ComboFix 08-04-04.1 - HP_Administrator 2008-04-05 20:40:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.496 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZUVIUCVR\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\HP_ADM~1\Desktop\Error Cleaner.url
C:\DOCUME~1\HP_ADM~1\Desktop\Privacy Protector.url
C:\DOCUME~1\HP_ADM~1\Desktop\Spyware&Malware Protection.url
C:\DOCUME~1\HP_ADM~1\FAVORI~1\Error Cleaner.url
C:\DOCUME~1\HP_ADM~1\FAVORI~1\Privacy Protector.url
C:\DOCUME~1\HP_ADM~1\FAVORI~1\Spyware&Malware Protection.url
C:\Documents and Settings\HP_Administrator\Desktop\Error Cleaner.url
C:\Documents and Settings\HP_Administrator\Desktop\Privacy Protector.url
C:\Documents and Settings\HP_Administrator\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\HP_Administrator\Favorites\Error Cleaner.url
C:\Documents and Settings\HP_Administrator\Favorites\Privacy Protector.url
C:\Documents and Settings\HP_Administrator\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\Installer\{8554c12a-a9e7-48e7-a834-ea7642a6ff62}\AlrtBoot.dll
C:\WINDOWS\Installer\{b6074697-1db1-4bf1-9b89-25e03a33c125}\SrvKbd.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-04 20:35 . 2008-04-04 20:35
d-------- C:\Program Files\Amazon
2008-04-03 20:06 . 2008-04-03 20:06 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-04-03 20:06 . 2008-04-03 20:06 d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Talkback
2008-04-03 20:04 . 2008-04-03 20:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-03 19:59 . 2008-04-03 19:59 d-------- C:\Program Files\Common Files\xing shared
2008-03-30 14:08 . 2008-03-30 14:08 d-------- C:\Program Files\RegCure
2008-03-19 21:18 . 2008-03-19 21:19 d-------- C:\Program Files\Panda Security
2008-03-18 20:42 . 2008-03-19 19:20 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-18 20:42 . 2008-03-19 19:03 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-18 20:42 . 2008-03-19 19:03 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-18 20:42 . 2008-03-19 19:03 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-17 20:54 . 2008-03-17 20:54 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-03-17 20:54 . 2008-03-17 20:54 d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Grisoft
2008-03-17 20:53 . 2008-03-17 20:53 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-03-17 20:53 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-13 20:15 . 2008-03-14 01:51 d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-03-10 16:34 . 2008-03-10 16:34 d-------- C:\Program Files\Common Files\Scanner
2008-03-09 10:28 . 2008-03-08 23:04 356,352 --a------ C:\WINDOWS\bokpkov.dll
2008-03-09 10:28 . 2008-03-08 23:04 98,304 --a------ C:\WINDOWS\fmsxwqs.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 00:57 --------- d-----w C:\Program Files\Common Files\Real
2008-03-29 11:53 164 ----a-w C:\install.dat
2008-03-28 01:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-03-28 01:07 --------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
2008-03-20 01:02 --------- d-----w C:\Program Files\iTunes
2008-03-20 00:55 --------- d-----w C:\Program Files\Google
2008-03-20 00:54 --------- d-----w C:\Program Files\DISC
2008-03-20 00:52 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-03-20 00:51 --------- d-----w C:\Program Files\Bonjour
2008-03-14 01:15 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-11 23:22 --------- d-----w C:\Program Files\Trend Micro
2008-03-10 21:34 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 16:05 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\DivX
2008-03-02 16:05 --------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\DivX
2008-02-27 03:01 --------- d-----w C:\Program Files\iPod
2008-02-27 02:24 --------- d-----w C:\Program Files\QuickTime
2008-02-22 02:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-10 02:08 164 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-08-10 02:08 164 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2005-05-12 14:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-10-29 20:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}]
C:\Program Files\Video Add-on\isfmdl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-10-29 20:36 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2007-10-29 20:36 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-09-27 02:43 1060864]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42 61440]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12 49152]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 14:26 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 19:55 185896]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 21:05 344064]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-26 10:35:28 27136]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 09:23:26 282624]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-26 11:34:26 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bokpkov"= {8EB419D7-D9EA-4121-B1F0-7188E1FA1354} - C:\WINDOWS\bokpkov.dll [2008-03-08 23:04 356352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.LEAD"= LCODCCMP.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 21:04:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-05 21:10:04
ComboFix-quarantined-files.txt 2008-04-06 02:09:32
Pre-Run: 204,356,595,712 bytes free
Post-Run: 204,373,291,008 bytes free
.
2008-03-20 02:44:39 --- E O F ---
File:: C:\WINDOWS\bokpkov.dll C:\WINDOWS\fmsxwqs.exe Folder:: C:\Program Files\Video Add-on Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bokpkov"=-