ComboFix 12-06-01.03 - HP_Administrator 06/01/2012  15:24:58.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1454 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
AV: Core Security 9.13 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CA Personal Firewall *Disabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\program files\pi.exe
c:\windows\explorer(2).exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\unicows.1
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-01 to 2012-06-01  )))))))))))))))))))))))))))))))
.
.
2012-06-01 13:44 . 2012-06-01 13:44	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-01 13:44 . 2012-06-01 13:44	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-24 13:29 . 2012-05-24 15:01	--------	d-----w-	c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Audacity
2012-05-14 21:55 . 2006-02-07 15:35	135168	----a-w-	c:\windows\system32\igfxres.dll
2012-05-04 13:08 . 2012-05-04 13:08	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-04 13:08 . 2012-05-04 13:08	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 13:08 . 2012-05-04 13:08	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 12:49 . 2011-05-02 16:32	44184	----a-w-	c:\windows\system32\drivers\fsbts.sys
2012-04-11 13:14 . 2004-08-10 11:00	2148352	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-10 04:00	1862272	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-10 11:00	2026496	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2008-12-21 23:01	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-03-18 14:02 . 2009-03-18 14:02	7986920	----a-w-	c:\program files\pixplay.exe
2005-04-22 09:18 . 2005-04-22 09:18	116736	----a-w-	c:\program files\stv.dll
2005-04-22 09:18 . 2005-04-22 09:18	546304	----a-w-	c:\program files\sbox.dll
2005-04-22 09:18 . 2005-04-22 09:18	85504	----a-w-	c:\program files\PIXPSVcdPublish.dll
2005-04-22 09:18 . 2005-04-22 09:18	26112	----a-w-	c:\program files\PIXWavDest.dll
2005-04-22 09:18 . 2005-04-22 09:18	851968	----a-w-	c:\program files\PIXPSAutoFix.dll
2005-04-22 09:18 . 2005-04-22 09:18	69120	----a-w-	c:\program files\PIXPSTransitionFilter.dll
2005-04-22 09:18 . 2005-04-22 09:18	65536	----a-w-	c:\program files\PIXPSSourceFilter.dll
2005-04-22 09:18 . 2005-04-22 09:18	63488	----a-w-	c:\program files\PIXCabinet.dll
2005-04-22 09:18 . 2005-04-22 09:18	56320	----a-w-	c:\program files\PIXPSPublish.dll
2005-04-22 09:18 . 2005-04-22 09:18	561152	----a-w-	c:\program files\PIXPSCore.dll
2005-04-22 09:18 . 2005-04-22 09:18	102400	----a-w-	c:\program files\PIXPhotoStory.exe
2005-04-22 09:18 . 2005-04-22 09:18	110592	----a-w-	c:\program files\piwa.dll
2005-04-22 09:18 . 2005-04-22 09:18	147456	----a-w-	c:\program files\piproj.dll
2005-04-22 09:17 . 2005-04-22 09:17	303616	----a-w-	c:\program files\ImprtWiz.exe
2005-04-22 09:17 . 2005-04-22 09:17	109568	----a-w-	c:\program files\gtv.dll
2005-04-22 09:17 . 2005-04-22 09:17	81920	----a-w-	c:\program files\cpitv.dll
2005-04-22 09:17 . 2005-04-22 09:17	73216	----a-w-	c:\program files\CameraRaw.dll
2005-04-22 09:17 . 2005-04-22 09:17	1217024	----a-w-	c:\program files\PodMain.dll
2005-04-22 09:17 . 2005-04-22 09:17	885248	----a-w-	c:\program files\PodData.dll
2005-04-22 09:17 . 2005-04-22 09:17	772608	----a-w-	c:\program files\piutil.dll
2005-04-22 09:17 . 2005-04-22 09:17	339456	----a-w-	c:\program files\piview.dll
2005-04-22 09:17 . 2005-04-22 09:17	83456	----a-w-	c:\program files\pimix.dll
2005-04-22 09:17 . 2005-04-22 09:17	654336	----a-w-	c:\program files\piedit.dll
