Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome ( Log In | Register )
Easy as 1,2,3!

2 Pages V   1 2 >  
 Closed TopicStart new topic
> [Closed] Infected PC, Redirecting, Freezing, Popups
Wash09
post Oct 27 2009, 10:31 AM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Please help me clean this computer as I needed it to do my college papers. The system is Microsoft XP Home Edition Version

2002 Service Pack 2. It has been like this for months. I know it is infected with something. This pc is freezing and redirecting

and the pages or taking forever to load

I haven't done anything but ran the reports that was suggested by Noviciate.


Your help would be greatly

appreciated.

This post has been edited by Wash09: Oct 27 2009, 10:38 AM
Go to the top of the page
 
+Quote Post
Wash09
post Oct 27 2009, 10:42 AM
Post #2


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/27 09:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5346000 Size: 98304 File Visible: No Signed: -
Status: -

Here is the RootRepeal report that was requested.


Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A4B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xEF59C000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xe175a580

==EOF==


Here is the DDS report that was requested:


DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Owner at 21:26:57.51 on Tue 08/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.123 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbsvc.exe
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\7BOYNHWW\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.5.5.900\HPIEAddOn.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.6.3.4500\NPIEAddOn.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.5.960\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stb0.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-27 66048]

=============== Created Last 30 ================

2009-08-18 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\73B9
2009-08-15 13:13 <DIR> --d----- c:\program files\Media Access Startup
2009-08-15 13:13 <DIR> --d----- c:\program files\Internet Saving Optimizer
2009-08-15 13:13 <DIR> --d----- c:\program files\System Search Dispatcher
2009-08-15 13:12 <DIR> --d----- c:\program files\DoubleD
2009-08-15 13:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}
2009-08-14 06:49 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-06 20:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D7D
2009-08-02 23:12 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-02 18:41 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-02 18:41 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-02 18:33 208,744 a------- c:\windows\system32\muweb.dll
2009-08-02 18:33 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-08-02 18:33 268,648 a------- c:\windows\system32\mucltui.dll
2009-08-02 15:39 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-08-02 15:35 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-02 15:11 483,328 a------- c:\windows\system32\actskn45.ocx
2009-08-02 15:11 <DIR> --d----- c:\program files\BearShare Applications

==================== Find3M ====================

2009-08-25 21:06 3,997 a------- c:\windows\viassary-hp.reg
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-11 09:31 136 a------- C:\x345.bat
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-27 11:56 5,054 ----h--- c:\windows\jm567890.dat
2009-06-27 08:35 262,144 a------- C:\ntuser.dat
2009-06-26 20:53 112,985 a------- c:\windows\hpoins07.dat
2009-06-19 22:32 47,616 a------- c:\windows\soc_1245475936.exe
2009-06-19 22:32 27,648 a------- c:\windows\soc_1245475929.exe
2009-06-19 22:32 31,744 a------- c:\windows\soc_1245475927.exe
2009-06-19 15:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-11 07:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 00:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll

============= FINISH: 21:27:35.31 ===============

Also find Attach 1 & Attach 2 reports.
Attached File(s)
Attached File  Attach1.txt ( 15.46K ) Number of downloads: 24
Attached File  Attach2.txt ( 15.46K ) Number of downloads: 11
 
Go to the top of the page
 
+Quote Post
Blade81
post Oct 31 2009, 04:58 AM
Post #3


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Bearshare

Above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Go to the top of the page
 
+Quote Post
Wash09
post Nov 4 2009, 10:28 PM
Post #4


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Hi, Blade81!

I am trying to run combofix; however, in the time the report is running my desktop freezes up. I have tried to run the report twice and both times the desktop just locks up. I will try again. Or would you like me to try something else? How am I to know when the combofix report if finished running?



Wash09

This post has been edited by Wash09: Nov 4 2009, 11:01 PM
Go to the top of the page
 
+Quote Post
Blade81
post Nov 5 2009, 12:59 AM
Post #5


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Hi,

Do you have the latest copy of ComboFix there? Please make sure you do and that all security programs are disabled before the run. If it still doesn't work then try to run ComboFix in safe mode.
Go to the top of the page
 
+Quote Post
Wash09
post Nov 6 2009, 10:34 AM
Post #6


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Hi, Blade81!

