------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:24 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1141531636\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141531636\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141533914765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/Program%20Files/CASIO/Photo%20Loader/Image%20Library/20060308/PREVIEW/CIMG0310.JPG
--
End of file - 9465 bytes
------------------------------------------------------------------------------------------------------
ComboFix 08-06-20.4 - HP_Administrator 2008-06-29 0:29:24.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.929 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-28 18:09 . 2008-06-28 18:09 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-28 18:09 . 2008-06-28 18:10 <DIR> d-------- C:\Program Files\Panda Security
2008-06-28 12:23 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-28 12:22 . 2008-06-28 12:23 <DIR> d-------- C:\Program Files\Java
2008-06-28 11:52 . 2008-06-28 11:52 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SiteAdvisor
2008-06-27 13:35 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-06-27 12:28 . 2008-06-28 11:52 20,278 --a------ C:\WINDOWS\system32\Config.MPF
2008-06-27 12:21 . 2008-06-28 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-27 12:12 . 2008-06-27 12:12 <DIR> d-------- C:\Program Files\CCleaner
2008-06-27 11:36 . 2008-06-27 14:09 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-27 11:05 . 2008-06-27 11:05 <DIR> d-------- C:\Program Files\EFM
2008-06-27 10:08 . 2008-06-27 11:04 <DIR> d--hs---- C:\RECYCLER(2)
2008-06-26 13:19 . 2008-06-27 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-26 11:24 . 2008-06-27 11:05 <DIR> d-------- C:\Program Files\SiteAdvisor(2)
2008-06-26 11:23 . 2008-06-26 11:26 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SiteAdvisor(2)
2008-06-26 11:18 . 2008-06-27 11:05 <DIR> d-------- C:\Program Files\Common Files\McAfee(2)
2008-06-25 15:13 . 2008-06-25 15:13 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-25 15:13 . 2008-06-25 15:22 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-06-11 06:24 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:24 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 12:37 . 2008-06-04 12:37 <DIR> d-------- C:\Program Files\Virtual CD Control Tool
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 15:03 --------- d-----w C:\Program Files\Picasa2
2008-06-27 15:03 --------- d-----w C:\Program Files\Google
2008-06-25 22:16 68,096 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
2008-06-25 22:16 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-05-14 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-05-08 15:20 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 04:16 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-23 04:16 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-23 04:16 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-23 04:16 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-23 04:16 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-23 04:16 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-01-04 18:31 284 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\ViewerApp.dat
2004-08-10 05:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-10 05:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-07-30 08:04 1,216 --sh--w C:\WINDOWS\Twunk_16.dll
2004-07-30 08:04 1,216 --sh--w C:\WINDOWS\Twunk_32.dll
2004-08-10 05:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-10 05:00 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-10 05:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-10 05:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-10 05:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-10 05:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 01:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-05-05 05:02 684032]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 20:19 77312 C:\WINDOWS\arpwrmsg.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 16:59 143360]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-04-25 19:36 1073152]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-26 20:42 61440]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 06:41 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-05 00:08 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-23 15:06 180269]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 04:57 16855552 C:\WINDOWS\RTHDCPL.EXE]
"HostManager"="C:\Program Files\Common Files\AOL\1141531636\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-05-05 05:02 684032]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-03-12 16:46:52 368640]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 03:23:26 282624]
HPAiODevice(hp officejet d series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-03-05 04:28:42 491582]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1141531636\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 17:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1141531636\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\1141531636\\EE\\aolsoftware.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-11-26 00:12]
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 12:55]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 14:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 15:26]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45]
R3 ICAM3NT5;Intel® PC Camera CS331;C:\WINDOWS\system32\Drivers\ICAM3D2.SYS [2001-12-03 12:57]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 16:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
\Shell\AutoRun\command - Y:\Setup.EXE
*Newly Created Service* - RKPAVPROC
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 00:31:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-29 0:31:54
ComboFix-quarantined-files.txt 2008-06-29 04:31:48
Pre-Run: 31,195,897,856 bytes free
Post-Run: 31,213,142,016 bytes free
168 --- E O F --- 2008-06-27 16:00:12