2005-04-22 09:17 . 2005-04-22 09:17	2848256	----a-w-	c:\program files\pitask.dll
2005-04-22 09:17 . 2005-04-22 09:17	146944	----a-w-	c:\program files\piphp.dll
2005-04-22 09:17 . 2005-04-22 09:17	119296	----a-w-	c:\program files\pisctv.dll
2005-04-22 09:17 . 2005-04-22 09:17	561152	----a-w-	c:\program files\pical.dll
2005-04-22 09:17 . 2005-04-22 09:17	53760	----a-w-	c:\program files\pibase.dll
2005-04-22 09:17 . 2005-04-22 09:17	3266560	----a-w-	c:\program files\picore.dll
2005-04-22 09:14 . 2005-04-22 09:14	7680	----a-w-	c:\program files\pip.exe
2005-04-22 09:09 . 2005-04-22 09:09	35328	----a-w-	c:\program files\Pod.exe
2005-03-30 10:10 . 2005-03-30 10:10	33792	----a-w-	c:\program files\custsat.dll
2005-03-24 06:30 . 2005-03-24 06:30	8704	----a-w-	c:\program files\workssvc.dll
2005-03-24 06:30 . 2005-03-24 06:30	487424	----a-r-	c:\program files\msvcp70.dll
2005-03-24 06:30 . 2005-03-24 06:30	344064	----a-r-	c:\program files\msvcr70.dll
2005-03-24 06:27 . 2005-03-24 06:27	4112451	----a-w-	c:\program files\piservr5.dll
2005-03-24 06:27 . 2005-03-24 06:27	186952	----a-w-	c:\program files\dw15.exe
2005-03-24 06:27 . 2005-03-24 06:27	868352	----a-w-	c:\program files\MiniQD6.dll
2005-03-24 06:27 . 2005-03-24 06:27	127033	----a-w-	c:\program files\cpiqrtf5.dll
2005-03-24 06:27 . 2005-03-24 06:27	1712128	----a-w-	c:\program files\gdiplus.dll
2005-03-24 06:26 . 2005-03-24 06:26	659456	----a-w-	c:\program files\RCRAPCLS.dll
2005-03-24 06:26 . 2005-03-24 06:26	598016	----a-w-	c:\program files\RdCamDat.dll
2005-03-24 06:26 . 2005-03-24 06:26	356352	----a-w-	c:\program files\RDSDK.dll
2005-03-24 06:26 . 2005-03-24 06:26	356352	----a-w-	c:\program files\rdDcd.dll
2005-03-24 06:26 . 2005-03-24 06:26	356352	----a-w-	c:\program files\rcDcd.dll
2005-03-24 06:26 . 2005-03-24 06:26	327680	----a-w-	c:\program files\RCSDK.dll
2005-03-24 06:26 . 2005-03-24 06:26	2945024	----a-w-	c:\program files\NkBrowseLib4.dll
2005-03-24 06:26 . 2005-03-24 06:26	266240	----a-w-	c:\program files\rcParse.dll
2005-03-24 06:26 . 2005-03-24 06:26	229376	----a-w-	c:\program files\rdParse.dll
2005-03-24 06:26 . 2005-03-24 06:26	188416	----a-w-	c:\program files\rdDvlp.dll
2005-03-24 06:26 . 2005-03-24 06:26	176128	----a-w-	c:\program files\Strato4.dll
2005-03-24 06:26 . 2005-03-24 06:26	151552	----a-w-	c:\program files\rcDvlp.dll
2005-03-24 06:26 . 2005-03-24 06:26	110592	----a-w-	c:\program files\RCSigProc.dll
2005-03-24 06:26 . 2005-03-24 06:26	106496	----a-w-	c:\program files\Zelkova3.dll
2005-03-24 06:26 . 2005-03-24 06:26	98304	----a-w-	c:\program files\pscSetup.dll
2005-03-24 06:26 . 2005-03-24 06:26	774144	----a-w-	c:\program files\CDRAPCLS.dll
2005-03-24 06:26 . 2005-03-24 06:26	73728	----a-w-	c:\program files\pscl2STI.dll
2005-03-24 06:26 . 2005-03-24 06:26	598016	----a-w-	c:\program files\RcCamDat.dll
2005-03-24 06:26 . 2005-03-24 06:26	598016	----a-w-	c:\program files\psCamDat.dll
2005-03-24 06:26 . 2005-03-24 06:26	57344	----a-w-	c:\program files\pscAdimg.dll
2005-03-24 06:26 . 2005-03-24 06:26	434176	----a-w-	c:\program files\psdkdll.dll
2005-03-24 06:26 . 2005-03-24 06:26	413696	----a-w-	c:\program files\CDPTPCLT.dll
2005-03-24 06:26 . 2005-03-24 06:26	380928	----a-w-	c:\program files\deImg404.dll
2005-03-24 06:26 . 2005-03-24 06:26	360448	----a-w-	c:\program files\RC2DVLP.dll
2005-03-24 06:26 . 2005-03-24 06:26	356352	----a-w-	c:\program files\CDPTPCLS.dll
2005-03-24 06:26 . 2005-03-24 06:26	356352	----a-w-	c:\program files\cdDcd.dll
2005-03-24 06:26 . 2005-03-24 06:26	331776	----a-w-	c:\program files\CDSDK.dll
