ComboFix 09-10-20.03 - Danny Byrd 10/21/2009 19:42.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2367 [GMT -5:00]
Running from: c:\documents and settings\Danny Byrd\Desktop\ComboFix.exe
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-3205862495-2176978158-173298510-500
c:\windows\Installer\4b1df.msi
c:\windows\jestertb.dll
c:\windows\system32\gt47547.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.
2009-10-20 09:57 . 2009-10-20 09:57 -------- d-----w- c:\program files\Trend Micro
2009-10-16 14:51 . 2009-10-16 14:51 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-13 01:40 . 2004-06-13 15:00 57344 ----a-w- c:\windows\system32\BRSVC01A.EXE
2009-10-13 01:27 . 2009-10-13 01:30 169644 ----a-w- c:\windows\hpqins00.dat
2009-10-13 01:24 . 2009-10-20 01:25 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\HpUpdate
2009-10-13 01:24 . 2009-10-13 01:24 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-12 01:06 . 2004-11-25 10:07 79679 ----a-w- c:\windows\system32\E_FLMAEA.DLL
2009-10-12 01:06 . 2003-05-21 07:27 64000 ----a-w- c:\windows\system32\E_FBCBAEA.DLL
2009-10-12 01:06 . 2000-06-07 06:01 34304 ----a-w- c:\windows\system32\E_FBCHAEA.DLL
2009-10-12 01:05 . 2005-02-25 05:00 46080 ----a-w- c:\windows\system32\escimgd.dll
2009-10-12 01:05 . 2005-02-25 05:00 22016 ----a-w- c:\windows\system32\esccmd.dll
2009-10-12 01:01 . 2009-10-12 01:07 -------- d-----w- c:\program files\epson
2009-10-12 01:01 . 2006-10-13 05:00 61952 ----a-w- c:\windows\system32\escwiad.dll
2009-10-11 07:11 . 2009-10-11 07:11 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\HP
2009-10-11 07:11 . 2009-10-11 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-10-11 06:56 . 2009-10-11 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-10-11 06:56 . 2007-10-20 23:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
2009-10-11 06:56 . 2009-10-11 06:56 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\Yahoo!
2009-10-11 06:56 . 2009-10-11 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-11 06:54 . 2009-10-11 07:10 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\HPAppData
2009-10-11 06:53 . 2009-10-11 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-11 06:53 . 2009-10-11 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-11 06:53 . 2009-10-11 06:53 -------- d-----w- c:\program files\Common Files\HP
2009-10-11 06:52 . 2007-10-31 00:25 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-10-11 06:52 . 2007-10-31 00:25 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-10-11 06:52 . 2007-11-09 06:52 271704 ----a-w- c:\windows\system32\hpzids01.dll
2009-10-11 06:52 . 2007-10-31 00:25 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-10-11 06:52 . 2007-10-31 00:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2009-10-11 06:52 . 2007-10-31 00:11 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2009-10-11 06:52 . 2007-10-31 00:11 303104 ----a-w- c:\windows\system32\hpovst15.dll
2009-10-11 06:52 . 2007-10-31 00:11 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2009-10-11 06:51 . 2009-10-11 06:57 157559 ----a-w- c:\windows\hpoins27.dat
2009-10-11 06:51 . 2007-12-13 17:31 932 ------w- c:\windows\hpomdl27.dat
2009-10-11 04:52 . 2009-10-11 06:28 -------- d-----w- c:\temp\FixEngine
2009-10-11 04:39 . 2009-10-11 04:39 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\Blitware
2009-10-11 04:23 . 2009-10-11 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-10-03 03:06 . 2009-10-03 03:07 -------- d-----w- C:\Swar
2009-09-23 00:17 . 2009-09-23 00:17 -------- d-----w- c:\program files\Conduit
2009-09-23 00:17 . 2009-09-23 00:17 -------- d-----w- c:\documents and settings\Danny Byrd\Local Settings\Application Data\Conduit
2009-09-23 00:17 . 2009-09-23 00:18 -------- d-----w- c:\documents and settings\Danny Byrd\Local Settings\Application Data\VPACS
2009-09-23 00:16 . 2009-09-23 00:17 -------- d-----w- c:\program files\VPACS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 00:39 . 2009-08-09 23:30 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\Skype
2009-10-22 00:33 . 2009-08-03 19:18 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\U3
2009-10-22 00:27 . 2009-08-29 20:51 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-10-22 00:27 . 2009-08-29 20:51 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-10-21 22:42 . 2009-08-29 20:55 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2009-10-21 22:41 . 2009-08-09 23:34 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\skypePM
2009-10-16 14:54 . 2009-06-26 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-16 14:51 . 2009-06-26 14:21 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-15 13:58 . 2009-08-29 20:51 259400 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-10-15 13:58 . 2009-08-29 20:51 259400 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-10-11 06:57 . 2009-08-19 02:54 -------- d-----w- c:\program files\HP
2009-10-11 06:55 . 2009-08-10 00:14 -------- d-----w- c:\program files\Yahoo!
