner
2007-09-10 10:26 --------- d--h----- C:\Documents and Settings\HP_Administrator\Application Data\yahoo!
2007-09-10 09:42 --------- d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-09-09 18:15 --------- d-------- C:\Program Files\Common Files\Skype
2007-09-08 12:41 --------- d-------- C:\Program Files\Practiline Source Code Line Counter
2007-08-30 00:46 --------- d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-08-30 00:30 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-30 00:27 --------- d-------- C:\Program Files\Reference Assemblies
2007-08-28 12:00 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-28 12:00 548864 --a------ C:\WINDOWS\system32\msvcp80.dll
2007-08-28 12:00 1101824 --a------ C:\WINDOWS\system32\mfc80.dll
2007-08-28 01:59 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-08-28 01:59 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-08-28 01:59 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-08-28 01:59 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-08-28 01:59 6811168 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-08-28 01:59 6811168 --a------ C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-08-28 01:59 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-08-28 01:59 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-08-28 01:59 5695104 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-08-28 01:59 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-08-28 01:59 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-08-28 01:59 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-08-28 01:59 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-08-28 01:59 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-08-28 01:59 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-08-28 01:59 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-08-28 01:59 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-08-28 01:59 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-28 01:59 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-08-28 01:59 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-08-28 01:59 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-08-28 01:59 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-08-28 01:59 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-08-28 01:59 327680 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-08-28 01:59 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-08-28 01:59 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-08-28 01:59 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-08-28 01:59 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-08-28 01:59 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-08-28 01:59 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-08-28 01:59 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-08-28 01:59 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-08-28 01:59 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-08-28 01:59 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-08-28 01:59 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2007-08-28 01:59 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-08-28 01:59 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-08-28 01:59 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2007-08-28 01:59 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-08-28 01:59 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-08-28 01:59 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-08-28 01:59 282624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-08-28 01:59 282624 --a------ C:\WINDOWS\system32\nvrses.dll
2007-08-28 01:59 278528 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-08-28 01:59 278528 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-08-28 01:59 274432 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-08-28 01:59 274432 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-08-28 01:59 274432 --a------ C:\WINDOWS\system32\nvrsesm.dll
2007-08-28 01:59 270336 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-08-28 01:59 266240 --a------ C:\WINDOWS\system32\nvrsptb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 21:01]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 20:05 C:\WINDOWS\RTHDCPL.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 14:15]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-28 01:59]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 18:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-27 23:38]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]
"rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2007-03-28 19:52]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-26 20:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-29 21:15]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-09-29 17:32]
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2007-08-14 09:29]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25]
"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2005-07-29 10:32]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 15:52]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe" [2007-04-27 11:22]
"Free Ram Optimizer"="C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 19:39]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 09:03]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51]
"RegDfrgSch"="C:\Program Files\Registry Defragmentation\RegDfrgSch.exe" [2007-07-16 06:17]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-18 04:44:26]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-24 07:37:21]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 06:05:56]
Norton System Doctor.LNK - C:\Program Files\Norton SystemWorks Basic Edition\Norton Utilities\SYSDOC32.EXE [2005-11-03 20:09:04]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-09-29 08:02:33]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 NPDriver;Norton UnErase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe"
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe"
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe"
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe"
S3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys
S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 04:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-06 05:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-10-01 06:11:43 C:\WINDOWS\Tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job"
- c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
"2007-09-29 07:16:41 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
"2007-10-05 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\errorsmart\ErrorSmart.exe
"2007-09-29 07:16:50 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
"2007-10-05 09:25:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-02 03:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2007-10-05 22:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-10-01 19:02:01 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-10-06 05:59:12 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-10-05 00:13:01 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-10-05 07:00:07 C:\WINDOWS\Tasks\Symantec Drmc.job"
"2007-10-03 09:44:06 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
"2007-09-29 07:17:24 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job"
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-05 22:59:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\d3d9caps.tmp
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2007-10-05 23:10:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-05 23:10
C:\ComboFix2.txt ... 2007-10-01 12:09
C:\ComboFix3.txt ... 2007-09-29 23:15
.
--- E O F ---