I have finally gotten the reports you wanted. Sorry about the long wait my pc was just super slow.
ComboFix 09-11-05.05 - HP_Owner 11/06/2009 7:51.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.122 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix1.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Local Settings\Application Data\DoubleD
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm6C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tmA72.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tmB20.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\driver
c:\program files\driver\driver.dll
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe
c:\program files\Internet Saving Optimizer\3.6.3.4500\Data\config.md
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.6.3.4500\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.dat
c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.5.900\Data\config.md
c:\program files\Media Access Startup\1.5.5.900\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.5.900\FF\install.rdf
c:\program files\Media Access Startup\1.5.5.900\HPCommon.dll
c:\program files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\hppx.exe
c:\program files\Media Access Startup\1.5.5.900\MAHelper.exe
c:\program files\Media Access Startup\1.5.5.900\unins000.dat
c:\program files\Media Access Startup\1.5.5.900\unins000.exe
c:\windows\010112010146118114.dat
c:\windows\010112010146118114.lso
c:\windows\0101120101465049.dat
c:\windows\0101120101465049.lso
c:\windows\0101120101465452.dat
c:\windows\0101120101465452.lso
c:\windows\0101120101465652.dat
c:\windows\0101120101465652.lso
c:\windows\0101120101465749.dat
c:\windows\0101120101465749.lso
c:\windows\bf23567.dat
c:\windows\jmmark2.dat
c:\windows\soc_1245475927.exe
c:\windows\soc_1245475929.exe
c:\windows\soc_1245475936.exe
c:\windows\soc_1246126668.exe
c:\windows\system32\ps2.bat
c:\windows\tgmark2.dat
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Service_driver


((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-03 19:33 . 2009-11-03 19:33 348160 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\msvcr71.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application

Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application

Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and

settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application

Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 16:11 . 2009-11-06 16:09 654 ----a-w- c:\windows\viassary-hp.reg
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application

Data\Apple Computer
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application

Data\GDIPFONTCACHEV1.DAT
2009-11-04 07:15 . 2009-08-02 22:11 -------- d-----w- c:\program files\BearShare Applications
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application

Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application

Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:41 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application

Data\Microsoft Help
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and

settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and

settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and

settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application

Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application

Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application

Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple

Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 03:27 . 2009-06-27 15:35 -------- d-----w- c:\documents and settings\All Users\Application

Data\Yahoo! Companion
2009-09-09 06:00 . 2009-06-12 07:37 -------- d-----w- c:\documents and settings\mrs.beautiful\Application

Data\Apple Computer
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local

Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 04:33 . 2009-09-09 04:32 -------- d-----w- c:\documents and settings\All Users\Application

Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-09 04:22 . 2009-09-09 04:22 -------- d-----w- c:\program files\Bonjour
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 20:13 . 2009-08-15 20:13 593876 -c--a-w- c:\documents and settings\All Users\Application

Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 599351 -c--a-w- c:\documents and settings\All Users\Application

Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 416928 -c--a-w- c:\documents and settings\All Users\Application

Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
2009-08-12 17:10 294912 ----a-w- c:\program files\System Search Dispatcher\1.3.5.960\ssd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe" [2009-08-04 602112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03

233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"combofix"="c:\combofix1\CF4635.exe" [2009-11-06 388608]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-8-11 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
driver REG_MULTI_SZ driver
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-12 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - prefs.js: browser.startup.homepage -

hxxp://www.theprizeday.com/today.php|http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\

n
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - c:\program files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
BHO-{35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - c:\program files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.5.900\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 08:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\dwwin.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-06 8:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-06 16:15

Pre-Run: 53,934,350,336 bytes free
Post-Run: 54,748,483,584 bytes free

- - End Of File - - 7EAFD98E390DACFF5CCB3360124648E3



DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 8:23:51.35 on Fri 11/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.51 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.5.960\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stb0.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-27 66048]

=============== Created Last 30 ================

2009-11-06 08:09 654 a------- c:\windows\viassary-hp.reg
2009-11-03 23:21 267,264 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 8:24:21.39 ===============

Attached File(s)
Attached File  Attach2110509.txt ( 15.81K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
Blade81
post Nov 6 2009, 10:57 AM
Post #7


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Hi,

Looks like ComboFix log was opened with word wrap enabled text editor. Please disable word wrap and then re-post the log. Current one's format is a bit hard to read due to those empty gaps between the entries.
Go to the top of the page
 
+Quote Post
Wash09
post Nov 6 2009, 11:07 AM
Post #8


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
ComboFix 09-11-05.05 - HP_Owner 11/06/2009 7:51.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.122 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix1.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Local Settings\Application Data\DoubleD
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm6C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tmA72.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tmB20.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\driver
c:\program files\driver\driver.dll
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe
c:\program files\Internet Saving Optimizer\3.6.3.4500\Data\config.md
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.6.3.4500\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.dat
c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.5.900\Data\config.md
c:\program files\Media Access Startup\1.5.5.900\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.5.900\FF\install.rdf
c:\program files\Media Access Startup\1.5.5.900\HPCommon.dll
c:\program files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\hppx.exe
c:\program files\Media Access Startup\1.5.5.900\MAHelper.exe
c:\program files\Media Access Startup\1.5.5.900\unins000.dat
c:\program files\Media Access Startup\1.5.5.900\unins000.exe
c:\windows\010112010146118114.dat
c:\windows\010112010146118114.lso
c:\windows\0101120101465049.dat
c:\windows\0101120101465049.lso
c:\windows\0101120101465452.dat
c:\windows\0101120101465452.lso
c:\windows\0101120101465652.dat
c:\windows\0101120101465652.lso
c:\windows\0101120101465749.dat
c:\windows\0101120101465749.lso
c:\windows\bf23567.dat
c:\windows\jmmark2.dat
c:\windows\soc_1245475927.exe
c:\windows\soc_1245475929.exe
c:\windows\soc_1245475936.exe
c:\windows\soc_1246126668.exe
c:\windows\system32\ps2.bat
c:\windows\tgmark2.dat
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Service_driver


