ComboFix 08-04-04.1 - HP_Administrator 2008-04-05 20:40:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.496 [GMT -5:00] Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZUVIUCVR\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\HP_ADM~1\Desktop\Error Cleaner.url C:\DOCUME~1\HP_ADM~1\Desktop\Privacy Protector.url C:\DOCUME~1\HP_ADM~1\Desktop\Spyware&Malware Protection.url C:\DOCUME~1\HP_ADM~1\FAVORI~1\Error Cleaner.url C:\DOCUME~1\HP_ADM~1\FAVORI~1\Privacy Protector.url C:\DOCUME~1\HP_ADM~1\FAVORI~1\Spyware&Malware Protection.url C:\Documents and Settings\HP_Administrator\Desktop\Error Cleaner.url C:\Documents and Settings\HP_Administrator\Desktop\Privacy Protector.url C:\Documents and Settings\HP_Administrator\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\HP_Administrator\Favorites\Error Cleaner.url C:\Documents and Settings\HP_Administrator\Favorites\Privacy Protector.url C:\Documents and Settings\HP_Administrator\Favorites\Spyware&Malware Protection.url C:\WINDOWS\Installer\{8554c12a-a9e7-48e7-a834-ea7642a6ff62}\AlrtBoot.dll C:\WINDOWS\Installer\{b6074697-1db1-4bf1-9b89-25e03a33c125}\SrvKbd.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))) . 2008-04-04 20:35 . 2008-04-04 20:35 d-------- C:\Program Files\Amazon 2008-04-03 20:06 . 2008-04-03 20:06 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback 2008-04-03 20:06 . 2008-04-03 20:06 d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Talkback 2008-04-03 20:04 . 2008-04-03 20:04 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-03 19:59 . 2008-04-03 19:59 d-------- C:\Program Files\Common Files\xing shared 2008-03-30 14:08 . 2008-03-30 14:08 d-------- C:\Program Files\RegCure 2008-03-19 21:18 . 2008-03-19 21:19 d-------- C:\Program Files\Panda Security 2008-03-18 20:42 . 2008-03-19 19:20 d-------- C:\WINDOWS\system32\ActiveScan 2008-03-18 20:42 . 2008-03-19 19:03 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-03-18 20:42 . 2008-03-19 19:03 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-03-18 20:42 . 2008-03-19 19:03 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-03-17 20:54 . 2008-03-17 20:54 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft 2008-03-17 20:54 . 2008-03-17 20:54 d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Grisoft 2008-03-17 20:53 . 2008-03-17 20:53 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2008-03-17 20:53 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-13 20:15 . 2008-03-14 01:51 d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6 2008-03-10 16:34 . 2008-03-10 16:34 d-------- C:\Program Files\Common Files\Scanner 2008-03-09 10:28 . 2008-03-08 23:04 356,352 --a------ C:\WINDOWS\bokpkov.dll 2008-03-09 10:28 . 2008-03-08 23:04 98,304 --a------ C:\WINDOWS\fmsxwqs.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-04 00:57 --------- d-----w C:\Program Files\Common Files\Real 2008-03-29 11:53 164 ----a-w C:\install.dat 2008-03-28 01:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2008-03-28 01:07 --------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire 2008-03-20 01:02 --------- d-----w C:\Program Files\iTunes 2008-03-20 00:55 --------- d-----w C:\Program Files\Google 2008-03-20 00:54 --------- d-----w C:\Program Files\DISC 2008-03-20 00:52 --------- d---a-w C:\Program Files\Common Files\LightScribe 2008-03-20 00:51 --------- d-----w C:\Program Files\Bonjour 2008-03-14 01:15 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-11 23:22 --------- d-----w C:\Program Files\Trend Micro 2008-03-10 21:34 --------- d-----w C:\Program Files\Yahoo! 2008-03-02 16:05 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\DivX 2008-03-02 16:05 --------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\DivX 2008-02-27 03:01 --------- d-----w C:\Program Files\iPod 2008-02-27 02:24 --------- d-----w C:\Program Files\QuickTime 2008-02-22 02:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-10 02:08 164 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2007-08-10 02:08 164 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat 2005-05-12 14:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2007-10-29 20:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}] C:\Program Files\Video Add-on\isfmdl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2007-10-29 20:36 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2007-10-29 20:36 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-09-27 02:43 1060864] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42 61440] "PCDrProfiler"="" [] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41 1605740] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12 49152] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 14:26 3429904] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 19:55 185896] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 21:05 344064] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-26 10:35:28 27136] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 09:23:26 282624] Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-26 11:34:26 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bokpkov"= {8EB419D7-D9EA-4121-B1F0-7188E1FA1354} - C:\WINDOWS\bokpkov.dll [2008-03-08 23:04 356352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.LEAD"= LCODCCMP.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-05 21:04:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-05 21:10:04 ComboFix-quarantined-files.txt 2008-04-06 02:09:32 Pre-Run: 204,356,595,712 bytes free Post-Run: 204,373,291,008 bytes free . 2008-03-20 02:44:39 --- E O F --- File:: C:\WINDOWS\bokpkov.dll C:\WINDOWS\fmsxwqs.exe Folder:: C:\Program Files\Video Add-on Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bokpkov"=-