ComboFix 08-03-10.1 - HP_Administrator 2008-03-14 11:12:22.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.
2008-03-13 17:33 . 2008-03-14 11:02 1,288 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-13 17:30 . 2008-03-13 17:30 <DIR> d-------- C:\Documents and Settings\HP_Administrator\SmitfraudFix
2008-03-13 14:59 . 2008-03-13 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-09 10:35 . 2008-03-10 07:46 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2008-03-09 10:34 . 2008-03-09 10:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\INAC
2008-03-09 10:34 . 2008-03-09 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\INAC
2008-03-09 10:29 . 2008-03-10 08:19 <DIR> d-------- C:\Program Files\INAC
2008-03-08 08:31 . 2008-03-08 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 08:30 . 2008-03-08 08:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 10:28 . 2008-03-06 10:35 4,681,674,752 --a------ C:\KNOCKED_UP1.ISO
2008-03-02 10:33 . 2008-03-08 08:20 <DIR> d-------- C:\Program Files\AdwareFilter
2008-03-01 14:20 . 2008-03-01 14:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-03-01 14:15 . 2008-03-01 14:30 141,199 --a------ C:\WINDOWS\hpoins14.dat
2008-03-01 14:15 . 2007-06-05 19:07 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-02-29 12:14 . 2008-02-29 12:14 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2008-02-29 12:12 . 2008-02-29 12:12 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-02-26 20:59 . 2008-02-26 21:01 <DIR> d-------- C:\Program Files\Snood
2008-02-21 22:42 . 2008-02-21 22:42 <DIR> d-------- C:\Program Files\SonicWallES
2008-02-21 17:22 . 2008-03-07 17:39 7,223 --a------ C:\rollback.ini
2008-02-21 17:16 . 2008-02-21 22:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MailFrontier
2008-02-21 17:11 . 2008-03-14 11:24 19,228,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-21 17:11 . 2008-03-14 11:20 258,572 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 17:03 . 2008-02-21 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-21 17:03 . 2008-03-08 20:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-21 17:02 . 2007-11-14 17:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-21 17:01 . 2008-02-21 17:01 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-21 16:59 . 2008-03-14 11:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-21 16:54 . 2008-02-21 16:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-02-21 16:54 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-21 16:53 . 2008-02-21 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 09:02 . 2007-08-13 19:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-02-14 16:19 . 2008-03-13 18:17 <DIR> d-------- C:\knocked_up1
2008-02-14 13:03 . 2008-03-04 11:00 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-14 13:03 . 2008-03-04 11:00 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-14 13:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-03-14 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-14 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-13 21:25 --------- d-----w C:\Program Files\Viewpoint
2008-03-13 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-13 14:45 --------- d-----w C:\Program Files\One Million Recipes
2008-03-12 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-12 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 00:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-05 21:36 --------- d-----w C:\Program Files\Yahoo! Games
2008-03-04 14:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-01 18:20 --------- d-----w C:\Program Files\HP
2008-02-29 16:14 --------- d-----w C:\Program Files\Kodak
2008-02-29 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-18 11:24 --------- d-----w C:\Program Files\Babylon
2008-02-14 20:11 --------- d-----w C:\Program Files\TomTom HOME 2
2008-02-11 17:42 --------- d-----w C:\Program Files\STOPzilla!
2008-02-11 16:10 --------- d-----w C:\Program Files\bfgtoolbar
2008-02-09 21:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 14:05 --------- d-----w C:\Program Files\LimeWire
2008-02-08 22:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2008-02-08 16:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TomTom
2008-02-08 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-02-08 16:44 --------- d-----w C:\Program Files\TomTom DesktopSuite
2008-02-04 18:49 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-04 18:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-04 18:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-04 18:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-04 18:11 --------- d-----w C:\Program Files\Symantec
2008-02-04 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-04 17:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-04 17:22 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-02-03 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-03 14:53 --------- d-----w C:\Program Files\WM Converter
2008-02-02 22:04 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 11:16 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-02-01 11:16 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-31 17:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-30 14:31 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-30 13:49 --------- d-----w C:\Program Files\Alwil Software
2008-01-28 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 19:02 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-01-28 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-28 13:45 --------- d-----w C:\Program Files\FriendFinder
2008-01-28 13:44 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-01-28 13:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 13:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-28 13:43 --------- d-----w C:\Program Files\Windows Live Favorites
2008-01-28 13:43 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 13:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Closebash
2008-01-28 13:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-01-28 13:42 --------- d-----w C:\Program Files\DivX
2008-01-28 13:42 --------- d-----w C:\Program Files\CyberDefender
2008-01-28 13:41 --------- d-----w C:\Program Files\Google
2008-01-28 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-01-28 13:37 --------- d-----w C:\Program Files\MySpace
2008-01-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft(2)
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-10-28 21:41 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-09-14 00:08 202 ----a-w C:\Documents and Settings\mommy.FAMILY\Application Data\wklnhst.dat
2007-08-23 23:26 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-14 13:49 334 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb1942.dat
2006-10-14 13:37 177,152 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb4889.dat
2006-10-14 13:37 13,046 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb5099.dat
2006-10-14 13:37 0 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb2518.dat
2006-09-28 23:20 0 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb9738.dat
2006-08-27 20:25 177,152 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb1869.dat
2006-08-24 00:08 0 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb5065.dat
2006-08-08 12:46 0 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb6772.dat
2006-07-03 01:09 0 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb1253.dat
2007-10-01 12:17 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot_2008-03-13_ 8.16.57.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-03-13 10:59:04 882,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-03-14 15:24:30 882,096 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-04 14:12 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 17:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
C:\Documents and Settings\mommy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 17:32:57 147456]
C:\Documents and Settings\mommyrachel\Start Menu\Programs\Startup\
Intel Snapshot.Lnk [2007-07-23 09:13:14 848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Intel Snapshot.Lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Intel Snapshot.Lnk
backup=C:\WINDOWS\pss\Intel Snapshot.LnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 11:20 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-03 03:19 77312 C:\WINDOWS\arpwrmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-01-31 14:15 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 08:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a------ 2005-09-27 03:43 1060864 C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
--a------ 2005-09-27 03:42 61440 C:\Program Files\DISC\DiscUpdateMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 13:41 1605740 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 02:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-02-05 19:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 03:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-28 03:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 21:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 09:44 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 17:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-25 00:53 714608 C:\Program Files\Norton AntiVirus\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-27 17:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-01-03 17:48 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-02-07 05:47 361832 C:\Program Files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 17:46 709992 C:\WINDOWS\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 10:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-11-14 17:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Documents and Settings\\HP_Administrator\\My Documents\\LimeWire\\Incomplete\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\Incomplete\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-01-31 13:16]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 17:45]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 17:46]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 17:05]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0b45e9c-cf36-11dc-a346-0015f2983187}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 14:05:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 14:35:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-07 22:30:09 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-29 16:07:41 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-27 07:00:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-11 00:50:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-08 01:00:09 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - daddy.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-08 01:00:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-02-27 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-14 11:23:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-03-14 11:28:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-14 15:28:48
ComboFix2.txt 2008-03-13 12:17:36
ComboFix3.txt 2008-03-11 11:38:14
.
2008-03-12 16:04:47 --- E O F ---