I uninstalled Hitman and the scans have finished. Here are the logs:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:23 on 20/05/2010 by Mae (Administrator - Elevation successful)
========== filefind ==========
Searching for " iastor.*"
No files found.
-=End Of File=-
ComboFix 10-05-20.02 - Mae 05/20/2010 12:38:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1713 [GMT -7:00]
Running from: c:\users\Mae\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\%appdata%
Infected copy of c:\windows\system32\drivers\partmgr.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.
2010-05-20 19:52 . 2010-05-20 19:56 -------- d-----w- c:\users\Mae\AppData\Local\temp
2010-05-20 19:52 . 2010-05-20 19:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-05-20 19:52 . 2010-05-20 19:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-20 03:44 . 2010-05-20 03:44 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-05-20 01:41 . 2010-05-20 04:25 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-20 01:40 . 2010-05-20 01:40 -------- d-----w- c:\programdata\Hitman Pro
2010-05-20 01:40 . 2010-05-20 01:40 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-15 02:52 . 2010-05-15 02:52 -------- d-----w- c:\users\Mae\AppData\Roaming\HPAppData
2010-05-15 02:37 . 2010-05-15 02:37 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-05-14 18:02 . 2010-05-14 18:07 23110 ----a-w- c:\windows\hpqins15.dat
2010-05-14 17:58 . 2010-05-14 18:13 -------- d-----w- c:\users\Mae\AppData\Roaming\HpUpdate
2010-05-14 17:58 . 2010-05-14 17:58 -------- d-----w- c:\windows\Hewlett-Packard
2010-05-11 23:07 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-07 17:24 . 2010-05-07 17:24 -------- d-----w- c:\programdata\WEBREG
2010-05-07 17:24 . 2010-05-07 17:24 -------- d-----w- c:\users\Mae\AppData\Roaming\HP
2010-05-07 17:24 . 2010-05-07 17:24 -------- d-----w- c:\users\Mae\AppData\Local\HP
2010-05-07 17:20 . 2009-06-09 08:43 316928 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp092.dll
2010-05-07 17:15 . 2010-05-07 17:15 -------- d-----w- c:\programdata\HP Product Assistant
2010-05-07 17:13 . 2010-05-07 17:13 -------- d-----w- c:\program files\Common Files\HP
2010-05-07 17:13 . 2010-05-07 17:13 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-07 17:12 . 2010-05-07 17:12 -------- d-----w- c:\windows\hpoj4500g510n-z
2010-05-07 17:11 . 2009-05-26 17:32 716288 ----a-w- c:\windows\system32\hpwwiax9.dll
2010-05-07 17:11 . 2009-05-26 17:32 593920 ----a-w- c:\windows\system32\hpwtscl5.dll
2010-05-07 17:11 . 2009-05-18 21:49 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-05-07 17:11 . 2009-05-26 17:32 315392 ----a-w- c:\windows\system32\hpwvst01.dll
2010-05-07 17:11 . 2009-05-21 13:14 452408 ----a-w- c:\windows\system32\hpzids01.dll
2010-05-07 17:11 . 2009-06-09 08:43 122880 ----a-w- c:\windows\system32\hpf3l092.dll
2010-05-07 17:10 . 2010-05-14 18:13 -------- d-----w- c:\program files\HP
2010-05-07 17:07 . 2010-05-07 17:24 207226 ----a-w- c:\windows\hpwins28.dat
2010-05-07 17:07 . 2010-05-07 17:24 -------- d-----w- c:\programdata\HP
2010-05-05 23:17 . 2010-05-05 23:17 -------- d-----w- c:\program files\Microsoft.NET
2010-05-05 23:15 . 2010-05-05 23:15 -------- d-----r- C:\MSOCache
2010-05-05 23:09 . 2010-05-05 23:09 -------- d-----w- c:\users\Mae\AppData\Local\Seven Zip
2010-05-05 22:32 . 2010-05-05 22:47 -------- d-----w- c:\users\Mae\AppData\Roaming\GetRightToGo
2010-04-29 20:04 . 2007-08-20 21:08 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-04-25 01:09 . 2010-04-25 13:23 -------- d-----w- C:\Temp
2010-04-25 00:55 . 2010-04-25 00:55 -------- d-----w- c:\programdata\NexonUS
2010-04-25 00:36 . 2010-05-20 19:56 -------- d-----w- c:\users\Mae\AppData\Local\PMB Files
2010-04-25 00:36 . 2010-04-25 00:36 -------- d-----w- c:\programdata\PMB Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 19:54 . 2009-07-13 19:19 -------- d-----w- c:\users\Mae\AppData\Roaming\WTablet
2010-05-20 19:52 . 2010-02-01 05:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-20 19:09 . 2008-09-17 02:30 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2010-05-20 04:10 . 2010-04-11 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 05:56 . 2008-09-18 05:31 -------- d-----w- c:\users\Mae\AppData\Roaming\LimeWire
2010-05-12 10:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 10:01 . 2008-09-16 23:38 -------- d-----w- c:\programdata\Microsoft Help
2010-05-08 04:01 . 2008-09-17 00:48 91592 ----a-w- c:\users\Mae\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-07 10:03 . 2008-09-16 23:39 -------- d-----w- c:\program files\Microsoft Works
2010-05-05 23:22 . 2008-09-29 01:30 592 ----a-w- c:\users\Mae\AppData\Roaming\wklnhst.dat
2010-05-04 15:35 . 2008-10-10 01:18 -------- d-----w- c:\users\Mae\AppData\Roaming\Azureus
2010-05-04 06:53 . 2008-09-17 01:22 -------- d-----w- c:\program files\Vuze