((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-03 19:33 . 2009-11-03 19:33 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 16:11 . 2009-11-06 16:09 654 ----a-w- c:\windows\viassary-hp.reg
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 07:15 . 2009-08-02 22:11 -------- d-----w- c:\program files\BearShare Applications
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:41 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 03:27 . 2009-06-27 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-09 06:00 . 2009-06-12 07:37 -------- d-----w- c:\documents and settings\mrs.beautiful\Application Data\Apple Computer
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 04:33 . 2009-09-09 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-09 04:22 . 2009-09-09 04:22 -------- d-----w- c:\program files\Bonjour
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 20:13 . 2009-08-15 20:13 593876 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 599351 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 416928 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
2009-08-12 17:10 294912 ----a-w- c:\program files\System Search Dispatcher\1.3.5.960\ssd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe" [2009-08-04 602112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"combofix"="c:\combofix1\CF4635.exe" [2009-11-06 388608]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-8-11 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
driver REG_MULTI_SZ driver
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-12 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - c:\program files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
BHO-{35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - c:\program files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.5.900\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 08:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\dwwin.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-06 8:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-06 16:15

Pre-Run: 53,934,350,336 bytes free
Post-Run: 54,748,483,584 bytes free

- - End Of File - - 7EAFD98E390DACFF5CCB3360124648E3
Go to the top of the page
 
+Quote Post
Blade81
post Nov 6 2009, 11:47 AM
Post #9


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Hi again,


Is your Norton antivirus license still valid?



Open notepad and copy/paste the text in the quotebox below into it:

CODE
DirLook::
c:\docume~1\alluse~1\applic~1\175B
c:\docume~1\alluse~1\applic~1\D20D
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"driver"=-
Firefox::
FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.




Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Go to the top of the page
 
+Quote Post
Wash09
post Nov 12 2009, 10:35 AM
Post #10


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Hi, Blade81!

I am attempting to run this KAS report again. My computer keep freezing in the middle of the scan. I will post it as soon as it completes. Or is there another type of scan I can run to get you the result you are seeking?
Go to the top of the page
 
+Quote Post
Blade81
post Nov 12 2009, 11:22 AM
Post #11


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Hi,

If it looks like the scan won't progress any further then you may try ESET scanner:

* Go here to run an online scanner from ESET.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish
  • Copy and paste that log as a reply to this topic, along with other logs & a description of any remaining problems
Go to the top of the page
 
+Quote Post
Wash09
post Nov 12 2009, 01:13 PM
Post #12


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Here is the DDS scan.


DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 11:07:23.04 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.67 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec

shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search

dispatcher\1.3.5.960\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare

mediabar\BearShareMediaBar.dll
TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor

toolbar\4.2.0.21210\stb0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp

organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from

hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]

=============== Created Last 30 ================

2009-11-12 09:54 <DIR> --d----- c:\program files\ESET
2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20
2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager
2009-11-06 10:13 3,884 a------- c:\windows\viassary-hp.reg
2009-11-03 23:21 267,264 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 11:08:09.23 ===============
Here is the attach scan
Go to the top of the page
 
+Quote Post
Wash09
post Nov 12 2009, 01:15 PM
Post #13


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Hi, Blade81!

Here is the log from the ESET scan.