2005-03-24 06:26 . 2005-03-24 06:26	258048	----a-w-	c:\program files\deImg140.dll
2005-03-24 06:26 . 2005-03-24 06:26	253952	----a-w-	c:\program files\deImgT41.dll
2005-03-24 06:26 . 2005-03-24 06:26	253952	----a-w-	c:\program files\deImgT40.dll
2005-03-24 06:26 . 2005-03-24 06:26	253952	----a-w-	c:\program files\deImg139.dll
2005-03-24 06:26 . 2005-03-24 06:26	253952	----a-w-	c:\program files\deImg137.dll
2005-03-24 06:26 . 2005-03-24 06:26	241664	----a-w-	c:\program files\deImgT50.dll
2005-03-24 06:26 . 2005-03-24 06:26	229376	----a-w-	c:\program files\cdParse.dll
2005-03-24 06:26 . 2005-03-24 06:26	221184	----a-w-	c:\program files\pscParse.dll
2005-03-24 06:26 . 2005-03-24 06:26	212992	----a-w-	c:\program files\DeImgT31.dll
2005-03-24 06:26 . 2005-03-24 06:26	204800	----a-w-	c:\program files\deImg131.dll
2005-03-24 06:26 . 2005-03-24 06:26	200704	----a-w-	c:\program files\deImg129.dll
2005-03-24 06:26 . 2005-03-24 06:26	188416	----a-w-	c:\program files\deImg121.dll
2005-03-24 06:26 . 2005-03-24 06:26	188416	----a-w-	c:\program files\cdDvlp.dll
2005-03-24 06:26 . 2005-03-24 06:26	180224	----a-w-	c:\program files\pscDevUI.dll
2005-03-24 06:26 . 2005-03-24 06:26	180224	----a-w-	c:\program files\deImgT32.dll
2005-03-24 06:26 . 2005-03-24 06:26	172032	----a-w-	c:\program files\deImg110.dll
2005-03-24 06:26 . 2005-03-24 06:26	167936	----a-w-	c:\program files\IWrap.dll
2005-03-24 06:26 . 2005-03-24 06:26	155648	----a-w-	c:\program files\deImgT2X.dll
2005-03-24 06:26 . 2005-03-24 06:26	147456	----a-w-	c:\program files\deImgT10.dll
2005-03-24 06:26 . 2005-03-24 06:26	135168	----a-w-	c:\program files\pscCllct.dll
2005-03-24 06:26 . 2005-03-24 06:26	122880	----a-w-	c:\program files\CmSelDlg.dll
2005-03-24 06:24 . 2005-03-24 06:24	401462	----a-w-	c:\program files\msvcp60.dll
2005-03-24 06:24 . 2005-03-24 06:24	1060864	----a-w-	c:\program files\MFC71.dll
2005-03-24 06:23 . 2005-03-24 06:23	110592	----a-w-	c:\program files\SQLSE20.dll
2005-03-24 06:23 . 2005-03-24 06:23	151552	----a-w-	c:\program files\SQLDB20.dll
2005-03-24 05:59 . 2005-03-24 05:59	299008	----a-w-	c:\program files\cutout.dll
2005-03-24 05:55 . 2005-03-24 05:55	13049856	----a-w-	c:\program files\AuthorScriptLibWin.dll
2012-05-04 13:08 . 2012-04-13 15:23	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\Frontier\Security\Common\FSM32.EXE" [2010-04-07 199344]
"F-Secure TNB"="c:\program files\Frontier\Security\FSGUI\TNBUtil.exe" [2010-04-07 1653424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-11 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-05-11 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-21 15:32	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Firefox Preloader.lnk]
backup=c:\windows\pss\Firefox Preloader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator.YOUR-4DACD0EA75^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07	843712	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-03-20 16:05	90112	----a-w-	c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2012-03-26 14:40	9532824	----a-w-	c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2012-03-26 14:40	9532824	----a-w-	c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-30 04:01	67584	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-16 05:34	249856	----a-w-	c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-02 06:35	49152	----a-w-	c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-10-13 02:30	139264	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-02-07 15:40	118784	