2009-10-11 04:24 . 2009-06-26 14:21 83904 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-10 20:44 . 2009-08-01 20:30 83904 ----a-w- c:\documents and settings\Danny Byrd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 01:11 . 2009-06-26 14:18 -------- d-----w- c:\program files\Microsoft Works
2009-09-11 14:18 . 2008-07-21 22:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 01:21 . 2009-08-09 23:29 -------- d-----r- c:\program files\Skype
2009-09-04 21:03 . 2008-07-21 22:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 00:32 . 2009-08-31 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-08-31 00:31 . 2009-08-31 00:31 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\Office Genuine Advantage
2009-08-30 12:59 . 2009-06-26 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-29 20:51 . 2009-08-29 20:51 262 ------w- c:\windows\system32\PavCPL.dat
2009-08-29 20:51 . 2009-08-29 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
2009-08-29 20:50 . 2009-08-29 20:50 -------- d-----w- c:\program files\Panda Security
2009-08-29 20:50 . 2009-08-29 20:50 -------- d-----w- c:\documents and settings\Danny Byrd\Application Data\Panda Security
2009-08-29 20:50 . 2009-08-29 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2009-08-29 20:50 . 2009-06-26 13:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 20:47 . 2009-08-29 20:47 -------- d-----w- c:\program files\Common Files\Panda Security
2009-08-29 18:49 . 2009-06-26 14:06 -------- d-----w- c:\program files\Java
2009-08-29 08:08 . 2009-08-29 08:08 10240 ----a-w- c:\windows\system32\ctfmon_kd.exe
2009-08-29 08:08 . 2008-07-21 22:50 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-07-21 22:50 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-09 23:34 . 2009-08-09 23:34 56 ---h--w- c:\windows\system32\ezsidmv.dat
2009-08-05 09:01 . 2008-07-21 22:49 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2008-04-14 00:54 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-14 00:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07 . 2009-08-03 20:07 403816 ------w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ------w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ------w- c:\windows\system32\OGAEXEC.exe
2009-07-25 10:23 . 2009-06-26 14:06 411368 ------w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{805238c5-d485-42f9-94e2-d7f7523dabd6}"= "c:\program files\VPACS\tbVPAC.dll" [2009-09-08 2260504]
[HKEY_CLASSES_ROOT\clsid\{805238c5-d485-42f9-94e2-d7f7523dabd6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{805238c5-d485-42f9-94e2-d7f7523dabd6}]
2009-09-08 18:32 2260504 ------w- c:\program files\VPACS\tbVPAC.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{805238c5-d485-42f9-94e2-d7f7523dabd6}"= "c:\program files\VPACS\tbVPAC.dll" [2009-09-08 2260504]
[HKEY_CLASSES_ROOT\clsid\{805238c5-d485-42f9-94e2-d7f7523dabd6}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{805238C5-D485-42F9-94E2-D7F7523DABD6}"= "c:\program files\VPACS\tbVPAC.dll" [2009-09-08 2260504]
[HKEY_CLASSES_ROOT\clsid\{805238c5-d485-42f9-94e2-d7f7523dabd6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-06-26 14:01 241752 ------w- c:\windows\system32\IcnOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-03 247080]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-17 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-06-26 323584]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 21:58 58672 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-06-26 14:01 1167360 ------w- c:\windows\system32\PicNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvc Retail]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [8/29/2009 3:48 PM 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [8/29/2009 3:51 PM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [8/29/2009 3:51 PM 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [8/29/2009 3:51 PM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [8/29/2009 3:51 PM 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [8/29/2009 3:51 PM 158848]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [5/24/2006 1:48 PM 10240]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [8/29/2009 3:47 PM 41144]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [8/29/2009 3:51 PM 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [8/29/2009 3:47 PM 177416]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [8/29/2009 3:51 PM 28928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [8/29/2009 3:55 PM 13880]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/26/2009 8:55 AM 110080]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [8/29/2009 3:51 PM 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [6/26/2009 8:49 AM 974336]
S2 gupdate1ca206eb0714e6c;Google Update Service (gupdate1ca206eb0714e6c);c:\program files\Google\Update\GoogleUpdate.exe [8/18/2009 8:45 PM 133104]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 10:18 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 10:16 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 10:15 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\Sess ionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys --> c:\windows\system32\DRIVERS\jmcr.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 10:18 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-10-13 c:\windows\Tasks\Basic clean-up.job
- c:\program files\Panda Security\Panda Global Protection 2010\PlaTasks.exe [2009-08-29 19:22]
2009-10-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 01:45]
2009-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 01:45]
2009-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2403079
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
BHO-{F67C2A11-B5BA-3DCE-B53D-4ABF5A4BE3CD} - c:\windows\system32\gt47547.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-21 19:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\avldr.dll
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-10-22 19:47
ComboFix-quarantined-files.txt 2009-10-22 00:47
Pre-Run: 207,315,382,272 bytes free
Post-Run: 209,953,964,032 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - FA95A971931EEC06A83F4C2A76F05DA7
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
Malware Removal & HijackThis Logs 
Search 