C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\69E6D3E5\3E688669\stbapp.exe a variant of Win32/Adware.DoubleD.AA application
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe Win32/Adware.DoubleD.AB application
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe a variant of Win32/Adware.DoubleD.AA application
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbdl.exe a variant of Win32/Adware.DoubleD.AB application
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbsvc.exe Win32/Adware.DoubleD.AB application
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210\bin\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe.vir multiple threats
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe.vir a variant of Win32/Adware.DoubleD.AB application
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application
C:\Qoobox\Quarantine\C\Program Files\driver\driver.dll.vir Win32/Tinxy.AF trojan
C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe.vir Win32/Adware.DoubleD.AC application
C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AE application
C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll.vir Win32/Adware.DoubleD.AE application
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AE application
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\hppx.exe.vir a variant of Win32/Adware.DoubleD.AC application
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\MAHelper.exe.vir Win32/Adware.DoubleD.AD application
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll.vir Win32/Adware.DoubleD.AE application
C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475927.exe.vir Win32/Koobface.NBY worm
C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475929.exe.vir a variant of Win32/Koobface.NCK worm
C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475936.exe.vir Win32/Tinxy.AF trojan
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP135\A0321905.exe a variant of Win32/Adware.DoubleD.AB application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330022.dll Win32/Tinxy.AF trojan
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330023.exe Win32/Adware.DoubleD.AC application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330025.dll Win32/Adware.DoubleD.AE application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330027.dll a variant of Win32/Adware.DoubleD.AE application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330030.dll Win32/Adware.DoubleD.AE application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330032.dll a variant of Win32/Adware.DoubleD.AE application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330033.exe a variant of Win32/Adware.DoubleD.AC application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330034.exe Win32/Adware.DoubleD.AD application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330041.exe Win32/Koobface.NBY worm
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330042.exe a variant of Win32/Koobface.NCK worm
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330043.exe Win32/Tinxy.AF trojan
Operating memory a variant of Win32/Adware.DoubleD.AA application


Here is the DDS Scan.

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 11:07:23.04 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.67 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec

shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search

dispatcher\1.3.5.960\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare

mediabar\BearShareMediaBar.dll
TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor

toolbar\4.2.0.21210\stb0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp

organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from

hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]

=============== Created Last 30 ================

2009-11-12 09:54 <DIR> --d----- c:\program files\ESET
2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20
2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager
2009-11-06 10:13 3,884 a------- c:\windows\viassary-hp.reg
2009-11-03 23:21 267,264 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 11:08:09.23 ===============

Attached File(s)
Attached File  Attach111209.txt ( 16.45K ) Number of downloads: 4
 
Go to the top of the page
 
+Quote Post
Wash09
post Nov 12 2009, 01:24 PM
Post #14


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Hi, Blade81!

Here is the log from the ESET scan.

C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\69E6D3E5\3E688669\stbapp.exe a variant of Win32/Adware.DoubleD.AA application
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe Win32/Adware.DoubleD.AB application
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe a variant of Win32/Adware.DoubleD.AA application
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbdl.exe a variant of Win32/Adware.DoubleD.AB application
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbsvc.exe Win32/Adware.DoubleD.AB application
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210\bin\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe.vir multiple threats
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe.vir a variant of Win32/Adware.DoubleD.AB application
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application
C:\Qoobox\Quarantine\C\Program Files\driver\driver.dll.vir Win32/Tinxy.AF trojan
C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe.vir Win32/Adware.DoubleD.AC application
C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AE application
C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll.vir Win32/Adware.DoubleD.AE application
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AE application
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\hppx.exe.vir a variant of Win32/Adware.DoubleD.AC application
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\MAHelper.exe.vir Win32/Adware.DoubleD.AD application
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll.vir Win32/Adware.DoubleD.AE application
C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475927.exe.vir Win32/Koobface.NBY worm
C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475929.exe.vir a variant of Win32/Koobface.NCK worm
C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475936.exe.vir Win32/Tinxy.AF trojan
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP135\A0321905.exe a variant of Win32/Adware.DoubleD.AB application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330022.dll Win32/Tinxy.AF trojan
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330023.exe Win32/Adware.DoubleD.AC application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330025.dll Win32/Adware.DoubleD.AE application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330027.dll a variant of Win32/Adware.DoubleD.AE application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330030.dll Win32/Adware.DoubleD.AE application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330032.dll a variant of Win32/Adware.DoubleD.AE application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330033.exe a variant of Win32/Adware.DoubleD.AC application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330034.exe Win32/Adware.DoubleD.AD application
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330041.exe Win32/Koobface.NBY worm
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330042.exe a variant of Win32/Koobface.NCK worm
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330043.exe Win32/Tinxy.AF trojan
Operating memory a variant of Win32/Adware.DoubleD.AA application


Here is the DDS Scan.

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 11:07:23.04 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.67 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec

shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search

dispatcher\1.3.5.960\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare

mediabar\BearShareMediaBar.dll
TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor

toolbar\4.2.0.21210\stb0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp

organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from

hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]

=============== Created Last 30 ================

2009-11-12 09:54 <DIR> --d----- c:\program files\ESET
2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20
2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager
2009-11-06 10:13 3,884 a------- c:\windows\viassary-hp.reg
2009-11-03 23:21 267,264 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 11:08:09.23 ===============

Attached File(s)
Attached File  Attach111209.txt ( 16.45K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
Blade81
post Nov 12 2009, 01:31 PM
Post #15


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Hi,

Do you have requested ComboFix resultant log available too? Please post its contents smile.gif
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

2 Pages V   1 2 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 20th November 2009 - 10:45 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2009  IPS, Inc.