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 00:05	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 21:44	61440	----a-w-	c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 22:16	169312	----a-w-	c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-11-15 15:05	1121016	----a-w-	c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-08 03:54	16010240	----a-w-	c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-11 20:45	202256	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [5/2/2011 11:32 AM 44184]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [5/2/2011 11:32 AM 80080]
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [4/20/2012 3:50 PM 102728]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Frontier\Security\HIPS\drivers\fshs.sys [5/2/2011 11:32 AM 68144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/9/2011 9:44 AM 116608]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [4/12/2012 5:12 PM 918880]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [5/2/2011 11:32 AM 149672]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [4/17/2012 11:21 AM 197736]
S3 analog;analog;c:\windows\system32\drivers\analog.sys [4/21/2012 4:16 PM 11264]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Frontier\Security\ORSP Client\fsorsp.exe [5/2/2011 11:32 AM 61088]
S3 iegdmini;iegdmini;c:\windows\system32\drivers\iegdmini.sys [4/21/2012 4:16 PM 1677440]
S3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [4/21/2012 4:15 PM 10496]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 8:08 AM 129976]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 12872]
S3 sdvo;sdvo;c:\windows\system32\drivers\sdvo.sys [4/21/2012 4:16 PM 38784]
S3 tv;tv;c:\windows\system32\drivers\tv.sys [4/21/2012 4:16 PM 36864]
S3 udsstub;USBDeviceShare USB Device Stub;c:\windows\system32\drivers\udsstub.sys [4/17/2012 3:23 PM 16000]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2009-11-20 c:\windows\Tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job
- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 16:05]
.
2010-03-20 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-12-19 08:06]
.
2009-12-31 c:\windows\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-12-19 08:06]
.
2012-06-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-767200610-1056796544-3569009029-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2012-05-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-767200610-1056796544-3569009029-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2012-06-01 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\Frontier\Security\ANTI-V~1\fsav.exe [2011-05-02 15:37]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: msn.com\www
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\9rsjib6j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
Toolbar-Locked - (no file)
HKLM-Run-cctray - c:\program files\CA\CA Internet Security Suite\casc.exe
HKLM-Run-capfupgrade - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 15:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-767200610-1056796544-3569009029-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\frontier\security\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(820)
c:\program files\frontier\security\hips\fshook32.dll
.
Completion time: 2012-06-01  15:32:45
ComboFix-quarantined-files.txt  2012-06-01 20:32
.
Pre-Run: 240,416,239,616 bytes free
Post-Run: 241,086,791,680 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9FC5E2FDC7BDF740A5FA4BB45C5C0259