ComboFix 08-05-29.1 - HP_Administrator 2008-06-02 11:24:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1503 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\HP_Administrator\Application Data\[u]0[/u]000000000t.dat
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\system32\g67.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\xplugin.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Administrator\Application Data\[u]0[/u]000000000t.dat
C:\Documents and Settings\LocalService\Application Data\Yapta
C:\Documents and Settings\LocalService\Application Data\Yapta\Logs\tagger_log.txt
C:\Documents and Settings\LocalService\Application Data\Yapta\settings.xml
C:\Program Files\SurfingSoftware
C:\Program Files\SurfingSoftware\pcre3.dll
C:\Program Files\SurfingSoftware\SurfingSoftware.dat
C:\Program Files\SurfingSoftware\uninstall.exe
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\system32\1026c
C:\WINDOWS\system32\acom1
C:\WINDOWS\system32\bTMP
C:\WINDOWS\system32\bTMP\autdx2.exe
C:\WINDOWS\system32\g67.exe
C:\WINDOWS\system32\rev3
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vd2
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\xplugin.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.
2008-06-01 13:43 . 2008-06-01 13:58
d-------- C:\HJT
2008-05-30 03:00 . 2008-05-30 03:00 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-30 01:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-30 01:54 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-30 01:25 . 2008-05-30 01:25 d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-30 01:25 . 2008-05-30 01:27 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 23:04 . 2008-05-29 23:05 d-------- C:\Program Files\Panda Security
2008-05-29 20:44 . 2008-05-29 20:46 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-29 20:44 . 2008-05-29 20:44 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-05-29 20:44 . 2008-05-29 20:44 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-29 17:14 . 2008-05-29 20:29 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 17:14 . 2008-05-29 17:14 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-05-29 17:14 . 2008-05-29 17:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 17:14 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 17:14 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 16:54 . 2008-05-29 20:29 d-------- C:\Program Files\Common Files\Download Manager
2008-05-29 16:33 . 2008-05-29 16:33 d-------- C:\Program Files\Enigma Software Group
2008-05-29 15:21 . 2008-05-29 11:45 1,681,135 --a------ C:\SDFix.exe
2008-05-29 14:08 . 2008-06-02 04:46 d-------- C:\Program Files\Spyware Doctor
2008-05-29 14:08 . 2008-05-29 14:08 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools
2008-05-29 14:08 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-29 14:08 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-29 14:08 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-29 14:08 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-29 14:00 . 2008-05-30 15:00 d-------- C:\Program Files\Norton Security Scan
2008-05-29 13:40 . 2008-05-29 13:38 18,473,000 --a------ C:\sdsetup.exe
2008-05-29 13:05 . 2008-05-29 13:05 d-------- C:\Program Files\UnH Solutions
2008-05-29 13:05 . 2008-05-29 13:05 d-------- C:\Documents and Settings\All Users\Application Data\UnH Solutions
2008-05-29 12:44 . 2008-05-29 12:44 d-------- C:\Program Files\Lavasoft
2008-05-29 12:44 . 2008-05-29 20:44 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 12:44 . 2008-05-29 12:53 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-29 11:55 . 2008-05-29 11:55 d-------- C:\WINDOWS\ERUNT
2008-05-29 11:48 . 2008-05-29 15:41 d-------- C:\SDFix
2008-05-29 11:25 . 2008-05-29 11:18 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-29 11:18 . 2008-05-29 11:26 d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-05-29 10:28 . 2008-05-29 12:26 d-------- C:\Temp
2008-05-29 09:51 . 2008-05-29 09:51 d-------- C:\Program Files\Common Files\Adobe
2008-05-29 09:50 . 2008-05-29 09:50 d-------- C:\Program Files\Common Files\xing shared
2008-05-10 16:58 . 2008-05-10 16:58 d-------- C:\Program Files\Orb Networks
2008-05-10 16:58 . 2008-05-12 22:44 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 15:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-30 22:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-05-30 19:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-30 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-29 15:49 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-05-29 15:07 --------- d-----w C:\Program Files\LimeWire
2008-05-29 14:07 --------- d-----w C:\Program Files\Google
2008-05-29 13:55 --------- d-----w C:\Program Files\Real
2008-05-29 13:50 --------- d-----w C:\Program Files\Common Files\Real
2008-05-26 13:55 --------- d-----w C:\Program Files\Quicken
2008-04-26 09:33 --------- d-----w C:\Program Files\VoiceDialIt 2.0 for PalmOS
2008-04-25 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 21:32 --------- d-----w C:\Program Files\Common Files\Epocrates
2008-04-25 19:31 --------- d-----w C:\Program Files\Palm
2008-04-25 19:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-13 23:55 --------- d-----w C:\Program Files\WMR11
2008-04-13 23:52 --------- d-----w C:\Program Files\WinPcap
2007-03-26 00:59 5,495 ----a-w C:\Program Files\[u]0[/u]x0409.ini
2007-03-26 00:59 3,674,624 ----a-w C:\Program Files\PCmover.msi
2007-03-01 12:30 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_ 1.38.56.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 05:33:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 15:29:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 17:16 68856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 00:01 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 11:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 11:40 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 22:30 139264]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 12:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 01:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 21:18 49152]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-29 09:49 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-05-19 15:34 1106344]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-05-19 15:39 1848150]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-05-19 15:34 126976]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2007-10-30 22:57 1095256]
"HotSync"="C:\Program Files\PalmSource\Desktop\HotSync.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Calendar Creator Scheduler.lnk - C:\Program Files\Calendar Creator 4.0\CCSCHED.EXE [2007-03-01 12:01:44 97280]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-27 00:11:01 125624]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08 1392640]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08 1392640]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 21:40:44 282624]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Adapter 5.1.3214]
C:\Documents and Settings\HP_Administrator\Application Data\kyzys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-31 21:54 507904 C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 15:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2006-05-03 09:19]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 13:31]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2006-05-03 09:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - N:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26d0e56a-bf99-11db-9c3b-001731a59835}]
\Shell\AutoRun\command - N:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d00a662-0ac0-11dc-9c51-001731a59835}]
\Shell\AutoRun\command - L:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc0eb74a-b31a-11dc-9c75-001731a59835}]
\Shell\AutoRun\command - N:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 05:01:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2008-05-30 22:11:35 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 11:30:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\searchprotocolhost.exe
.
**************************************************************************
.
Completion time: 2008-06-02 11:36:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 15:36:01
ComboFix2.txt 2008-06-01 05:39:24
Pre-Run: 27,439,112,192 bytes free
Post-Run: 27,436,417,024 bytes free
301 --- E O F --- 2008-05-30 07:02:39