2010-05-04 06:43 . 2008-09-17 03:53 -------- d-----w- c:\program files\Semagic
2010-04-29 22:39 . 2010-04-11 17:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-04-11 17:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 19:23 . 2009-10-15 00:54 -------- d-----w- c:\program files\AIM
2010-04-15 04:45 . 2008-09-17 01:21 -------- d-----w- c:\program files\LimeWire
2010-04-15 01:50 . 2008-09-16 23:40 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 01:50 . 2008-09-16 23:40 -------- d-----w- c:\program files\Java
2010-04-15 01:33 . 2010-04-15 01:32 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 01:33 . 2009-06-05 01:23 -------- d-----w- c:\program files\iTunes
2010-04-15 01:32 . 2010-04-15 01:32 -------- d-----w- c:\program files\iPod
2010-04-15 01:32 . 2008-09-17 01:25 -------- d-----w- c:\program files\Common Files\Apple
2010-04-15 01:30 . 2010-04-15 01:29 -------- d-----w- c:\program files\QuickTime
2010-04-15 01:25 . 2008-09-17 03:35 -------- d-----w- c:\program files\Bonjour
2010-04-13 00:29 . 2010-04-15 01:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-11 17:52 . 2010-04-11 17:52 -------- d-----w- c:\users\Mae\AppData\Roaming\Malwarebytes
2010-04-11 17:51 . 2010-04-11 17:51 -------- d-----w- c:\programdata\Malwarebytes
2010-04-11 05:43 . 2008-09-16 23:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-05 14:01 . 2010-04-15 01:55 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 11:10 . 2010-04-15 01:55 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-15 01:55 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-15 01:55 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-30 23:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 23:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 23:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 23:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 11:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 11:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 11:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-25 2938552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-06 65256]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]
c:\users\Mae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-10-7 576000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ab,85,be,06,86,e0,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4229386456-4079888766-2179590344-1000]
"EnableNotificationsRef"=dword:00000004
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-10-24 717296]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2010-02-06 26120]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6822
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6822
uInternet Settings,ProxyOverride = *.local
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: Semagic - c:\program files\Semagic\link.htm
Trusted Zone: adobe.com\get
FF - ProfilePath - c:\users\Mae\AppData\Roaming\Mozilla\Firefox\Profiles\ee5mtgr4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/shegotthatlala?ref=profile|
http://twitter.com/|http://www.tumblr.com/dashboard
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Mae\AppData\Roaming\Mozilla\Firefox\Profiles\ee5mtgr4.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu
AddRemove-FINAL FANTASY VIII - c:\program files\Square Soft
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Mae\AppData\Roaming\Macromedia\Flash Player\
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-05-20 12:54
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP000000076A3690E30234D143 524288 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4229386456-4079888766-2179590344-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,c0,46,f4,0b,ab,8e,d9,ad,68,95,c9,a8,12,68,68,1b,e7,b1,ec,83,4b,01,
bd,bd,75,7d,9d,b5,72,e4,1e,8e,96,ae,ed,50,9f,e7,e3,9c,07,a1,b2,c3,9d,f6,3b,\
"??"=hex:07,de,44,c3,e1,a5,2d,8c,3a,c1,a5,01,82,31,bd,c1
[HKEY_USERS\S-1-5-21-4229386456-4079888766-2179590344-1000\Software\SecuROM\License information*]
"datasecu"=hex:bd,4c,ac,6f,58,f0,54,34,b6,1e,09,4a,f8,9c,99,6d,c4,96,7a,30,e8,
13,9b,74,cd,7d,a8,4e,50,b5,d4,09,96,4e,01,c5,44,8f,60,13,0c,07,01,ab,0c,db,\
"rkeysecu"=hex:d1,f8,32,63,63,17,94,47,de,74,4d,e3,ec,e5,72,50
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\windows\sttray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-05-20 13:10:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-20 20:09
Pre-Run: 15,862,607,872 bytes free
Post-Run: 15,800,729,600 bytes free
- - End Of File - - F788F31F2C3DADA7EBE2B53171FA3D4E
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=663be20fb3b29849b3f4d64b7f08523e
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-21 02:32:24
# local_time=2010-05-20 07:32:24 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 30681447 110994491 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=473573
# found=0
# cleaned=0
# scan_time=22180