ComboFix 08-12-06.06 - USER 2008-12-07 13:59:44.1 - NTFSx86
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\All Users\Application Data\salesmonitor
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2007
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\USER\Application Data\DriveCleaner Freeware
c:\documents and settings\USER\Application Data\DriveCleaner Freeware\Logs\update.log
c:\documents and settings\USER\Application Data\FunWebProducts
c:\documents and settings\USER\Application Data\FunWebProducts\Data\USER\wffavs.dat
c:\documents and settings\USER\Application Data\gadcom
c:\documents and settings\USER\Application Data\gadcom\gadcom.exe
c:\documents and settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
c:\documents and settings\USER\Application Data\twain\Twain.exe
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\avtasks.dat
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\CookieList.dat
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\history.db
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\Logs\update.log
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\PGE.dat
c:\documents and settings\USER\err.log
c:\documents and settings\USER\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\USER\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\USER\Start Menu\Programs\PlayMP3z
c:\documents and settings\USER\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
c:\program files\Common Files\winantivirus pro 2007
c:\program files\Common Files\winantivirus pro 2007\err.log
c:\program files\FBrowserAdvisor
c:\program files\inetget2
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\USS
C:\resycled
c:\resycled\boot.com
c:\windows\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe
c:\windows\system32\~.exe
c:\windows\system32\amklpr.dll
c:\windows\system32\axtiuncg.dll
c:\windows\system32\bfhmrd.dll
c:\windows\system32\bqkkveyb.dll
c:\windows\system32\digeste.dll
c:\windows\system32\dqlsatoe.dll
c:\windows\system32\fpxhppvi.dll
c:\windows\system32\geBtQJAS.dll
c:\windows\system32\gfhsfbmg.dll
c:\windows\system32\hcqdmu.dll
c:\windows\system32\hiototag.dll
c:\windows\system32\hpowiax7.dll
c:\windows\system32\hrlnppao.dll
c:\windows\system32\huqrenxq.dll
c:\windows\system32\ieupdates.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\nstjth.dll
c:\windows\system32\ocznqs.dll
c:\windows\system32\opnomlKe.dll
c:\windows\system32\peaevvww.dll
c:\windows\system32\qmvqsuvf.dll
c:\windows\system32\stera.job
c:\windows\system32\TDNnoUtv.ini
c:\windows\system32\TDNnoUtv.ini2
c:\windows\system32\tlbhgrbk.dll
c:\windows\system32\twcgaqlr.dll
c:\windows\system32\vclphv.dll
c:\windows\system32\vtUonNDT.dll
c:\windows\system32\wingamma.exe
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\xossxf.dll
c:\windows\system32\xtbsxmha.dll
c:\windows\system32\xurwtiew.dll
c:\windows\system32\ylizrs.dll
c:\windows\wiaserviv.log
E:\autorun.inf
E:\resycled
e:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WASFSD
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-07 14:07 . 2008-12-07 14:07 <DIR> dr-hs---- C:\resycled
2008-12-07 13:45 . 2008-12-07 13:45 1,479,822 --ahs---- c:\windows\system32\qxnerquh.ini
2008-12-07 12:50 . 2008-12-07 12:50 250 --a------ c:\windows\gmer.ini
2008-12-05 18:01 . 2006-03-20 14:06 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-05 18:01 . 2006-03-20 14:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-12-05 18:01 . 2006-03-20 14:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2008-12-05 18:01 . 2006-05-15 13:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-12-05 18:01 . 2006-03-20 16:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterVideo
2008-12-05 18:01 . 2006-05-15 13:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-12-05 18:01 . 2008-12-05 18:01 <DIR> d-------- c:\documents and settings\Administrator
2008-12-05 17:47 . 2008-12-05 17:47 120 --ahs---- c:\windows\system32\rlqagcwt.ini
2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\program files\Lavasoft
2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-05 16:48 . 2008-12-05 16:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-05 16:48 . 2008-12-05 19:54 <DIR> d-------- C:\hjt
2008-12-04 23:36 . 2008-12-07 13:43 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-04 23:35 . 2008-12-04 23:35 2,405 --a------ c:\windows\sys_32.exe
2008-12-04 19:06 . 2008-12-04 19:06 1,482,400 --ahs---- c:\windows\system32\weitwrux.ini
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\alot
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo!
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\alot
2008-12-03 19:33 . 2008-10-16 17:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-03 14:52 . 2008-12-03 14:52 1,423,173 --ahs---- c:\windows\system32\nbxgwxsj.ini
2008-12-01 16:29 . 2008-12-01 17:02 1,375,214 --ahs---- c:\windows\system32\ivpphxpf.ini
2008-12-01 12:28 . 2008-12-01 12:29 1,375,205 --ahs---- c:\windows\system32\iskipkab.ini
2008-11-30 12:27 . 2008-11-30 12:27 1,691,436 --ahs---- c:\windows\system32\gmbfshfg.ini
2008-11-29 20:11 . 2008-12-03 19:20 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 20:11 . 2008-11-29 20:11 1,409 --a------ c:\windows\QTFont.for
2008-11-29 18:41 . 2008-11-29 18:41 <DIR> d-------- c:\documents and settings\USER\Application Data\Template
2008-11-29 18:41 . 2008-11-29 18:41 0 --a------ c:\documents and settings\USER\Application Data\wklnhst.dat
2008-11-29 14:38 . 2008-12-05 18:00 <DIR> d--hs---- c:\windows\VVNFUg
2008-11-29 12:53 . 2008-12-07 14:02 <DIR> d-------- c:\documents and settings\USER\Application Data\Twain
2008-11-29 11:57 . 2008-11-29 11:57 1,691,436 --ahs---- c:\windows\system32\ofoibfis.ini
2008-11-29 11:53 . 2008-11-29 11:53 <DIR> d-------- c:\documents and settings\USER\Application Data\HP
2008-11-29 11:46 . 2008-11-29 11:46 <DIR> d-------- c:\documents and settings\USER\Application Data\HPAppData
2008-11-29 11:44 . 2008-11-29 11:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-29 11:42 . 2008-11-29 11:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-29 11:42 . 2007-10-30 04:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-29 11:42 . 2007-10-30 04:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-29 11:41 . 2007-11-08 09:52 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-29 11:41 . 2007-10-20 21:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-11-29 11:41 . 2007-10-30 04:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-29 11:40 . 2007-10-30 04:11 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2008-11-29 11:40 . 2007-10-30 04:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-29 11:40 . 2007-10-30 04:11 303,104 -ra------ c:\windows\system32\hpovst15.dll
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-29 11:31 . 2008-11-29 11:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-29 11:28 . 2008-11-29 11:28 <DIR> d-------- c:\program files\Common Files\HP
2008-11-29 11:26 . 2008-11-29 11:31 <DIR> d-------- c:\program files\HP
2008-11-29 11:26 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-29 11:26 . 2004-08-04 02:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-29 11:23 . 2008-11-29 11:44 157,428 --a------ c:\windows\hpoins27.dat
2008-11-29 11:23 . 2008-01-18 10:56 932 --------- c:\windows\hpomdl27.dat
2008-11-28 00:46 . 2008-11-28 01:23 1,648,525 --ahs---- c:\windows\system32\pcvbxcgk.ini
2008-11-28 00:40 . 2008-11-28 00:40 22,528 --a------ c:\documents and settings\USER\~.exe
2008-11-19 18:11 . 2008-11-19 18:16 <DIR> d-------- c:\program files\Disney Interactive
2008-11-19 18:10 . 2008-11-19 18:17 1,220 --a------ c:\windows\disney.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 23:56 --------- d-----w c:\program files\Google
2008-12-05 23:26 --------- d-----w c:\program files\TOSHIBA
2008-11-22 18:50 --------- d-----w c:\documents and settings\USER\Application Data\U3
2008-11-19 23:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 23:16 --------- d-----w c:\program files\QuickTime
2008-10-25 07:08 --------- d-----w c:\documents and settings\USER\Application Data\Yahoo!
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-08-08 00:36 0 ----a-w c:\program files\temp01
2007-07-24 03:01 1,589 ----a-w c:\program files\ALLTEL Internet Accelerator Client setup.log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SysDriver32"="c:\windows\sys_32.exe" [2008-12-04 2405]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-02 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-19 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-03 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]
c:\documents and settings\USER\Start Menu\Programs\Startup\
QuickLink Mobile.lnk - c:\program files\Alltel\QuickLink Mobile\QuickLink Mobile.exe [2007-06-26 1493144]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-20 155648]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -
BHO-{25E72675-7ABA-4984-9BAD-34CC3BA08558} - c:\windows\system32\vtUonNDT.dll
BHO-{b763f613-94cd-46d2-816c-f5d862b6a00e} - c:\windows\system32\xossxf.dll
HKLM-Run-Windows Gamma Display - c:\windows\system32\wingamma.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*
http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*
http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: NameServer = 85.255.113.118;85.255.112.100
TCP: {06BDF105-39BE-4C1F-841C-FF59FDB7180A} = 85.255.113.118;85.255.112.100
TCP: {93DC1673-FFB3-44D6-8722-5AE5C792E0A1} = 85.255.113.118;85.255.112.100
c:\windows\Downloaded Program Files\PogoWebLauncher.ocx - O16 -: {3107C2A8-9F0B-4404-A58B-21BD85268FBC}
hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
c:\windows\Downloaded Program Files\PTGameLauncher.dll - O16 -: {EF148DBB-5B6D-4130-B2A1-661571E86260}
hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
c:\windows\Downloaded Program Files\PTGameLauncher.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-07 14:20:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpqltoiqh.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2008-12-07 14:25:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 19:25:02
Pre-Run: 42,516,275,200 bytes free
Post-Run: 42,497,634,304 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
308 --- E O F --- 2008-11-13 17:37:14